Solved

Exchange 2003 NDR message: You do not have permission to send to this recipient

Posted on 2012-03-16
8
980 Views
Last Modified: 2012-08-14
Hi,

I have a vendor that seems sometimes seems to be getting this messages when they send emails to our email servers.

We have an Exchange 2003 Server and we use Postini for inbound/spam filter.

User1@mydomain.com is the user that we hos in our Exchange ORG.

This is the email that they get when the message is bounced back.

-----------------------------------------------

Your message did not reach some or all of the intended recipients. Subject: RE: commercial Sent: 3/15/2012 11:05 AM The following recipient(s) could not be reached:

  user1@mydomain.com on 3/15/2012 11:05 AM
  You do not have permission to send to this recipient. For assistance, contact your system administrator.
  <mail.ocrra.org #5.7.1 smtp;550 5.7.1 Requested action not taken: message refused>

--------------------------------------------------

We are missing emails becuase of this problem. Could someone please help me out to troubleshoot?

Thank you
0
Comment
Question by:llarava
  • 3
  • 2
  • 2
  • +1
8 Comments
 

Author Comment

by:llarava
ID: 37730978
I have gone through the following article and we seem to be ok.

The only thing that I am getting is that through DNSSTUFF then SPF test returns "permerror"

http://support.microsoft.com/kb/895853

Error code 5.7.1 may occur if one or more of the following conditions are true:

•The sender of the message does not have the privileges that are required to complete delivery. = The sender has been able to send to this particular email address before, sometimes the emails go and sometimes they just fail.

•You try to relay your mail by using a second server, and the second server does not let you relay mail. The remote server returns a 5.7.1 error code. = We only have a single SMTP server (cluster resource)


•You do not have a recipient policy configured for the domain to which the message is sent.  = We don't


•The recipient has mailbox delivery restrictions enabled. For example, the recipient's mailbox delivery restriction is configured to only receive mail from a specified list. Other mail is rejected. = No restrictions

•A distribution list is configured to restrict mail delivery to messages from authenticated users. Mail that is sent from an anonymous session is rejected. = No distribution list is configured.

•Your Exchange computer is on an unsolicited commercial e-mail list. Your Exchange computer may be listed as an open relay. = We have checked DNSSTUFF and we are not, the RBL test seems ok.

•The fully qualified domain name (FQDN) name of your Exchange computer ends with ".Local".  - Our FQDN  is exchange.domain.local
•The Allow all computers which successfully authenticate to relay, regardless of the list above check box is not selected on the SMTP virtual server.

•Anonymous access to the SMTP virtual servers is disabled. = In our case is enabled
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37731062
Have you tried changing your settings so the above reasons would be false?

The one that hits me is:
Our FQDN  is exchange.domain.local

Some of us do reverse lookups on email and if it fails so does the email.... ie you send me an email and my server can't lookup exchange.domain.local then it is generally considered spam.

Anonymous access to the SMTP virtual servers is disabled. = In our case is enabled - could be used to send out unwanted emails.

Personally I would give the Exchange best Practices Tool a run and see if anything screams at you.
0
 

Author Comment

by:llarava
ID: 37731081
The .local is just the name internally. The SMTP/Delivery/Advanced/FQDN is mail.domain.com which is what is what you are going to be resolving in the public DNS.

This is intermitent only happening sometimes, but sometimes the emails are bounced back to the senders with "message refused"

How can I see where, how and why is my server refusing the messages?
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 37731084
User from different organization is sending an email to a user 'user1@yourdomain.com' and the outside user is getting an NDR that u specified.

Have u checked the 'email address' tab in the properties of user? It should hav an SMTP address like user1@yourdomain.com, if u hav something that ends with .local then u need to chk Recipient policies
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37731102
Two ways you try troubleshooting this. You can use smtpdiag
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11393

The other thing you can try is in ESM under Tools is Message tracking

basically fill in the blanks and see where is shows it failed at (you don't nessacerily need the message ID) normally just the from to and the server.
0
 
LVL 17

Accepted Solution

by:
Suraj earned 500 total points
ID: 37733213
1. Try to disable IMF on the server.
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/bff93103-63e7-4c23-9920-434a81cfbe40/

2. do you have Symantec installed on the server?
0
 

Author Comment

by:llarava
ID: 37734675
Hi,

I have already seen that post at the MS forums.

Yes we do have Symantec. I have done some research and found an interesting article:

http://www.conetrix.com/Blog/post/Postini-Quarantine-Summary-Email-Blocked-by-Internal-Spam-Filter.aspx

We also use Postini Services and we have been missing some of the daily quarantine reports. Postini Tech support says that the messages were rejected in our end.

At the same time some users are getting this message intermittently, what is interesting is that they can send the same message later in the day and the message will go through with no problems.

I think this whole situation might be related to Symantec Mail Security.  

My next steps is going to be disable all the Symantec Mail Security services on the server and monitor the delivery of messages.

If this is the problem I can whitelist the address for the postini quarantine but I don't know what I am going to do with the other emails that are blocked.

Any suggestions?
0
 
LVL 17

Expert Comment

by:Suraj
ID: 37735362
I agree to you. You may need to reboot the server once you disable it.
I have seen several similar issues with symantec. Thats why i asked you directly if you have Symantec or not.

Also disable it from registry.. HKLM\CCS\SERVICES\MSExchangeIS\virus scan

put - proactive scan to 0
back ground scan to 0
and Enabled to 0
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now