Solved

Exchange 2003 NDR message: You do not have permission to send to this recipient

Posted on 2012-03-16
8
1,002 Views
Last Modified: 2012-08-14
Hi,

I have a vendor that seems sometimes seems to be getting this messages when they send emails to our email servers.

We have an Exchange 2003 Server and we use Postini for inbound/spam filter.

User1@mydomain.com is the user that we hos in our Exchange ORG.

This is the email that they get when the message is bounced back.

-----------------------------------------------

Your message did not reach some or all of the intended recipients. Subject: RE: commercial Sent: 3/15/2012 11:05 AM The following recipient(s) could not be reached:

  user1@mydomain.com on 3/15/2012 11:05 AM
  You do not have permission to send to this recipient. For assistance, contact your system administrator.
  <mail.ocrra.org #5.7.1 smtp;550 5.7.1 Requested action not taken: message refused>

--------------------------------------------------

We are missing emails becuase of this problem. Could someone please help me out to troubleshoot?

Thank you
0
Comment
Question by:llarava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 

Author Comment

by:llarava
ID: 37730978
I have gone through the following article and we seem to be ok.

The only thing that I am getting is that through DNSSTUFF then SPF test returns "permerror"

http://support.microsoft.com/kb/895853

Error code 5.7.1 may occur if one or more of the following conditions are true:

•The sender of the message does not have the privileges that are required to complete delivery. = The sender has been able to send to this particular email address before, sometimes the emails go and sometimes they just fail.

•You try to relay your mail by using a second server, and the second server does not let you relay mail. The remote server returns a 5.7.1 error code. = We only have a single SMTP server (cluster resource)


•You do not have a recipient policy configured for the domain to which the message is sent.  = We don't


•The recipient has mailbox delivery restrictions enabled. For example, the recipient's mailbox delivery restriction is configured to only receive mail from a specified list. Other mail is rejected. = No restrictions

•A distribution list is configured to restrict mail delivery to messages from authenticated users. Mail that is sent from an anonymous session is rejected. = No distribution list is configured.

•Your Exchange computer is on an unsolicited commercial e-mail list. Your Exchange computer may be listed as an open relay. = We have checked DNSSTUFF and we are not, the RBL test seems ok.

•The fully qualified domain name (FQDN) name of your Exchange computer ends with ".Local".  - Our FQDN  is exchange.domain.local
•The Allow all computers which successfully authenticate to relay, regardless of the list above check box is not selected on the SMTP virtual server.

•Anonymous access to the SMTP virtual servers is disabled. = In our case is enabled
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37731062
Have you tried changing your settings so the above reasons would be false?

The one that hits me is:
Our FQDN  is exchange.domain.local

Some of us do reverse lookups on email and if it fails so does the email.... ie you send me an email and my server can't lookup exchange.domain.local then it is generally considered spam.

Anonymous access to the SMTP virtual servers is disabled. = In our case is enabled - could be used to send out unwanted emails.

Personally I would give the Exchange best Practices Tool a run and see if anything screams at you.
0
 

Author Comment

by:llarava
ID: 37731081
The .local is just the name internally. The SMTP/Delivery/Advanced/FQDN is mail.domain.com which is what is what you are going to be resolving in the public DNS.

This is intermitent only happening sometimes, but sometimes the emails are bounced back to the senders with "message refused"

How can I see where, how and why is my server refusing the messages?
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 37731084
User from different organization is sending an email to a user 'user1@yourdomain.com' and the outside user is getting an NDR that u specified.

Have u checked the 'email address' tab in the properties of user? It should hav an SMTP address like user1@yourdomain.com, if u hav something that ends with .local then u need to chk Recipient policies
0
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37731102
Two ways you try troubleshooting this. You can use smtpdiag
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11393

The other thing you can try is in ESM under Tools is Message tracking

basically fill in the blanks and see where is shows it failed at (you don't nessacerily need the message ID) normally just the from to and the server.
0
 
LVL 17

Accepted Solution

by:
Suraj earned 500 total points
ID: 37733213
1. Try to disable IMF on the server.
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/bff93103-63e7-4c23-9920-434a81cfbe40/

2. do you have Symantec installed on the server?
0
 

Author Comment

by:llarava
ID: 37734675
Hi,

I have already seen that post at the MS forums.

Yes we do have Symantec. I have done some research and found an interesting article:

http://www.conetrix.com/Blog/post/Postini-Quarantine-Summary-Email-Blocked-by-Internal-Spam-Filter.aspx

We also use Postini Services and we have been missing some of the daily quarantine reports. Postini Tech support says that the messages were rejected in our end.

At the same time some users are getting this message intermittently, what is interesting is that they can send the same message later in the day and the message will go through with no problems.

I think this whole situation might be related to Symantec Mail Security.  

My next steps is going to be disable all the Symantec Mail Security services on the server and monitor the delivery of messages.

If this is the problem I can whitelist the address for the postini quarantine but I don't know what I am going to do with the other emails that are blocked.

Any suggestions?
0
 
LVL 17

Expert Comment

by:Suraj
ID: 37735362
I agree to you. You may need to reboot the server once you disable it.
I have seen several similar issues with symantec. Thats why i asked you directly if you have Symantec or not.

Also disable it from registry.. HKLM\CCS\SERVICES\MSExchangeIS\virus scan

put - proactive scan to 0
back ground scan to 0
and Enabled to 0
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question