sheld0r
asked on
Mail Flow Issue w/ Edge Transport
I'm currently trying to introduce the Edge Transport server into our Exchange environment. I've managed to sync the Edge server and can also telnet to the Edge, but I'm getting a #550 5.7.1 Unable to relay ##. I was able to send/receive email before the Edge was introduced.
The Edge synchronization was also successful.
I currently have a receive connector configured on the Edge called 'Default internal receive connector EDGE'. The status is enabled with the following settings:
-Transport Layer Security (TLS) is checked
-Enable Domain Security (Mutual Auth TLS)
-Exchange Server authentication is checked.
Any thoughts as to what could be causing the #550 5.7.1 Unable to relay error message?
The Edge synchronization was also successful.
I currently have a receive connector configured on the Edge called 'Default internal receive connector EDGE'. The status is enabled with the following settings:
-Transport Layer Security (TLS) is checked
-Enable Domain Security (Mutual Auth TLS)
-Exchange Server authentication is checked.
Any thoughts as to what could be causing the #550 5.7.1 Unable to relay error message?
Can you telnet on port 25 from the edge to the hub? also try the telnet with the fqdn specified on the default receive connector created to the edge.
ASKER
I'm unable to telnet on port 25 from the edge to the hub, but I can telnet with the fqdn of the default receive connector of the edge.
For mail to come into the organization port 25 should be open between the edge and the hub. try to understand if that's because of a firewall rule between the two servers.
ASKER
I totally agree. I reconfigured the ACL and I'm now able to telnet from edge to hub. I sent another test email, but I'm still getting the 550 5.7.1 unable to relay error.
the test e-mail was sent from the Internet? Run BPA on the Edge and on the HUB. Also look at the edge queue and see if you have queues on retry with the hub server name (mail to be delivered internally)
ASKER
That's correct, it was sent from the Internet. Everything checks out on the HUB with BPA, but I'm not able to run BPA on the EDGE because it doesn't have access to AD.
I also see nothing in the Edge queue.
This is pretty frustrating, as everything looks right and should check out.
I also see nothing in the Edge queue.
This is pretty frustrating, as everything looks right and should check out.
ASKER
Here is the bounce back I'm receiving when I try to send to the Edge from a different email account.
EDGE.company.local rejected your message to the following e-mail addresses:
'Jim Evans' (jim.evans@companyinc.com) <mailto:jim.evans@companyi nc.com>
EDGE.company.local gave this error:
Unable to relay
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
Diagnostic information for administrators:
Generating server: EXCHSRV2010.OTHER_company. local
jim.evans@companyinc.com
EDGE.company.local #550 5.7.1 Unable to relay ##
Original message headers:
Received: from EXCHSRV2010.OTHER_company. local ([fe80::e5b6:a1be:6e98:802 e]) by
EXCHSRV2010.OTHER_company. local ([fe80::e5b6:a1be:6e98:802 e%10]) with mapi id
14.01.0339.001; Tue, 27 Mar 2012 14:22:32 -0700
From: Dan Ruben<dan@OTHER_companyinc .com>
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test4
Thread-Topic: test4
Thread-Index: Ac0MX7VwxHOyk6U5Q9W4OXu+ls OhNAAAAm5A
Date: Tue, 27 Mar 2012 21:22:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF 7AEBF6B172 AA0CF@EXCH SRV2010.OT HER_compan y.local>
References: <CA06FF9F58044B4EB49232D4D 13FD3DE043 F7F8C@Cybe rExchTEST. company.lo cal>
In-Reply-To: <CA06FF9F58044B4EB49232D4D 13FD3DE043 F7F8C@Cybe rExchTEST. company.lo cal>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
boundary="_000_FDA5E141503 1054C99EE0 DBEF7AEBF6 B172AA0CFE XCHSRV2010 OTHER_comp any_"
MIME-Version: 1.0
EDGE.company.local rejected your message to the following e-mail addresses:
'Jim Evans' (jim.evans@companyinc.com)
EDGE.company.local gave this error:
Unable to relay
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
Diagnostic information for administrators:
Generating server: EXCHSRV2010.OTHER_company.
jim.evans@companyinc.com
EDGE.company.local #550 5.7.1 Unable to relay ##
Original message headers:
Received: from EXCHSRV2010.OTHER_company.
EXCHSRV2010.OTHER_company.
14.01.0339.001; Tue, 27 Mar 2012 14:22:32 -0700
From: Dan Ruben<dan@OTHER_companyinc
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test4
Thread-Topic: test4
Thread-Index: Ac0MX7VwxHOyk6U5Q9W4OXu+ls
Date: Tue, 27 Mar 2012 21:22:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF
References: <CA06FF9F58044B4EB49232D4D
In-Reply-To: <CA06FF9F58044B4EB49232D4D
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
boundary="_000_FDA5E141503
MIME-Version: 1.0
Verify the accepted domain on Edge Transport Server.
Do you see the SMTP Address Domain of Recipient listed over there or not?
In above NDR, you need to check if you have "companyinc.com" listed in Accepted Domain of Edge Server or not.
Reply back if it's there and I'll tell you what to do next.
~ Singh
Do you see the SMTP Address Domain of Recipient listed over there or not?
In above NDR, you need to check if you have "companyinc.com" listed in Accepted Domain of Edge Server or not.
Reply back if it's there and I'll tell you what to do next.
~ Singh
ASKER
I have company.local as an accepted domain, which is authoritative and default. That's all I have under Accepted Domains.
As for the SMTP Address Domain of Recipient listed, I'm not sure. Where exactly do I need to look?
I do not have companyinc.com listed in the Accepted Domain of the Edge. If I add it, which one should it be? ...Authoritative Domain, Internal Domain, External Domain? I've actually tried all three and now I don't get a bounce back, but the mail is never received on the other end since that change.
As for the SMTP Address Domain of Recipient listed, I'm not sure. Where exactly do I need to look?
I do not have companyinc.com listed in the Accepted Domain of the Edge. If I add it, which one should it be? ...Authoritative Domain, Internal Domain, External Domain? I've actually tried all three and now I don't get a bounce back, but the mail is never received on the other end since that change.
That's the reason you are getting ndr. You need to add the accepted domain on hub and sync it with edge.
Make it Authoritative if you are not doing SMTP name space sharing.
If you are not getting ndr after adding it but message still not delivering then there is email flow issue b/w edge and hub.
- Singh
Make it Authoritative if you are not doing SMTP name space sharing.
If you are not getting ndr after adding it but message still not delivering then there is email flow issue b/w edge and hub.
- Singh
ASKER
I added the accepted domain to the hub and synced with the edge. I'm no longer getting the #550 5.7.1 unable to relay message.
The email still won't send, but at least we are making progress.
I just did a telnet test and I get the following error now: 451 4.7.0 Timeout waiting for client input.
So to test communication between edge and hub, what do you recommend?
The email still won't send, but at least we are making progress.
I just did a telnet test and I get the following error now: 451 4.7.0 Timeout waiting for client input.
So to test communication between edge and hub, what do you recommend?
ASKER
I forgot to mention I can still send email to the outside.
ASKER
So after sending quite a few test messages this morning, I'm finally getting NDR's. New error message
#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop
#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop
Ok.. You are making progress now.
Messages are being accepted but getting into loop and eventually exceeding the maximum hops.
You are getting message loop which means there is something messed up in configuration. It could be user configuration or Exchange configuration.
identify One message for which you got the NDR "Hop Count Exceeded"
Track it down using Message Tracking and check what hops it is switching between.
Look at the user properties and see if there is any forwarder set.
Who has generated this NDR? There must be a Server Name in NDR details.
~ Singh
Messages are being accepted but getting into loop and eventually exceeding the maximum hops.
You are getting message loop which means there is something messed up in configuration. It could be user configuration or Exchange configuration.
identify One message for which you got the NDR "Hop Count Exceeded"
Track it down using Message Tracking and check what hops it is switching between.
Look at the user properties and see if there is any forwarder set.
Who has generated this NDR? There must be a Server Name in NDR details.
~ Singh
ASKER
Morning Singh,
Here is one of the NDR's I received
Diagnostic information for administrators:
Generating server: companyinc.com
jim.evans@companyinc.com
EDGE.companyinc.com #<EDGE.companyinc.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#
Original message headers:
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
17:42:11 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
17:27:10 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
17:12:07 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:57:04 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:42:03 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:27:00 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:11:57 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:56:53 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:56:18 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:55:45 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:55:15 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:54:41 -0700
Received: from othercompany.domain.local (12.x.x.x) by
edge.companyinc.com (192.168.7.70) with Microsoft SMTP Server id
14.1.355.2; Wed, 28 Mar 2012 15:54:41 -0700
Received: from othercompany.domain.local ([fe80::e5b6:a1be:6e98:802 e]) by
othercompany.domain.local ([fe80::e5b6:a1be:6e98:802 e%10]) with mapi id
14.01.0339.001; Wed, 28 Mar 2012 15:54:32 -0700
From: tom.jones@othercompany.com
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test
Thread-Topic: test
Thread-Index: Ac0NLK3SHFgDg7j7S7WzJP7i2g wU2AACROzg
Date: Wed, 28 Mar 2012 22:54:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF 7AEBF6B172 AAB0E@othe rcompany.d omain.loca l>
References: <CA06FF9F58044B4EB49232D4D 13FD3DE044 0CF3B@Cybe rExchTEST. company.lo cal>
In-Reply-To: <CA06FF9F58044B4EB49232D4D 13FD3DE044 0CF3B@Cybe rExchTEST. company.lo cal>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
boundary="_000_FDA5E141503 1054C99EE0 DBEF7AEBF6 B172AAB0EE XCHSRV2010 "
MIME-Version: 1.0
Return-Path: tom.jones@othercompany.com
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
designate permitted sender hosts)
I'll need to export the message tracking logs and clean them up. I'm having some trouble getting the format correct to make them easy to read.
As for the user properties, I don't see any forwarder set.
I believe the NDR is being generated by the companyinc Hub server.
Here is one of the NDR's I received
Diagnostic information for administrators:
Generating server: companyinc.com
jim.evans@companyinc.com
EDGE.companyinc.com #<EDGE.companyinc.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#
Original message headers:
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
17:42:11 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
17:27:10 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
17:12:07 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:57:04 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:42:03 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:27:00 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
16:11:57 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:56:53 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:56:18 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:55:45 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:55:15 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
(192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
15:54:41 -0700
Received: from othercompany.domain.local (12.x.x.x) by
edge.companyinc.com (192.168.7.70) with Microsoft SMTP Server id
14.1.355.2; Wed, 28 Mar 2012 15:54:41 -0700
Received: from othercompany.domain.local ([fe80::e5b6:a1be:6e98:802
othercompany.domain.local ([fe80::e5b6:a1be:6e98:802
14.01.0339.001; Wed, 28 Mar 2012 15:54:32 -0700
From: tom.jones@othercompany.com
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test
Thread-Topic: test
Thread-Index: Ac0NLK3SHFgDg7j7S7WzJP7i2g
Date: Wed, 28 Mar 2012 22:54:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF
References: <CA06FF9F58044B4EB49232D4D
In-Reply-To: <CA06FF9F58044B4EB49232D4D
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
boundary="_000_FDA5E141503
MIME-Version: 1.0
Return-Path: tom.jones@othercompany.com
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com
designate permitted sender hosts)
I'll need to export the message tracking logs and clean them up. I'm having some trouble getting the format correct to make them easy to read.
As for the user properties, I don't see any forwarder set.
I believe the NDR is being generated by the companyinc Hub server.
Message is looping within Edge Server.
Check the Inbound Send Connector On Edge Server which delivers the messages from Edge to Hub.
It looks like you have wrong IP address OR FQDN mentioned over there which is resolving to other IP address of Edge Server.
Put the IP address of Hub Transport Server over there and it should be fixed.
~ Singh
Check the Inbound Send Connector On Edge Server which delivers the messages from Edge to Hub.
It looks like you have wrong IP address OR FQDN mentioned over there which is resolving to other IP address of Edge Server.
Put the IP address of Hub Transport Server over there and it should be fixed.
~ Singh
ASKER
Here is what I have Singh
EdgeSync - Inbound to Default-First-Site-Name
General
Specify the FQDN this connector will provide in response to HELO or EHLO: this is currently blank.
Address Space
Type: SMTP, Address: IP of Hub, Cost: 1
Network
Use domain name (dns) MX records to route mail automatically - is selected
Enable Domain Security (Mutual Auth TLS) - is selected
Source Server
Name: EDGE, site: company.local/Configuratio n/Sites/De fault-Firs t-Site-Nam e, Role: Edge Transport
EdgeSync - Inbound to Default-First-Site-Name
General
Specify the FQDN this connector will provide in response to HELO or EHLO: this is currently blank.
Address Space
Type: SMTP, Address: IP of Hub, Cost: 1
Network
Use domain name (dns) MX records to route mail automatically - is selected
Enable Domain Security (Mutual Auth TLS) - is selected
Source Server
Name: EDGE, site: company.local/Configuratio
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Morning Singh,
I actually tried the configuration you have above, minus the "--" for the address space. That did it!! It's working now!
Thank you very much for time and patience and for sticking through it with me.
I actually tried the configuration you have above, minus the "--" for the address space. That did it!! It's working now!
Thank you very much for time and patience and for sticking through it with me.
ASKER
Singh is awesome. He sticks with you through the entire thread and doesn't leave you out to dry like many users do on the forums. Singh definitely knows his Exchange 2010 stuff!!