Link to home
Start Free TrialLog in
Avatar of sheld0r
sheld0rFlag for Afghanistan

asked on

Mail Flow Issue w/ Edge Transport

I'm currently trying to introduce the Edge Transport server into our Exchange environment. I've managed to sync the Edge server and can also telnet to the Edge, but I'm getting a #550 5.7.1 Unable to relay ##.  I was able to send/receive email before the Edge was introduced.

The Edge synchronization was also successful.

I currently have a receive connector configured on the Edge called 'Default internal receive connector EDGE'.  The status is enabled with the following settings:
-Transport Layer Security (TLS) is checked
-Enable Domain Security (Mutual Auth TLS)
-Exchange Server authentication is checked.

Any thoughts as to what could be causing the #550 5.7.1 Unable to relay error message?
Avatar of Antonio Vargas
Antonio Vargas
Flag of United States of America image

Can you telnet on port 25 from the edge to the hub? also try the telnet with the fqdn specified on the default receive connector created to the edge.
Avatar of sheld0r

ASKER

I'm unable to telnet on port 25 from the edge to the hub, but I can telnet with the fqdn of the default receive connector of the edge.
For mail to come into the organization port 25 should be open between the edge and the hub. try to understand if that's because of a firewall rule between the two servers.
Avatar of sheld0r

ASKER

I totally agree.  I reconfigured the ACL and I'm now able to telnet from edge to hub.  I sent another test email, but I'm still getting the 550 5.7.1 unable to relay error.
the test e-mail was sent from the Internet? Run BPA on the Edge and on the HUB. Also look at the edge queue and see if you have queues on retry with the hub server name (mail to be delivered internally)
Avatar of sheld0r

ASKER

That's correct, it was sent from the Internet.  Everything checks out on the HUB with BPA, but I'm not able to run BPA on the EDGE because it doesn't have access to AD.

I also see nothing in the Edge queue.

This is pretty frustrating, as everything looks right and should check out.
Avatar of sheld0r

ASKER

Here is the bounce back I'm receiving when I try to send to the Edge from a different email account.

EDGE.company.local rejected your message to the following e-mail addresses:

'Jim Evans' (jim.evans@companyinc.com) <mailto:jim.evans@companyinc.com>


EDGE.company.local gave this error:
Unable to relay


Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.

Diagnostic information for administrators:

Generating server: EXCHSRV2010.OTHER_company.local

jim.evans@companyinc.com
EDGE.company.local #550 5.7.1 Unable to relay ##

Original message headers:

Received: from EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e]) by
 EXCHSRV2010.OTHER_company.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Tue, 27 Mar 2012 14:22:32 -0700
From: Dan Ruben<dan@OTHER_companyinc.com>
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test4
Thread-Topic: test4
Thread-Index: Ac0MX7VwxHOyk6U5Q9W4OXu+lsOhNAAAAm5A
Date: Tue, 27 Mar 2012 21:22:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CF@EXCHSRV2010.OTHER_company.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE043F7F8C@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AA0CFEXCHSRV2010OTHER_company_"
MIME-Version: 1.0
Verify the accepted domain on Edge Transport Server.

Do you see the SMTP Address Domain of Recipient listed over there or not?

In above NDR, you need to check if you have "companyinc.com" listed in Accepted Domain of Edge Server or not.

Reply back if it's there and I'll tell you what to do next.

~ Singh
Avatar of sheld0r

ASKER

I have company.local as an accepted domain, which is authoritative and default.  That's all I have under Accepted Domains.

As for the SMTP Address Domain of Recipient listed, I'm not sure.  Where exactly do I need to look?

I do not have companyinc.com listed in the Accepted Domain of the Edge.  If I add it, which one should it be? ...Authoritative Domain, Internal Domain, External Domain?  I've actually tried all three and now I don't get a bounce back, but the mail is never received on the other end since that change.
That's the reason you are getting ndr. You need to add the accepted domain on hub and sync it with edge.
Make it Authoritative if you are not doing SMTP name space sharing.
If you are not getting ndr after adding it but message still not delivering then there is email flow issue b/w edge and hub.

- Singh
Avatar of sheld0r

ASKER

I added the accepted domain to the hub and synced with the edge.  I'm no longer getting the #550 5.7.1 unable to relay message.  

The email still won't send, but at least we are making progress.

I just did a telnet test and I get the following error now: 451 4.7.0 Timeout waiting for client input.

So to test communication between edge and hub, what do you recommend?
Avatar of sheld0r

ASKER

I forgot to mention I can still send email to the outside.
Avatar of sheld0r

ASKER

So after sending quite a few test messages this morning, I'm finally getting NDR's.  New error message

#5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop
Ok.. You are making progress now.

Messages are being accepted but getting into loop and eventually exceeding the maximum hops.

You are getting message loop which means there is something messed up in configuration. It could be user configuration or Exchange configuration.

identify One message for which you got the NDR "Hop Count Exceeded"

Track it down using Message Tracking and check what hops it is switching between.

Look at the user properties and see if there is any forwarder set.

Who has generated this NDR? There must be a Server Name in NDR details.

~ Singh
Avatar of sheld0r

ASKER

Morning Singh,

Here is one of the NDR's I received

Diagnostic information for administrators:

Generating server: companyinc.com

jim.evans@companyinc.com
EDGE.companyinc.com #<EDGE.companyinc.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#

Original message headers:

Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:42:11 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:27:10 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 17:12:07 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:57:04 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:42:03 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:27:00 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 16:11:57 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:53 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:56:18 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:45 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:55:15 -0700
Received: from edge.companyinc.com (192.168.7.1) by edge.companyinc.com
 (192.168.7.70) with Microsoft SMTP Server id 14.1.355.2; Wed, 28 Mar 2012
 15:54:41 -0700
Received: from othercompany.domain.local (12.x.x.x) by
 edge.companyinc.com (192.168.7.70) with Microsoft SMTP Server id
 14.1.355.2; Wed, 28 Mar 2012 15:54:41 -0700
Received: from othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e]) by
 othercompany.domain.local ([fe80::e5b6:a1be:6e98:802e%10]) with mapi id
 14.01.0339.001; Wed, 28 Mar 2012 15:54:32 -0700
From: tom.jones@othercompany.com
To: 'Jim Evans' <jim.evans@companyinc.com>
Subject: RE: test
Thread-Topic: test
Thread-Index: Ac0NLK3SHFgDg7j7S7WzJP7i2gwU2AACROzg
Date: Wed, 28 Mar 2012 22:54:32 +0000
Message-ID: <FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0E@othercompany.domain.local>
References: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
In-Reply-To: <CA06FF9F58044B4EB49232D4D13FD3DE0440CF3B@CyberExchTEST.company.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.96]
Content-Type: multipart/alternative;
      boundary="_000_FDA5E1415031054C99EE0DBEF7AEBF6B172AAB0EEXCHSRV2010"
MIME-Version: 1.0
Return-Path: tom.jones@othercompany.com
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)
Received-SPF: None (EDGE.company.local: tom.jones@othercompany.com does not
 designate permitted sender hosts)

I'll need to export the message tracking logs and clean them up.  I'm having some trouble getting the format correct to make them easy to read.

As for the user properties, I don't see any forwarder set.

I believe the NDR is being generated by the companyinc Hub server.
Message is looping within Edge Server.

Check the Inbound Send Connector On Edge Server which delivers the messages from Edge to Hub.

It looks like you have wrong IP address OR FQDN mentioned over there which is resolving to other IP address of Edge Server.

Put the IP address of Hub Transport Server over there and it should be fixed.

~ Singh
Avatar of sheld0r

ASKER

Here is what I have Singh

EdgeSync - Inbound to Default-First-Site-Name
General
Specify the FQDN this connector will provide in response to HELO or EHLO: this is currently blank.
Address Space
Type: SMTP, Address: IP of Hub, Cost: 1
Network
Use domain name (dns) MX records to route mail automatically - is selected
Enable Domain Security (Mutual Auth TLS) - is selected
Source Server
Name: EDGE, site: company.local/Configuration/Sites/Default-First-Site-Name, Role: Edge Transport
ASKER CERTIFIED SOLUTION
Avatar of Padamdeep
Padamdeep
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sheld0r

ASKER

Morning Singh,

I actually tried the configuration you have above, minus the "--" for the address space.  That did it!! It's working now!
Thank you very much for time and patience and for sticking through it with me.
Avatar of sheld0r

ASKER

Singh is awesome.  He sticks with you through the entire thread and doesn't leave you out to dry like many users do on the forums.  Singh definitely knows his Exchange 2010 stuff!!