Cannot send to some external recipients after SP3 upgrade of Exchange 2007 #550

Posted on 2013-01-23
Medium Priority
Last Modified: 2013-02-03
After upgrading our Exchange 2007 from SP1 to SP3 we now cannot send e-mail to some external recipients.  This issue always appears to involve recipients whose mail domains are being hosted on other domains.
generating server: our.internal.mail.server.net
Most of the NDRs return #550 with various messages including:

some.other.domain #550 relay not permitted

some.other.domain #550 5.7.1 Unable to relay for someone@recipient.domain

some.other.domain #553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

some.other.domain #550 No Such User Here
(this one was a reply to that user)

It would seem to me that the SP upgrade changed something, but I do not know what.
Incoming mail comes through a spam appliance, of which we have a receive connector, plus the typical default and client receive connectors.  All of our Exchange roles are on one server, there is one Send connector configured on our server Hub Transport.

Any help would be appreciated.
Question by:PaulR
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38812531
Both of those errors are NOT Exchange errors. This will have nothing to do with the upgrade to Exchange. They are remove errors and usually mean what they say.
The second error is completely clear - the server accepting the email doesn't recongise the recipient. However that DOES NOT mean you are delivering to the correct server, it is most likely a DNS error at the other end.

The first error is often a sign of being blacklisted, not having the correct FQDN on the Send Connector or a missing PTR.


Author Comment

ID: 38814517
Something changed on our server with the upgrade, as this started happening as soon as the server came back up, and was not an issue before.

I have discovered some new information that would leave me to believe this is a DNS\MX lookup problem with SP3. In the examples above, the some.other.domain hosts the recipients website, but does not host their e-mail.

It looks like Exchange is using the A record instead of the MX record to send mail to.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38814536
Exchange simply does a DNS lookup. Nothing more. If the results aren't correct then there is nothing you can do about that.
Have you set Exchange to use external DNS servers? Have you set your domain controllers to use external DNS servers - as forwarders?


Author Comment

ID: 38832345
This has been resolved, or at least worked around.
In Exchange the Server Hub Transport properties had 4 dns servers configured for External DNS lookups, 2 at&t name servers (our ISP) and 2 opendns.  I had set this up some time ago (several years) attempting to increase the performance, which at the time it appeared to do.  To solve the current issue of Exchange sending to the A record instead of the MX record, in Exchange Organization Hub Transport Send Connector properties I UNchecked "Use the external DNS lookup settings of the server transport".  This solved the issue and improved mail delivery times significantly even on those where ther was not a problem.  The DNS serrings for the IP connection on this server are our two internal dns servers, which are configured to forward external lookups (1 server to a bellsouth name server, the other to 2 opendns name servers)
So I still do not know if Exchange began asking for the wrong record after the service pack upgrade, or if at&t began retuening the wrong records and the problem started when I rebooted the server clearing the cache of previously good lookups.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 38835425
OpenDNS will be the source of this problem.
They return certain records no matter what the response, so that they catch the wrong host names and can display adverts.

As a rule, using external DNS servers in Exchange is to be avoided. It isn't best practises.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question