Mike
asked on
Relay Access Denied SBS 2003
Ok, this is driving me crazy still not sure how to deal with this...
This is the error we are getting from bounced back mail only from sites like AOL, Yahoo, Hotmail, etc:
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail.domain.com #5.7.1 smtp;554 5.7.1 <recepient@msn.com>: Relay access denied>
We had recently done a few things that started this problem. The first thing was we changed our ISP , the second we change out our firewall (sonicwall tz210).
We instructed our ISP to point to our domain (PTR record). That was done and no issue there.
When we run the mail server test and enter mail.domain.com at mxtoolbox.com we are getting "Warning - Reverse DNS does not match SMTP Banner" and the banner is stating: 220 sjl0vm-cass03.colo.sonicwa ll.com ESMTP SonicWALL .
We run the Antispam service on the sonicwall and from what Sonicwall is telling me, that banner is provided per that service.
So for testing, I disabled the antispam service, and tried the mxtoolbox test again.
This time the banner is okay, displays our mail.domain.com server and no errors.
The banner reads something like this :220 mail.domain.com Microsoft ESMTP MAIL Service
So after that gave me the green light, I tried sending several test emails to a hotmail account, and I am still getting the relay bounce back errors!
I checked with our ISP and they said, everything is resolving and there is nothing else for them to do and sonicwall is stating the router is behaving the way it should.
Any ideas as to what I'm missing?
This is the error we are getting from bounced back mail only from sites like AOL, Yahoo, Hotmail, etc:
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail.domain.com #5.7.1 smtp;554 5.7.1 <recepient@msn.com>: Relay access denied>
We had recently done a few things that started this problem. The first thing was we changed our ISP , the second we change out our firewall (sonicwall tz210).
We instructed our ISP to point to our domain (PTR record). That was done and no issue there.
When we run the mail server test and enter mail.domain.com at mxtoolbox.com we are getting "Warning - Reverse DNS does not match SMTP Banner" and the banner is stating: 220 sjl0vm-cass03.colo.sonicwa
We run the Antispam service on the sonicwall and from what Sonicwall is telling me, that banner is provided per that service.
So for testing, I disabled the antispam service, and tried the mxtoolbox test again.
This time the banner is okay, displays our mail.domain.com server and no errors.
The banner reads something like this :220 mail.domain.com Microsoft ESMTP MAIL Service
So after that gave me the green light, I tried sending several test emails to a hotmail account, and I am still getting the relay bounce back errors!
I checked with our ISP and they said, everything is resolving and there is nothing else for them to do and sonicwall is stating the router is behaving the way it should.
Any ideas as to what I'm missing?
ASKER
I had disabled the anti-spam service on the sonicwall. Once I done that everything check out on mxtoolbox. I then tried to send several emails out to hotmail and I still got the bounce backs. Here is what I get when I run the email server test at mxtoolbox:
220 mail.domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Thu, 3 Oct 2013 08:30:54 -0700
Test Result
SMTP TLS Warning - Does not support TLS. More Info
SMTP Reverse Banner Check OK - 4.4.4.4 resolves to mail.domain.com
SMTP Reverse DNS Mismatch OK - Reverse DNS matches SMTP Banner
SMTP Connection Time 0.718 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
SMTP Transaction Time 2.761 seconds - Good on Transaction Time
220 mail.domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Thu, 3 Oct 2013 08:30:54 -0700
Test Result
SMTP TLS Warning - Does not support TLS. More Info
SMTP Reverse Banner Check OK - 4.4.4.4 resolves to mail.domain.com
SMTP Reverse DNS Mismatch OK - Reverse DNS matches SMTP Banner
SMTP Connection Time 0.718 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
SMTP Transaction Time 2.761 seconds - Good on Transaction Time
You said you sent 'OUT' to hotmail.
Does your outbound path differ to your inbound path that you are testing?
Does your outbound path differ to your inbound path that you are testing?
ASKER
What tools can I use to check that?
ASKER
When I do an MX check on domain.com, I get this:
Pref Hostname IP Address TTL
1 inboundgw1.parcom.net 61.10.16.1 36 hrs Blacklist Check SMTP Test
21 mail.domain.com 1.1.15.98 36 hrs Blacklist Check SMTP Test
999 inboundgw2.parcom.net 1.1.21.21
This is how it has always been set up since day one.
Pref Hostname IP Address TTL
1 inboundgw1.parcom.net 61.10.16.1 36 hrs Blacklist Check SMTP Test
21 mail.domain.com 1.1.15.98 36 hrs Blacklist Check SMTP Test
999 inboundgw2.parcom.net 1.1.21.21
This is how it has always been set up since day one.
That might be it too!
Pref 1 is the highest. Hotmail connects to inboundgw1.parcom.net first, before it connects to mail.domain.com
In fact, it will only ever try mail.domain.com if the higher priority MX is down and unavailable/unresponsive.
You can have two MX's the same priority if you want load balancing, but if you want your server answering first, you need it at the 'highest' priority, which is the number closest to 0.
Pref 1 is the highest. Hotmail connects to inboundgw1.parcom.net first, before it connects to mail.domain.com
In fact, it will only ever try mail.domain.com if the higher priority MX is down and unavailable/unresponsive.
You can have two MX's the same priority if you want load balancing, but if you want your server answering first, you need it at the 'highest' priority, which is the number closest to 0.
ASKER
Well I just had the parcom connectors removed so the mx only points to mail.domain.com and I still can't email to hotmail (or others) without a bounce back.
What else can I do to take care of this?
What else can I do to take care of this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still not working. I don't get it..
Short of giving someone your actual domain details to help them help you further, you might want to try to contact Hotmail themselves and ask them for their error code or reasoning as to why you are being rejected.
ASKER
Ok, oddly enough, it works now. I disabled the anti-spam service in sonicwall, sent an email, and it went through.
I then re-enabled the anti-spam service, sent an email, and it went through as well. I don't get it, I tried this once before and it didn't work, but now for whatever reason it works.
I then re-enabled the anti-spam service, sent an email, and it went through as well. I don't get it, I tried this once before and it didn't work, but now for whatever reason it works.
Your IP address x.x.x.x has a reverse DNS listing on it, likely from your ISP, of mail.domain.com
But when your Sonicwall answers the incoming knock at it's door for mail anti-spam service, it answers with sjl0vm-cass03.colo.sonicwa
Get the Sonicwall to start answering with sonicwall.mail.domain.com,