Email Rejection erros

Wish I knew more about DNS and the records required - Not sure where to start - we had our domain with one hosting company call it company A, but for some reason we also had some external name server references to our domain on another host, call it company B.  When we moved the domain to company b, something got messed up with the DNS because of 'external' name servers, and when we tried to edit some of the DNS zone records we couldn't.  We couldn't even see the records that were being used. Now we've contacted company B, and they said they had to changed the name servers in order for the zones to be editable, but didn't tell us that when we made this name server change the zones would not come over that were in use.  In the process though we lost all of our DNS records.  I had to manually recreate them.  Something is still not right and company B is really not helping at all.  

I'm running exchange server 2007 - what has changed on my end is the IP that we are sending and receiving mail from.  That is what generated the whole process of trying to edit the DNS records.

I keep getting emails bounced back with several different references.

1. -Please turn on SMTP Authentication in your mail client. 550-( []:58447 is not permitted to relay 550 through this server without authentication. ##

The next few are messages that are sitting in the exchange queue waiting to be processed and retrying.  

2. 451 4.4.0 Primary target IP address responded with: "554 bizsmtp Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to:" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

3. 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

4. 451 4.4.0 DNS query failed

If it would be more helpful to have specific details I would be glad to provide them but I don't want to post them on a public forum, maybe I can be contacted offline?

I really need to resolve this asap and really appreciate any help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick RhodeIT DirectorCommented:
On company B your MX records and DNS pointers need to probably be created to point back to your server.  Do you have access to your previous host provider so you can replicate the DNS entries (like,, etc.).

When these entries are made it can take up to 24hrs for them to repopulate out in the world.
cvau89Author Commented:
Yeah - the whole thing is a mess really.  I do not have access to company A anymore.  When we moved the domain over to company B, everything worked and there were no changes that needed to be made so I never even thought of looking at anything.

Now I find out when I need to make changes.   The MX records are there, I have two a records

I've changed the to the new IP address.

 but the thing that is making me scratch my head is the 1st message i posted where it talks about  That is not my mail server records, like or my mx record.   That is just an A record for me to get back to my RWW.  

I don't know if that matters but I thought it was odd.
Nick RhodeIT DirectorCommented:
I am assuming this is an SBS server.  Did you try running the Fix my network wizard internally?  You might also want to check your exchange URLs to see if those are by chance referencing the company web.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

cvau89Author Commented:
This is an SBS server.  I can try the fix network.  I just received another error from another bounced email that again makes me think it's th #554 5.7.1 Client host rejected: cannot find your reverse hostname, [] ##  -  

reverse hostname with our new ip address - how would that be an issue on my physical machine?
cvau89Author Commented:
I ran the fix network - it didn't do anything that was noted.  I'm still seeing messages in the exchange queue that are identical to the ones I already listed.
Nick RhodeIT DirectorCommented:
You have a new IP address (hopefully static).  You would have to contact your ISP and have them update their pointer records.  

You can use MXtoolbox to check them:

Use the PTR option and type in your  It is probably coming back as *IP address.ISP.Net etc.  This needs to be updated by your ISP to reflect your
cvau89Author Commented:
Yes it is a static IP address.  

I tried that link, I'm not sure I'm reading what you've said correctly but I tried it both ways.

I first put in my mail host name - - that told me i was an idot and to put in the IP address so I put in the new ip address
and it said

Lookup failed after 1 name servers timed out or responded non-authoritatively

so if I understand this tool it's trying to talk to my servers DNS or the DNS records where my domain name sits?

lol sorry - i do feel like an idiot when it comes to this stuff.....  I need to crack some books..
Nick RhodeIT DirectorCommented:
With the ip change did you have to make any configuration changes on your router or router policies?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cvau89Author Commented:
Sure - I had to add the IP into my WG router.  I also changed the weight of the outbound traffic as I have two other T's connecting into the router.  I just changed the weighting on the round-robin outbound so that 99% of the traffic would go out the new connection.

Just so we are clear - inbound mail has not been affected.  Some outbound mail gets out with no problem, some gets tied up with these errors.
cvau89Author Commented:
NRhode - I'm leaning in your direction - I just put in the old ip address in the PTR and it replied

Reported by MYOLDISPCOMPANY.NET on 10/10/2013 at 1:24:48 PM (UTC -5),
Nick RhodeIT DirectorCommented:
ok so its routing properly.  Did you by chance contact your New ISP to discuss the reverse DNS record change?
cvau89Author Commented:
Sorry cut half of that last message off  - it replied

PTR      XXX.XXX.XXX.XXX      24 hrs

So I believe you hit the nail on the head - my new ISP needs to update their DNS
cvau89Author Commented:
Funny you should ask me that .......   I just got off the phone with them.  They came in and finished the equipment install while I was out of town, didn't leave me any instructions - but got an email to say PLUG in HERE..... lol    

Would have been nice to also have a call us when your ready to switch message....    

I'll post a follow up as soon as I speak with them - thank you!
Nick RhodeIT DirectorCommented:
Yes, also just to be sure are you using any DNS forwarders that would target your old ISP?  If so I would remove them from your DNS server (Internally).
cvau89Author Commented:
I've looked at my DNS and I don't have any records pointing to the old isp.
Nick RhodeIT DirectorCommented:
Just to be sure you went into your DNS > properties > forwarders > DNS domain

And there are none listed there (of the old ISP).
cvau89Author Commented:
Yes I checked there too :)  thanks your help has been great!  The ISP has apologized for the way they handled the transition.  Someone should have had this conversation with me before we attempted to move over.  They have put in the necessary PTR records and as the DNS propagates it looks like things are starting to move again in my exchange queues.
Nick RhodeIT DirectorCommented:
Excellent!  Its nice when the storm starts to settle :)
cvau89Author Commented:
This seems to have cleared up some of the problems but we are still getting these errors - -

Please turn on SMTP Authentication in your mail client, or login to the 550-IMAP/POP3 server before sending your message. 550-( [XXX.XXX.XXX.]:11681 is not permitted to relay 550 through this server without authentication. #550 bosauthsmtp09: Host XXX.XXX.XXX.XXX: No unauthenticated relaying permitted ##

I'm going
Sudeep SharmaTechnical DesignerCommented:
>>>>( [XXX.XXX.XXX.]:11681 is not permitted to relay 550 through this server without authentication.

That would mean that some emails are getting generated from the company's website and to get them delivered, website is trying to connect to the Exchange. Since the IP addresses are changed, I believe the IP address of the website is also changed and the exchange server no longer allowing that IP to sent the email without authentication.

Previously, I assume it was working fine, so you may still have the old IP of website listed on the Exchange configuration (Receive Connector), which is allowed to send the email without authentication.

So all you need is to check the receive connector or create a new one for website.

Within the EMC under Server Configuration -> Hub Transport , create a new Receive Connector.

On the "Remote Network" settings tab you enter the IP-addres from the server that needs to send e-mail trough your exchange without authentication.

After completing the wizard right click the rule and choose "properties".

Permission Groups tab -> Exchange Server (enable).
Authentication tab -> TLS (already enabled) + externally secured (enable).

Apply and it should work now.

Sudeep Sharma
the first error re authentication is probably coming if..

you had exchange configured to send mail via your ISP Smtp rather than directly. (Smart Host)
If you IP has changed I guess you changed ISP and the old ISP will not let you relay through it unless you are connected with them.
So you need to turn of the sending via them and either send using dns or forward to your new ISP smtp server.
IN exchange 2007 this is on the org configu, hub transport, send connection, network - router through following smart hosts.
cvau89Author Commented:
The solution turned out to be a combination of issues, one being the new ISP having the correct PTR records and a rule on my firewall that was allowing traffic on the old IP's but not on the new IP back to my server.  Thank you very much for all of your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.