550 REJ-RELAY-001: relay not permitted after network change.

Posted on 2014-04-18
Last Modified: 2014-04-22
We recently moved all of our offices over to a Private Network which went well with all offices instantly having access to their emails and network shares.

We also successfully repointed all services to the new IP addresses with external email being delivered, webmail being presented etc

Also internal email is flowing fine.

The problem is whenever anyone tries to send an external email we get a bounceback:
"Your message:
   Subject: Test external

Could not be delivered because of

550 REJ-RELAY-001: relay not permitted

The following recipients were affected:

Additional Information
Original Sender:    <>
Sender-MTA:         <SERVER2>
Reporting-MTA:      <>
MessageName:        <B5350d3be0000.000000000001.0001.mml>
Last-Attempt-Date:  <08:26:54 Fri, 18 April 2014>"

So SERVER1 is our main Exchange 2003 box that is in Head Office, SERVER2 is in a satellite office (we also have a SERVER3 in another office).

We also have Mailmarshal in place for our Anti-spam solution.

All offices have an internet connection, all servers are set up in System Manager to be allowed to relay.

I've made sure the new ISP has set up a PTR record which was the same as the previous fixed IP we used for Head Office.

So am at a bit of a loss now...
Question by:Martin Brooks
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40008358
I suspect that you need to change the relay settings somewhere else - probably on the Mail Marshall box. There is no need to allow relaying within ESM - I would actually encourage you to change that to not allow relaying. Exchange will allow messages to be passed through the servers if you have an SMTP Connector to route email to another server.


Author Comment

by:Martin Brooks
ID: 40008362
Just checked on Mailmarshal and both those servers are set up to allow relay.

But I did notice Mailmarshal was set to use the SMTP servers of our old ISP (Mistral).

I'm guessing because we have moved over to a new ISP they could block access to their own SMTP servers which would stop email, but would it give this error message?

I've changed the SMTP server to our new ISP and am now getting the error message:
"Your message:

Could not be delivered because of

554 5.7.1 <>: Sender address rejected: Access denied

The following recipients were affected:

Additional Information
Original Sender:    <>
Sender-MTA:         <SERVER2>
Reporting-MTA:      <>
MessageName:        <B5350de510000.000000000001.0001.mml>
Last-Attempt-Date:  <09:12:01 Fri, 18 April 2014>"
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 40008467
If you are trying to use the SMTP servers of the old ISP, then that would give the error you are receiving, because most ISPs will only allow their own customers to relay. Therefore you either have to set it up to use the new ISP or direct delivery.


Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 R2 SChannel Error 57 100
Raising Forest Functional Level 2 46
MS Exchange 2016 license 5 35
EXCH2013 Public Folder problems 5 22
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Find out what you should include to make the best professional email signature for your organization.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question