exchange error message

hello,
I've exchange 2010 in my company suddenly i found of my users has a problem that when someone outside our company send him mail he receives this error message (Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery).

so what's the reason of this error????
asfourcrystalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JanStoopsCommented:
Can you post the full diagnostic information that the sender of the email gets saying that the mail has been rejected. Any changes in antivirus (spam scanning) software, firewall, ...?
Amit KumarCommented:
is it happening when send mail to every external user or specific?

However error is very clear that when user is sending e-mail to an user or DL that user or DL is restricted not to accept the mail from external or certain user.
asfourcrystalAuthor Commented:
thanks for reply

this error appeared when someone outside of my company send mail to user in my company.


Diagnostic information for administrators:
Generating server: Sender Domain mail
bcc@mydomain.com
#< #5.7.1 smtp; 554 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid.> #SMTP#

no changes happens to firewall or spam software
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Amit KumarCommented:
please confirm is it happening to all users or only one.

this error comes when your PTR record does not match to your MX record.. or your MX records is not matching with your domain.

On the other hand please check if your Anti-Spam solution is stopping something.

please give your domain name if you dont mind I will try to analyse your MX records and PTR records.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Possible reasons;

1. Your MX is invalid (using any internal names).
2. Your MX might have blocked
3. The user might have set to receive only internal emails.
4. The sender is trying with an invalid  email id.
5. You need to check your FW/SPAM Filtering policies, if you have any.

For a better clarification see a relevant post in EE

Zac.
asfourcrystalAuthor Commented:
my domain asfourcrystal.com

and also i'll check from my spam software and firewall
Amit KumarCommented:
I found two MX records for your domain:

Pref      Hostname      IP Address      TTL      
5      mail1.asfourcrystal.com      213.131.94.4      5 min      Blacklist Check      SMTP Test
10      mail2.asfourcrystal.com      196.219.26.15      5 min      Blacklist Check      SMTP Test

Now there are two issues one is 196.219.26.15 is listed in Baracuda blacklist and when we run SMTP test these both mx record redirect their request to each other which is really a critical issue.

Better to check your MX record configuration or SMTP servers and for delisting your IP from RBL please follow this article

------------- Result of SMTP testing on mail1.asfourcrystal.com
Now when I try to check SMTP test to Mail1 it directly connects to mail2.. seems something is there redirecting.

Connecting to 213.131.94.4

220 mail2.asfourcrystal.com Microsoft ESMTP MAIL Service ready at Thu, 10 Sep 2015 09:19:46 +0200 [859 ms]
EHLO PWS3.mxtoolbox.com
250-mail2.asfourcrystal.com Hello [64.20.227.134]
250-SIZE 102400000
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH LOGIN
250-8BITMIME
250 BINARYMIME [891 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Sender OK [922 ms]
RCPT TO:<test@example.com>
550 5.7.1 Unable to relay [5923 ms]

PWS3v2 10173ms


------------- Result of SMTP testing on mail2.asfourcrystal.com
Now when I try to check SMTP test to Mail2 it directly connects to mail2.. seems something is there redirecting to each other.

Connecting to 196.219.26.15

220 mail1.asfourcrystal.com Microsoft ESMTP MAIL Service ready at Thu, 10 Sep 2015 09:20:20 +0200 [891 ms]
EHLO PWS3.mxtoolbox.com
250-mail1.asfourcrystal.com Hello [64.20.227.134]
250-SIZE 102645760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH LOGIN
250-8BITMIME
250 BINARYMIME [860 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Sender OK [938 ms]
RCPT TO:<test@example.com>
550 5.7.1 Unable to relay [5922 ms]

PWS3v2 10595ms

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
asfourcrystalAuthor Commented:
yes if found mail2 blacklisted to Baracuda and requested from them to remove it from blacklist, secondly it's about redirect do you mean that ip 213 redirect message to 196???
Amit KumarCommented:
Yes! see below mentioned:

Connecting to 213.131.94.4

220 mail2.asfourcrystal.com Microsoft ESMTP MAIL Service ready at Thu, 10 Sep 2015 09:19:46 +0200 [859 ms]
EHLO PWS3.mxtoolbox.com
250-mail2.asfourcrystal.com Hello [64.20.227.134]


Connecting to 196.219.26.15

220 mail1.asfourcrystal.com Microsoft ESMTP MAIL Service ready at Thu, 10 Sep 2015 09:20:20 +0200 [891 ms]
EHLO PWS3.mxtoolbox.com
250-mail1.asfourcrystal.com Hello [64.20.227.134]


Pref      Hostname      IP Address      TTL      
5      mail1.asfourcrystal.com      213.131.94.4      5 min      Blacklist Check      SMTP Test
10      mail2.asfourcrystal.com      196.219.26.15      5 min      Blacklist Check      SMTP Test
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.