Questions

Realying Denied errors

+
0 Votes
Locked

Realying Denied errors

Sereniti
I'm so confused about "Relaying Denied" errors.

Our primary SMTP server does NOT require authentication, and does NOT require the "from" email address to be associated with a particular domain.

Most of the time, we send mail from whatever address we are using for a particular correspondent with no problem at all. Emails get to where they're going and don't bounce back as long as they're valid addresses.

However, on some occassions, using MS Outlook, when my boss sends an email to one of us @amerigocompanies.com, the email will bounce back with "550 5.7.1 <l.williams@amerigocompanies.com>...Relaying Denied. Proper authentication required."

This is different from a "Relaying denied" error message that pops up on the screen before the mail goes out.

I run into this at home using Max Bulk Mailer for a newsletter I manage, going out through a properly-authenticated SMTP server. Out of 1,500 or so recipients, 10 or 12 of them will bounce back with this error message.

What gives? What settings need to be changed? Since we don't have any logins for our SMTP server, how can we authenticate?
  • +
    0 Votes
    bob_steel

    ... you should be hung up by your testicles in a public place for people to throw cabbages at you.

    You're probably getting relaying denied because a million spammers have got there before you and your server has throttled you out.

    +
    0 Votes
    Sereniti

    That the ISP my company uses to connect to the Internet has chosen to run an open relay is beyond my control. I'm not an idiot; neither am I the boss who can make the decision to switch providers. Stop throwing rocks at me for what I can't control and give me something I can use.

    +
    0 Votes
    bob_steel

    Sorry - I was having one of those mornings...

    Not sure what your MX is - but some (Sendmail) are really unhelpful and give the same error code for a range of things that could be happening.

    If it is Sendmail you may need to ask your provider to modify their sendmail.cf to give you a different code for each possible failure.

    Reasons for unexplained relaying denied include target mx that don't have nice reverse dns, that have dodgy zone files and messed up or missing PTR records - as well as the possibility that your MX is using some sort of authentication - maybe pop-before-smtp that is having a brain **** or timing out during the send (one of mine does that if someone is sending a string of long emails)

    Apologies for earlier. I've had my coffee now and sacked a few staff. Feel much better for it.

    +
    0 Votes
    Sereniti

    Apology accepted. Now I'm glad I refrained from responding to the testicles comment. Believe me, I had some good ones! *wicked grin*

    I'll contact my ISP and see if they can assist me.

    Would it be possible that the recipient's mail server sent back that error message for some reason? If so, I have a bit more control over that - although I don't have direct access to the MX records, I do know the fellow who does.

    Lynda

    +
    0 Votes
    bob_steel

    We'd have to look at the connection log to be sure, but it
    sounds like it's your immediate outgoing mailserver that's
    rejecting the mail - the recipient's mailserver wouldn't be
    thinking it's relaying at all so that's unlikely to be where
    the message is coming from.

    Your ISP will have some anti-relay idea for its mailserver
    and that would be top of my suspect list. If you don't do
    smtp-auth it must be pop-before-smtp or restricted to a
    particular IP address.

    You sometimes get this sort of thing intermittently when a
    domain's primary and secondary nameservers differ in
    opinion over what should point where, and be called what.

    Thanks for letting me off the hook!

    +
    0 Votes
    Sereniti

    You said, "You sometimes get this sort of thing intermittently when a domain's primary and secondary nameservers differ in opinion over what should point where, and be called what."

    This sounds like at least part of the problem. It's certainly intermittent, and only seems to happen to my boss.

    He gave me some more information as to how/when it happens. He's using Outlook in MS Office 2003.

    It only happens when he is sending mail to addresses on our primary domain - amerigocompanies.com - and only when he replies to an email. If he composes a new message to any of us, it goes through. In addition, once he gets this error message, the "autofill" function in Outlook ceases to work for the email address that got bounced.

    I personally think we're moving into the realm of magic and superstition, perhaps voodoo, and out of the realm of science. But that's just my opinion.

    I thought it might have something to do with the fact that my predecessor didn't know what he was doing when he set up the domain on our LAN/WAN and set some kind of authority for amerigocompanies.com to be happening on our server instead of in the zone file for the web site. (I am completely in the dark as to comprehending any of that.) It's apparently a bad mistake, and if we fix it for the web site, the LAN will break. However, since my boss is the only person on the network that this is happening to, I'm hesitant to move in that direction.

    L

    +
    0 Votes
    bob_steel

    A box of chocolates says your mailserver is using pop-before-smtp for autorisation and outlook is not doing the pop connection first. Outlook 2003 is a problem with this sort of set up.

    I bet if he checks for new mail, then tries to send again - it'll probably fail the second time, but succeed the third time?

    If this is the problem - he'll also have the same symptom with mail written 'offline' as outlook 2003 tries to send it first.

    If he's presenting as the same IP address to the outside world as other people in the office then he'll be able to send while the send-window is still open from other people in the office collecting mail - so I'd expect this to only occur at quiet times.

    I bet he types so slowly that his machine has collected mail before he tries to send the new mail. Or it's when he starts writing a mail and then breaks for a phone call, and then continues.

    I tell my customers with this problem to change their 'collect new mail every...' option to every minute. I have also rarely had it since I changed my open window time on my old pop-before box from 15 minutes to 1 hour.

    Betcha this is what's happening - sounds very much like it to me.

    +
    0 Votes
    Sereniti

    Man, don't you hate it when people forget to proof read before they click "submit post?"

    *blush*

    Lynda

    +
    0 Votes
    Vaibhav Srivastava

    A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks, including the Internet.

    To resolve this issue, turn off the Mailguard feature of the PIX firewall.

    If you have an ESMTP server behind the PIX, you may have to turn off the Mailguard feature to make it possible for mail to correctly flow. If you use the Telnet command to port 25, this may not work with the fixup protocol smtp command, and this is more noticeable with a Telnet client that performs character mode.

    To turn off the Mailguard feature of the PIX firewall:
    1. Log on to the PIX firewall by establishing a telnet session or by using the console.
    2. Type enable , and then press ENTER.
    3. When you are prompted for your password, type your password, and then press ENTER.
    4. Type configure terminal , and then press ENTER.
    5. Type no fixup protocol smtp 25 , and then press ENTER.
    6. Type write memory , and then press ENTER.
    7. Restart or reload the PIX firewall

    +
    0 Votes
    ksg

    There is an easy solution to the Relaying Denied problem at http://www.loapowertools.com. It's still in beta, but you can send them a note asking to be part of the beta.

    +
    0 Votes
    mi6

    The absolute easiest way of solving 'relaying not allowed' errors is simply switch to use an SMTP server that has been designed to work from anywhere, such as SMTP2Go at http://www.smtp2go.com. They are designed so that you never have to change SMTP settings ever again.

    +
    0 Votes
    ksg

    The problem I had with smtp2go, and also with authsmtp.com, comes from the fact that I run 4, and sometimes 5 (depending on what I'm doing) different email accounts on my laptop. They only allow up to 2 at a time, which caused some fiddling each time I need to change.

    With smtp2go.com and with authsmtp, there can also still be some fiddling with port numbers (if Port 2525 doesn't work, try . . . . ) etc. Which is a pain.

    +
    0 Votes
    mi6

    smtp2go's plans let people send from 5 different email addresses. I know that some of the services out that only allow sending from 1 or 2.
    And, in general, choosing port 2525 means that you can send from 99.99% of locations. Generally if a port is going to be blocked by a location, then it is port 25 that is blocked.

    +
    0 Votes
    Sereniti

    for this information. Although we resolved the issue (and I'm still not quite sure how - it seems to have resolved itself!), these solutions to keep it from happening in the future are very helpful and appreciated. :)

    Lynda

  • +
    0 Votes
    bob_steel

    ... you should be hung up by your testicles in a public place for people to throw cabbages at you.

    You're probably getting relaying denied because a million spammers have got there before you and your server has throttled you out.

    +
    0 Votes
    Sereniti

    That the ISP my company uses to connect to the Internet has chosen to run an open relay is beyond my control. I'm not an idiot; neither am I the boss who can make the decision to switch providers. Stop throwing rocks at me for what I can't control and give me something I can use.

    +
    0 Votes
    bob_steel

    Sorry - I was having one of those mornings...

    Not sure what your MX is - but some (Sendmail) are really unhelpful and give the same error code for a range of things that could be happening.

    If it is Sendmail you may need to ask your provider to modify their sendmail.cf to give you a different code for each possible failure.

    Reasons for unexplained relaying denied include target mx that don't have nice reverse dns, that have dodgy zone files and messed up or missing PTR records - as well as the possibility that your MX is using some sort of authentication - maybe pop-before-smtp that is having a brain **** or timing out during the send (one of mine does that if someone is sending a string of long emails)

    Apologies for earlier. I've had my coffee now and sacked a few staff. Feel much better for it.

    +
    0 Votes
    Sereniti

    Apology accepted. Now I'm glad I refrained from responding to the testicles comment. Believe me, I had some good ones! *wicked grin*

    I'll contact my ISP and see if they can assist me.

    Would it be possible that the recipient's mail server sent back that error message for some reason? If so, I have a bit more control over that - although I don't have direct access to the MX records, I do know the fellow who does.

    Lynda

    +
    0 Votes
    bob_steel

    We'd have to look at the connection log to be sure, but it
    sounds like it's your immediate outgoing mailserver that's
    rejecting the mail - the recipient's mailserver wouldn't be
    thinking it's relaying at all so that's unlikely to be where
    the message is coming from.

    Your ISP will have some anti-relay idea for its mailserver
    and that would be top of my suspect list. If you don't do
    smtp-auth it must be pop-before-smtp or restricted to a
    particular IP address.

    You sometimes get this sort of thing intermittently when a
    domain's primary and secondary nameservers differ in
    opinion over what should point where, and be called what.

    Thanks for letting me off the hook!

    +
    0 Votes
    Sereniti

    You said, "You sometimes get this sort of thing intermittently when a domain's primary and secondary nameservers differ in opinion over what should point where, and be called what."

    This sounds like at least part of the problem. It's certainly intermittent, and only seems to happen to my boss.

    He gave me some more information as to how/when it happens. He's using Outlook in MS Office 2003.

    It only happens when he is sending mail to addresses on our primary domain - amerigocompanies.com - and only when he replies to an email. If he composes a new message to any of us, it goes through. In addition, once he gets this error message, the "autofill" function in Outlook ceases to work for the email address that got bounced.

    I personally think we're moving into the realm of magic and superstition, perhaps voodoo, and out of the realm of science. But that's just my opinion.

    I thought it might have something to do with the fact that my predecessor didn't know what he was doing when he set up the domain on our LAN/WAN and set some kind of authority for amerigocompanies.com to be happening on our server instead of in the zone file for the web site. (I am completely in the dark as to comprehending any of that.) It's apparently a bad mistake, and if we fix it for the web site, the LAN will break. However, since my boss is the only person on the network that this is happening to, I'm hesitant to move in that direction.

    L

    +
    0 Votes
    bob_steel

    A box of chocolates says your mailserver is using pop-before-smtp for autorisation and outlook is not doing the pop connection first. Outlook 2003 is a problem with this sort of set up.

    I bet if he checks for new mail, then tries to send again - it'll probably fail the second time, but succeed the third time?

    If this is the problem - he'll also have the same symptom with mail written 'offline' as outlook 2003 tries to send it first.

    If he's presenting as the same IP address to the outside world as other people in the office then he'll be able to send while the send-window is still open from other people in the office collecting mail - so I'd expect this to only occur at quiet times.

    I bet he types so slowly that his machine has collected mail before he tries to send the new mail. Or it's when he starts writing a mail and then breaks for a phone call, and then continues.

    I tell my customers with this problem to change their 'collect new mail every...' option to every minute. I have also rarely had it since I changed my open window time on my old pop-before box from 15 minutes to 1 hour.

    Betcha this is what's happening - sounds very much like it to me.

    +
    0 Votes
    Sereniti

    Man, don't you hate it when people forget to proof read before they click "submit post?"

    *blush*

    Lynda

    +
    0 Votes
    Vaibhav Srivastava

    A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks, including the Internet.

    To resolve this issue, turn off the Mailguard feature of the PIX firewall.

    If you have an ESMTP server behind the PIX, you may have to turn off the Mailguard feature to make it possible for mail to correctly flow. If you use the Telnet command to port 25, this may not work with the fixup protocol smtp command, and this is more noticeable with a Telnet client that performs character mode.

    To turn off the Mailguard feature of the PIX firewall:
    1. Log on to the PIX firewall by establishing a telnet session or by using the console.
    2. Type enable , and then press ENTER.
    3. When you are prompted for your password, type your password, and then press ENTER.
    4. Type configure terminal , and then press ENTER.
    5. Type no fixup protocol smtp 25 , and then press ENTER.
    6. Type write memory , and then press ENTER.
    7. Restart or reload the PIX firewall

    +
    0 Votes
    ksg

    There is an easy solution to the Relaying Denied problem at http://www.loapowertools.com. It's still in beta, but you can send them a note asking to be part of the beta.

    +
    0 Votes
    mi6

    The absolute easiest way of solving 'relaying not allowed' errors is simply switch to use an SMTP server that has been designed to work from anywhere, such as SMTP2Go at http://www.smtp2go.com. They are designed so that you never have to change SMTP settings ever again.

    +
    0 Votes
    ksg

    The problem I had with smtp2go, and also with authsmtp.com, comes from the fact that I run 4, and sometimes 5 (depending on what I'm doing) different email accounts on my laptop. They only allow up to 2 at a time, which caused some fiddling each time I need to change.

    With smtp2go.com and with authsmtp, there can also still be some fiddling with port numbers (if Port 2525 doesn't work, try . . . . ) etc. Which is a pain.

    +
    0 Votes
    mi6

    smtp2go's plans let people send from 5 different email addresses. I know that some of the services out that only allow sending from 1 or 2.
    And, in general, choosing port 2525 means that you can send from 99.99% of locations. Generally if a port is going to be blocked by a location, then it is port 25 that is blocked.

    +
    0 Votes
    Sereniti

    for this information. Although we resolved the issue (and I'm still not quite sure how - it seems to have resolved itself!), these solutions to keep it from happening in the future are very helpful and appreciated. :)

    Lynda