Exchange 2007 Unable to Relay

By techtools ·
Need an Exchange Expert today.

Running Exchange 2007 (Windows 2008 Enterprise x64), NO EDGE SERVER, SP1.

Problem: Can receive emails from external recipients (Gmail, Yahoo, etc.). Cannot Send emails back out from internal client (Outlook). Receiving the following error:

ExchangeServer.FQDN.local #550 5.7.1 Unable to relay ##

I have been researching this for 3 weeks now. I cannot see a reason why I can receive external emails, but cannot send emails out from internal.

The only thing I have to go off of is the NDR error that isn't helping me at all.

Firewall ports are open (because I'm receiving mail), IPv6 is off on server and client.

Any help is appreciated. Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by christianshiflet In reply to Exchange 2007 Unable to R ...

Check your send connectors within Exchange. If you can receive but not send,this is the most likely cause. Additionally, the NDR is stating that the message is reaching your Exchange server but Exchange is denying it, so it is not reaching your firewall. Also check your DNS settings that Exchange is using and the DNS records setup (on your local DNS server) for your Exchange server.

Let me know if this helps or you have further questions.

Collapse -

Still questions

by techtools In reply to Re:Relaying

Christian, thanks for responding.

DNS is set to default to what the NIC is using, and the NIC is using the the right DNS. My DNS server shows EXCHANGESERVER with the proper A record & my MX record is good.

I have one Internal send connector and one Internet send connector that I created during the initial setup. I'm going to assume it's my Internet connector that's causing the issue, but the configuration is minimal and mostly default. Do I have to add a FQDN in the "Specify the FQDN this connector will provide in response to HELO or EHLO"??

I'm real stuck at this point. I see a lot of other posts where guys fixed their issues, but I can't implement some of their fixes because theirs are based on running the Edge Transport Server, which I don't run.

Thanks Christian

Collapse -

Re: relaying

by christianshiflet In reply to Still questions

Sorry, I should have also had you check the receive connectors under Server Configuration -> Hub Transport. You should have at least 2 connectors (client and default). The client connector should only have (default settings) permissions set for Exchange Users, port 587, make sure the FQDN of your server is entered and authentication is set properly for your network. Also, when you setup Outlook for your clients, what is the server name you entered? Make sure that you used either the IP address or the local DNS name for the server. So, if you setup Outlook with your external mx record name ( you need to create a DNS record on your internal DNS server to point to your Exchange server's local address. There are other issues if your external and internal domains aren't the same ( and domain.local, for example, and your receive connectors need to be adjusted accordingly so it knows what domains it is responsible for). If the outbound messages are going out over the Internet and back in, they will be using the default receive connector, not the client receive connector. If this isn't clear (not a shocker, in a hurry, sorry) please let me know. Thanks.

Collapse -


by techtools In reply to Re: relaying

When you said

"There are other issues if your external and internal domains aren't the same ( and domain.local, for example, and your receive connectors need to be adjusted accordingly so it knows what domains it is responsible for). "

That is exactly the case.
So, maybe my issue lies here. Because I have my internal domain as DomainInternal.local and my host domain as

Now, I have a DNS record for the name of my Exchange server (Exchange.DomainInternal.local), of course. And when I set up Outlook, I used that DNS name (Exchange.DomainInternal.local).

Now, my has a forward lookup zone in my DNS, and the MX record for this is

So, what you're telling me is that I need to configure the default receive connector for the ???

Collapse -

Re: Interesting

by christianshiflet In reply to Interesting

The part about the domains was supposed to reference the Hub Transport's accepted domains under Organization Configuration (should be your external domain, which should be the same as your email addresses). The receive connectors just need to have the proper authentication and permissions. The only reason I am curious about the receive connectors is that relay errors that I have had to deal with all started there (or were fixed there, I suppose) but were related to 3rd party apps.

From the sounds of it, your internal and external domains are completely different, not just .com vs. .local. Is that correct? Also, just to clarify, the NDRs are being generated by your server, correct?

Lastly, though I don't think it will cause relay or total send failures, have you setup a valid certificate for your server (self-signed or otherwise) and enabled it for the required services?

Collapse -

he shouldn't get a relay NDR with .com vs .local

by CG IT In reply to Re: Interesting

if they are the same domain name and as christianshiflet pointed out, the transport hub is configured correctly.

but if the domain names are different, not just the extension, yep Exchange will throw the relay NDR every time because unlike other versions of Exchange, 2007 has the relay option turned off by default.

Collapse -


by techtools In reply to Re: Interesting

You are correct, my DomainInternal.local is completely different from my (this was because there initially wasn't a plan to bring the hosting in-house).

Also, when i do a Test-SystemHealth in Exchange Shell, I get the error about the certificate, so I will say I have not created one at all.

When I set up both the send and receive connectors, I followed a step-by-step on how to do it, so I'm sure they are correct, but will always be willing to take advice if they aren't.

Since this posting, I haven't made any changes from the current setup.

Collapse -

Re: certificate

by christianshiflet In reply to Both

Check out creating a self-signed certificate and enabling it for all of the services required. If that works, but you want to buy a certificate from a trusted certificate authority you will already know the syntax and such. Check out for help on cert syntax. Check out for help enabling the cert for the services in use. I hope that helps.

Collapse -

have to be the same or your'll get the relay NDR all the time

by CG IT In reply to Both

because Exchange is an Active Directory aware system. Once in Active Directory then you have to configure the transport hub as christanshiflit mentioned. If you are trying to use a different domain name than the Active Directory domain, that's relaying and well, you can relay and specify what server can relay, I don't recommend it. Relaying even if it's a closed relay, will land your network on the spam listings.

Best bet is to change the external FQDN to match the second tier domain name of the internal network. meaning the domain name is second tier and .extension if first tier.

Collapse -


by techtools In reply to Exchange 2007 Unable to R ...

Christian, I'll look into creating the certificate. Thanks for the info.

CG, Changing either of the domain names is Not an option.

Or are you saying my external domain name should be something else than .com?

i don't understand what you're saying.

Related Discussions

Related Forums