Question

Locked

Exchange 2007 Unable to Relay

By techtools ·
Need an Exchange Expert today.

Running Exchange 2007 (Windows 2008 Enterprise x64), NO EDGE SERVER, SP1.

Problem: Can receive emails from external recipients (Gmail, Yahoo, etc.). Cannot Send emails back out from internal client (Outlook). Receiving the following error:

ExchangeServer.FQDN.local #550 5.7.1 Unable to relay ##

I have been researching this for 3 weeks now. I cannot see a reason why I can receive external emails, but cannot send emails out from internal.

The only thing I have to go off of is the NDR error that isn't helping me at all.

Firewall ports are open (because I'm receiving mail), IPv6 is off on server and client.

Any help is appreciated. Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Exchange is an Active Directory aware operating system

by CG IT In reply to CG

if your Active Directory domain name is mydomain.local Exchange will send emails out using mydomain.com and not throw an NDR.

but if your Active Directory domain name is mydomain.local and your FQDN is yourdomain.com, exchange will throw a relay NDR.

The domain namespace is different. With different domain namespaces, the only way to allow sending email with different domain namespaces in an Active Directory based email system is through relaying.

mydomain.com relays for yourdomain.com by default in an Active Directory environment, Exchange 2007 will not relay for different domain namespaces.

Collapse -

CG

by techtools In reply to Exchange is an Active Dir ...

My Active Directory Domain name and my Host domain name (what you're referring to as the FQDN) can be different and still relay emails.

I had this setup when I worked as an IT Manager one company, where the Active Directory name was name1.local and the host name was name2.com and I was still able to relay emails back and forth, so there's no reason why I shouldn't be able to do it now. And i'm more than certain that I am not the only Admin who has had a setup like this. It is a real world reality that the internal domain name and the external domain name will be different.

Why else would Exchange 2007 ask "Accepted Domains"???

Collapse -

accepted domains

by christianshiflet In reply to CG

What is currently in your accepted domains listing and how are they entered (authoritative, internal relay...)?

What I am about to tell you is a HORRIBLE idea, but it may help you figure out where the relay failure is. Setup a new receive connector like you would for a third party application as externally secured, allowing permissions for anonymous access and Exchange Servers, and only allowing connections from your PC's IP. Once that is done, test SMTP communications with telnet (http://support.microsoft.com/kb/153119) and see if you get a relay error. Then, remove that receive connector and see if the results change.

Let me know what you find.

Collapse -

-

by techtools In reply to accepted domains

The current Accepted domain is my external host domain (DomainExternal.com).

What you suggested, is something I actually did a while back, and the error I got when I did that was a Hop Count Exceeded error, which is different from the Unable to Relay error, so when I removed it, it went back to the Unable to Relay error again.


I'll go back and try this again and definitely get back to you with the info.

Collapse -

--

by christianshiflet In reply to -

If enabling relaying allows you to send externally but creates a different issue, I would work on determining the cause of that issue. Hop count errors, as I am sure you know, typically indicate a mail loop (sender a sending to sender b forwarding to sender a forwarding to sender b...). Did you try this with multiple, individual recipients on different domains? There could also be errant DNS entries that could cause this, I believe.

Collapse -

it's still relay and you have to allow it

by CG IT In reply to CG

pre W2007 Exchange basically allowed relaying by default. you had to manually turn it off. That behavior, if I remember correctly was turned off in W2007 Exchange. The transport hub was created to allow different domains to be allowed to send mail. Not necessarily to allow relaying. You'll see this behavior in an Enterprise environment in multi-domain networks [non contigious domain name space].

So you have to turn on relaying in Exchange 2007 which will allow you to relay mail from a different domain [non-contigious name space].

That's why your getting NDRs relays failed.

real world is that spammers use relaying and the majority of email providers don't allow it. Many of the spam filtering software will deny emails that are not sent from the originating source and those same spam filtering software have reverse lookups to check that. If your user sends email from your domain and exchange then relays it using a different domain name, whe the spam filtering software tries a reverse lookup to verify the source, the email will be rejected.

So why do it?

I'm assuming that your own Exchange server is generating the NDR failed relay, but if your getting NDRs from someone elses mail server, then they are rejecting your emails because it looks like it's coming from an open relay.

Related Discussions

Related Forums