Relay access denied 554

[adkend...@yahoo.com]

Hi,

Firstly, this has been a problem that has plagued us for quite some
time and we have never found a solution.
Secondly, I get really confused when trying to deal with this and get
lost in technical jargon - I am not good with SMTP relaying at all
(otherwise I probably would've solved this by now), so please be
gentle with me.

The problem is that when we send to certain email addresses we get the
Relay access denied 554 error message (included below). This only
happens intermittently and we cannot replicate it when we want to.
We have also found that there is at least one other organisation who
is getting this problem now at their end when they try to send mail to
us (i.e. the Relay access denied 554 error)

We have an exchange 2000 server with SP4.
When I navigate to the Exchange Management - Administrative Groups -
First Administrative Group - Servers - OURSERVER - Protocols - SMTP -
Default SMTP Server - Properties - Access Tab - Relay Button -

We have the following settings: Whcih computer may relay through this
virtual server - "Only the list below" is checked, and one of our DNS
server addresses is in that list.
"Allow computers which successfully authenticate to relay,..." is also
checked

Exchange Management - Administrative Groups - First Administrative
Group - Routing Groups - First Routing Group - Connectors - this is
empty

Can someone please help us with this issue?

"Your message did not reach some or all of the intended recipients.

Subject: hey
Sent: 9/03/2007 11:35 AM

The following recipient(s) could not be reached:
us...@user.com on 9/03/2007 11:36 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<server.domain.com.au #5.7.1 smtp;550 5.7.1
<us...@user.com>... Relaying denied>"

[Rich Matheisen [MVP]]

adkend...@yahoo.com wrote:

[ snip ]

>We have an exchange 2000 server with SP4.
>When I navigate to the Exchange Management - Administrative Groups -
>First Administrative Group - Servers - OURSERVER - Protocols - SMTP -
>Default SMTP Server - Properties - Access Tab - Relay Button -
>
>We have the following settings: Whcih computer may relay through this
>virtual server - "Only the list below" is checked, and one of our DNS
>server addresses is in that list.
>"Allow computers which successfully authenticate to relay,..." is also
>checked

Why are you allowing a DNS server to send SMTP messages to external
addresses???? It's no having any effect on your problem, but it's
kinda weird.

[ snip ]

>Can someone please help us with this issue?
>
>"Your message did not reach some or all of the intended recipients.
>
> Subject: hey
> Sent: 9/03/2007 11:35 AM
>
>The following recipient(s) could not be reached:
> us...@user.com on 9/03/2007 11:36 AM
> You do not have permission to send to this recipient. For
>assistance, contact your system administrator.
> <server.domain.com.au #5.7.1 smtp;550 5.7.1
><us...@user.com>... Relaying denied>"

First, that's not a 554, it's a 550 status. :-)

Second, who sent the message and how did they send it? Did they use a
MAPI/RPC client, or a SMTP client? If it's a SMTP client and it isn't
your DNS server that's sending the message then the error status is
correct if "user.com" isn't your domain name.

Third, are you sure it's your server that's issuing the 550 status?
Have you checked the SMTP protocol log? Your server will generate the
NDR, but if it's the recipient's server that sends the 550 status then
your server's not the problem.

Fourth, if the receiving domain has multiple MX records it may be that
one of the secondary MX doesn't actually accept mail for the domain.
That's an error I've run into many times! This might also explain why
you can't repro the problem easily.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com

[adkend...@yahoo.com]

Hi Rich,

Thanks for the reply.

Sorry about the confusion, it is a 550 status and not a 554 status.

To answer your second question - I originally sent the email from an
Outlook client - exchange - (which is MAPI yes?)

To answer your third question - How do I check the SMTP protocol log
and what do I need to look for?

Your fourth point confuses me as I don't know much about MX records.

I just tried to send an email to the address which I originally
discovered the 550 status with and I received this back:
"There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
<NUWVICS2.nuw.org.au #5.5.0 smtp;553 sorry, that domain
isn't in my list of allowed rcpthosts (#5.7.1)>"

I have also had 2 other people within our organisation come to me with
the 550 status in the past 2 days, but for mail sent to two different
domains.

Also, I have had one other person with what may be an unrelated error
message as per below:
" t.mase...@yarraranges.vic.gov.au on 12/12/2007 9:43 AM
There was a SMTP communication problem with the
recipient's email server. Please contact your system administrator.
<NUWVICS2.nuw.org.au #5.5.0 smtp;550 Rule imposed mailbox
access for t.mase...@yarraranges.vic.gov.au refused: user
invalid>"

Any help would be greatly appreciated.

Adam Kendall.

[adkend...@yahoo.com]

Sorry to be a pain, but I just looked through last weeks problem and
we are also receiving the 554 status:

"There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.

<mccarthyausgroup.com.au #5.5.0 smtp;554 <gm...@nuw.org.au>: Relay
access denied>"

[Rich Matheisen [MVP]]

adkend...@yahoo.com wrote:

>To answer your second question - I originally sent the email from an
>Outlook client - exchange - (which is MAPI yes?)

In the generally accepted sense, yes. MAPI, however, is the API. RPC
would be the usual method of communicating with the server.

I'll take the answer to be "I don't use SMTP to send the message from
my cliet", which is what I wanted to know. :-)

>To answer your third question - How do I check the SMTP protocol log
>and what do I need to look for?

How? You can use Notepad. It's just a text file. You'd look for the
SMTP command (probably a RCPT TO command) and the status your server
received from the receiving machine.

The point here is that your server is just reporting the status it
received from the other machine. Your server isn't the one that's
rejecting the message.

>Your fourth point confuses me as I don't know much about MX records.

Use "nslookup" to find out the number of MX records the domain has.

>I just tried to send an email to the address which I originally
>discovered the 550 status with and I received this back:
>"There was a SMTP communication problem with the recipient's email
>server. Please contact your system administrator.
> <NUWVICS2.nuw.org.au #5.5.0 smtp;553 sorry, that domain
>isn't in my list of allowed rcpthosts (#5.7.1)>"

That's a status returned by some relay server. Do you have your SMTP
Connector set up to send all your Internet email to your ISP's server
for delivery? If you do it's time to engage them and find out what
their problem is.

>I have also had 2 other people within our organisation come to me with
>the 550 status in the past 2 days, but for mail sent to two different
>domains.
>
>Also, I have had one other person with what may be an unrelated error
>message as per below:
>" t.mase...@yarraranges.vic.gov.au on 12/12/2007 9:43 AM
> There was a SMTP communication problem with the
>recipient's email server. Please contact your system administrator.
> <NUWVICS2.nuw.org.au #5.5.0 smtp;550 Rule imposed mailbox
>access for t.mase...@yarraranges.vic.gov.au refused: user
>invalid>"

Again, that's an error that your Exchange server is only reporting.
You'd have to take up the reason for the message with the admin of the
system that sent the status 5xx.