Adding a second domain to Exchange Server

[bwgreen]

We are runing Exchange 2003, and I am running into an issue trying to get it to handle a 2nd domain. It's primary function is to handle e-mail for our internal domain (x.com), and I have tried to add a second domain to it (y.org). The Internet is not accessible from this network. I have created a Recipient policy for y.org, but I am getting an error from SMTP (500 5.7.1 Unable to relay for user@y.org) when I telnet dirently to port 25 on my server. I can send out from my domain account to y.org, but those trying to send to me are failing.

I don't think I need to have a relay here - the server isn't relaying, it is supposed to handle both x.com and y.org messages.

Any help or pointers would be greatly appreciated!

(The names have been changed to protect the innocent!)

 

[MarkArnold]

Confirm for me.
You need to telnet to the box and do the "mail from" from user@something-else.com and the "rcpt to" to user@y.org.

You're not clear on this that you're not accidentally trying to relay. The recipient policy is the right thing to do and it should be working.

Another thing to do is to make sure that the Recipient Policy is working. Create a dummy account and make sure it automatically gets a y.org address as well as all the other ones it's supposed to.

Are you in Exchange mixed or native?

 

[bwgreen]

We are in Exchange Mixed-Mode right now. The error above if from a Telnet to the SMTP port - I used the EHLO, mail from: and rcpt to: commands to get that error.

After adding y.org all the addresses in my address book got updated to show the new address in their list of e-mail addresses (using the Active Directory Users & Groups tool on the Exchange Server). So the address user@y.org does exist.

I don't think I'm trying to relay - the one server should be handling both domains x.com and y.org The only time that another account would be used is to go to another domain altogether, y.org is a subsidiary of another domain that we are authoritative for - so we are z.y.org in y.org Just replace y.org above with z.y.org - for addresses in y.org they go to another server outside my control and that works fine. It's just when I try to create and send a message to user@z.y.org that I get the 500 5.7.1 error message.

 

[MarkArnold]

I think I see where you're going here.
You should be able to make a message to user@y.org. However, Exchange won't touch a message for user@z.y.org because it doesn't know anything about z.y.org. Sure, it knows about y.org but in SMTP land it doesn't matter about anything else. You server will not accept mail for user@z.y.org unless you have a Recipient Policy for z.y.org. If you want your server to accept messages over SMTP and relay to the sub domain you will need an SMTP connector that says the server is authorised to accept the message and forward it on.

 

[bwgreen]

I think I used the worng domain in my posts - let me start again.

There are two mail servers - one is running MS Exchange 2K3 (Server A), the other one (Server B) is outside my control. Server A already hadles x.com quite well - x.com is our domain. We are adding a connection from our network to another one and would like to be able to e-mail to y.org We have been given z.y.org - I have added it to our DNS with an SOA record - and I have changed the default Recipient Policy to include z.y.org (but not as the default - that is still x.com) I can send a message to .org or a.y.org - the DNS that y.org is responsible returns the MX record for either y.org or a.y.org as it is classed as authoritative for the y.org domain. Only when a message is sent to z.y.org do we get the error "500 5.7.1 Unable to relay for user@z.y.org" from Exchange's SMTP Server.

I just had a thought - is their something that the other team has to do to tell their DNS that my DNS is authoritative for z.y.org, or does it determine that automatically?

 

[MarkArnold]

The owners of y.org have to have MX records for z.y.org pointing to the host name of your server.

MX records don't cascade down a domain. If you have an MX record for domain.com and nothing for eu.domain.com no mail will get to user@eu.domain.com until someone does something about an MX for it pointing to the right server.

 

[bwgreen]

They do have an MX record - when I do an nslookup of z.y.org against their DNS it returns the address of my mail server. And I have a forwarder set up in my DNS pointing to their DNS Server to send requests that my DNS doesn't know about (anything other than z.com or z.y.org) to them.

 

[MarkArnold]

OK. Someone is getting confused here.
You said that you have created an RP for y.org.
You now say that their DNS is pointing z.y.org to your server.
Have you got a Recipient Policy for z.y.org? You need one. It can't be y.org because that's not you. It has to be z.y.org

 

[bwgreen]

I have only created an RP for z.y.org - y.org is hosted on the mail server that is outside my control.

 

[MarkArnold]

Which is a totally different question. What a difference one single character makes that you forgot to type right at the very top. "I have created a Recipient policy for y.org"

OK. Scrap everything.
You have an RP for z.y.org
You need to create a connector for y.org and tell it that your server will accept messages for it and where to relay them to.
Can I assume that all these new email addresses that got created are user@z.y.org?

I'd probably also suggest that you start a whole new thread because that one letter you missed off has completely screwed this thread for the whole day. Starting again would be a good plan.

 

[bwgreen]

Yes, you can assume that the addresses are user@z.y.org I'll start a new thread now.