Ex2003 - do not have permission to send..

[LeeCRCNA]

I run an exchange server with about 80 users on it. Everyone connects via exchange, either in the office or remotely with RPC over http, so no POP3 or normal SMTP connections.

Intermittently, users are getting messages like "You do not have permission to send to this recipient", or "Relaying denied". They are all 550 5.7.1 errors.

I've done some reading on this and see it is a difficult issue to pin down. Most articles say to check the relay settings on the server. I think our server settings are OK.

No one here is trying to send e-mail claiming to be from another domain or anything like that. Any ideas as to why this is happening, or what to check? I have confirmed we are not listed on any RBL lists.

Thanks

 

[markdmac]

"You do not have permission to send to this recipient", or "Relaying denied".

Verify what server is sending that message. Is it YOUR Exchange box or is that message coming from the other side? Have you verified that your domain has an RDNS entry in public DNS?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[LeeCRCNA]

There is a reverse DNS yes, our domain is for example, abc.com
The mail server is ex1.abc.com
reverse DNS for the IP for the mail server points to abc.com

The message does look like it's coming from our server, here is a copy, names replaced.

Your message did not reach some or all of the intended recipients.

Subject: Answered Prayer
Sent: 4/17/2007 7:59 AM

The following recipient(s) could not be reached:

Bob Smith (E-mail) on 4/17/2007 8:02 AM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<ex1.abc.com #5.7.1 smtp;550 5.7.1 <bob@smith.com>... Relaying denied. Please check your mail first.>

 

[FloDiggs]

Try using SMTPDiag.exe to test the DNS settings between you and the recipient's server. It's a free tool from Microsoft and very helpful. If it is there server providing the error, you will see it in the test results. It will also test all of the MX records for the remote domain.

Another possibility is that the email address is incorrect. Some servers reject mail for users that don't exist.

One possibility, which I just confirmed returns the same 550 5.7.1 error message is that the recipients address doesn't allow mail from external sources. For example, the last compnay I worked for had an internal distribution list which had an email addres that was the same as the domain name, such as xyz@xyz.com. This became a prime target for spammers. We changed the permissions on that distribution group to only allow authenticated users to send to that group.

Best of luck.

 

[LeeCRCNA]

I ran the tool and everything passed.

We get this to various different recipient domains. Big ones like cogeco.ca (large ISP in Canada), which I am sure are not having issues.

I've added a couple more DNS servers for the exchange server to check with, and will see if that helps. It's hard to tell as I only get a report of this every once in a while.

 

[markdmac]

Can you confirm that the users email is not reaching the recipient and that this message isn't erroneous from a spoofed email?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[LeeCRCNA]

I confirmed the recipient did not receive the original message.
I then e-mailed one of the problem recipients and it got through fine, and he replied back. I replied to that message, and then got a bounceback, again saying "Relaying denied. Please check your mail first.

 

[markdmac]

Sounds like your configuration should be OK if the user is getting the messages. I would suspect a DNS issue or bad router somewhere along the way. Try doing a few tracert's.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[F1lby]

Are you sure you are relaying via your ISPs SMTP server (Smarthost) as it sounds like you may be sending directly and not using your relay which could be the reason...

If your IP address is on a RBL this could cause a problem if the recepient mail server uses RBLs to reduce spam.

 

[LeeCRCNA]

We are mailing directly, not using a smart host. We had used our ISP's smart host a couple years ago but didn't like the limits they imposed on message size.

I have confirmed though we are not listed on any RBL's that I can find. The intermittent nature of this (1 message blocked, another allowed, another blocked all within a couple hours to the same recipient), doesn't sound like RBL either.

For some reason I think maybe users are not authenticating properly even though we are all on the same domain, running AD and exchange.

 

[StuartMiles]

Hi,
I am having the exact same problem. Intermittently - but getting worse, I get the relaying denied error on out bout emails (to people I send to regularly). As far as I can see everything is ok setup wise and can only deduce there is some error in the system casuing this to occur. Did you ever get to the bottom of this problem?

 

[LeeCRCNA]

I added a smart host, forwarding our e-mail to our ISP and having them send it, and the problem went away.

So I'm guessing it was something with the SMTP connector on our system.