Exchange 2003 - unable to relay error
Hi,
Running exchange 2003 SP2 on Server 2003 SP2. This problem just popped up a few days ago. I havent touched the exchange server in weeks (now it is possible that a co-worker may have). All of a sudden we are having sporadic of the following errors:
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<myexchance.server.com #5.7.1 smtp;550 5.7.1 Unable to relay
This happens for about 30 minutes and then email goes through again. During this time, and only me, I dont get any of these errors. My mail is held somewhere and then sent. When I look in my yahoo account, for about 30 minutes, there is no mail and then all of a sudden my emails show up and the sent and received times are identical. Meaning I sent my messages at 1 pm and in the yahoo receive it shows it at 1 pm but for 30 minutes it actually isnt there. Also, during the outage, the exchange queues are empty as usual, so it is leaving the exchange server. I have contacted our ISP and they claim not to have done anything. Any ideas on how to troubleshoot this or how to fix this? Oh yeah, our OWA server also has the same problem when this is going on.
September 16th, 2009 7:56am
Hi,
From your information, looks like the myexchance.server.com generate the Unable to relay error when attempting to connect to another mail server to deliver message.
At this time, would you please let me know?
1. Whether the issue only occurs when sending to external recipient?
2. Whether the myexchance.server.com connects to remote mail server directly to submit message to it needs to send the messages to a smarthost? Please let me know the outbound mail flow.
3. Enable SMTP log on the SMTP Virtual Server when the issue occurs and post related log here.
Mike Shen
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
September 17th, 2009 11:35am
Hi, Any updates regarding the issue?Thanks,Mike
September 21st, 2009 4:55am
Sorry Mike,Got busy on something else.1. The issue only occurs when sending to external email addresses.2. Yes it sends to a smart host.3. Ok, I will enable SMTP log on the smtp virtual server. The only thing is that the problem is so sporadic that I will have to enable the logging all the time.Thanks.
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2009 2:28am
Hi,
Any updates regarding the issue? Whether we are able to capture related SMTP log when the issue occurs?
Based on current information, looks like when the myexchance.server.com attempts to telnet to smarthost server to deliver message, the smarthost reject the message and indicate Unable to relay. I suggest you configure the IP address of Smarthost in SMTP connector in order to ensure the Exchange always connect to specific smarthost server to deliver external messages.
Thanks,
Mike
September 29th, 2009 12:56pm
Hi Mike,So far even, without even doing your last request, we haven't had any issues. I will post as soon as something doesn't work.
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2009 2:25am
Hi Mike this is what I got.NT12 is our Exchange 2007 server (right now only 3 mailboxes are on it and is not to be used at all for mission critical items. Basically I installed it and got too busy to migrate everyone over. So I have my email account and a few others as tests. NT12 relays throught NT7, exchange 2003). I originally setup this Exchange 2007 box in July, everything has been fine until the beginning of September. During that time I never touched anything on the Exchange 2007 box. The account in this log file (EMAIL REMOVED) is on the exchange 2003 box.220+NT12.domain.ca+Microsoft+ESMTP+MAIL+Service+ready+at+Tue,+13+Oct+2009+11:16:52+-0700 0 0 91 0 0 SMTP - - - -
2009-10-13 18:16:53 142.0.0.nt12 OutboundConnectionCommand SMTPSVC1 NT7 - 25 EHLO – NT7.domain.ca 0 0 4 0 0 SMTP - - - -
2009-10-13 18:16:53 142.0.0.nt12 OutboundConnectionResponse SMTPSVC1 NT7 - 25 - - 250-NT12.domain.ca+Hello+[142.0.0.NT7] 0 0 42 0 0 SMTP - - - -
2009-10-13 18:16:53 142.0.0.nt12 OutboundConnectionCommand SMTPSVC1 NT7 - 25 MAIL - FROM:<EMAIL REMOVED>+SIZE=3244 0 0 4 0 0 SMTP - - - -
2009-10-13 18:16:53 142.0.0.nt12 OutboundConnectionResponse SMTPSVC1 NT7 - 25 - - 250+2.1.0+Sender+OK 0 0 19 0 15 SMTP - - - -
2009-10-13 18:16:53 142.0.0.nt12 OutboundConnectionCommand SMTPSVC1 NT7 - 25 RCPT - TO:<EMAIL REMOVED> 0 0 4 0 15 SMTP - - - -
2009-10-13 18:16:58 142.0.0.nt12 OutboundConnectionResponse SMTPSVC1 NT7 - 25 - - 550+5.7.1+Unable+to+relay 0 0 25 0 5015 SMTP - - - -
2009-10-13 18:16:58 142.0.0.nt12 OutboundConnectionCommand SMTPSVC1 NT7 - 25 RSET - - 0 0 4 0 5015 SMTP - - - -
2009-10-13 18:17:03 142.0.0.nt12 OutboundConnectionResponse SMTPSVC1 NT7 - 25 - - 250+2.0.0+Resetting 0 0 19 0 10015 SMTP - - - -
2009-10-13 18:17:03 142.0.0.nt12 OutboundConnectionCommand SMTPSVC1 NT7 - 25 QUIT - - 0 0 4 0 10078 SMTP - - - -
2009-10-13 18:17:03 142.0.0.nt12 OutboundConnectionResponse SMTPSVC1 NT7 - 25 - - 221+2.0.0+Service+closing+transmission+channel 0 0 46 0 10078 SMTP - - - -
2009-10-13 18:17:03 142.0.0.nt12 OutboundConnectionResponse SMTPSVC1 NT7 - 25 - -
Let me know if you need anything else.Thanks
October 13th, 2009 9:51pm
Hi,
Thanks for your response and information.
From your description, I understand that the Exchange 2003 needs to send email to external recipient through Exchange 2007. From the SMTP protocol log, I understand when the Exchange 2003 attempts to deliver message to Exchange 2007 server, the Exchange 2007 reject the message and indicated unable to relay.
At this time, would you please let me know whether the Exchange 2003 and Exchange 2007 are installed in same organization?
If yes, I would like to explain by default, the Exchange Server 2003 should use X-EXPS GSSAPI command to authenticate to Exchange 2007 server to submit message. I have captured an example on my lab. Nevertheless, from your SMTP log, I notice that the Exchange 2003 server does not attempt to authenticate to Exchange 2007 before Mail From command.
Note 1: X-EXPS is a command that is proprietary to Exchange. It is similar to AUTH, because it indicates the methods that can be used by servers running Exchange Server 2003 and Exchange 2000 Server to authenticate. GSSAPI is a method that stands for Generic Security Services Application Programming Interface and enables authentication through Kerberos.
Note 2: On SMTP protocol log, the X-EXPS GSSAPI command cannot be found. Nevertheless, if you capture network package, you should be able to see the X-EXPS GSSAPI command is sent to Exchange 2007 server. From the following SMTP protocol, you could see the Exchange 2003 server athenticated to Exchange 2007 server.
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionCommand SMTPSVC1 EWIN2K3ENTSP2 - 25 EHLO - ewin2k3entsp2.sinbe.com 0 0 4 0 201 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 250-2k7.sinbe.com+Hello+[10.1.1.5] 0 0 34 0 211 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 334+ 0 0 4 0 251 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 334+oYGfMIGcoAMKAQChCwYJKoZIgvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqADAgEXolsEWcxG1GbDMAoODZbnsvSYTnMESqeTBmEyICMtz+VBbDCHEJfz2C3MenYiGEynNSVG34meVzWGP6eAd1/SMX8vs7V7dVeSPH7y0xYFik9JKey0OyQl+06B9Mm5 0 0 220 0 401 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 235+2.7.0+Authentication+successful 0 0 35 0 421 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionCommand SMTPSVC1 EWIN2K3ENTSP2 - 25 MAIL - FROM:<EMAIL REMOVED> 0 0 4 0 421 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 250+2.1.0+Sender+OK 0 0 19 0 431 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionCommand SMTPSVC1 EWIN2K3ENTSP2 - 25 RCPT - TO:<EMAIL REMOVED> 0 0 4 0 431 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 250+2.1.5+Recipient+OK 0 0 22 0 431 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionCommand SMTPSVC1 EWIN2K3ENTSP2 - 25 XEXCH50 - 2004+2 0 0 7 0 431 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 354+Send+binary+data 0 0 20 0 441 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 250+2.0.0+XEXCH50+OK 0 0 20 0 441 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionCommand SMTPSVC1 EWIN2K3ENTSP2 - 25 BDAT - 2701+LAST 0 0 4 0 441 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 250+2.6.0+<EMAIL REMOVED>+Queued+mail+for+delivery 0 0 97 0 561 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionCommand SMTPSVC1 EWIN2K3ENTSP2 - 25 QUIT - - 0 0 4 0 581 SMTP - - - -
2009-10-14 07:01:56 10.1.1.100 OutboundConnectionResponse SMTPSVC1 EWIN2K3ENTSP2 - 25 - - 221+2.0.0+Service+closing+transmission+channel 0 0 46 0 581 SMTP - - - -
If the Exchange 2003 and Exchange 2007 belongs to different organization, I would like to explain that you should configure the Exchange 2003 to authenticate to Exchange 2007 in order to relay email. Or you need to configure the Exchange 2007 server to allow Exchange 2003 relay email through Exchange 2007.
For your reference:
SMTP Protocol Extensions
http://technet.microsoft.com/en-us/library/bb123786(EXCHG.65).aspx
Allowing application servers to relay off Exchange Server 2007
http://msexchangeteam.com/archive/2006/12/28/432013.aspx
~~~~~~~~~~~~~~~~Mike Shen
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb @ microsoft.com
~~~~~~~~~~~~~~~~
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 11:13am
Sorry Mike, got taken away from this issue.
Its the other way around. Exchange 2007 needs to send through Exchange 2003 to get to the external world. Exchange 2003 should not go through 2007 at all.
Also, exchange 2003 and exchange 2007 are in the same organizations.
Thanks.
November 4th, 2009 10:29pm
Hi,
Thanks for your response.
I would like to summarize current situation firstly:
1. The unable to relay error only occurs when attempting to deliver to external recipients
2. It is a mixed environment that Exchange 2007 needs to send external message through Exchange 2003.
3. The Outbound mail flow like below:
Exchange 2007->Exchange 2003->Smarthost->Remote Mailbox Server
If I misunderstood current situation and your environment, please let me know.
Nevertheless, from your SMTP Protocol log, the unable to relay error is encountered when the Exchange 2003 server attempt to deliver the message to Exchange 2007 server. Would you please let me know whether the recipient in the SMTP log is a mailbox enabled user on Exchange 2007 or an external recipient.
Thanks,
Mike
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2009 5:29am