Secuirty Policies
Hi All,Just installing a new exchange 2007 sp1 in a ex2003 environment, had everything working, from a ex2007 mailbox I could send internally and externally. Rebooted the ex2007 server and now when I try to send externally I get this error:Dellivery has failed to these recipients or distribution lists - your message wasn't delivered because of security policies.Everything I have googled is for distribution groups, which I am not using, this is an external email address. Any suggestions would be great.Thanks,
July 25th, 2009 11:43pm

Hi, Would you please provide more information regarding the problem? 1. Whether the Exchange 2007 is configured to send message to external mail server directly or the message needs to go through Exchange 2003? Please let me know the outbound mail flow. 2. Whether the issue occurs when sending to specific external recipient or all external recipients? 3. Whether all the users on Exchange 2007 encountered the problem? Whether the Exchange 2003 users encounter the same problem? 4. Whether the issue can always be reproduced? 5. Would you please post the entire NDR message here for further research? We need to check when the NDR message is generated Mike
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2009 2:08pm

Hi,1. Exchange 2007 sends messages through the exchange 20032. It happens to all external recipients.3. Users on both servers are experiencing the same problem.4. Yes the issue can be reproduced.5. Here is the message: Delivery has failed to these recipients or distribution lists: email@yahoo.comYour message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator. Diagnostic information for administrators: Generating server: exchange2003.nic.bc.ca email@yahoo.com#< #5.7.1 smtp;550 5.7.1 Unable to relay> #SMTP# Original message headers: Received: from exchange2007.nic.bc.ca ([x.x.x.x]) by exchange2003.nic.bc.ca withMicrosoft SMTPSVC(6.0.3790.3959); Sat, 25 Jul 2009 13:29:06 -0700Received: from exchange2007.nic.bc.ca ([fe80::38a9:f210:9519:da10]) byexchange2007.nic.bc.ca ([fe80::38a9:f210:9519:da10%10]) with mapi; Sat, 25 Jul2009 13:29:06 -0700From: Test Logon <email@nic.bc.ca>To:joe <email@yahoo.com>Date: Sat, 25 Jul 2009 13:29:04 -0700Subject: RE: test 128Thread-Topic: test 128Thread-Index: AcoNZoc2Rpw52wF/TtKA5ikEJ81fBgAAAQkQMessage-ID: <EB853C1D8CFDAF49B8353A2C83994EE401803CFF@exchange2007.nic.bc.ca>References: <73588.99013.qm@web55402.mail.re4.yahoo.com>In-Reply-To: <73588.99013.qm@web55402.mail.re4.yahoo.com>Accept-Language: en-USContent-Language: en-USX-MS-Has-Attach:X-MS-TNEF-Correlator:acceptlanguage: en-USContent-Type: multipart/alternative; boundary="_000_EB853C1D8CFDAF49B8353A2C83994EE401803CFFexchange2007nicbcca_"MIME-Version: 1.0Return-Path: email@nic.bc.caX-OriginalArrivalTime: 25 Jul 2009 20:29:06.0816 (UTC) FILETIME=[8EDD1800:01CA0D66]Please let me know if you need anything else.
July 27th, 2009 7:15pm

Hi, Thanks for your response. From the information, I notice that the message could be delivered from Exchange 2007 to Exchange 2003 with no problem. In addition, from your description, the Exchange 2003 user also encounters the problem. From the NDR message, the error 5.7.1 smtp;550 5.7.1 Unable to relay is encountered. Based on the current situation, please let me know whether the Exchange 2003 connects to remote mail server (such as Yahoos mail server) to deliver message directly. Or the Exchange 2003 server needs to deliver message to a smarthost firstly. If the Exchange 2003 server connects to remote mail server directly, I suggest you enable SMTP log on the Exchange 2003 SMTP virtual directory to check whether the Exchange 2003 connects to correct remote mail server If the Exchange 2003 server needs to deliver message to a smarthost firstly, we need to ensure the smarthost is configured correctly to allow Exchange 2003 to relay email. Thanks, Mike
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2009 6:04am

Hi Mike,Thanks for the info. In a rush to get things working again. I blew away the connector between Exchange 2007 and exchange 2003. Then on the Exchange 2003 server created a connector to our smarthost. Eveything is working fine for the exchange 2003 server. I will be working on the exchange 2007 server to get things working again.Now, the weird thing is after the exchange 2007 reboot, it looks like it deleted or altered the connector to the smarthost. Because all I deleted was the connector between ex 2007 and ex 2003, so the connection to the smarthost should have been there anyway? One of those things. Thanks for your help and I will probably be posting again when I try to get the new exchangeserver up and running again.Thanks
July 29th, 2009 12:46am

Hi, I guess that the Exchange 2003 and Exchange 2007 are installed in the same organization. If I am right, I would like to explain that the Routing Group Connector between Exchange 2007 and Exchange 2003 need to be created in order to have users on Exchange 2003 and 2007 can send email each other. Regarding the Send Connector is deleted or altered after restarting Exchange 2007, I would like to explain that the Send Connector configuration information is saved in AD. The issue may occur if DC replication issue exists. You can specify Domain Controller to use when creating or modifying Send Connector with DomainController parameter. You can also get Send-Connector setting by using DomainController parameter to check whether AD replication issue exists. Mike
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2009 6:24am

Thanks Mike for all your help.
July 29th, 2009 9:03pm

Hi, Any updates regarding the issue? Whether the Exchange 2003 and 2007 are able to send external recipient?Mike
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2009 5:05am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics