Question : Unable to relay to certain outside domains from EX2003

We have just (1) 2003 Exchange server handling all of our mail traffic at the moment, the server sits behind a network based firewall. We can send email out to any domain just fine but when I try to send email to "abc.com" and "xyz.com " I get the infamous 5.7.1 error:

You do not have permission to send to this recipient. For assistance, contact your system administrator.
<xxxx.xxxxxxxxx.com #5.7.1 smtp;550 5.7.1 Unable to relay>


I have successfully ran the SMTPDiag.exe test from the Exchange server itself and all tests pass successfully and I have no errors by manually sending the email using telnet commands, only when I try to send the email via Outlook/MAPI and OWA.

Furthermore there's a 3rd domain that is hosted by the same company as the other 2 domains (Godaddy email hosting) and thus uses the same SMTP addresses in its MX record:

MX: smtp.secureserver.net (0)
MX: mailstore1.secureserver.net (10)

I can send email just fine to this third domain from Outlook/Owa, just not the other 2!!!

All relay permissions have been verified with the SMTP connector, and no IMAP/POP3 tests have been conducted, we only use MAPI and OWA.

I have all mail flowing out of my network via a public IP assigned to just my Exchange server, that IP has an A record of mail.xxxxxxx.com and a corresponding PTR. Also the virtual SMTP server is advertising itself as mail.xxxxxxx.com already. I can send email to AOL, yahoo, gmail, and every other domain out there, the problem is just with 2 domains currently hosted at Godaddy.

Lastly when I run a diagnostics test in mxtoolbox.com I get the following (the smtp banner 220 **** is intentional):

220 ************************************************

Not an open relay.
0 seconds - Good on Connection time
16.130 seconds - Not good! on Transaction time
OK - XX.XXX.XXX.XXX resolves to mail.xxxxxxxx.com
Warning - Reverse DNS does not match SMTP Banner

What else could I check?

Answer : Unable to relay to certain outside domains from EX2003

Download the account lcokout tools from Microsoft;
 http://www.microsoft.com/downloads/details.aspx?familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e&displaylang=en

There's a tool called eventcombMT.exe this comes with a built-in search for account lockouts that will tell you where the bad attempts are coming from. This should be a good starting point...
Random Solutions  
 
programming4us programming4us