Friday, September 08, 2006
550 relaying denied for local domains
Have you ever experienced your Exchange server suddenly (or not) rejecting all messages destined for local domains (i.e. the ones listed in your recipient policies)? Here are a couple of things you can check to see what is going on.
First, manually telnet to your Exchange server on port 25, and attempt to send a message. I won't go through all of the commands, but the Rcpt to: command is the most important here. If you are seeing this problem, as soon as you enter the rcpt to: command and enter the e-mail address of a user in that domain, you will see the 550 relaying denied message. A little trick here is that with Exchange 2000 and 2003, you can actually get away with just typing the username. For example, instead of typing
rcpt to: email@example.com
you would type
rcpt to: user
When you do this, Exchange 2000 and 2003 will automatically append the smtp domain information and convert it to firstname.lastname@example.org. In this case, performing this action resulted in Exchange returning email@example.com, which was not a part of recipient policies.
This gave me a clue as to what the problem might be, and leads to the next part.
Open Internet Information Services Manager, and expand your server name and check for the existance of an SMTP Virtual server in there. See, when you install Exchange, it requires SMTP to be installed, but during the installation, it takes over ownership (and managing) of the SMTP bit. In other words, SMTP should not show up in IIS Manager. If it does, then you know that Exchange isn't managing SMTP as it should. Fortunately, the solution to this problem is fairly easy.
If you have uninstalled/reinstalled IIS, then you have to reinstall Exchange. This is done simply by re-running Exchange setup and choosing Reinstall from the drop-down box for the install options. Don't worry - this doesn't touch the databases, it just reinstalls the Exchange binaries (\Exchsrvr\bin). Upon completion of this step, you would then need to reinstall any Exchange service packs and hotfixes.
If you have only uninstalled/reinstalled the SMTP component, then it's even easier. By following the instructions in http://support.microsoft.com/kb/290290/EN-US/, you can run smtpreinstall.exe and fix the relationship between Exchange and SMTP.
As also mentioned in the article, the other clue that will guide you to this conclusion is if there are missing SMTP verbs. When you type the EHLO command into your telnet session, all of the supported SMTP verbs will be listed.
If you don't see the following, then the Exchange verbs are not present, and you need to follow the above instructions to repair it.
250-X-EXPS GSSAPI NTLM LOGIN
250-AUTH GSSAPI NTLM LOGIN
Comments: Post a Comment
Links to this post:
Links to this post: