Exchange 2010 send error : 550 5.7.1, Please help

W

wadeholm

Member
Joined
Nov 18, 2008
Messages
27
Reaction score
0
Im hoping there is someone here that can help me or point me in the right direction here.

So with our shocking internet, i made the decision to switch my company from Mweb to Afrihost as its 1/3rd of the price virtually for a 10Mbps uncapped business line.

now with the Mweb, their static ip uses L2TPv2 i think, where Afrihost have decidedd to go with L2TPv3, and do not give any way around it. As per another thread here, if youhave a mikrotek, and afrihost = virtually impossible to get the static IP wworking as the mikrotek does not support L2Tv3

So, in this move, i have been forced to use a dynamic ip provider, no-ip.org in this case.so i installed the app on the one server, and the Ip address is updateing as desired.
I then changed our mail.company.co.za A entry in the DNS manager, to a CNAME pointing to the company.no-ip.org.
i checked that the pointer was updating by pinging mail.mycompany.co.za which resolved to me dynamic IP.

now in testing emails, recieving is perfect, however, sending results in a nice messsageabout "Could not relay".
I have checked the send connectors, the accepted domin settings and more.

We are routing our mail through the afrihost mail server (smtp.afrihost.co.za) which in testing before switching the DNS entry, could send perfectly.

Any ideas on whats breaking and where.
Thanks
Wade
 
Could not relay is normally an auth issue, just have your Exchange send the mails out directly to the MX instead of a smarthost
 
I then changed our mail.company.co.za A entry in the DNS manager, to a CNAME pointing to the company.no-ip.org.
Click to expand...
I think the Afrihost server is getting your dynamic DNS name when receiving a smart host request and denies it.
 
Last edited:
Peon said:
I then changed our mail.company.co.za A entry in the DNS manager, to a CNAME pointing to the company.no-ip.org. I think the Afrihost server is getting your dynamic DNS name when receiving a smart host request and denies it.
Click to expand...

You can set what FQDN Exchange sends in the connection string to a remote SMTP server
 
Get an ADSL account with a proper static IP - usually the router itself have 5 static IP's for your use.

We do have one, but it's limited to 1Mb line speed, and I'm looking around for alternatives. It uses IS as backbone.


Reasons why I don't want a static IP via L2Tv2/3/4/5/6 whatever is that :

1. If the L2T server goes down, what then.
2. If a node between you and the L2T server goes down, and you cannot access the L2T server, what then.
3. If some ne'er-do-well decide to DDoS the L2T server, what then...
4. I prefer the KISS principle. Too many other stuff will lead to a cascading failure - when you need it the least.
 
So some more info, in te error email i get, it says my.server.local rejected your message to the following email addresses xxx@xxx

my.server.local gave this error :
Unable to relay.


From that it makes it sound like my server is denying my account from sending mails :confused:

I will try set the forwarding FQDN to be the dynamic FQDN and hope that helps.
 
The_Librarian said:
Get an ADSL account with a proper static IP - usually the router itself have 5 static IP's for your use.

We do have one, but it's limited to 1Mb line speed, and I'm looking around for alternatives. It uses IS as backbone.


Reasons why I don't want a static IP via L2Tv2/3/4/5/6 whatever is that :

1. If the L2T server goes down, what then.
2. If a node between you and the L2T server goes down, and you cannot access the L2T server, what then.
3. If some ne'er-do-well decide to DDoS the L2T server, what then...
4. I prefer the KISS principle. Too many other stuff will lead to a cascading failure - when you need it the least.
Click to expand...

How do you think IS provide the static IP?
Telkom IPC dont offer static IP and the only option is via a VPN like IPSec. Most of the big guys have a cluster of IPSec servers.
 
grim said:
Could not relay is normally an auth issue, just have your Exchange send the mails out directly to the MX instead of a smarthost
Click to expand...

You need static ip to send directly to MX, most of the dynamic ip address will be listed in some blacklist for spam.
 
qwertydudeza said:
How do you think IS provide the static IP?
Telkom IPC dont offer static IP and the only option is via a VPN like IPSec. Most of the big guys have a cluster of IPSec servers.
Click to expand...
Static IP is programmed into the router, and cannot be changed by the client. There is no L2T foolery going on. We have 5 static, public IP's for our use.
 
OokMobile said:
Static IP is programmed into the router, and cannot be changed by the client. There is no L2T foolery going on. We have 5 static, public IP's for our use.
Click to expand...

You do have a l2tp tunnel you just don't know it.
 
Lo
wadeholm said:
So some more info, in te error email i get, it says my.server.local rejected your message to the following email addresses xxx@xxx

my.server.local gave this error :
Unable to relay.


From that it makes it sound like my server is denying my account from sending mails :confused:

I will try set the forwarding FQDN to be the dynamic FQDN and hope that helps.
Click to expand...

Send an email to an afrihost address as a test for example [email protected] to see if it goes through

You can also telnet to the server on port 25 then send a email using the command line to get a clearer error message. How are you receiving mail?
 
Last edited:
ok so after fighting some more, i have given up for now on a dynamic DNS record and wil buy a router supporting L2TP without IPSec (ie not a mikrotek :cry:).

As a temporary solution however i have chenged our DNS entry to our current dynamic IP, and will just check it often, however, this has still not yeilded any luck.
I have checked that the IP is not blacklisted and still cannot send any mails out, however we can still recieve perfectly.

I then ran the testconnectivity.microsoft test and got this warning :
Attempting to find the SPF record using a DNS TEXT record query.
The Microsoft Connectivity Analyzer wasn't able to find the SPF record.

Everything else has a green tick.

I then did a reverse DNS lookup on 105.237.67.162 and got this :
How I am searching:
g.root-servers.net (192.112.36.4) says to go to a.in-addr-servers.arpa (zone: in-addr.arpa.)
a.in-addr-servers.arpa (199.212.0.73) says to go to ns2.afrinic.net (zone: 105.in-addr.arpa.)
ns2.afrinic.net (196.216.168.10) says to go to ns1.iafrica.com (zone: 237.105.in-addr.arpa.)
Report: ns1.iafrica.com says 105-237-67-162.access.mtnbusiness.co.za. [TTL=86400]

Would i not be correct in saying, that the HELO or EHLO response then will fail if mine is currently mail.mydoamin.co.za

this is then confirmed by a Domain test which reported the following :
Reverse DNS entries for MX records FAILED. The IPs of not all of your mail server(s) have correct reverse DNS (PTR) entries. The reverse DNS entries are:

162.67.237.105.in-addr.arpa. 105-237-67-162.access.mtnbusiness.co.za. [TTL=86400]
These tests were done at : http://dnstools.fastnext.com/index.php

So....
If i buy a router that supports L2TP without IPSec(ie whats required for a static IP by MTN) will the reverse DNS issue be resolved? Im assuming so but you know what they say about assumptions ;) I would just like a second opinion here.

Secondly, if the reverse DNS is resolved, will my outgoing mails reach their destination? Again im assuming it will as currently my guess is that the destination mail servers are denying my mails due to the reverse DNS failing.

Any thoughts/confirmation on my investigation outcomes here, will be greatly appreciated.
Thanks guys
Wade
 
Last edited:
The right way to do it is to have your email spooled. Ours cost R500 a month. Your mail records are then host with the service provider which resolves all these issues. They receive you email and forward it on to you (dynamic or static) . If your line goes down they spool the mail so no bounce backs. Think of getting a service like this its the right way to handle email
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X