Discussion:
REPOST Allowing inbound email for secondary SMTP addresses results in "cannot relay"
(too old to reply)
FastEddie
2005-04-14 12:35:17 UTC
Permalink
I adding another Recipient Policy called "Inbound Domains" and added about
20 domains to it. The check box is selected where it says "This Exchange
Organization is responsible for all mail delivery to this address." But the
check box next to "smtp" and then @domain2.com is not selected. Went into
Recipient Update Service and selected Rebuild. Waited over night, and tested
sending an email to one of my secondary smtp proxy addresses in my AD
account by telneting into the exchange server and I still get the "550 5.7.1
Unable to relay for ***@domain2.com"

Please help!! I am running out of options here...

-FastEddie
I have posted this a few times and have not gotten an answer that works.
I have 3 exchange 5.5 sites in one Organization. One site has Exchange
2003.
The other sites are NT4 with 5.5 servers and a trust relationship.
Some mailboxes in one exchange 5.5 site has secondary email addresses
@domain1.com but their primary SMTP email address is @domain.com
If I have mail coming inbound to the exchange 2003 server, it will not
Then something else is wrong.
I have added these domains to the default recipient Policy and it has not
fixed it. I assume if I check the box, in the recipient policy, it will add
the address for to all recipients (correct?) which I do not want.
There's no need to have the addresses assigned to any objects by the
RUS. Simply having the address in the recipient policy should be
enough. But I wouldn't modify the default policy, I'd create another
policy, add the domains to that policy, and leave the LDAP filter
blank. You can check the boxes, if you like -- with an empty LDAP
filter they won't be assigned to anything.
by the way, each 5.5 site has created recipient policies with higher
prorities than the default policy.
That's normal.
Please help, this is stopping email from coming in for some users.
Have you restarted the System Attendant service? The information in
the recipient policies must be transferred to the metabase file for
the SMTP server to accept mail for the new domains. It doesn't sound
like that's happening.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Rich Matheisen [MVP]
2005-04-15 00:40:32 UTC
Permalink
Post by FastEddie
I adding another Recipient Policy called "Inbound Domains" and added about
20 domains to it. The check box is selected where it says "This Exchange
Organization is responsible for all mail delivery to this address." But the
Recipient Update Service and selected Rebuild. Waited over night, and tested
sending an email to one of my secondary smtp proxy addresses in my AD
account by telneting into the exchange server and I still get the "550 5.7.1
Please help!! I am running out of options here...
So check the box! If it's not checked it isn't used. if it's not used
it shouldn't be accepted.

If you don't want the addresses added to any of the AD objects, jut
make sure the "Filter rules" on the "General" tab of the policy is
empty.

BTW, there's no need to rebuild the RUS when you do this. It should be
effective almost immediately.

If it's not working then you have a problem with the system attendant
thread that updates the IIS metbase file with the changes you made in
the active directory. If restarting the system attendant service
doesn't fix this then you probably have a damaged metabase file.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
FastEddie
2005-04-18 17:33:25 UTC
Permalink
Thanks Rich,

Still not working. It did work for a short while after I rebooted my 5.5
server and 2003 server, but still no go. Explained later in this post.

Here is the layout again. We have 3 Exchange 5.5 servers. They allow inbound
mail for about 20 additional domains through one IMC. They are listed as
<inbound>. Then we manually added the smtp addresses to each users mailbox.
Some domains are primary, some domains are both primary and secondary, and
some are ONLY secondary smtp addresses. Once we brought in Exchange 2003
into one of the sites, inbound email worked for all domains for a short
while. then quit. I had to move my inbound mail back to the 5.5 server to
keep inbound mail for ALL internal domains working.

I have tried the following for Recipient Policies:
Added additional domains like @domain.com and checked the box that says
"This Exchange Organization is resopnsible for all mail delivery to this
address". Tested (no go), rebuilt the RUS, tested (no go) removed the
domains from the Default Policy and created a new one and did the same
tests. All with bad results (cannot relay). I've also restarted the SA
throughout this process.

It did work for about 5 minutes after I added a new Policy called Inbound
Domains, added all the domains with the "This Exchange Organization is
resopnsible for all mail delivery to this address" unchecked, restarted the
SA, then rebuilt the RUS.

Don't forget, I am NOT checking the box to add the @domain.com to every mail
enabled user because the addresses exist in some mailboxes but not all and
we don't want to change anything, we just want inbound for those domains to
work.

Also, there is NO filter rules setup for the new policy called Inbound
Domains.

I think you may be right about having a damaged metabase file. How do I
check it and repair it?

My head is spinning...

Thanks Rich!!

~FastEddie
Post by Rich Matheisen [MVP]
Post by FastEddie
I adding another Recipient Policy called "Inbound Domains" and added about
20 domains to it. The check box is selected where it says "This Exchange
Organization is responsible for all mail delivery to this address." But the
Recipient Update Service and selected Rebuild. Waited over night, and tested
sending an email to one of my secondary smtp proxy addresses in my AD
account by telneting into the exchange server and I still get the "550 5.7.1
Please help!! I am running out of options here...
So check the box! If it's not checked it isn't used. if it's not used
it shouldn't be accepted.
If you don't want the addresses added to any of the AD objects, jut
make sure the "Filter rules" on the "General" tab of the policy is
empty.
BTW, there's no need to rebuild the RUS when you do this. It should be
effective almost immediately.
If it's not working then you have a problem with the system attendant
thread that updates the IIS metbase file with the changes you made in
the active directory. If restarting the system attendant service
doesn't fix this then you probably have a damaged metabase file.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Rich Matheisen [MVP]
2005-04-18 23:59:45 UTC
Permalink
"FastEddie" <***@therockwells.net.no.spam> wrote:

[ snip ]
Post by FastEddie
enabled user because the addresses exist in some mailboxes but not all and
we don't want to change anything, we just want inbound for those domains to
work.
Also, there is NO filter rules setup for the new policy called Inbound
Domains.
Then CHECK THE BOX next to the domain name in the "E-Mail Addrsses
(Policy)" tab.

If the LDAP filter's empty the policy won't be applied to any objects
in the AD but it WILL alow inbound mail for the domains.
Post by FastEddie
I think you may be right about having a damaged metabase file. How do I
check it and repair it?
No, I don't think so. At least not yet.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Loading...