Posts: 6
Joined: 6.Jul.2004
From: South Africa
Status: offline
Can anyone give me some info as to how to correct this problem?
I only receive this error when I send mail to a certain email address. The funny thing is that this email address is hosted by the same company that provides us with our Static IP.
I can however get the meail out to the email address by re-sending it?
Why will it no go through the first time, but after the error message, it does go through?
Posts: 6
Joined: 6.Jul.2004
From: South Africa
Status: offline
Not as far as I know, We have a registered domain, with a static IP. The DNS Server is also pointing to our Static IP address.
IP: 66.8.37.218
We do however have a Linux Firewall sitting in front of the Exchange Server. I am not sure how this works, but according to the Firewall Admin mail does not get stopped or anything done to it by this firewall.
Posts: 6
Joined: 6.Jul.2004
From: South Africa
Status: offline
Full error the the sender receives: your message did not reach some or all of the intended recipients. subject: Sent:
The following recipient (s) could not be reached: recipient on date and time
There was a SMTP communication problem with the recipients email server. Please contact your system administrator. <spatialintel.com #5.5.0 smtp;553 sorry, that domain isn't in my list of allowed rcpthosts 5.7.1)>
i had such a problem but it was due to DNS configuration. is your MX record pointing to a cname or something like that ? check <http://support.microsoft.com/default.aspx?scid=kb;EN-US;153001>
and make a DNS check of your domain through www.dnsreport.com and report any errors concerning your mail server
Posts: 6
Joined: 6.Jul.2004
From: South Africa
Status: offline
I actually found the problem, and it had nothing to do with my site's MX records, DNS or blacklisting.
The real problem when you receive an error like this is that the domain that you are trying to send email to does not allow relaying.
In other words for those who don't know, this means that you would have to go visit orbis - a website to check and see if they allow relaying.
As it happens this is normally an idiot administrator on their side that thinks he or she knows enough about exchange and security to use security features that should rather be left alone.....
Oh by the way it could also be the above mentioned dns or mx, but if it was this then a. you won't be able to send mail to enyone or receive mail from anyone.
The dns - microsoft comment is excaxtly the way that we setup our dns, but with a couple of improvements through linux.
The linux firewall does not relay our mail, it only acts as a firewall.
I will supply the entire we address later to go and check if that domain accepts relaying.
The other problem that I picked up is that due to the relay attempt to that domain, when you resend the same message, it will go through. This has to do with the time that it takes to authenticate onto the domain.
Could you please send me the URL for the Orbis site you mentioned? I have been dealing unsuccessfully with this same issue for 2 weeks and yours is the first post that actually seems to be similar to my issue. I've checked and adjusted DNS settings internally and externally, MX and A records, (our Cname is different because our web site is hosted elsewhere, but it doesn't point to our mail), security setting, firewall configuration... And we do not use a smart host. As of today the first time a mail is sent it is rejected with the same message you received. If I resend the mail it seems to go through. That would be consistent with your last paragraph. You can write me directly at sandra.smith@sai-inc.org if you wish. Thanks for any help you can give me.
Posts: 1
Joined: 24.Nov.2004
From: Brisbane, Australia
Status: offline
Hmmm... I'm having exactly the same problem as other posters. Occasional email rejected first time, but gets through on a resend.
We have been running Exchange 5.5 for about 5 years with no major problem. About 6 weeks ago we swapped from perm dialup to ADSL, where the firewall changed from a Linux box to the one built into the ADSL modem, but it seems like this problem started about 2 weeks ago.I also added an SPF record. If anyone thinks they have really cracked this, please post to this message board.
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
I'm running on win 2003 sbs, and when the user use the web login to login to the win2003 server and sends email, it sometimes gets through and sometimes don't! but sending to user of the same domain is alright. what's wrong?
The error, "553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)", means that you are trying to send email using the wrong smtp server.
Smtp related errors may have different numbers and slightly different wording, eg, "Relay access denied for...", but are all related to the same problem.
The smtp server that you use to send email is not determined by who hosts your email, but rather is a service of your Internet connection provider. All ISP's provide their customers with smtp servers, regardless of their email address.
One of the most important reasons for doing this is so spammers cannot connect to an unauthorized smtp server and use it to send mountains of spam. Occasionally, spammers find these "open" systems and flood them with mail. These systems are known as "open relays" and are the result of careless configuration by the operator.
Clients commonly see this error when they configure their PC at work, then try to use the same configuration at home, where the Internet connection is provided by a different ISP.
The fix for this situation is to change the smtp server in the mail client to match the one provided by the ISP.
Posts: 6
Joined: 6.Jul.2004
From: South Africa
Status: offline
This is the true cause to this error: OPlease take note of this anyone who is using a Linux Firewall or any Firewall for that matter:
There is a certain company who is renting out 192. IP address Range. This was never the case in the past, thus everyone used 192. internal IP ranges.
Now with the firewall you would normally block any 192. access. With the new external 192. ranges that is being rented out, you are blocking your own mail. The only solution that we've found thusfar is:
On Linux - Set a static rout to that specific email box - IP which should then reference their SMTP server - Not the Firewall.
The rule must allow communication to that IP address.
I think it will work the same in windows.
Please note that you must be able to telnet to their mailserver. If you can not do this, you know that there is a IP problem...
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 7.Dec.2004 12:47:00 PM
Guest
Let me re-word the top wording.
The problem that I was experiencing was that we ran our internel network on a 192.x.x.x IP Range.
We also use a Linux Firewall for our gateway. The Firewall has been setup to stop any internal to external communication on any 192.x.x.x IP
The email server that we were trying to send mail to also had a 192.x.x.x IP as a static IP.
Now the firewall did not allow any external communication over a 192.x.x.x IP Range.
The exchange server would then send the mail to the Firewall, which in return then sends it back, because it is not allowed to let any communication through to a 192.x.x.x IP This will then carry on until the exchange then is not allowed to send it any more.
The User would then receive the error.
To resolve this issue, I first found out what the email server's IP address is that I am trying to send the mail to. From here I tried to telnet into the ip:25 which is the mail server, which I could not do.
I then placed a static routeing rule on the firewall only for this specific IP address - Mail server that I am trying to send mail to - which then only allowed communication for mail to that IP.
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 13.Dec.2004 1:11:00 PM
Guest
Good work. Often these problems are simple, it takes a special technocrat to see the simple answers sometimes!
quote:Originally posted by arcticflipper: This is the true cause to this error: OPlease take note of this anyone who is using a Linux Firewall or any Firewall for that matter:
There is a certain company who is renting out 192. IP address Range. This was never the case in the past, thus everyone used 192. internal IP ranges.
Now with the firewall you would normally block any 192. access. With the new external 192. ranges that is being rented out, you are blocking your own mail. The only solution that we've found thusfar is:
On Linux - Set a static rout to that specific email box - IP which should then reference their SMTP server - Not the Firewall.
The rule must allow communication to that IP address.
I think it will work the same in windows.
Please note that you must be able to telnet to their mailserver. If you can not do this, you know that there is a IP problem...
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 13.Dec.2004 1:13:00 PM
Guest
Sorry I gave credit to the wrong person below... You solution being the simplest was also the most effective.
quote:Originally posted by akumi: This is what i found...
The error, "553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)", means that you are trying to send email using the wrong smtp server.
Smtp related errors may have different numbers and slightly different wording, eg, "Relay access denied for...", but are all related to the same problem.
The smtp server that you use to send email is not determined by who hosts your email, but rather is a service of your Internet connection provider. All ISP's provide their customers with smtp servers, regardless of their email address.
One of the most important reasons for doing this is so spammers cannot connect to an unauthorized smtp server and use it to send mountains of spam. Occasionally, spammers find these "open" systems and flood them with mail. These systems are known as "open relays" and are the result of careless configuration by the operator.
Clients commonly see this error when they configure their PC at work, then try to use the same configuration at home, where the Internet connection is provided by a different ISP.
The fix for this situation is to change the smtp server in the mail client to match the one provided by the ISP.
Note that the 'Class C' range is NOT the entire 192.0.0.0/8 range, just addresses 192.168.0.1-->192.168.0.254, so by blocking everything in the range 192.0.0.1-->192.255.255.254 you have in fact blocked access to a whole bunch of legitimate 192. public (not private) addresses. If you then want to communicate with one of these addresses, your firewall will stop you just as you (mistakenly) asked it to do.
This isn't anything to do with 'someone renting 192 addresses' but a misunderstanding over the 192.168.0.0/16 range of PRIVATE addresses. These do not include all 192.x.x.x addresses, and that is where your problem lies. See http://en.wikipedia.org/wiki/Private_network for more details of address private address space allocation.
Oops...now how did I get that so wrong?...I even pointed to a resource quoting the exact ranges you mention, however, in my defence, my general point was advice was being given by others to block 192.x.x.x (192.0.0.0/8) which is broader than the 192.168.0.0/16 private address range and so would result in legitimate public 191.168.x.x addresses being blocked.
Also as to address ranges, I deliberately dropped the network and broadcast addresses as these are not assignable, hence quoting from .1 to .254 and not .0 to .255.
No problem, I just wanted to make sure everyone understands just that. Al though not assignable the 0 and 255 addresses are correct ip-addresses pointing to networks or being broadcast addresses and valid to use in routers/firewalls.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2003] >> General >> domain isn't in my list of allowed rcpthosts (#5.7.1) 
domain isn't in my list of allowed rcpthosts (#5.7.1) - 
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 
RE: domain isn't in my list of allowed rcpthosts (#5.7.1) - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
