Searching...
Monday 30 December 2013

How to solve Exchange SMTP server error ’5.7.1 Unable to Relay’?


While using Outlook with Exchange server a user can have to face several kinds of errors. Most common among them are the SMTP errors.

Common SMTP errors are 550 5.7.1 'Unable to Relay', error code 5.0.0, 5.7.1, or 5.7.3 etc. 501 5.7.1 is another error code that can occur if there are problems while relaying email through Exchange. Just like 550 5.7.1 it also indicates that the user email client failed to authenticate on the mail server.

These error codes basically indicate Non-delivery report of a mail or email relay issues. It can happen if the recipient doesn’t allow relay, then the sender will not be able to reach or that the receiver domain is restricting the sender domain from relaying the message.

Symptoms that indicate email relay issues: 
  • The Email delivery fails with error code  5.0.0, 5.7.1, or 5.7.3
  • If the number of domains increases then You starts facing troubles while sending mail
  • Your Exchange computer starts sending unsolicited commercial emails that appears in your mail queues. Also you can receive information from a remote domain that your Exchange computer sent an unsolicited commercial email to it.
'550 5.7.1 Unable to Relay' code error:

550 5.7.1 Unable to Relay’ code error generally occurs when the user tries to send emails outside his domain.

Causes for the error:
  • The outgoing mail server could not identify the sender.
  • There are some issues while authenticating the sender on the server and thus restricting them to send emails.
  • The receiver domain’s recipient policy has imposed restrictions on the sender’s domain / department. The Exchange Database is corrupt.
Fix Exchange Errors & Restore All Mailboxes with Microsoft Exchange Recovery Software

How to resolve the error '550 5.7.1 Unable to Relay'

For Exchange 2003: If you have been using any CRM application such as SharePoint or Dynamics and facing the above error: "550 5.7.1 Unable to relay". In such case, you need to relay off the Exchange server 2007 by allowing application servers. You have to implement some relay restrictions on the virtual server. The application event log stores the error list that occurs in the Exchange environment. You can view the event log; go through the error causing aspect and then find its solution accordingly.

In order to resolve the problem in Exchange 2003, you need to implement a few restrictions on the SMTP virtual server.
  • Start Exchange Server Manager.
  • Go to the Administrative Groups
  • Select Administrative Group Name -> Server -> Server Name -> Protocols -> SMTP.
  • Right click Default SMTP Virtual Server and open Properties.
  • Go to Access tab > Relay > ‘only the list below‘.
This will open a window where you can add the IPs to be relayed and your domain.
  • Select the checkbox ‘Allow all computers which successfully authenticate to relay, regardless of the list above‘.

For Exchange 2007: You need to configure the Exchange server so that it can accept and relay email from the hosts (the host authentication is implemented by default).

The permissions to submit and relay are set within the ‘Permissions Group’. The authenticated users can be granted following permissions:

NT AUTHORITY\Authenticated Users {ms-Exch-SMTP-Submit}
NT AUTHORITY\Authenticated Users {ms-Exch-Accept-Headers-Routing}
NT AUTHORITY\Authenticated Users {ms-Exch-Bypass-Anti-Spam}
NT AUTHORITY\Authenticated Users {ms-Exch-SMTP-Accept-Any-Recipient}

"Only the list below (specify IP address)", you need to use this option for those users that aren't authenticated with Exchange server, one such situation is when you are using an application server that relays messages through Exchange.

Steps to create a new SMTP Virtual Server:
  • First create a new SMTP receive connector.
  • Specify the remote IP Address(es) in the "Remote Network settings". Only the specified IP Address will be allowed to submit a mail rest else will not be permitted to relay.
  • Open the properties of the connector. Now you will get two options: the first option is: "Make your new scoped connector an Externally Secured connector" and the second option is "Grant the relay permission to Anonymous on your new scoped connector".
    • Choose the first option if the submitted mails are intended for internal users as well as outside world. First open the CRM application properties. Select the check-box Exchange servers to the enable the Exchange Servers permission group. Click OK. Now go to the authentication tab and specify the security mechanisms which are available for incoming connections.
    • Using the second option you can specify who is allowed to connect to this receive connector. First select the checkbox 'Anonymous users' to add the 'Anonymous users' Permissions Group to the connector.
You need to go to the Exchange shell for granting the relay permission
Get-ReceiveConnector "CRM Application" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

You can have to face several issues while relaying an SMTP Receive Connector for Exchange. I am especially taking the JIRA install into consideration. Such common problems faced by user while setting up a SMTP relay in JIRA install are: The user name will be removed from the ‘From’ field, Emails will be still submitted to external domain addresses or the user's name will stay intact in the ‘From’ address field   but the emails couldn’t be submitted to outside domains.

Follow the given steps to setup SMTP relay in Exchange 2007 for JIRA:
  • Go to Exchange MMC > Server Configuration > Hub Transport.
  • Select the desired Hub Transport server.
  • Then, select the "New Receive Connector" to open the "New SMTP Receive Connector" wizard.

  • Enter the relay name & select the suitable option from the dropdown list "Select the intended use for this Receive connector"
  • Go to the ‘Local Network settings’ tab and enter your Exchange Hub Transport server’s address under the option "Specify an IP address". Before Entering the FQDN first remove default "All available IPv4 addresses". Then click ‘Next’. 


  • Go to the ‘Remote Network settings’ tab>Add. Fill the IP address of the JIRA server in the IP address field. Click OK 

  • First Delete the default filled values and proceed further by clicking Next
  • Click Finish, once the process is completed.

Now, the newly created for connecter will be shown in the list where others have been already listed. To recheck and verify its attributes, simply double click to open properties. Go to general tab and check whether FQDN is correct or not. Go to network tab and check for the details you have entered in the IP addresses. Now go to Authentication tab and ensure that only ‘Transport Layer Security (TLS)’ is selected there.
  • Go to the ‘Permission Groups tab’ and select the checkbox ‘Anonymous Users’.
  • Go to Exchange Management Shell and run the command
  • Get-ReceiveConnector "JiraTest" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
  • Here, JiraTest is name of the connector that was just created.
  • Once this all is done, you can now relay JIRA's emails via Exchange.
The Exchange error code 5.7.1 can also occur due to edb database corruption. In such case you need to repair the corrupt database using utility Eseutil. If it fails to recover your data then you need some powerful Exchange recovery software.