'You do not have permission to send to this recipient' errors

Countless Exchange Server administrators have been faced with the 'You do not have permission to send to this recipient' non-delivery report (NDR) as a result of a 5.7.1 or 5.7.3 error. There are numerous potential causes for these errors, including firewall configuration issues, bad DNS settings, updating recipient policies, and blocked SMTP communication -- just to name a few. This Exchange Server Troubleshooting Guide will help you diagnose 'You do not have permission to send to this recipient' errors and resolve your email delivery dilemmas.
[IMAGE]

[IMAGE]   Potential Cause [IMAGE]  Firewalls
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE][IMAGE][IMAGE]
If users are having problems sending email from Exchange Server, the firewall could be the culprit. Your checklist should include: firewall configurations and settings, personal firewalls installed on a client machine, and a change in the external IP address of the Microsoft Internet Security and Accleration (ISA) Server.
[IMAGE]
More firewall troubleshooting tips:
[IMAGE]
 [IMAGE][IMAGE] Disable the Mailguard feature on your Cisco PIX firewall [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Adjust firewall policies for less restrictive SMTP monitoring rules [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Learn how to (properly) configure ISA Server as an SMTP filter [IMAGE][IMAGE] 
[IMAGE]

[IMAGE]

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Exchange Server Administration Creating and configuring Exchange Server 2007 mailboxes How to configure Exchange Server 2007 mailboxes How to create and configure Exchange Server 2007 distribution groups Managing Exchange Server 2007 address lists Setting up Exchange Server 2007 contacts Creating and managing recipients in Exchange Server 2007 Creating mail users in Exchange Server 2007 Deleting and reconnecting Exchange Server 2007 mailboxes 'Exchange is in recovery mode' errors A roundup of DST resources for Exchange Server administrators Microsoft Exchange Server Administration Research Microsoft Exchange Server Permissions Exchange users receiving email addressed to legacy users Restrict access to Outlook Web Access via Exchange System Manager Why you should secure Exchange 2007 using administrative policies Editing Exchange Server public folder permissions Can't delete old Microsoft Outlook public folders Why can't I grant users permissions to an Exchange public folder? Exchange public folder calendar can't be opened in Microsoft Outlook Grant or deny permissions to access a user's Exchange 2007 mailbox Set Outlook calendar permissions for group to view private meetings Exchange Admin 101: Exchange 2003 and Exchange 2007 admin privileges Microsoft Exchange Server Mailbox Management Effects of excessive mailbox size and storage on Outlook performance Show hidden email addresses in a GAL on Exchange Server 2003 Industry expert analyzes future of messaging Delivering email between Exchange server test and production domains Microsoft Outlook error message: 'Mailbox Size Limit exceeded' Restoring user accounts and mailbox links in Active Directory Problems receiving email from outside a Exchange Server 2003 domain Best practices for moving mailboxes in Exchange Server Exchange admins: Is it time to rethink your email address policy? Exchange Server 2003 collects email from only specific POP3 domains

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary service pack  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

and MX records--> [IMAGE]   Potential Cause [IMAGE]  DNS and MX records
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE][IMAGE][IMAGE]
A Mail Exchanger DNS record -- better known as an MX record -- helps an email message reach its intended recipient. You should analyze your public DNS record to make sure that the server's PTR (pointer) record has the server name mapped to the correct IP address.
[IMAGE]
More DNS troubleshooting tips and tools:
[IMAGE]
 [IMAGE][IMAGE] A primer on DNS and MX records [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Nslookup: Check the DNS record associated with your domain [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] End reverse DNS lookups [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Reverse DNS lookup failure [IMAGE][IMAGE] 
[IMAGE]

[IMAGE]

[IMAGE]   Potential Cause [IMAGE]  SMTP authentication and relaying
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE][IMAGE][IMAGE]
SMTP authentication and relaying may be affected by a blocked domain, spam filters not allowing country-code domains, attachments, and MSExchange Transport errors (check event logs for these errors). If the "Allow all computers which successfully authenticate to relay" checkbox is not ticked, this also may cause Exchange Server non-delivery errors.
[IMAGE]
More SMTP authentication and relaying tips:
[IMAGE]
 [IMAGE][IMAGE] Stop relaying and enable outgoing SMTP authentication [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Mail relay issues in Exchange Server 2003 and Exchange 2000 Server [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Telnet to port 25 to test SMTP communication [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Should you turn off your network's outbound SMTP (port 25)? [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Testing IP restrictions on port 25 [IMAGE][IMAGE] 
[IMAGE]

[IMAGE]

[IMAGE]   Potential Cause [IMAGE]  Internet Service Providers
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE][IMAGE][IMAGE]
Your Internet Service Provider (ISP) or your recipient's ISP may be at the root of your email delivery woes.
[IMAGE]
More on ISPs causing email delivery failure:
[IMAGE]
 [IMAGE][IMAGE] Problems sending email to free Internet email accounts [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Many ISPs now blocking port 25 [IMAGE][IMAGE] 
[IMAGE]

[IMAGE]

[IMAGE]   Potential Cause [IMAGE]  Recipient policies and permissions
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE][IMAGE][IMAGE]
Proxy addresses should match at least one Exchange Server recipient policy. If you do not have an Exchange Server recipient policy configured for the domain to which the message is sent or the sender does not have permissions, you may receive a 5.7.1 error.
[IMAGE]
More on configuring recipients and permissions:
[IMAGE]
 [IMAGE][IMAGE] How to effectively manage recipients and distribution lists [IMAGE][IMAGE] 
[IMAGE]

[IMAGE]

[IMAGE]   Potential Cause [IMAGE]  Spam filtering
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE][IMAGE][IMAGE]
The intended recipient's spam filter may be identifying your Exchange Server email as unsolicited commercial email (UCE) or spam.
[IMAGE]
More spam-filtering troubleshooting tips:
[IMAGE]
 [IMAGE][IMAGE] Message blocked because it contains a banned word [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Fighting spam with SMTP 'tar pits' [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Configuring the smart host setting for outbound mail on Exchange 2003 [IMAGE][IMAGE]
[IMAGE]
 [IMAGE][IMAGE] Exchange Intelligent Message Filter [IMAGE][IMAGE] 
[IMAGE]

[IMAGE]

[IMAGE]
Additional resources for diagnosing and troubleshooting NDRs:
[IMAGE]  Expert Advice: 'You do not have permission to send to this recipient'
[IMAGE]  FAQ: Exchange Server non-delivery reports
[IMAGE]  Discussion Forum: 'You do not have permission to send to this recipient'
[IMAGE]  Tip: Troubleshooting non-delivery reports
[IMAGE]  Tip: POP3 users cannot send mail outside the server
[IMAGE]  Tip: An introduction to Exchange Server diagnostic logging
[IMAGE]  Download: Investigate errant email with Exchange Message Tracking Center
[IMAGE]  Reference Center: Exchange Server NDR tips and resources