I received an email from the system administrator who hosts the DNS records and the secondary/backup mail server for a clients domain. He advises that he has been getting a high volume of these messages with the error 550 5.7.1 requested action not taken: message refused. The zone file is setup as per the following: MX - Priority 10 - mail.domainx.com.au MX - Priority 50 - mx2.domainx.com.au Back on the 30th March 2009, the system admin tested by sending a message to the administrator@domainx.com.au via the domain that the secondary MX from the server sliderule.domainy.net.au The last time I received this error from the mail.domainx.com.au was because the secondary mail server was unable to forward the messages back on to the primary mail server. At the time, when I realised this, I believe I enabled relaying and think it worked but I'm wondering if there is a secure way to allow mail from this particular server to be accepted without having to allow relaying? He hasn't received any recently because the Mail Server has been running fine, its only when the server is switched off or unavailable that he receives these messages when it tries to send the messages from the secondary server to the primary server. Server Software: Windows Server 2003 x64 Exchange Server 2007

So the secondary connector is refusing connections for the domain? Is there an Edge Server or just a Hub Transport?Have you checked the receive connector to see what permissions/security and IP's it is allowing to connect to it?What is the source? Any server or is there a gateway sserver in front of it?Could you elaborate a bit more? Yo usaid that when the server is off it doesn't work, shich is expected. The two MX records are different? What about the public A record?BP

Ibelieve I should highlight that I'mnot that familiar with Exchange Server as yet, It's in the study plan but I haven't gotten that far into it yet. It's my fathers network that I manage the PC's on and the endpoint protection. So I've been thrown in the deepend thinking it could be something simple without having to call the network engineer and Ienjoy the challenge, but can't seem to find the answer I'm looking for.When I switch off the mail server, any incoming messages that are not received by the Exchange Server is routed over to the seconday MX records which is a different server not connected to the network nor domain. The secondary mailbox is there to catch any non-received messages and attempts to relay them back to the primary server in the event the mail server is off-line.The administrator for the server which is hosting the secondary mailbox is receiving the 550 5.7.1 errors when it attempts to forward the messages on. Therefore, I believe that its the primary mail server refusing connections from the secondary server. The last time I had seen this, I enabled email relaying which I believe is not secure but one of the hard drives in the primary RAID failed and had corrupted a lot of the system files which resulted in the server having to be rebuild and reinstalled.In response to an Edge Server or just a Hub Transport, I believe that it is just the Hub Transport as there isn't any Edge Subscriptions.In the receive connectors, in server configuration, there are only 2 Client Mercury - which is for the clients on the internal network and Default Mercury which is allowing any IP address. However, what's strange is that in the Default, Permission Groups is set to Anonymous which I believe should allow relaying? Am I correct?Another thing I have noticed is that whilst the network domain is setup as domainx.local the FQDN on both client and default settings are set to mercury.domainx.local and I was reading an article the other day stating that any email from a domain.local may trigger a SPAM alert by any security product. The internet headers in the mail messages are stating that it's coming from mercury.domainx.local rather than mail.domainx.com.au which I believe is best if I have that changed. In the article it talked about "masquerade" domain field but I can't seem to find the "Exchange System Manager" that they're referring to in order to do so.The system administrator that hosts the secondary mailbox advised that I will need to allow messages to come from his server.Given that "anonymous" connections is enabled, the only thing that I could think of is that its Symantec Mail-Security / Premium Anti-Spam rejected the message in the SMTP connection as the message came from a known spammer which may explain why the message was refused as its not as if he's receiving the "unable to relay" message. Would I be correct in thinking that would be the case?

What is running on the secondary mailserver? The Exchange mailbox server will not accept any connectors to it unless the Hub Transport role is installed on the Mailbox Server. However, installing the Hub Transport server on the mailbox server will mean that your other Hub Transport server will not be used for much of anything.Also, in order for mail routing to work in Exchange you need to have a hub transport server in the same AD site as the mailbox server. From your description above it sounds like you are powering off your only hub transport server, and then watching mail go to the secondary server which is configured to route directly to your mailbox server. This won't work.I would have to know more about your networking but is your concern with a server failure or a networking failure?BP

I am completly agree with Bardapony,You would like to check the following information to be more specific.Allowing application servers to relay off Exchange Server 2007 http://msexchangeteam.com/archive/2006/12/28/432013.aspxExchange 2007: How to allow relay exceptionshttp://blogs.techrepublic.com.com/networking/?p=373Unable to relay when using Exchange 2007 as SMTP serverhttp://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/a719cf6f-0481-414f-bee2-f563c3c685edArun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3

Thanks Guys.......The way its been setup is that the mail server is using the Hub Transport.The secondarymailbox (or as I refer to as backup server which is the wrong terminology in this case) is running CentOS Linux.I spoke with the sys admin for the CentOS box last night and as the downtime on the mail server would only be expected to last for a few minutes with a system restart, then there is no real need for the secondary MX record and are removing it.The 550 5.7.1 was Symantec Mail Security Premium Anti-Spam refusing the SPAM message in the SMTP transport.I've gone through the links above and has been very helpful...