Wednesday, January 12, 2011

Mail domain authentication problems (error '553 sorry, that domain...')

What are the main causes of the following error and what sort of things would typically be checked to resolve it?

553 sorry, that domain isn't allowed to be relayed thru this MTA (#5.7.1)

In this instance, the workstation is a Windows Vista PC running Outlook 2007 and trying to reach an external (internet) mail provider.

  • This is commonly caused when you're trying to send mail without authenticating via the SMTP server and you're not on the servers "allowed list".

    If you've connecting to a regular ISP, you'll usually get this message when trying to send email via their servers and when you're not on that ISPs network. This is often a problem for laptop users who will need to send email from a variety of networks - in this case the only solution is to configure authentication (if the ISP permits external authentication) or use another SMTP server.

    Certain servers will permit SMTP access to those who have successfully authenticated via POP3 or IMAP in the previous 5-10 minutes, others require authentication when outside their internal network, others require authentication for all mail that isn't going to an "internal" domain.

    SMTP is used for servers to talk to each other, a message is passed between servers (relayed) until it reaches the destination server. This is done all without authentication, and usually it will go direct from your mail server to the server of the destination domain. In some configurations it might need to jump (relay) through other servers first before it gets to the internet and this is one of the reasons why SMTP servers are capable of accepting mail for other domains.

    However this is a bad configuration, a server should only be configured to accept mail for particular domains (or any mail from particular computers/networks). This is to prevent spammers using that mail server, they only accept email for their configured domains, and for other domains (relaying) they only accept relaying from inside their own network. Otherwise any spammer could use that SMTP server to send mail to anyone they desired - this is known as an "open relay"

    Phil.Wheeler : Whoa. Great answer. Covers what I need and is thorough generally. Thanks!
    sascha : No problem, it's a major issue with the Xtra ISP in NZ which only brought it in a few years back - they now charge an extra US$2 per month for secure mail access from outside their network. Absolute ripoff!!
    Phil.Wheeler : Typical. There's a reason Xtra are consistently voted one of the worst ISPs in this country.
    From sascha

0 comments:

Post a Comment