550 Relay is not allowed (Build 8832)
Problem reported by Scarab - 3/13/2024 at 8:38 AM
SmarterMail Enterprise is rejecting a large volume of email (@50%) from SmarterMail Incoming Gateways using either SMTP Verification or SmarterMail Gateway Web Service. There does not seem any rhyme or reason as to why it is giving a "550 Relay is not allowed" error for the messages rejected as the messages would otherwise pass FcRDNS, SPF, DKIM. and DMARC and the recipient does indeed exist.

I did notice that Build 8832 seems to give no other 550 errors on the Incoming Gateways, such as "No such user". Apparently all 550 responses are "Relay is not allowed" now.

Also, Incoming SmarterMail Gateways are triggering IDS Harvesting and IDS Denial Of Service on SmarterMail Enterprise now (they did not on Builds prior to 8768). This is resulting in our Incoming Gateways being blocked every 10-15 minutes. Any idea how to prevent this from occurring on Build 8768-8832?

1 Reply

Reply to Thread
Scarab Replied
Marked As Resolution
Turns out the "550 Relay is not allowed" we were receiving for all inbound email on our Incoming Gateways had to do with multiple left-over/orphaned cached files in the \SmarterMail\Service\Settings\SmartHostCaches\ folder that dated all the way back to 2019. After stopping the service, deleting these cache files, and restarting the SM service, everything started working properly again.

There is still an issue where all 5XX errors on gateways give the response "Relay is not allowed" even if the actual reason is "No such user", "Sender is not allowed", "Maximum hop count exceeded, possible loop", "From domain must match authenticated domain", etc. It's not a critical issue but it does make troubleshooting from the Detailed SMTP logs nigh impossible.

Reply to Thread