You do not have permission to send to this recipient. Relay access denied.

You do not have permission to send to this recipient.

You do not have permission to send to this recipient. Relay access denied

I had this message come up in NDR reports for every account that was trying to send email out of a local domain to an Internet email recipient (basically everyone not in your company). There are indeed many sites that present a reason and solution for this but not many at all present the obvious that may have occurred on the Exchange server that's causing this problem.

If there are many hands in the pot at an office you support and suddenly you have an Microsoft Exchange server that's acting up and now on can send email and the message is similar to the following:

You do not have permission to send to this recipient. For assistance, contact your system administrator. : Relay access denied

The relay access is denied is the key to solving this email sending problem with Exchange. This doesn't mean that the server is blacklisted or is an open relay or somehow has been compromised and this message is in fact coming from your email server. the email never makes out of the Exchange box itself. You could waste time in logs trying to determine why it's bouncing but the simple solution is that the domain users have been denied, or stated differently, have been prevented from sending email.

The solution for this is not as complicated although there could be some other problems that led someone to tamper with these settings in the first place and maybe set them improperly. In Exchange 2003, if your getting "You do not have permission to send to this recipient" "Relay access denied", check that your users have permission to send. This setting can be found in Exchange System Manager under Default SMTP virtual server. Right click the virtual server and choose properties. The click the Access tab at the top.

Then Click the Authentication button.

Then click the Users button.

Make sure you enable Relay Permission for your users. In the case where I was getting these NDRs, the Authenticated users group was displayed with the Relay Permission enabled but that wasn't enough. I added the Domain Users group and enabled relay for the group. Save your changes and give it a try.