> I was checking the "Relay Restrictions" from the "Default SMTP Virtual > Server Properties" --> "Access" tab and note that "Allow all computers > which successfully authenticate to relay, regardless of the list above" > and wondered, will the computers really authenticate when the user is > external to the domain? Shouldn't relaying be based on user rather than > machine authentication? So I figured that I'd disable this option and > specify users instead. So I proceeded to make sure that Authenticated > users were allowed to relay. NO NO NO. Leave that alone. > However, for users who have their messages being forwarded to their > external accounts, senders started getting bounced message with the same > error message 5.7.1. Which account does Exchange use to forward user > messages on their behalf? In any case, wouldn't that account be under > authenticated users anyway? Wait, do you have one problem or 2? You said when users are not on the internal network and then send an e-mail through your Exchange server to an address not on your network, they are getting the 5.7.1. That is one problem. If you are also saying you have users who receive e-mail on their internal account, but that e-mail is then forwarded to an external account, that is a different problem. > Do you have an SMTP Gateway such Symantec for SMTP Gateway. > > Because those guys have their own setting for replaying Yes, please answer this as that would explain both problems. Is there anything between Exchange and the Internet? Even a PIX could cause problems if the SMTP fixup protocol is enabled. John T eServices For You "Seek, and ye shall find!"