Hi there, MSExchange 2000 Standard SP3 on a Windows 2003 server. Our users received the following NDR when sending an external e-mail to one external domain. Not a problem with other domains; and we can reach the domain if we use a hotmail account or when I SMTP to it. I am hoping to communicate with the other SysAdmin. Have not seen this one before, and have been doing some research. Based on the research, I guess I can go in a couple of different directions, but was curious as to your expert opinions/suggestions. NDR: The following recipient(s) could not be reached: 'user@xxxxxxxxxxx' on 13/07/2005 9:26 You do not have permission to send to this recipient. For assistance, contact your system administrator. <gsi-fs1.graphicsolutionsinc.com #5.7.1 smtp;554 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid.> Note: the server generating the error is our mail server. The NDR is immediate, and Message Tracking indicates an Event ID 1030 (NDR Generated), immediately after a 1020 (Started Outbound Transfer). Searching on: "You do not have permission to send to this recipient." Lead to options regarding being filtered by a SPAM...ie. Either on a list (which we tend to not believe is the case, and pur T1 Provider, Megapath, stated if we were ID'd as SPAMMER, they would be involved. I take that statement with a grain of salt). In any event I verified our Open Relay status, and we're locked down. 1. Any websites you'd recommend to check ourselves against for further verification? Another possibility may be an issue with a reverse lookup? Again, this is from a bunch of sources, none that I would consider authoritive, so I could be misinterpreting. However, our e-mail comes from our server, and our MX record's A record actually points to a sister company's IP, as they filter SPAM for us before forwarding. There is a difference of Public IPs. Another option maybe the fact that we do not have an SPF record in our DNS (something I learned about yesterday)? Searching on: "This message has been blocked because the HELO/EHLO domain is invalid" Seemed to point to SMTP Virtual server setting. When I telnet to SMTP, my server does not match the MX record, which to be compliant with RFC 2821 seems to be required. The server reflects the actual server name. When I try to change properties of the SMTP Virtual Server to my MX record, Mail2, I can not verify to my internal DNS. I don't want to go to the issue of changing my server's name, and I am thinking I can not have two entries within DNS pointing to the same IP, or is there a way to accommodate? Other option, modify my MX record to be reflect my server name? I admit, I am treading some deep water here for me. Since we're successful with 99.99 of other external e-mails, it is appealing to say it's the other side (the "been blocked because the HELO/EHLO domain is invalid" certainly is not saying which domain is invalid. When I SMTP their mail server, mail.printar.com, their server name is simply printar.com, so they are not 'compliant' either.). However, since we have a few loose ends on our side, I'd like to tighten us up, as I imagine the ongoing battle with SPAM will simply be cause more of these errors. Any other ideas, thoughts, would be GREATLY appreciated. I can't seem to find anything regarding these search strings at MS support either, so I assume I'm searching incorrectly. Thanks, Dan