dkuhlman
asked on
Small Business server 2003 - Exchange error
I am getting a bunch of these errors in my application log. What does it mean? I also have a ton of main in my "bad mail" folder.
__________________________ __________ __________ __________ ________
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3005
Date: 5/27/2005
Time: 2:03:59 PM
User: N/A
Computer: SERVER2004
Description:
A non-delivery report with a status code of 4.4.6 was generated for recipient rfc822;xxxx@xxx.com (Message-ID <68ZK87FE.0I5.34C05556@iwr .uni-heide lberg.de>) .
Cause: The maximum hop count was exceeded for this message. This non-delivery report can also be caused if a looping condition exists between sending and receiving servers that are not in the same Exchange organization. In this situation, the message bounces back and forth until the hop count is exceeded. A configuration error in the e-mail system can also cause the message to bounce between two servers or to be forwarded between two recipients.
Solution: The maximum hop count is a property set on each virtual server and you can manually override it. The default maximum hop count is 15. Also, check for any situations that might cause loops between servers.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: cd 02 04 c0 Í..À
__________________________ __________ __________ __________ __________ ____
__________________________
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3005
Date: 5/27/2005
Time: 2:03:59 PM
User: N/A
Computer: SERVER2004
Description:
A non-delivery report with a status code of 4.4.6 was generated for recipient rfc822;xxxx@xxx.com (Message-ID <68ZK87FE.0I5.34C05556@iwr
Cause: The maximum hop count was exceeded for this message. This non-delivery report can also be caused if a looping condition exists between sending and receiving servers that are not in the same Exchange organization. In this situation, the message bounces back and forth until the hop count is exceeded. A configuration error in the e-mail system can also cause the message to bounce between two servers or to be forwarded between two recipients.
Solution: The maximum hop count is a property set on each virtual server and you can manually override it. The default maximum hop count is 15. Also, check for any situations that might cause loops between servers.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: cd 02 04 c0 Í..À
__________________________
You can try incrementing the hop count to see if this helps:
The maximum hop count property is set per virtual server, and you can manually override the default setting of 15.
Set the Message Hop Count
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. If administrative groups are enabled, expand the administrative group in which the server that you want to use is located.
3. In the console tree, click Server, expand your server, and double-click Protocols.
4. Double-click SMTP, right-click the SMTP Virtual Server that you want to work with, and then click Properties.
5. On the Delivery tab, click Advanced.
6. In the Advanced Delivery dialog box, type a new value in the Maximum hop count box. Valid values are between 10 and 256.
7. Click OK, and then click OK again.
The maximum hop count property is set per virtual server, and you can manually override the default setting of 15.
Set the Message Hop Count
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. If administrative groups are enabled, expand the administrative group in which the server that you want to use is located.
3. In the console tree, click Server, expand your server, and double-click Protocols.
4. Double-click SMTP, right-click the SMTP Virtual Server that you want to work with, and then click Properties.
5. On the Delivery tab, click Advanced.
6. In the Advanced Delivery dialog box, type a new value in the Maximum hop count box. Valid values are between 10 and 256.
7. Click OK, and then click OK again.
This is an odd message for a Small Business Server because you don't have the full functionality of AD and Exchange for building large organizations. My assumption is that either you have multiple Virtual Servers on the box and are using one to forward to another for a triggered message stamp or something like that, or the Virtual Server has a smarthost entry. The best method for delivering your mail outbound is to use an SMTP connector. If you're using DNS for delivery but are using the virtual server to inform Exchange of that, replace that method with the SMTP connector as outlined below but just keep the DNS entries and ignore the smarthost entries.
First, retreive the info from your virtual server:
In the Exchange System Manager, click the + next to your ServerName, the + next to Protocols, and the + next to SMTP
Right click the virtual server --> Properties
Delivery Tab --> Advanced button
Note and copy the entry for Smart host.
Next
In the Exchange System Manager, right click the top of the tree in the left-hand pane --> Properties.
Check Display administrative groups.
Then, click the + next to Administrative Groups, the + next to your Groupname, the + next to Routing Groups, the + next to your RoutingGroupName, the + next to connectors.
Right click connectors --> New --> SMTP connector
In the General Tab, select the radio button for "Forward all mail through this connector to the following smart hosts"
Paste the smarthost entry.
Clcik Add, and add your server to the Local bridgeheads
Check the rest of the tabs to determine if you want to change any entries; the defaults work just fine. Your Connected Routing Groups tab should remain empty.
Go back to the virtual server and remove the smarthost entry.
In services, stop and start Simple Mail Transport Protocol; don't worry about it taking a while to stop . . . it takes a little bit of time.
Check your email.
First, retreive the info from your virtual server:
In the Exchange System Manager, click the + next to your ServerName, the + next to Protocols, and the + next to SMTP
Right click the virtual server --> Properties
Delivery Tab --> Advanced button
Note and copy the entry for Smart host.
Next
In the Exchange System Manager, right click the top of the tree in the left-hand pane --> Properties.
Check Display administrative groups.
Then, click the + next to Administrative Groups, the + next to your Groupname, the + next to Routing Groups, the + next to your RoutingGroupName, the + next to connectors.
Right click connectors --> New --> SMTP connector
In the General Tab, select the radio button for "Forward all mail through this connector to the following smart hosts"
Paste the smarthost entry.
Clcik Add, and add your server to the Local bridgeheads
Check the rest of the tabs to determine if you want to change any entries; the defaults work just fine. Your Connected Routing Groups tab should remain empty.
Go back to the virtual server and remove the smarthost entry.
In services, stop and start Simple Mail Transport Protocol; don't worry about it taking a while to stop . . . it takes a little bit of time.
Check your email.
ASKER
It appears that most of the emails that are showing up in the event viewer are either to invalid internal addresses, or some form of spam. I was wondering if the server had been compromised? Its behind a netgear fvs318 firewall - which, having a Cisco background, I dont have much confidence in.
In that case, go here to clean up the server: http://www.amset.info/exchange/spam-cleanup.asp
ASKER
Ok, this is happening at a couple of my clients now, and at my office. I dont want to have an open relay server, but if I switch to "only the list below" e-mails to me start bouncing. How can I fix this?
What do you have in there now?
ASKER
"all except the list below"
And the list below is empty, right.
ASKER
yes
I jmust want to verify that the site has one SBS running Exchange sitting behind a netgear, so it receives its email directly from the web?
ASKER
That particular site has 1 server. Its an sbs server, and its behind a netgear firewall. I'm at my office right now, it has 3 servers, 1 exchange 2003, also behind a netgear firewall. Same prob at both locations I suspect.
Are the Exchange servers connected in any fashion?
Do they both receive mail directly from the web?
Do they both receive mail directly from the web?
ASKER
Sorry. Its two different organizations. There is no relationship between the two, other than that I do work at both locations.
Switch back to "Only the list below" and leave it empty.
Click on the authentication tab and ensure that anonymous is selected.
Stop SMTP and start SMTP.
Then test your mail.
Click on the authentication tab and ensure that anonymous is selected.
Stop SMTP and start SMTP.
Then test your mail.
ASKER
I'm pretty sure thats the configuration I had. I'll try it again....
Can you bounce the netgear too?
ASKER
It failed again. Sent from my gmail acct.
__________________________ __________ __________ __________ __________ __________ _
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 10): 550 5.7.1 Unable to relay for dan@xxx.com
----- Original message -----
Received: by 10.38.89.40 with SMTP id m40mr1081331rnb;
Fri, 27 May 2005 23:32:35 -0700 (PDT)
Received: by 10.38.181.35 with HTTP; Fri, 27 May 2005 23:32:35 -0700 (PDT)
Message-ID: <8defa9b9050527233273c4914 0@mail.gma il.com>
Date: Sat, 28 May 2005 01:32:35 -0500
From: Daniel Kuhlman <dkuhlman@gmail.com>
Reply-To: Daniel Kuhlman <dkuhlman@gmail.com>
To: dan@xxx.com
Subject: Test 1:32am
__________________________
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 10): 550 5.7.1 Unable to relay for dan@xxx.com
----- Original message -----
Received: by 10.38.89.40 with SMTP id m40mr1081331rnb;
Fri, 27 May 2005 23:32:35 -0700 (PDT)
Received: by 10.38.181.35 with HTTP; Fri, 27 May 2005 23:32:35 -0700 (PDT)
Message-ID: <8defa9b9050527233273c4914
Date: Sat, 28 May 2005 01:32:35 -0500
From: Daniel Kuhlman <dkuhlman@gmail.com>
Reply-To: Daniel Kuhlman <dkuhlman@gmail.com>
To: dan@xxx.com
Subject: Test 1:32am
ASKER
Bounced the netgear, sent another email from gmail, it bounced again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've already read that article, but I dont see how it applies to me. What specifically should I be looking for? Is this a firewall issue?
It seems to me that your server is only accepting relay connections.
Your firewal isn't acting as an SMTP server, so I wouldn't think it's a firewall issue. I don't know if the netgear has an SMTP type of fixup like a pix, but you might want to check.
On the virtual server, check the Access Tab, Connection button to ensure it's set to All except the list below and ensure the list is empty.
On the authentication button, ensure that Resolve anonymous email is NOT selected.
I'll check a couple of things. . . .
Your firewal isn't acting as an SMTP server, so I wouldn't think it's a firewall issue. I don't know if the netgear has an SMTP type of fixup like a pix, but you might want to check.
On the virtual server, check the Access Tab, Connection button to ensure it's set to All except the list below and ensure the list is empty.
On the authentication button, ensure that Resolve anonymous email is NOT selected.
I'll check a couple of things. . . .
ASKER
Thats how its setup. I ran the "exchange server best practices tool" and followed the recomendation. It said to do pretty much what your saying. But I can't get it to work.... I await your response.
In your Global Settings, right-click Message Delivery --> Properties --> Connection Filtering Tab
Check the list and the Exception, Accept, and Deny buttons for restrictions.
Check the list and the Exception, Accept, and Deny buttons for restrictions.
ASKER
They are all blank.
Enable message tracking and see what's stopping the messages. If you have the filter--I can't think of the name of it right now--(message filtering?)--it might be responsible for the errors.
ASKER
I just recently installed the Intelligent message filter, but it was doing the exact same thing before. I dont think the filter has anything to do with it. I dont have the filter installed at the other client, and messages bounce there if its not open.
Did you enable message tracking?
ASKER
How do I enable message tracking?
In the Exchange System Manager, right click the server --> Properties -->General Tab
Click Enable Message Tracking
OK
Then, to check messages, in the system manager, go to Tools --> Message Tracking Center
Complete the dialog boxes to find the specific mail.
Click Enable Message Tracking
OK
Then, to check messages, in the system manager, go to Tools --> Message Tracking Center
Complete the dialog boxes to find the specific mail.
ASKER
Ok, I got it working with "Only the list below". I had to add the servers IP address to the allow list. I also added 127.0.0.1 for good measure.
ASKER
Is the configuration I mentioned above ok to have?
Yes. I assume the checkbox for "Allow all computers which successfully authenticate. . . . " was unchecked.
Are you receiving any more NDRs?
Are you receiving any more NDRs?
ASKER
Allow all computer which successfully authenticate was checked. No more NDRs
Numeric Code: 4.4.6
Possible Cause: The max hop count was exceeded for the message. This code may also occur if a loop situation exists between a sending server and a receiving server that are not in the same organization. In this scenario, the message bounces back and forth until the hop count is exceeded.
http://support.microsoft.com/default.aspx?scid=kb;en-us;284204