Event ID Errors in Exchange 2003 NDR related

Sounds like you have diagnostic logging turned on.
Disable in in ESM, Servers right click on <your server> and choose properties. Go to diagnostics logging and clear MSExchange Transport (or something very similar to that - it is early and I am doing this from memory).

You will probably need to restart Exchange services for the change to take effect.

Simon.

Hi Simon

I did what you said but all the categories under MSExchangeTransport are set to None including NDR.

Thanks

the same problem as below

https://www.experts-exchange.com/questions/20828452/Exchange-03-Event-ID-3018.html

also check

http://support.microsoft.com/default.aspx?scid=kb;EN-US;260330

cheers!

Yes it appears Im an open relay. Just tested this from home.

In authentication I have anonymous access, basic authentication and intergrated windows authentication all checked as per a guide I read. Relay access is restricted to a list of computers in the network.  I don't have any smtp connectors setup. What else could be causing my exchange to be an open relay?

I would imagine once you sort the relaying out, your qeues will clear up and be back to normal just follow the guides as stated above.

Ok thanks for your help.

I've gone through the relay settings again and done as you suggested.

I went and tested the server again and got the following results.

I can telnet from home with no authentication to the server and I can send emails to my own domain from a bogus email address. However I cannot send emails to other domains. I get the message this server cannot relay to such and such a domain. This still seems to be a problem as shouldn't there be some sort of authentication when telneting to the mail server? And being able to spam my own domain leaves me a bit nervous.

In relay settings i have 192.168/255.255.0.0

And I've also added the domain. Thats all that is in there. I have also checked the box Allow all computers which successfully authenticate to relay

I'm sitting here watching the sessions to my smtp server. As soon as I get a connection, not long after I get an NDR failure in my Event Viewer.

A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822;kdalton@ats-forest.com (Message-ID <AHMAIL5HfqR77bieLYC00000121@my.worksdomain.com.au>).  
Causes: This message indicates a DNS problem or an IP address configuration problem  
Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.

and

A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;kd1by@downcity.net (Message-ID <AHMAILlbpH71yEXUIEA000000b6@my.worksdomain.com.au>).  
Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.  

Again this only happens when a session from an outside IP connects to my smtp.

I'll increase the points and split them accordingly. Can I increase the points over 500? :)

Thanks. You guys are a big help.

The error you are getting is correct when trying to use your domain as a relay it should throw up a 550 error.
To test this you can use this web page http://www.abuse.net/relay.html

It will tell you if you are now secure.

do you have any external DNS servers setup in the SMTP virtual server, if so emove them or change them to your local DNS servers. As well as do you have a reverse DNS entry for your domain setup at your ISP, if not mail servers doing revers DNS lookups would not be able to resolve your domain and not accept your connection thinking you where spam.
The other reason you could have and that is being an open relay you may have been blacklisted by certain domains.

I would still recommend trying to telnet into a problem domain as stated above and see what error you get , this might give a further clue.

your relay settings are fine now.. :)

Colin

I just telneted to one of the servers that was in the ndr report and got the following when typing helo


220 mailrtr01.ntelos.net ESMTP Sendmail 8.11.7/8.11.7; Wed, 30 Jun 2004 09:20:40
helo
501 5.0.0 helo requires domain address

I did this from the mail server. I also tried it from my linux box at home and got the same thing. So not sure if it means anything.

I don't have any external dns settings in my SMTP. Would it be a good idea to add my internal ones?

ikm ...yep definatly sorted that relay problem :)

It is a good practice to use your internal DNS server on the Exchange server and configuring your internal DNS server to use Forwarders for resolving external queries.

Ok I'll put my internal dns in there.

I worked out if i do helo plus my domain it responds.

The servers I've tried though have been either busy or reply with an incorrect email address. I was using the email addy in the ndr from their domains.

So I'm not sure where all these emails are coming from that I'm getting NDR's for. I've got Trend Micro Mail Virus software running on the exchange. I tested the relay again with abuse.net just to be doubly sure and it came back all good.

I'll split the points. If I could give you both more I would. :) Although your help is much appreciated and I thank you both for you time. :)

I'm sure I'll have more questions soon. Definately a learning experience running an exchange server.

"501 5.0.0 helo requires domain address" makes sense, you need to define your domain name

you will find this information very very helpful
http://email.about.com/cs/standards/a/smtp.htm

Hmm my exchange server doesnt ask for a domain. When I telnet to it from home and say helo it just responds with helo.  

Is that something that can be configured?

Glad to help you. Experts are always here to assist you.
you will never be disappointed :)