Solved

550 errors

Posted on 2002-03-15
7
873 Views
Last Modified: 2012-08-13
I am having some problems with some outside clients not being able to send incoming mail.

they are getting 550 errors.  i think this has to do with relaying but our server doesn't allow relaying.
0
Comment
Question by:ragesh
7 Comments
 
LVL 23

Expert Comment

by:slink9
ID: 6870783
What version and SP of Exchange Server?
550 is an inconsistent database - http://support.microsoft.com/default.aspx?scid=kb;en-us;Q143235
0
 

Author Comment

by:ragesh
ID: 6873223
no this is a 550 error that the sender from other site will receive (as in system administrator error--like when sending to a bad address)

i think sp4 for exch by the way.

0
 
LVL 1

Expert Comment

by:JakeJ
ID: 6875920
Did you check the DNS MX records?

Jake
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Accepted Solution

by:
deana080698 earned 300 total points
ID: 6877164
Error 550 is being generated by SMTP and all indications point to a relaying problem. Attached are some notes that may bo of use to you...
==========================================================

 
PSS ID Number: Q168781
Article last modified on 09-04-1999
 
winnt:4.0,5.0
 

 

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Exchange Server, versions 4.0, 5.0
-------------------------------------------------------------------------------
 
SYMPTOMS
========
 
All users are receiving Simple Mail Transfer Protocol (SMTP) mail; however,
sending to SMTP addresses results in an immediate non-delivery report (NDR) that
includes the following error message:
 
   550 Relaying mail to <recipient address> is not allowed.
 
WORKAROUND
==========
 
To work around this problem, do the following:
 
1. Confirm that the information store, the message transfer agent (MTA), and the
  Internet Mail Service (Internet Mail Connector in version 4.0) services are
  started, by going to Control Panel and double-clicking Services.
 
2. Check the configuration of the Internet Mail Service, especially the address
  space page, which should be a (*) or (a space).
 
3. Set all the categories of the Internet Mail Service diagnostic logging to
  maximum, and then send a message and check the event viewer for errors
  related to the Internet Mail Service.
 
4. Check the four queues of the Internet Mail Service, and the Exchange Server \
  Message Transfer Agent \ Internet Mail Service (Server Name) queue. If there
  are no messages in any of the queues, then the problem may be with the
  Internet Service Provider (ISP). Go to step 5.
 
   If there is no MTA object under the sender's server, the Exchange Server
  computer is a Standard Edition, and you must use the Performance Monitor \
  Qlength counter of the MSExchangeIMC Object in order to check the Internet
  Mail Service queues.
 
5. Send a message to the sender's ISP. If the sender does not receive the
  immediate NDR, then ask the sender to call his or her ISP and ask whether he
  or she received a message. If the ISP received the message, then the Internet
  Mail Service is able to send, and most probably the ISP is not routing or
  resolving names.
 
6. Run the NSLookup utility to confirm the domain name, MX records, and the
  A-Records of the sender's ISP.
 
7. Run the Telnet command to port 25 of the ISP according the Knowledge Base
  article: Q153119, "XFOR: Telnet to Port 25 of IMC to Test IMC Communication."
 
8. If the sender is using DNS, modify the Internet Mail Service to forward all
  messages to the host. If this works, then the Domain Name resolution is the
  cause of the problem.
 
9. If all the above fails, then delete and recreate the Internet Mail Service.
 
NOTE: After every step, stop and restart the Internet Mail Service and see
whether all messages are being delivered.

===========================================================

 
PSS ID Number: Q256856
Article last modified on 04-16-2000
 
winnt:5.5 SP3
 

 

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Exchange Server, version 5.5 SP3
-------------------------------------------------------------------------------
 
SYMPTOMS
========
 
When you enable the "Do Not Reroute Incoming SMTP mail" option on the Routing
tab in Internet Mail Service (IMS) and your previously configured routing
restrictions are still in place, a "550 Relaying is prohibited" error message
may be displayed for all incoming e-mail messages. This behavior occurs even
though the message recipient is found in the Exchange Server global address
list.
 
CAUSE
=====
 
This behavior occurs when you enable the "Do Not Reroute Incoming SMTP mail"
option. This option is an old setting from Microsoft Exchange Server 4.0. When
this feature is active, e-mail messages are not routed because e-mail messages
are not delivered.
 
WORKAROUND
==========
 
If you want to restrict Internet Mail Service from being used as a relay and
make sure the "550 relay prohibited" error message is displayed, use the
following steps:
 
1. Enable the Reroute Incoming SMTP Mail option.
 
2. Click Routing Restrictions.
 
3. Click to select the "Hosts and clients with these IP addresses" check box,
  and then click OK.
 
4. Stop and restart Internet Mail Service.
 
MORE INFORMATION
================
 
For additional information about routing restrictions, click the article numbers
below to view the articles in the Microsoft Knowledge Base:
 
   Q196626
 
   Q193922
 
Additional query words: ims gal
 
======================================================================
Keywords          : kbenv kberrmsg
Technology        : kbExchangeSearch kbZNotKeyword2 kbExchange550SP3
Version           : winnt:5.5 SP3
Issue type        : kbprb
=============================================================================
Copyright Microsoft Corporation 2000.

 
PSS ID Number: Q193922
Article last modified on 06-18-2001
 
:5.5
 

 

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Exchange Server, version 5.5
-------------------------------------------------------------------------------
 
IMPORTANT: This article contains information about editing the registry.
Before you edit the registry, make sure you understand how to restore it if
a problem occurs. For information about how to do this, view the "Restoring
the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help
topic in Regedt32.exe.
 
SUMMARY
=======
 
Administrators of Microsoft Exchange Server version 5.5 can prevent their server
from acting as a relay host for unsolicited commercial e-mail (UCE) messages.
Using Exchange Server version 5.5 Service Pack 1 (SP1), the administrator can
configure these options on the Routing tab in the properties of the Internet
Mail Service object.
 
Microsoft recommends that you upgrade to either Exchange Server 5.5 SP1 or the
latest Exchange Server 5.5 service pack to obtain this functionality. If you are
unable to upgrade to Exchange Server 5.5 SP1 or later, this article describes
the registry keys that you need to add to your Exchange Server computer to gain
this functionality.
 
NOTE: This functionality is included with Exchange Server 5.5 Service Pack 2
(SP2). This functionality is located in the Microsoft Exchange Server
Administrator program, under the Routing Restrictions option, on the Routing tab
under the properties of the Internet Mail Service object. Although this article
describes in detail the method to configure these options, it is best to
configure these options through the Administrator program.
 
MORE INFORMATION
================
 
WARNING: Using Registry Editor incorrectly can cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that
problems resulting from the incorrect use of Registry Editor can be solved. Use
Registry Editor at your own risk.
 
For information about how to edit the registry, view the "Changing Keys and
Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete
Information in the Registry" and "Edit Registry Data" Help topics in
Regedt32.exe. Note that you should back up the registry before you edit it. If
you are running Windows NT or Windows 2000, you should also update your
Emergency Repair Disk (ERD).
 
When you install the Internet Mail Service, it is configured by default to enable
rerouting for Post Office Protocol version 3 (POP3) and Internet Message Access
Protocol, Version 4rev1 (IMAP4) clients. This rerouting is found on the Routing
tab of the Internet Mail Service object. The Internet Mail Service accepts and
relays mail to non-local recipients. Message relay occurs when a client or
remote SMTP server connects to the Internet Mail Service and submits messages
for non-local recipients. If the Internet Mail Service does not restrict message
relay, it may be used to relay UCE messages.
 
If your server configuration prevents the client from relaying mail, SMTP RCPT
(receipt) commands that specify a non-local recipient are refused, and the
following message is displayed:
 
   550 relaying prohibited.
 
To configure relay restrictions in the registry, use the values in the following
registry key:
 
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service\MSExchangeIMC\Parameters
 
The following examples outline the value, the data type, and the function the
value performs. After you make the changes, stop the Internet Mail Service, and
then restart it.
 
 - RelayFlags, REG_DWORD
 
   Defines which relay control rules are in effect.
 
 - RelayDenyList, REG_MULTI_SZ
 
   Specifies hosts that cannot relay messages through your server.
 
 - RelayAllowList, REG_MULTI_SZ
 
   Specifies hosts that can relay messages through your server.
 
 - RelayLocalIPList, REG_MULTI_SZ
 
   Specifies the local IP addresses of the server that an SMTP client can
  connect to and relay mail. This is useful for multi-homed servers that have
  internal and external interfaces. Enabling IP forwarding disables this
  feature.
 
NOTE: RelayDenyList, RelayAllowList, and RelayLocalIPList consist of a net
address and optional mask per line. Order is not important in these lists. Each
line consists of two parts, the net address and the mask, separated by a
semicolon. For example:
 
   Net[;mask]
 
If the mask is omitted, the default used is 255.255.255.255.
 
A net address matches a rule if the bitwise-AND of the IP address and the mask
equals the net. That is:
 
   (IP Address AND mask) = net
 
For example:
 
 - To add net 192.168.0.0 to a list, add the following line to the list:
 
   192.168.0.0;255.255.0.0
 
 - To add the host 192.168.1.17 to a list, add one of the following lines to the
  list:
 
   192.168.1.17;255.255.255.255
 
   - or -
 
   192.168.1.17
 
What follows is the logic that is used to determine if the client can relay mail.
If none of these statements apply, the client is not allowed to relay mail.
 
 - If bit 1 of RelayFlags is set (decimal value 1) and the IP address of the
  client matches a pattern in RelayDenyList, the client is not allowed to relay
  mail.
 
 - If bit 2 of RelayFlags is set (decimal value 2) and the IP address of the
  client matches a pattern in RelayAllowList, the client is allowed to relay
  mail.
 
 - If bit 3 of RelayFlags is set (decimal value 4) and the client is connected
  to a local IP address that matches a pattern in RelayLocalIPList, the client
  is allowed to relay mail.
 
 - If bit 4 of RelayFlags is set (decimal value 8) and the client is
  authenticated, the client is allowed to relay mail.
 
 - If only bit 1 is set, the client is allowed to relay mail.
 
For example:
 
 - All clients not explicitly denied can relay mail.
 
Set bit 1 of RelayFlags (set its decimal value to 1), and add a rule to
RelayDenyList for each host or group of hosts that you want to deny. To prevent
all hosts on the subnet 192.168.17.0 from relaying mail, add the following line
to RelayDenyList:
 
   192.168.17.0;255.255.255.0
 
 - All clients not explicitly allowed are denied.
 
Set bit 2 of RelayFlags (set its decimal value to 2), and add a rule to
RelayAllowLists for each host or group of hosts that you want to allow. To allow
all hosts on subnet 192.168.1.0 to relay mail, add the following line to
RelayAllowList.
 
   192.168.1.0;255.255.255.0
 
 - Allow all hosts on a subnet except for a subset.
 
To allow all hosts on a subnet, set bit 2 of RelayFlags (set its decimal value to
2), and add a rule to RelayAllowList to match the subnet. For the subnet
192.168.1.0, the following rule works:
 
   192.168.1.0;255.255.255.0
 
To prevent a subset of the hosts on subnet 192.168.1.0 from relaying mail, also
set bit 1 in RelayFlags in addition to bit 2, (which was set above); the net
result is to set its decimal value to 3. Add the IP address of each host to
RelayDenyList. If the subset of hosts is grouped together, you can add a single
rule to match all of them. For example, if 192.168.1.1 through 192.168.1.7 are
not allowed to relay, the following rule is adequate. Listing each address
explicitly in RelayDenyList also works.
 
   192.168.1.0;255.255.255.248
 
 - Allow clients that connect to the selected network interfaces to relay.
 
   This method is useful if the host has multiple network interfaces, and IP
  forwarding is not enabled. Set bit 3 of RelayFlags (set its decimal value to
  4), and add the IP addresses of the network interfaces that relay mail to
  RelayLocalIPList.
 
 - Allow authenticated clients to relay.
 
   Set bit 4 of RelayFlags (set its decimal value to 8) to allow clients that
  have authenticated (by using the Auth command) to relay mail.
 
After you create or modify these registry settings, in Control Panel,
double-click Services, and then stop and restart the Internet Mail Service so
that the changes take effect.
 
If you set the SMTP Interface Events diagnostics logging category to minimum or a
higher logging level in the Internet Mail Service Diagnostic Logging property
page, when a message is denied for relay through the Internet Mail Service an
event is logged to the application event log. The event indicates the sender's
IP address, sender's host name (if available), the sender's authentication
account (if authentication was used), and the recipient address for the message.
 
Additional query words: XADM anti spam anti-spam
 
======================================================================
Keywords          : exc55
Technology        : kbExchangeSearch kbExchange550 kbZNotKeyword2
Version           : :5.5
Issue type        : kbinfo
=============================================================================
Copyright Microsoft Corporation 2001.


 
 
PSS ID Number: Q193922
Article last modified on 06-18-2001
 
:5.5
 

 

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Exchange Server, version 5.5
-------------------------------------------------------------------------------
 
IMPORTANT: This article contains information about editing the registry.
Before you edit the registry, make sure you understand how to restore it if
a problem occurs. For information about how to do this, view the "Restoring
the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help
topic in Regedt32.exe.
 
SUMMARY
=======
 
Administrators of Microsoft Exchange Server version 5.5 can prevent their server
from acting as a relay host for unsolicited commercial e-mail (UCE) messages.
Using Exchange Server version 5.5 Service Pack 1 (SP1), the administrator can
configure these options on the Routing tab in the properties of the Internet
Mail Service object.
 
Microsoft recommends that you upgrade to either Exchange Server 5.5 SP1 or the
latest Exchange Server 5.5 service pack to obtain this functionality. If you are
unable to upgrade to Exchange Server 5.5 SP1 or later, this article describes
the registry keys that you need to add to your Exchange Server computer to gain
this functionality.
 
NOTE: This functionality is included with Exchange Server 5.5 Service Pack 2
(SP2). This functionality is located in the Microsoft Exchange Server
Administrator program, under the Routing Restrictions option, on the Routing tab
under the properties of the Internet Mail Service object. Although this article
describes in detail the method to configure these options, it is best to
configure these options through the Administrator program.
 
MORE INFORMATION
================
 
WARNING: Using Registry Editor incorrectly can cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that
problems resulting from the incorrect use of Registry Editor can be solved. Use
Registry Editor at your own risk.
 
For information about how to edit the registry, view the "Changing Keys and
Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete
Information in the Registry" and "Edit Registry Data" Help topics in
Regedt32.exe. Note that you should back up the registry before you edit it. If
you are running Windows NT or Windows 2000, you should also update your
Emergency Repair Disk (ERD).
 
When you install the Internet Mail Service, it is configured by default to enable
rerouting for Post Office Protocol version 3 (POP3) and Internet Message Access
Protocol, Version 4rev1 (IMAP4) clients. This rerouting is found on the Routing
tab of the Internet Mail Service object. The Internet Mail Service accepts and
relays mail to non-local recipients. Message relay occurs when a client or
remote SMTP server connects to the Internet Mail Service and submits messages
for non-local recipients. If the Internet Mail Service does not restrict message
relay, it may be used to relay UCE messages.
 
If your server configuration prevents the client from relaying mail, SMTP RCPT
(receipt) commands that specify a non-local recipient are refused, and the
following message is displayed:
 
   550 relaying prohibited.
 
To configure relay restrictions in the registry, use the values in the following
registry key:
 
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service\MSExchangeIMC\Parameters
 
The following examples outline the value, the data type, and the function the
value performs. After you make the changes, stop the Internet Mail Service, and
then restart it.
 
 - RelayFlags, REG_DWORD
 
   Defines which relay control rules are in effect.
 
 - RelayDenyList, REG_MULTI_SZ
 
   Specifies hosts that cannot relay messages through your server.
 
 - RelayAllowList, REG_MULTI_SZ
 
   Specifies hosts that can relay messages through your server.
 
 - RelayLocalIPList, REG_MULTI_SZ
 
   Specifies the local IP addresses of the server that an SMTP client can
  connect to and relay mail. This is useful for multi-homed servers that have
  internal and external interfaces. Enabling IP forwarding disables this
  feature.
 
NOTE: RelayDenyList, RelayAllowList, and RelayLocalIPList consist of a net
address and optional mask per line. Order is not important in these lists. Each
line consists of two parts, the net address and the mask, separated by a
semicolon. For example:
 
   Net[;mask]
 
If the mask is omitted, the default used is 255.255.255.255.
 
A net address matches a rule if the bitwise-AND of the IP address and the mask
equals the net. That is:
 
   (IP Address AND mask) = net
 
For example:
 
 - To add net 192.168.0.0 to a list, add the following line to the list:
 
   192.168.0.0;255.255.0.0
 
 - To add the host 192.168.1.17 to a list, add one of the following lines to the
  list:
 
   192.168.1.17;255.255.255.255
 
   - or -
 
   192.168.1.17
 
What follows is the logic that is used to determine if the client can relay mail.
If none of these statements apply, the client is not allowed to relay mail.
 
 - If bit 1 of RelayFlags is set (decimal value 1) and the IP address of the
  client matches a pattern in RelayDenyList, the client is not allowed to relay
  mail.
 
 - If bit 2 of RelayFlags is set (decimal value 2) and the IP address of the
  client matches a pattern in RelayAllowList, the client is allowed to relay
  mail.
 
 - If bit 3 of RelayFlags is set (decimal value 4) and the client is connected
  to a local IP address that matches a pattern in RelayLocalIPList, the client
  is allowed to relay mail.
 
 - If bit 4 of RelayFlags is set (decimal value 8) and the client is
  authenticated, the client is allowed to relay mail.
 
 - If only bit 1 is set, the client is allowed to relay mail.
 
For example:
 
 - All clients not explicitly denied can relay mail.
 
Set bit 1 of RelayFlags (set its decimal value to 1), and add a rule to
RelayDenyList for each host or group of hosts that you want to deny. To prevent
all hosts on the subnet 192.168.17.0 from relaying mail, add the following line
to RelayDenyList:
 
   192.168.17.0;255.255.255.0
 
 - All clients not explicitly allowed are denied.
 
Set bit 2 of RelayFlags (set its decimal value to 2), and add a rule to
RelayAllowLists for each host or group of hosts that you want to allow. To allow
all hosts on subnet 192.168.1.0 to relay mail, add the following line to
RelayAllowList.
 
   192.168.1.0;255.255.255.0
 
 - Allow all hosts on a subnet except for a subset.
 
To allow all hosts on a subnet, set bit 2 of RelayFlags (set its decimal value to
2), and add a rule to RelayAllowList to match the subnet. For the subnet
192.168.1.0, the following rule works:
 
   192.168.1.0;255.255.255.0
 
To prevent a subset of the hosts on subnet 192.168.1.0 from relaying mail, also
set bit 1 in RelayFlags in addition to bit 2, (which was set above); the net
result is to set its decimal value to 3. Add the IP address of each host to
RelayDenyList. If the subset of hosts is grouped together, you can add a single
rule to match all of them. For example, if 192.168.1.1 through 192.168.1.7 are
not allowed to relay, the following rule is adequate. Listing each address
explicitly in RelayDenyList also works.
 
   192.168.1.0;255.255.255.248
 
 - Allow clients that connect to the selected network interfaces to relay.
 
   This method is useful if the host has multiple network interfaces, and IP
  forwarding is not enabled. Set bit 3 of RelayFlags (set its decimal value to
  4), and add the IP addresses of the network interfaces that relay mail to
  RelayLocalIPList.
 
 - Allow authenticated clients to relay.
 
   Set bit 4 of RelayFlags (set its decimal value to 8) to allow clients that
  have authenticated (by using the Auth command) to relay mail.
 
After you create or modify these registry settings, in Control Panel,
double-click Services, and then stop and restart the Internet Mail Service so
that the changes take effect.
 
If you set the SMTP Interface Events diagnostics logging category to minimum or a
higher logging level in the Internet Mail Service Diagnostic Logging property
page, when a message is denied for relay through the Internet Mail Service an
event is logged to the application event log. The event indicates the sender's
IP address, sender's host name (if available), the sender's authentication
account (if authentication was used), and the recipient address for the message.
 
Additional query words: XADM anti spam anti-spam
 
======================================================================
Keywords          : exc55
Technology        : kbExchangeSearch kbExchange550 kbZNotKeyword2
Version           : :5.5
Issue type        : kbinfo
=============================================================================
Copyright Microsoft Corporation 2001.




 



 

 

 
0
 

Author Comment

by:ragesh
ID: 7088683
Thanks...we were on a couple black lists.
0
 
LVL 7

Expert Comment

by:Goldwing
ID: 9462199
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept Comment from deana

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Goldwing
EE Cleanup Volunteer
0
 
LVL 4

Expert Comment

by:darrenburke
ID: 12077189
It may be caused by mail systems having so many MX records that the DNS UDP packets exceed the default size on the PIX (512 bytes)
 
You can fix this at the firewall or on the DNS server itself (we fixed the problem on our DNS servers) by running
 
"dnscmd Server Name/Config /EnableEDnsProbes 0"
 
See

http://support.microsoft.com/default.aspx?scid=kb;en-us;828263

for more info
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now