Exchange Server IMS, event ID 4031

We recently got a whole bunch of event log error ID 4031, source: MSExchangeIMS, SMTP Interface Events, saying that something like the target server reported error 550, unrecognized user, or relay denied, or recipient not exist, any idea?

What is common situation that this error will come up?

We do not allow relay, only to our specified domain. Platform: Exchange 5.5 with sp4 on WIndows 2000 AS, sp2.

Thanks in advance


Who is Participating?
bluezoo7Connect With a Mentor Commented:
I'm with Slink9. I'm suspicious that your mail server is indeed acting as a mail relay.

The error message you posted indicate that someone is sending mail to Internet-based mail servers (hotmail, msn).

MSN and HotMail are rejecting the mail either as a relay or because the recipient's mailbox is overlimit or inactive. The recipient's mail server sends it back to the originating mail server (evidentally yours).

See how the "From" field is blank in the error from MSN? This is a classic spammer technique.

Use Slink's links to verify your relay settings are correct.
Its possible an unauthorized client (i.e., spammer) is attempting (and failing) to send mail from your server.

You can test this yourself by setting up a client outside your network and not part of your domain and then trying to send mail using your mailserver.

Do you get the error consistently? Did you get a batch of them and then they stopped? Could you leave a copy of the exact error? Is the target server your mail server?

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

robert100Author Commented:

I got these errors constantly since last week. One of the error messages is as follows:

The following message could not be delivered to <>. The destination server reported: 550 5.2.1 Mailbox disabled, not accepting messages From: <> Subject: Undeliverable: GOT A SMALL OR AVERAGE PENIS? DO YOU WANT A MASSIVE PENIS!

This is another one:

The following message could not be delivered to <>. The destination server reported: 550 Requested action not taken:user account inactive From: <> Subject: Undeliverable: Record Low MORTGAGE rates! *Act Fast*                       11060

I agree that it maybe someone tried to use our mail server to relay messages. Any other idea?

The original question says that you do not allow relay.  What have you done to not allow this?
Have you looked at;en-us;Q193922 or;en-us;Q257538
Why did you accept an answer that agreed with me and directed you to use the links I posted to verify it?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.