Solved

Exchange Server IMS, event ID 4031

Posted on 2002-05-07
6
899 Views
Last Modified: 2009-12-16
We recently got a whole bunch of event log error ID 4031, source: MSExchangeIMS, SMTP Interface Events, saying that something like the target server reported error 550, unrecognized user, or relay denied, or recipient not exist, any idea?

What is common situation that this error will come up?

We do not allow relay, only to our specified domain. Platform: Exchange 5.5 with sp4 on WIndows 2000 AS, sp2.

Thanks in advance

Robert100

0
Comment
Question by:robert100
  • 3
  • 2
6 Comments
 
LVL 23

Expert Comment

by:slink9
Comment Utility
0
 
LVL 4

Expert Comment

by:bluezoo7
Comment Utility
Its possible an unauthorized client (i.e., spammer) is attempting (and failing) to send mail from your server.

You can test this yourself by setting up a client outside your network and not part of your domain and then trying to send mail using your mailserver.

Do you get the error consistently? Did you get a batch of them and then they stopped? Could you leave a copy of the exact error? Is the target server your mail server?

0
 

Author Comment

by:robert100
Comment Utility
Thanks.

I got these errors constantly since last week. One of the error messages is as follows:

The following message could not be delivered to <SizeDoesMatter@msn.com>. The destination server reported: 550 5.2.1 SizeDoesMatter@msn.com... Mailbox disabled, not accepting messages From: <> Subject: Undeliverable: GOT A SMALL OR AVERAGE PENIS? DO YOU WANT A MASSIVE PENIS!

This is another one:

The following message could not be delivered to <ibbuinytromte@hotmail.com>. The destination server reported: 550 Requested action not taken:user account inactive From: <> Subject: Undeliverable: Record Low MORTGAGE rates! *Act Fast*                       11060


I agree that it maybe someone tried to use our mail server to relay messages. Any other idea?

Robert100
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 23

Expert Comment

by:slink9
Comment Utility
The original question says that you do not allow relay.  What have you done to not allow this?
Have you looked at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q193922 or http://support.microsoft.com/default.aspx?scid=kb;en-us;Q257538
0
 
LVL 4

Accepted Solution

by:
bluezoo7 earned 100 total points
Comment Utility
I'm with Slink9. I'm suspicious that your mail server is indeed acting as a mail relay.

The error message you posted indicate that someone is sending mail to Internet-based mail servers (hotmail, msn).

MSN and HotMail are rejecting the mail either as a relay or because the recipient's mailbox is overlimit or inactive. The recipient's mail server sends it back to the originating mail server (evidentally yours).

See how the "From" field is blank in the error from MSN? This is a classic spammer technique.

Use Slink's links to verify your relay settings are correct.
0
 
LVL 23

Expert Comment

by:slink9
Comment Utility
Why did you accept an answer that agreed with me and directed you to use the links I posted to verify it?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now