Link to home
Start Free TrialLog in
Avatar of Dave Messman
Dave MessmanFlag for United States of America

asked on

How to troubleshoot Exchange 2003 sending difficulties

I am relatively new to Exchange, so please forgive the question . . .

I have Microsoft Small Business Server 2003 with 12 or so users.  The server has GFI Mail Essentials for spam protection and GFI Mail Security for virus protection.  It has been working fine for months.  Today, all of a sudden, when sending to certain domains (like 6 or 7 different domains), users began getting immediate Non-delivery receipts.  However, not all the NDRs are the same.  And these are all to domains that have worked in the past.  As per the blacklist entries at http://www.mxtoolbox.com/blacklists.aspx - the server is not on any blacklists.  

Below is some of the text from some of the NDRs (domain names changed to protect the innocent):

The following recipient(s) could not be reached:

      User Name on 2/28/2005 6:12 PM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            <mydomain.com #5.5.0 smtp;554 <external@recipient.com>: Relay access denied>

The following recipient(s) could not be reached:

      different-external@recipient.org on 2/28/2005 4:27 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mydomain.com #5.7.1 smtp;550 5.7.1 <different-external@recipient.org>... Relaying denied>

The following recipient(s) could not be reached:

      another-external@recipient.org' on 2/28/2005 4:53 PM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            <mydomain.com #5.5.0 smtp;550 relaying to <another-external@recipient.org> prohibited by administrator>
 
While all these NDRs are differnet, they ALL worked just yesterday, which makes me think something is wrong.  Also of note, since the beginning of time with this server, I have gotten these event ids in the application log for every e-mail that is sent to an external Exchnage server:

event ID 7010:
This is an SMTP protocol log for virtual server ID 1, connection #806. The client at "123.123.250.51" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first  ". The full command sent was "xexch50 1776 2".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

event id 7004:
This is an SMTP protocol error log for virtual server ID 1, connection #801. The remote host "123.123.201.227", responded to the SMTP command "rcpt" with "503 This mail server requires authentication. Please check your mail client settings.  ". The full command sent was "RCPT TO:<totally-different-user@organization.org>  ".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.



--------------------------

The two event IDs have happened for months, and the don't seem to be related since the server worked find despite getting dozens of event IDs 7004 and 7010 each day.  

I guess I should start by looking where I can find more pertinent information that will help me find where I should look.

Thank you
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Are you trying to use a SMART HOST somewhere in the configuration? Usually configured on the SMTP Virtual Server? If so - this could be pointing at a server that requires authentication.
You cannot set authentication on the SMTP VS as this will break incoming email. Therefore you will have to use an SMTP Connector.
http://www.amset.info/exchange/smtp-connector.asp

And there is a good reason why it worked yesterday and not today. Yesterday was February. Today is March. If anyone is using databases on monthly updates then a new update was probably applied today.

Simon.
Avatar of Dave Messman

ASKER

The Exchange server does not have a smart host.  These problems occurred on February 28, so I doubt it was a monthly updates thing.  Besides, the problem was definetely on my server - many domains that were never a problem were suddenly a problem.  Later that evening I rebooted the server and the problem ceased.  However, that doesn't make me feel better - as I wish I knew the cause.  Where does one usually go for diagnostic data to see what could have been wrong?  When I ran a Postfix server, I could go into the logs and look at the conversations between my server and the other servers it was talking to.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial