JimG1956
asked on
Event ID 7010 with 550....Unable to relay
Hi,
I am running SBS for Windows 2003 with Exchange 2003. I have Firebox x700 in place.
My Application Event log is being flooded with the Event ID 7010.
The error is:
"This is an SMTP protocol log for virtual server ID 1, connection #962. The client at (my Exchange Server IP) sent a "rcpt" command, and the SMTP server responded with "550.5.7.1 Unable to relay for (a client that does not exist in my domain)." This will probably cause the connection to fail.
I used the telnet command to verify that our Exchange server is not an open SMTP relay.
This error is occurring at a rate of about every 3 to 4 minutes every day, all day.
Any help would be greatly appreciated!
Jim
I am running SBS for Windows 2003 with Exchange 2003. I have Firebox x700 in place.
My Application Event log is being flooded with the Event ID 7010.
The error is:
"This is an SMTP protocol log for virtual server ID 1, connection #962. The client at (my Exchange Server IP) sent a "rcpt" command, and the SMTP server responded with "550.5.7.1 Unable to relay for (a client that does not exist in my domain)." This will probably cause the connection to fail.
I used the telnet command to verify that our Exchange server is not an open SMTP relay.
This error is occurring at a rate of about every 3 to 4 minutes every day, all day.
Any help would be greatly appreciated!
Jim
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds like someone might be trying to relay through your server, possibly via an NDR attack.
Have you looked at your queues to see if there are lots of messages waiting to be sent out?
I have some guidance on clearing the queues on my web site:
http://www.amset.info/exchange/spam-cleanup.asp
Simon.
Exchange MVP.
Have you looked at your queues to see if there are lots of messages waiting to be sent out?
I have some guidance on clearing the queues on my web site:
http://www.amset.info/exchange/spam-cleanup.asp
Simon.
Exchange MVP.
ASKER
Thanks, Simon.
I am aware of the possible queue issue, but that is not a problem.
As I mentioned, I have a WatchGaurd Firebox x700, and I have restricted all incomming e-mail via the firebox configuration to allow incomming mail to only valid e-mail addresses on our Exchange.
I completely agree with you. I think someone is making thoses attempts, but I am at a loss as to how to stop it. It's be going on for a few weeks non-stop.
Jim
I am aware of the possible queue issue, but that is not a problem.
As I mentioned, I have a WatchGaurd Firebox x700, and I have restricted all incomming e-mail via the firebox configuration to allow incomming mail to only valid e-mail addresses on our Exchange.
I completely agree with you. I think someone is making thoses attempts, but I am at a loss as to how to stop it. It's be going on for a few weeks non-stop.
Jim
Could be an authenticated user attack. Do the logs show a user account?
I am not aware of how effective the unknown user feature in the Watchguard is - I know that Exchange 2003 has the feature - have you tried enabling that?
Simon.
I am not aware of how effective the unknown user feature in the Watchguard is - I know that Exchange 2003 has the feature - have you tried enabling that?
Simon.
ASKER
Thanks, Simon.
The log references nancy@olympiccrest.local.c
What does exist is nancy@olympiccrest.com.loc
I am pretty sure this is a permissions problem, but I have checked everyting I know of in the AD and Exchange.
Is there a way to tell Exchange not to attempt to send to nancy@olympiccrest.local.c
Jim
The log references nancy@olympiccrest.local.c
What does exist is nancy@olympiccrest.com.loc
I am pretty sure this is a permissions problem, but I have checked everyting I know of in the AD and Exchange.
Is there a way to tell Exchange not to attempt to send to nancy@olympiccrest.local.c
Jim
Your problem is common with Exchange 2003 trying to authenticate to a fellow Exchange 2003 environment it's trying to authenticate with a "xexch50" command which the other server doesn't respond to because they aren't in the same domain. Here's MS's KB about it which will tell you that "Integrated Windows Authentication" needs to be active.
http://support.microsoft.com/default.aspx?scid=kb;en-us;843106&sd=ee
Jeff
TechSoEasy
http://support.microsoft.com/default.aspx?scid=kb;en-us;843106&sd=ee
Jeff
TechSoEasy
Just going through some of the old outstanding questions as it is quiet...
Has this problem been resolved?
If you need clarification on any part of the responses above, please post back.
Otherwise you need to close the question by awarding points, or posting in the Support Topic Area (top right corner) with a link to this question asking for the moderators to close the question for you without awarding points.
Simon.
Has this problem been resolved?
If you need clarification on any part of the responses above, please post back.
Otherwise you need to close the question by awarding points, or posting in the Support Topic Area (top right corner) with a link to this question asking for the moderators to close the question for you without awarding points.
Simon.
I am having the same error but with a different scenario.
I have exchange 2003 SP2 and I have multiple domains that I allow SMTP to handle. I have a spam filter in front of the server and relays all incoming non-spam to the exchange server.
I have domain1.com to be my main domain and domain2.com to be my secondary domain. Some users in AD have email addresses with both domains. I checked and I am configured to handle incoming mail to domain2.com. But whenever I send an email to recipient@domain2.com it gets the error. But I do not get the error when addressed to recipient@domain1.com. Is this an SP2 issue? I am certain that Exhange is configured correctly.
Any help would be appreciated!!!!
Thanks
I have exchange 2003 SP2 and I have multiple domains that I allow SMTP to handle. I have a spam filter in front of the server and relays all incoming non-spam to the exchange server.
I have domain1.com to be my main domain and domain2.com to be my secondary domain. Some users in AD have email addresses with both domains. I checked and I am configured to handle incoming mail to domain2.com. But whenever I send an email to recipient@domain2.com it gets the error. But I do not get the error when addressed to recipient@domain1.com. Is this an SP2 issue? I am certain that Exhange is configured correctly.
Any help would be appreciated!!!!
Thanks
j556x45,
Welcome to Experts-Exchange!
If you have a question of your own, you must ask it in a new thread.
Please see https://www.experts-exchange.com/help.jsp#hs2 for further assistance.
Thanks!
Jeff
TechSoEasy
Welcome to Experts-Exchange!
If you have a question of your own, you must ask it in a new thread.
Please see https://www.experts-exchange.com/help.jsp#hs2 for further assistance.
Thanks!
Jeff
TechSoEasy
ASKER
I have Diagnostic Logging set to maximum for the Application log, and the only event logged is 7010.
The error contains the correct IP for tthe Exchange server (the client at <our Exchange server IP> and a non-existing client address (unable to relay for <client that does not exist>).
The repeats every 5 minutes.
Jim