• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2116
  • Last Modified:

Event ID 7010 with 550....Unable to relay

Hi,

I am running SBS for Windows 2003 with Exchange 2003. I have Firebox x700 in place.

My Application Event log is being flooded with the Event ID 7010.

The error is:
"This is an SMTP protocol log for virtual server ID 1, connection #962. The client at (my Exchange Server IP) sent a "rcpt" command, and the SMTP server responded with "550.5.7.1 Unable to relay for (a client that does not exist in my domain)." This will probably cause the connection to fail.

I used the telnet command to verify that our Exchange server is not an open SMTP relay.

This error is occurring at a rate of about every 3 to 4 minutes every day, all day.

Any help would be greatly appreciated!

Jim
0
JimG1956
Asked:
JimG1956
  • 3
  • 3
  • 2
  • +2
1 Solution
 
eatmeimadanishCommented:
This problem can come from two scenarios.  The site name for the email address trying to send the message is different or doesn't exist on the exchange server, or the entire Exchange site is looking for a different domain.  These messages can come from spam, spyware, or even a virus trying to use your smtp service.  I would increase the logging levels and look daily at authentication logs.  
0
 
JimG1956Author Commented:
Thanks for the reply.

I have Diagnostic Logging set to maximum for the Application log, and the only event logged is 7010.

The error contains the correct IP for tthe Exchange server (the client at <our Exchange server IP> and a non-existing client address (unable to relay for <client that does not exist>).

The repeats every 5 minutes.

Jim
0
 
SembeeCommented:
Sounds like someone might be trying to relay through your server, possibly via an NDR attack.
Have you looked at your queues to see if there are lots of messages waiting to be sent out?

I have some guidance on clearing the queues on my web site:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
Exchange MVP.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
JimG1956Author Commented:
Thanks, Simon.

I am aware of the possible queue issue, but that is not a problem.

As I mentioned, I have a WatchGaurd Firebox x700, and I have restricted all incomming e-mail via the firebox configuration to allow incomming mail to only valid e-mail addresses on our Exchange.

I completely agree with you. I think someone is making thoses attempts, but I am at a loss as to how to stop it. It's be going on for a few weeks non-stop.

Jim
0
 
SembeeCommented:
Could be an authenticated user attack. Do the logs show a user account?

I am not aware of how effective the unknown user feature in the Watchguard is - I know that Exchange 2003 has the feature - have you tried enabling that?

Simon.
0
 
JimG1956Author Commented:
Thanks, Simon.

The log references nancy@olympiccrest.local.com as the rcpt TO address. This address does not exist.

What does exist is nancy@olympiccrest.com.local.

I am pretty sure this is a permissions problem, but I have checked everyting I know of in the AD and Exchange.

Is there a way to tell Exchange not to attempt to send to nancy@olympiccrest.local.com even though this address is non-existant?

Jim
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Your problem is common with Exchange 2003 trying to authenticate to a fellow Exchange 2003 environment it's trying to authenticate with a "xexch50" command which the other server doesn't respond to because they aren't in the same domain.  Here's MS's KB about it which will tell you that "Integrated Windows Authentication" needs to be active.

http://support.microsoft.com/default.aspx?scid=kb;en-us;843106&sd=ee

Jeff
TechSoEasy
0
 
SembeeCommented:
Just going through some of the old outstanding questions as it is quiet...

Has this problem been resolved?
If you need clarification on any part of the responses above, please post back.

Otherwise you need to close the question by awarding points, or posting in the Support Topic Area (top right corner) with a link to this question asking for the moderators to close the question for you without awarding points.

Simon.
0
 
j556x45Commented:
I am having the same error but with a different scenario.

I have exchange 2003 SP2 and I have multiple domains that I allow SMTP to handle. I have a spam filter in front of the server and relays all incoming non-spam to the exchange server.

I have domain1.com to be my main domain and domain2.com to be my secondary domain. Some users in AD have email addresses with both domains. I checked and I am configured to handle incoming mail to domain2.com. But whenever I send an email to recipient@domain2.com it gets the error. But I do not get the error when addressed to recipient@domain1.com. Is this an SP2 issue? I am certain that Exhange is configured correctly.

Any help would be appreciated!!!!

Thanks
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
j556x45,

Welcome to Experts-Exchange!  

If you have a question of your own, you must ask it in a new thread.

Please see http://www.experts-exchange.com/help.jsp#hs2 for further assistance.

Thanks!

Jeff
TechSoEasy
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now