SMTP Service. NDR: 502 Command Unimplemented when sending only to certain domains

Below is an extract of my SMTP service's log (the names have been changed to protect the innocent!!). This was produced whilst I attempted to send an email using telnet.

xxx.xxx.xxx.xxx = My PCs IP Address
WIN2k_SMTP = Windows 2000 Machine with SMTP service running
yyy.yyy.yyy.yyy = The IP Address of WIN2k_SMTP
NT4SERVER_EXCH55 = NT4 Server running Exchange 5.5
All 3 of the above machines are on the same domain (MYDOMAIN)

my.email@my-company.com = My email address
recipient@theirdomain.co.uk = The person I am attempting to email!!

All domains in the SMTP service are set to send HELO instead of EHLO
The 8bitmime ESMTP verb has been disabled in the metabase.
Any ideas why I would get an NDR with a 502 Command Unimplemented?
Am I correct in thinking that it is the BDAT command which is failing?

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2006-03-24 12:42:59
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2006-03-24 12:42:59 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 HELO - - 250 0 35 4 0 SMTP - - - -
2006-03-24 12:43:18 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 MAIL - +from:+my.email@my-company.com 250 0 57 43 0 SMTP - - - -
2006-03-24 12:43:30 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 RCPT - +to:+recipient@theirdomain.co.uk 250 0 34 30 0 SMTP - - - -
2006-03-24 12:43:51 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 DATA - <WIN2k_SMTPgl2kzZ0zPosx00000155@WIN2k_SMTP> 250 0 120 51 17640 SMTP - - - -
2006-03-24 12:44:10 - OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 220+theirdomain.co.uk+Microsoft+ESMTP+MAIL+Service,+Version:+6.0.3790.211+ready+at++Fri,+24+Mar+2006+13:05:41++0000+ 0 0 112 0 1265 SMTP - - - -
2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 EHLO - WIN2k_SMTP 0 0 4 0 1265 SMTP - - - -
2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250-theirdomain.co.uk+Hello+[195.147.101.202] 0 0 41 0 1312 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 MAIL - FROM:<my.email@my-company.com> 0 0 4 0 2422 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.0+my.email@my-company.com....Sender+OK 0 0 55 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 RCPT - TO:<recipient@theirdomain.co.uk> 0 0 4 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.5+recipient@theirdomain.co.uk+ 0 0 32 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 BDAT - 430+LAST 0 0 4 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 502+Command+unimplemented 0 0 25 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 QUIT - - 0 0 4 0 2937 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 500+Syntax+error,+command+unrecognized 0 0 38 0 3312 SMTP - - - -
2006-03-24 12:44:11 - OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 220+NT4SERVER_EXCH55.MYDOMAIN+ESMTP+Server+(Microsoft+Exchange+Internet+Mail+Service+5.5.2655.55)+ready 0 0 93 0 31 SMTP - - - -
2006-03-24 12:44:11 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 HELO - WIN2k_SMTP 0 0 4 0 31 SMTP - - - -
2006-03-24 12:44:11 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK 0 0 6 0 31 SMTP - - - -
2006-03-24 12:44:11 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 MAIL - FROM:<> 0 0 4 0 62 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK+-+mail+from+<> 0 0 21 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 RCPT - TO:<my.email@my-company.com> 0 0 4 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK+-+Recipient+<my.email@my-company.com> 0 0 53 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 DATA - - 0 0 4 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 354+Send+data.++End+with+CRLF.CRLF 0 0 34 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK 0 0 6 0 93 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 QUIT - - 0 0 4 0 93 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 221+closing+connection 0 0 22 0 93 SMTP - - - -
LVL 5
WillibobAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DraakCommented:
indeed. Seem sto me that the server theirdomain.co.uk does not understand the command BDAT

best regards, Draak
DraakCommented:
Hi there again,

the most common reason why you get this error is caused by a firewall doing some kind of SMTP filtering between the two mail servers. By default ISA server(the MS firewall) has this filtering enabled and it filters the BDAT word in any SMTP converstation passing through it.

try looking in that direction

best regards,

Draak.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WillibobAuthor Commented:
Thanks Draak

I'll check the firewall policy and post any relevant info.

Bill
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

WillibobAuthor Commented:
By the way, my Exchange 5.5 server can send mail to theirdomain.co.uk without any problem. Its only when I relay outbound mail through the SMTP service or send directly by telnetting in to the SMTP service that it fails.

Bill
DraakCommented:
Hi there,

did some more digging and found that the verb BDAT is not part of the standard SMTP commands as described in RFC821. Because ESMTP is disabled the SMTP server does not recognize the VERB BDAT.

2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 EHLO - WIN2k_SMTP 0 0 4 0 1265 SMTP - - - -
2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250-theirdomain.co.uk+Hello+[195.147.101.202] 0 0 41 0 1312 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 MAIL - FROM:<my.email@my-company.com> 0 0 4 0 2422 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.0+my.email@my-company.com....Sender+OK 0 0 55 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 RCPT - TO:<recipient@theirdomain.co.uk> 0 0 4 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.5+recipient@theirdomain.co.uk+ 0 0 32 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 BDAT - 430+LAST 0 0 4 0 2500 SMTP - - - -

This shows that communication is using ESMTP instead of SMTP.

best regards,

Draak
gam1002Commented:
Hi,

Just so you know, the line:

fixup smtp

on a Cisco PIX will also cause this. Just like the ISA filtering.

Cheers,
Andrew
WillibobAuthor Commented:
Draak

I made some changes to the firewall policy on Friday and fired off a couple of test messages through telnet.

Although I didn't get an instant NDR, I got a message delayed notification on Saturday:

                         Final-Recipient: rfc822;recipient@theirdomain.co.uk
                         Action: delayed
                         Status: 4.4.7
                         Will-Retry-Until: Sun, 26 Mar 2006 16:11:39 +0000

And then the following on Sunday:

                         Final-Recipient: rfc822;recipient@theirdomain.co.uk
                         Action: failed
                         Status: 4.4.7

I've sent some more to addresses I could previously get to so I'm waiting to see what happens with those.

Bill
DraakCommented:
Hi Bill,

any additional SMTP logging available

best regards
WillibobAuthor Commented:
Hi Draak

The SMTP log has changed in the sense that it is no longer using EHLO & BDAT but is now using HELO and DATA.

There were no immediate errors as there was before (500 Syntax error) but the message was still not delivered. I tested the email address on dnsstuff.com and although the primary and secondary mailservers returned success, the 4 backup mail servers returned an Unknown Recipient error.

Given that my Exch5.5 has no difficulty sending to this domain, I don't think that this is the cause of the issue.

I'll keep you posted (pardon the pun!)

Bill
DraakCommented:
Hi Bill,

the only thing left to check is the SMTP logs for the RCPT TO command and check that the syntax is correct. It should say
RCPT TO:<recipient@theirdomain.co.uk>

Although I think it will also accept
RCPT TO:recipient@theirdomain.co.uk

If this is OK, I am forced to tell you that there is indeed something wrong on the recipient side, especially if it returns "User unknown". Maybe its just a silly typo in the email address.

At least you got rid of the 500 error and got a 400 error instead (which is not a critical abort error, but a retry error)

best regards,
Draak
WillibobAuthor Commented:
Hi Draak

Just to let you know that I haven't abandoned this question!!

I'm still strying a few things but the problem is that I have to wait 2 days before the NDR comes back now.

All messages I send now, through the SMTP service using telnet ultimately fail. Even if I send to an address which was previously OK!!

They all fail with the same error 4.4.7

I'll keep at it and post some more SMTP logs in a couple of days (just waiting to see if the last batch of test messages made it!!)

Thanks for your help so far.

Bill
WillibobAuthor Commented:
Hi Draak

My problem still exists but I don't have time to resolve it at the moment and have a work around in place.

I accepted your answer as I cannot be sure that the firewall isn't contributing to the issue.

Thanks for your input.

Bill
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.