SMTP Service. NDR: 502 Command Unimplemented when sending only to certain domains

Below is an extract of my SMTP service's log (the names have been changed to protect the innocent!!). This was produced whilst I attempted to send an email using telnet.

xxx.xxx.xxx.xxx = My PCs IP Address
WIN2k_SMTP = Windows 2000 Machine with SMTP service running
yyy.yyy.yyy.yyy = The IP Address of WIN2k_SMTP
NT4SERVER_EXCH55 = NT4 Server running Exchange 5.5
All 3 of the above machines are on the same domain (MYDOMAIN)

my.email@my-company.com = My email address
recipient@theirdomain.co.uk = The person I am attempting to email!!

All domains in the SMTP service are set to send HELO instead of EHLO
The 8bitmime ESMTP verb has been disabled in the metabase.
Any ideas why I would get an NDR with a 502 Command Unimplemented?
Am I correct in thinking that it is the BDAT command which is failing?

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2006-03-24 12:42:59
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2006-03-24 12:42:59 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 HELO - - 250 0 35 4 0 SMTP - - - -
2006-03-24 12:43:18 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 MAIL - +from:+my.email@my-company.com 250 0 57 43 0 SMTP - - - -
2006-03-24 12:43:30 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 RCPT - +to:+recipient@theirdomain.co.uk 250 0 34 30 0 SMTP - - - -
2006-03-24 12:43:51 xxx.xxx.xxx.xxx - SMTPSVC1 WIN2k_SMTP yyy.yyy.yyy.yyy 0 DATA - <WIN2k_SMTPgl2kzZ0zPosx00000155@WIN2k_SMTP> 250 0 120 51 17640 SMTP - - - -
2006-03-24 12:44:10 - OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 220+theirdomain.co.uk+Microsoft+ESMTP+MAIL+Service,+Version:+6.0.3790.211+ready+at++Fri,+24+Mar+2006+13:05:41++0000+ 0 0 112 0 1265 SMTP - - - -
2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 EHLO - WIN2k_SMTP 0 0 4 0 1265 SMTP - - - -
2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250-theirdomain.co.uk+Hello+[195.147.101.202] 0 0 41 0 1312 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 MAIL - FROM:<my.email@my-company.com> 0 0 4 0 2422 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.0+my.email@my-company.com....Sender+OK 0 0 55 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 RCPT - TO:<recipient@theirdomain.co.uk> 0 0 4 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.5+recipient@theirdomain.co.uk+ 0 0 32 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 BDAT - 430+LAST 0 0 4 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 502+Command+unimplemented 0 0 25 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 QUIT - - 0 0 4 0 2937 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 500+Syntax+error,+command+unrecognized 0 0 38 0 3312 SMTP - - - -
2006-03-24 12:44:11 - OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 220+NT4SERVER_EXCH55.MYDOMAIN+ESMTP+Server+(Microsoft+Exchange+Internet+Mail+Service+5.5.2655.55)+ready 0 0 93 0 31 SMTP - - - -
2006-03-24 12:44:11 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 HELO - WIN2k_SMTP 0 0 4 0 31 SMTP - - - -
2006-03-24 12:44:11 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK 0 0 6 0 31 SMTP - - - -
2006-03-24 12:44:11 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 MAIL - FROM:<> 0 0 4 0 62 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK+-+mail+from+<> 0 0 21 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 RCPT - TO:<my.email@my-company.com> 0 0 4 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK+-+Recipient+<my.email@my-company.com> 0 0 53 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 DATA - - 0 0 4 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 354+Send+data.++End+with+CRLF.CRLF 0 0 34 0 78 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+OK 0 0 6 0 93 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 QUIT - - 0 0 4 0 93 SMTP - - - -
2006-03-24 12:44:12 NT4SERVER_EXCH55.MYDOMAIN OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 221+closing+connection 0 0 22 0 93 SMTP - - - -
LVL 5
WillibobAsked:
Who is Participating?
 
DraakCommented:
Hi there again,

the most common reason why you get this error is caused by a firewall doing some kind of SMTP filtering between the two mail servers. By default ISA server(the MS firewall) has this filtering enabled and it filters the BDAT word in any SMTP converstation passing through it.

try looking in that direction

best regards,

Draak.
0
 
DraakCommented:
indeed. Seem sto me that the server theirdomain.co.uk does not understand the command BDAT

best regards, Draak
0
 
WillibobAuthor Commented:
Thanks Draak

I'll check the firewall policy and post any relevant info.

Bill
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
WillibobAuthor Commented:
By the way, my Exchange 5.5 server can send mail to theirdomain.co.uk without any problem. Its only when I relay outbound mail through the SMTP service or send directly by telnetting in to the SMTP service that it fails.

Bill
0
 
DraakCommented:
Hi there,

did some more digging and found that the verb BDAT is not part of the standard SMTP commands as described in RFC821. Because ESMTP is disabled the SMTP server does not recognize the VERB BDAT.

2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 EHLO - WIN2k_SMTP 0 0 4 0 1265 SMTP - - - -
2006-03-24 12:44:10 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250-theirdomain.co.uk+Hello+[195.147.101.202] 0 0 41 0 1312 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 MAIL - FROM:<my.email@my-company.com> 0 0 4 0 2422 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.0+my.email@my-company.com....Sender+OK 0 0 55 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 RCPT - TO:<recipient@theirdomain.co.uk> 0 0 4 0 2469 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionResponse SMTPSVC1 WIN2k_SMTP - 25 - - 250+2.1.5+recipient@theirdomain.co.uk+ 0 0 32 0 2500 SMTP - - - -
2006-03-24 12:44:11 theirdomain.co.uk OutboundConnectionCommand SMTPSVC1 WIN2k_SMTP - 25 BDAT - 430+LAST 0 0 4 0 2500 SMTP - - - -

This shows that communication is using ESMTP instead of SMTP.

best regards,

Draak
0
 
gam1002Commented:
Hi,

Just so you know, the line:

fixup smtp

on a Cisco PIX will also cause this. Just like the ISA filtering.

Cheers,
Andrew
0
 
WillibobAuthor Commented:
Draak

I made some changes to the firewall policy on Friday and fired off a couple of test messages through telnet.

Although I didn't get an instant NDR, I got a message delayed notification on Saturday:

                         Final-Recipient: rfc822;recipient@theirdomain.co.uk
                         Action: delayed
                         Status: 4.4.7
                         Will-Retry-Until: Sun, 26 Mar 2006 16:11:39 +0000

And then the following on Sunday:

                         Final-Recipient: rfc822;recipient@theirdomain.co.uk
                         Action: failed
                         Status: 4.4.7

I've sent some more to addresses I could previously get to so I'm waiting to see what happens with those.

Bill
0
 
DraakCommented:
Hi Bill,

any additional SMTP logging available

best regards
0
 
WillibobAuthor Commented:
Hi Draak

The SMTP log has changed in the sense that it is no longer using EHLO & BDAT but is now using HELO and DATA.

There were no immediate errors as there was before (500 Syntax error) but the message was still not delivered. I tested the email address on dnsstuff.com and although the primary and secondary mailservers returned success, the 4 backup mail servers returned an Unknown Recipient error.

Given that my Exch5.5 has no difficulty sending to this domain, I don't think that this is the cause of the issue.

I'll keep you posted (pardon the pun!)

Bill
0
 
DraakCommented:
Hi Bill,

the only thing left to check is the SMTP logs for the RCPT TO command and check that the syntax is correct. It should say
RCPT TO:<recipient@theirdomain.co.uk>

Although I think it will also accept
RCPT TO:recipient@theirdomain.co.uk

If this is OK, I am forced to tell you that there is indeed something wrong on the recipient side, especially if it returns "User unknown". Maybe its just a silly typo in the email address.

At least you got rid of the 500 error and got a 400 error instead (which is not a critical abort error, but a retry error)

best regards,
Draak
0
 
WillibobAuthor Commented:
Hi Draak

Just to let you know that I haven't abandoned this question!!

I'm still strying a few things but the problem is that I have to wait 2 days before the NDR comes back now.

All messages I send now, through the SMTP service using telnet ultimately fail. Even if I send to an address which was previously OK!!

They all fail with the same error 4.4.7

I'll keep at it and post some more SMTP logs in a couple of days (just waiting to see if the last batch of test messages made it!!)

Thanks for your help so far.

Bill
0
 
WillibobAuthor Commented:
Hi Draak

My problem still exists but I don't have time to resolve it at the moment and have a work around in place.

I accepted your answer as I cannot be sure that the firewall isn't contributing to the issue.

Thanks for your input.

Bill
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.