• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1778
  • Last Modified:

Exchange Server 5.5 - The recipient name is not recognized - some recipients (.com) only

Hello, been trying to fix this error all day, failed basically! Any help appreciated as I am now stuck.

We are running Exchange Server 5.5 sp4. Everything has been running perfectly for months. Recently some
users began to get an error on their Outlook 2000 clients when sending certain emails
            The recipient name is not recognized
The MTS-ID of the original message is: c=US;a= ;p=Our Organisation;l=SERVER NAME-060525151211Z-21

Meantime, the NDR Report states A mail message was not sent due to a protocol error.      553 information. (#5.7.1)

This error only affects emails sent by users to .com addresses. All emails sent to .co.uk addresses and, wait for it, SOME emails sent to .com addresses are sent ok.

This problem is now escalating, instead of it being isolated users, it is now affecting many, possibly all, users. It is indeed possible that no .com emails are now being sent.

The Server (W2000 Server) that is running Exchange 5.5 is NOT the PDC. The PDC runs W2003 Server. Active Directory Connector Manager is not installed on the PDC, and never has been.

All email arrives from the Internet perfectly well.
There is no problem with our ISP Email account, I have checked.

Recent changes to the hardware/software config - absolutely nothing!

I wonder where in Exchange 5.5's zillion settings I attempt to correct this error., and I guess I don't. In fact
I think I might need a reverse DNS look up zone on the PDC.  I need some help with this pliz as the fact is
emails have been working perfectly well for months until this week, and I haven't changed any settings? It
is possible we re-booted the PDC last week, and maybe it has lost some DNS settings on re-boot, really clutching at straws now...

Confusing urgent and difficult, hence maximum points!!

Frankie (thewordthe)







0
thewordthe
Asked:
thewordthe
  • 7
  • 6
  • 3
2 Solutions
 
BembiCEOCommented:
I collect together:
You can receive everything, but you can not send to a few domains, which are all external, right?.

Can you recognize, that a few recipient domains are affected (recipient relatet - not top level domain related)?
Have you checked, if the denied messages have a special format (like HTML) ? Have you have tried to send a mail to such a target as simple text?
Same question for the mail encoding. Are mails with a special encoding are affected?
Have you checked the name resolution on the exchange machine for the affected domains?

Protocol error are also seen on Exchange 5.5, if the server runs at its limits, so if you have a heavy server load, to less RAM memory or to less disk space or if you reach the store limits (only for standard edition).
0
 
december41991Commented:
I hope your domain is not blacklisted.Because with you doing anything if mails start to bounce then you may have been black listed and you may also be open for relay ( the reason for been black listed ).

Regards
Dominic
0
 
thewordtheAuthor Commented:
Reply to Bembi : Correct opening statement. Yes I am only trying to send simple test emails
Encoding unchanged as far as I can tell
How do I check the name resolution on the exchange machine for the affected domains. Using nslookup -type=mx www.whatever.com I assume? If I run this command on the Server I get

***Can't find server name for address 10.0.0.125 : non existent domain
***Default servers are not available
Server : UnKnown
Address: 10.0.0.125                      (note 10.0.0.125 is the PDC which is called SATURN)
domain
Primary name server = ns.whatever.net
Responsible mail address = hostmaster.whatever.net
serial = etc
refresh = etc
retyr = etc
expire = etc
default TTL = etc

If this is not how to check the name resolution on the exchange machine for the affected domains, please give me instructions, thanks...

Reply to december41991 : How do I check if our domain has been blacklisted? Is this blacklisted by individual organisation, or globally? Last weekend there was a problem with an out of office email bouncing due to rules set up on a yahoo webmail account. How do I get our domain taken off a blacklist if it is on there?

Thanks

Frankie (thewordthe)






0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
thewordtheAuthor Commented:
Further to Bembi comment re Server load, this is not the problem I am pretty certain.
Frankie
0
 
thewordtheAuthor Commented:
Further info

I did a nslookup for www.freenetname.co.uk  domain and got the same beginning to the message

***Can't find server name for address 10.0.0.125 : non existent domain
***Default servers are not available
Server : UnKnown
Primary name server = ns.whatever.net
Responsible mail address = hostmaster.whatever.net
serial = etc
refresh = etc
retyr = etc
expire = etc
default TTL = etc

I can send an email to account@freenetname.co.uk  so I think that the ***Can't find server is not the problem therefore I assume, and that this message can be ignored???

Frankie (thewordthe)
0
 
BembiCEOCommented:
Check name resolution:

Your server external and any other server: Just goto http://www.dnsreport.com/
This will check everything

Your server internal (from a client):
nslookup YourExServer (NetBios)
nslookup YourExServer.yourdomain.com (FQDN)
nslookup IP Address (Reverse)

If you cant resolve your IP-Address internal, setup a reverse DNS zone for your domain on your internla DNS. Go to your DNS MMC, there you will find a forward and reverse zone. To set it up, just mark to reverse zone folder and right click - add zone. Within the assistant, you will need your Net-ID (part of your IP-Address and the responsible name server. Thats it. Within your forward zone as well as within your reverse zone, you should also enable the WINS lookup (forward) and WINS reverse lookup (reverse) settings.

The error code 553 point to "malformed address", 5.7.1. is relay deny. As these usually are not DNS related issues, you should correct the DNS settings, but I assume, it will not solve the problem.

For checking Blacklisting, have a look here:
http://openrbl.org/query/
Enter the public IP address, which is registered as public MS record for your Exchange and click on Openrbl JS client. Everything what is red there may be critical.

Also, it maybe an idea to check your outlook clients, if they up to date, especially Outlook 2002 has an issue in your direction.
0
 
BembiCEOCommented:
And...
With kind of internet connection do you use? Static or dynamic IP Address?
Do you forward mails to your provider (smarthost) or do you use DNS name resolution? (Setting of IMC)
0
 
thewordtheAuthor Commented:
I am now getting some more information about this problem, I am pretty sure that our domain has been temporarily blacklisted by spamcop on the recipient server. There were some bouncing emails last week caused by Out Of Office Assistant being sent to an email address that had a forwarding rule back to the original email. I am not convinced though, as the problem was occurring earlier I believe, still...

Previous emails just said there was a protocol error. Now I am getting more information

The following recipients did not receive the attached mail. Reasons are listed with each recipient:

<joe.bloggs@whatever.com> joe.bloggs@whatever.com
      MSEXCH:IMS:Rockford Group:ROCKFORDMAIL:MERCURY 3554 (000B09AA) 554 Service unavailable; Client host [XX.XXX.110.58] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?XX.XXX.110.58

On clicking the link I get
--------------------------------------------------
SpamCop's blocking list works on a mail-server level. If your mail was blocked incorrectly it may be due to the actions of other users or technical flaws with the mail system you use. If you are not the administrator of your email system, please forward this information to them.
Information about the reasons for listing (blocking) your mail server (XX.XXX.110.58)
---------------------------------------------------

On clicking the link I get

-------------------------------------------------------------------------
xx.xxx.110.58 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours.

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems
(these factors do not directly result in spamcop listing)
DNS error: XX.XXX.110.58 is YY.YYY.105.62.as15758.net but YY.YYY.105.62.as15758.net has no DNS information
Because of the above problems, express-delisting is not available

Listing History
In the past 9.9 days, it has been listed 2 times for a total of 7.1 days
Dispute Listing
If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes.
Dispute listing of 62.105.110.58
------------------------------------------------------------

No point disputing it as they say its a 24 hour turnaround. I guess therefore that this problem is going to disappear over the weekend. This will explain why 99% of Internet forums have unresolved postings on this subject...it 'fixes itself' in time...

I'll wait and see if this is resolved on Tuesday after the UK bank holiday then if it is, I'll award points to Bembi for his efforts, certainly if he can make a comment about the Additional Potential Problem above. Do I need to add a reverse DNS look up perhaps to resolve.

I am not too confident though as I have just sent a further email to the address and got the same standard reply ie
----------------------------------------------------------------------
The recipient name is not recognized
The MTS-ID of the original message is: c=US;a= ;p=Our Organisation;l=SERVER NAME-060525151211Z-21
-----------------------------------------------------------------------

Anyway we'll see, I'm leaving this therefore until 30th May 2006, cheers y'all

Frankie (thewordthe)




0
 
BembiCEOCommented:
Some Notes:
The error messages not allways saying the truth, they can only show a reason, when the sending server of the NDR will provide detailed information. If you get "protocol error" messages, that means, that there is no futher information. But the error codes may give you some more hints.

If your server is blacklisted, you have to read the rules for the blacklist as every blacklister may have a different system to remove your server as well as to get set on the list.

But take aware of the hint, that SpamCop do not find a reverse name resolution for your external IP. You should talk to your provider to get a reverse DNS entry for your external IP, as other servers will deny mails only for that single reason.

You can check your domain with http://www.dnsreport.com/, and you may see, that there is a red warning for reverse name resolution.
0
 
december41991Commented:
Yes Black list is not global, it will depend on ISP's and regionally. Therefore it’s very intermittent. Its good that you have the correct information now and you should know what to do next… Bembi has given you the link for checking the blacklist open directory. When ever you have problem with email bouncing and sincerely you have not done anything; check black listing

:)

Dominic
0
 
december41991Commented:
Are you an Open Relay?
When you are open relay, your server is the host for all spammers. And ISP think you are doing it and black list you !!!! :)


Check here:
http://www.amset.info/exchange/smtp-openrelay.asp
0
 
thewordtheAuthor Commented:
Reply to december41991...

Server passed Open Relay Test (it is not an Open Relay) for anyone reading this later note that there is no need to pursue the http://www.amset.info/exchange/smtp-openrelay.asp link, as the  http://www.dnsreport.com/ link includes an Open relay test at the end...cheers anyway though!!!

Response to dns Report line from Bembi...not that I understand much of this...2 FAILS and 3 WARNINGS, all other PASS including Open Relay test.

---------------------------------------------------------

FAIL : Open DNS Servers : Server 195.40.0.250 reports that it will do recursive lookups

FAIL : Duplicate MX records WARNING: You have duplicate MX records. This means that mailservers may try delivering mail to the same IP more than once. Although technically valid, this is very confusing, and wastes resources. The duplicate MX records are:
noc.mx.easynet.net. and tele.mx.easynet.net. both resolve to 212.135.6.133.

WARN : SOA MNAME Check WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: nspri.easynet.co.uk.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.  

WARN : SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).

WARN : Mail server host name in greeting WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

fuea.mail.easynet.net claims to be host store2.mail.uk.easynet.net [but that host is at 212.135.6.37 (may be cached), not 212.135.6.254].  

-------------------------------------


Anyway we'll see what happens over the weekend, but things are getting worse rather than better, some .co.uk emails are now being rejected, not just .com.

I am hoping that spamcop lifts its blockade and everything goes back to normal, hmmmmmmmmm doesn't usually work that way unfortunately so I guess I'll be back here again on Tuesday

What a difficult problem this is when you don't know the solution! I bet it can be resolved in 5 seconds flat when you do.

I'M OFF HOME!!!!!!!!!!!!!!!
Thanks for contributions to date.............

Frankie


0
 
BembiCEOCommented:
FAIL:
Open DNS Servers: Doesn't matter, ISP issue
Duplicate MX records WARNING: Normal if this is a server farm.

WARN :
SOA MNAME Check WARNING: ISP issue
SPF record: Not really implemented, so don't worry. Sender Frame policy (SPF) is a DNS record, which tells other servers, which mail servers are yours.
Mail server host name in greeting WARNING: The mail server greeting should be the same than your MX record resolves to, this is RFC, but nobody takes really notice of that.

So, nothing you should worry about, you have no influence to that settings.

...
Nice weekend and good luck..., remember the public reverse DNS setting, this avoids some trouble
0
 
thewordtheAuthor Commented:
All well this morning, I was able to send an email to the most pesky addressee and it went through without a problem. It took spamcop until Sunday night to life the embargo though

december 41991 guessed the reason for the error and Bembi put the most work in, so 150/350 split I think is fair, trust you agree

Thanks v much guys for your assistance

Catch ya later down the track

Frankie

0
 
thewordtheAuthor Commented:
Follow up

Tuesday-Thursday afternoon all was ok, but the router got listed on spamcop again, and some dot com emails became undeliverable (to), late Thursday.

Latest spamcop listing says that our domain will be delisted in 1 hour. My understanding of this is that the domains that we are trying to send emails to will not receive emails whilst our domain is blacklisted on spamcop. Other email domains will receive email because their servers are not set up to check incoming email using spam cop.

The *reason* that our domain has been listed on spamcop in the first place is less than clear. However I think it is to do with users setting rules up to forward their corporate emails to internet email addresses using Out Of Office Assistant. In turn some users may have rules in their internet email account to forward email from there, and this may be sufficient for spam cop to think we are relaying email.

Obviously all will be well again once spamcop delists, but the key is to stop it re-occurring, any comments appreciated...

Frankie (thewordthe)
0
 
BembiCEOCommented:
Read the SPAMCOP documentation to have an idea, why you are blacklisted from time to time. What my be is, that there is a bulk SPAM sender somewhere, which is sending faked mails in your name. Out of office replies should not be the reason in my mind as long as there are no loops in there.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now