Restricted SMTP Service

Posted on 2006-07-13
Last Modified: 2012-06-27
Cannot send email to one particular address.  When trying to telnet get this response to MAIL FROM command: 550 5.7.1 Restricted SMTP service.

Using Exchange 2000 running under Windows 2000 server.   Exchange System Manager tracker reports these message at "SMTP: Started Outbound Transfer of Message" for a long time, then eventually we'll get an NDR.  the receiving mail server reports "timeout wait for input" from my server and my server "did not issue MAIL/EXPN/VRFY/ETRN during connection to MT4"

Question by:RBECKMN
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 104

Expert Comment

ID: 17102449
Put the domain that you are trying to send to in to - see if it is just you getting the error or it is everyone.


Author Comment

ID: 17102625
I already did that and also checked it out DNSSTUFF.COM.  It checks out okay.  I can send from other email servers.  

They can send to me, but I can't send to them.
LVL 104

Accepted Solution

Sembee earned 500 total points
ID: 17103273
If it checks out with (which is the same service as then they are blocking you for some reason.

Ask them why.

In the short term, try sending email for that domain via your ISPs SMTP server using an SMTP Connector.

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 17104171
they claim the problem is entirely at my end.

I tried the suggestion from the AMSET info page.  here are the results for various SMTP Connector settings:

(email addresses that I can't get to are like this:
 the recipient mail server is and the recipient domain is

Smart Host               Address Space Domain             Result
------------                ---------------------------             --------
ISP Mail server          recipient                                  554 relay access denied

recipient mail server  recipient                                  message tracking: stops
                                                                              at "Submitted to categorizer"
                                                                              message ends up queue labelled:
                                                                              "messages with an unreachable destination"

ISP Mail server          *                                            554 relay access denied

recipient mail server  *                                            554 relay access denied
I also tried checking the "allow messages to be relayed to these domains" to no effect.

On another note:

I had been trying to telnet to  
Then I tried telnetting to; instead of getting a response I just get a promptless, blank screen that does not acknowledge any SMTP commands.  I have to close the command window to get out of telnet.

My ISP has advised me to reset the firewall to send all outbound SMTP packets to their mail server, but the ISP is a unix shop, they don't know anything about MS Exchange.
LVL 104

Expert Comment

ID: 17104260
Does the ISP require authentication to relay through their server? Some do, some don't. They may also want to know what domain you want to send through their server. It depends how their system is setup.

Relay access denied basically means what it says - the server doesn't know that it can relay for that domain.
Make sure that you are using their client facing SMTP server - often what they put in any instructions for Outlook Express. This will probably be a different server to the one that is in their MX records.

When you telnet to the offending site, you did attempt to connect to port 25?

telnet 25

What happens if you telnet to something else - such as

telnet 25


Author Comment

ID: 17104602
Thanks for asking about whether the ISP requires authentication.  I had assumed they didn't and that was correct.  but I called them and it turns out they have two mail servers with almost identical names and I was using the wrong one.  when I set up a connector using the correct mail server, mail goes out from my system to their system and they were able to trace that it left their server ok.  I probably won't find out until tomorrow if it got to the destination so I'll wait 'till then to close this question out, but it looks like it's solved.

Regarding the telnet questions, i was using port 25.  It didn't always work - about 2 out of 3 tries failed.  And it doesn't seem to matter which port is used.  Could this possibly indicate some kind of sporadic problem at the other end?  For instance, this morning about 11 AM i was able to telnet connect several times, but now (6PM) i cannot, although I can telnet connect to others including microsoft as you suggested.

Assuming the connector works, what exactly does this mean?  is the recipient blocking messages from my server but not the ISP's server?  If that's the case, is there something that should be reconfigured at my end?  Could this be related to another Exchange problem I have noticed, which is that there are some addresses that take a long time to send to.  the mail sits in the queue sometimes for a day or so before getting to the other end.  Right now, there is one message in a remote delivery SMTP queue that's been there for 70 minutes.  I have tried forcing the connection several times, but it just sits there.  I suppose I should submit this as a separate question.
LVL 104

Expert Comment

ID: 17106370
If you can telnet to the remote server sometimes, then it would appear to be a problem at their end.

If the emails go through your ISPs server and not direct, then that means the remote site is not accepting email from your location.
You really need to ask them why.
They could be using a blacklist, or making some other kind of checks.

The only thing you can do on your side is ensure that the SMTP banner is correct and that your ISP has set the reverse DNS correctly.


Author Comment

ID: 17108971
I think the problem tracks back to a firewall change recently made and forgotten: setting the firewall to 'auto block sites with unhandled packets.'

apparently part of the handshaking from this site includes some packets sent on port 0, which is a blocked port in my firewall.  turning auto block on caused the firewall to block all new traffic from that site, resulting the mail servers failing to communicate.  it's not clear to me why this became a problem only for that one site; there may have been other problem sites that haven't been reported to me.

in any event, setting up the connector in Exchange worked just fine!  Thanks for all your help.

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question