Solved

Restricted SMTP Service

Posted on 2006-07-13
9
350 Views
Last Modified: 2012-06-27
Cannot send email to one particular address.  When trying to telnet get this response to MAIL FROM command: 550 5.7.1 Restricted SMTP service.

Using Exchange 2000 running under Windows 2000 server.   Exchange System Manager tracker reports these message at "SMTP: Started Outbound Transfer of Message" for a long time, then eventually we'll get an NDR.  the receiving mail server reports "timeout wait for input" from my server and my server "did not issue MAIL/EXPN/VRFY/ETRN during connection to MT4"


0
Comment
Question by:RBECKMN
  • 4
  • 4
9 Comments
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Put the domain that you are trying to send to in to dnsreport.com - see if it is just you getting the error or it is everyone.

Simon.
0
 

Author Comment

by:RBECKMN
Comment Utility
I already did that and also checked it out DNSSTUFF.COM.  It checks out okay.  I can send from other email servers.  

They can send to me, but I can't send to them.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
If it checks out with dnsstuff.com (which is the same service as dnsreport.com) then they are blocking you for some reason.

Ask them why.

In the short term, try sending email for that domain via your ISPs SMTP server using an SMTP Connector.
http://www.amset.info/exchange/smtp-connector.asp

Simon.
0
 

Author Comment

by:RBECKMN
Comment Utility
they claim the problem is entirely at my end.

I tried the suggestion from the AMSET info page.  here are the results for various SMTP Connector settings:

(email addresses that I can't get to are like this: john.jones@abc.def.edu.
 the recipient mail server is smtp-mx.abc.def.edu and the recipient domain is abc.def.edu)

Smart Host               Address Space Domain             Result
------------                ---------------------------             --------
ISP Mail server          recipient                                  554 relay access denied

recipient mail server  recipient                                  message tracking: stops
                                                                              at "Submitted to categorizer"
                                                                              message ends up queue labelled:
                                                                              "messages with an unreachable destination"

ISP Mail server          *                                            554 relay access denied

recipient mail server  *                                            554 relay access denied
I also tried checking the "allow messages to be relayed to these domains" to no effect.


On another note:

I had been trying to telnet to mail.abc.def.edu.  
Then I tried telnetting to smtp-mx.abc.def.edu; instead of getting a response I just get a promptless, blank screen that does not acknowledge any SMTP commands.  I have to close the command window to get out of telnet.

My ISP has advised me to reset the firewall to send all outbound SMTP packets to their mail server, but the ISP is a unix shop, they don't know anything about MS Exchange.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Does the ISP require authentication to relay through their server? Some do, some don't. They may also want to know what domain you want to send through their server. It depends how their system is setup.

Relay access denied basically means what it says - the server doesn't know that it can relay for that domain.
Make sure that you are using their client facing SMTP server - often what they put in any instructions for Outlook Express. This will probably be a different server to the one that is in their MX records.

When you telnet to the offending site, you did attempt to connect to port 25?

telnet mail.domain.com 25

What happens if you telnet to something else - such as microsoft.com:

telnet maila.microsoft.com 25

Simon.
0
 

Author Comment

by:RBECKMN
Comment Utility
Thanks for asking about whether the ISP requires authentication.  I had assumed they didn't and that was correct.  but I called them and it turns out they have two mail servers with almost identical names and I was using the wrong one.  when I set up a connector using the correct mail server, mail goes out from my system to their system and they were able to trace that it left their server ok.  I probably won't find out until tomorrow if it got to the destination so I'll wait 'till then to close this question out, but it looks like it's solved.

Regarding the telnet questions, i was using port 25.  It didn't always work - about 2 out of 3 tries failed.  And it doesn't seem to matter which port is used.  Could this possibly indicate some kind of sporadic problem at the other end?  For instance, this morning about 11 AM i was able to telnet connect several times, but now (6PM) i cannot, although I can telnet connect to others including microsoft as you suggested.

Assuming the connector works, what exactly does this mean?  is the recipient blocking messages from my server but not the ISP's server?  If that's the case, is there something that should be reconfigured at my end?  Could this be related to another Exchange problem I have noticed, which is that there are some addresses that take a long time to send to.  the mail sits in the queue sometimes for a day or so before getting to the other end.  Right now, there is one message in a remote delivery SMTP queue that's been there for 70 minutes.  I have tried forcing the connection several times, but it just sits there.  I suppose I should submit this as a separate question.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If you can telnet to the remote server sometimes, then it would appear to be a problem at their end.

If the emails go through your ISPs server and not direct, then that means the remote site is not accepting email from your location.
You really need to ask them why.
They could be using a blacklist, or making some other kind of checks.

The only thing you can do on your side is ensure that the SMTP banner is correct and that your ISP has set the reverse DNS correctly.
http://www.amset.info/exchange/dnsconfig.asp

Simon.
0
 

Author Comment

by:RBECKMN
Comment Utility
I think the problem tracks back to a firewall change recently made and forgotten: setting the firewall to 'auto block sites with unhandled packets.'

apparently part of the handshaking from this site includes some packets sent on port 0, which is a blocked port in my firewall.  turning auto block on caused the firewall to block all new traffic from that site, resulting the mail servers failing to communicate.  it's not clear to me why this became a problem only for that one site; there may have been other problem sites that haven't been reported to me.

in any event, setting up the connector in Exchange worked just fine!  Thanks for all your help.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now