Restricted SMTP Service

Posted on 2006-07-13
Medium Priority
Last Modified: 2012-06-27
Cannot send email to one particular address.  When trying to telnet get this response to MAIL FROM command: 550 5.7.1 Restricted SMTP service.

Using Exchange 2000 running under Windows 2000 server.   Exchange System Manager tracker reports these message at "SMTP: Started Outbound Transfer of Message" for a long time, then eventually we'll get an NDR.  the receiving mail server reports "timeout wait for input" from my server and my server "did not issue MAIL/EXPN/VRFY/ETRN during connection to MT4"

Question by:RBECKMN
  • 4
  • 4
LVL 104

Expert Comment

ID: 17102449
Put the domain that you are trying to send to in to dnsreport.com - see if it is just you getting the error or it is everyone.


Author Comment

ID: 17102625
I already did that and also checked it out DNSSTUFF.COM.  It checks out okay.  I can send from other email servers.  

They can send to me, but I can't send to them.
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 17103273
If it checks out with dnsstuff.com (which is the same service as dnsreport.com) then they are blocking you for some reason.

Ask them why.

In the short term, try sending email for that domain via your ISPs SMTP server using an SMTP Connector.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.


Author Comment

ID: 17104171
they claim the problem is entirely at my end.

I tried the suggestion from the AMSET info page.  here are the results for various SMTP Connector settings:

(email addresses that I can't get to are like this: john.jones@abc.def.edu.
 the recipient mail server is smtp-mx.abc.def.edu and the recipient domain is abc.def.edu)

Smart Host               Address Space Domain             Result
------------                ---------------------------             --------
ISP Mail server          recipient                                  554 relay access denied

recipient mail server  recipient                                  message tracking: stops
                                                                              at "Submitted to categorizer"
                                                                              message ends up queue labelled:
                                                                              "messages with an unreachable destination"

ISP Mail server          *                                            554 relay access denied

recipient mail server  *                                            554 relay access denied
I also tried checking the "allow messages to be relayed to these domains" to no effect.

On another note:

I had been trying to telnet to mail.abc.def.edu.  
Then I tried telnetting to smtp-mx.abc.def.edu; instead of getting a response I just get a promptless, blank screen that does not acknowledge any SMTP commands.  I have to close the command window to get out of telnet.

My ISP has advised me to reset the firewall to send all outbound SMTP packets to their mail server, but the ISP is a unix shop, they don't know anything about MS Exchange.
LVL 104

Expert Comment

ID: 17104260
Does the ISP require authentication to relay through their server? Some do, some don't. They may also want to know what domain you want to send through their server. It depends how their system is setup.

Relay access denied basically means what it says - the server doesn't know that it can relay for that domain.
Make sure that you are using their client facing SMTP server - often what they put in any instructions for Outlook Express. This will probably be a different server to the one that is in their MX records.

When you telnet to the offending site, you did attempt to connect to port 25?

telnet mail.domain.com 25

What happens if you telnet to something else - such as microsoft.com:

telnet maila.microsoft.com 25


Author Comment

ID: 17104602
Thanks for asking about whether the ISP requires authentication.  I had assumed they didn't and that was correct.  but I called them and it turns out they have two mail servers with almost identical names and I was using the wrong one.  when I set up a connector using the correct mail server, mail goes out from my system to their system and they were able to trace that it left their server ok.  I probably won't find out until tomorrow if it got to the destination so I'll wait 'till then to close this question out, but it looks like it's solved.

Regarding the telnet questions, i was using port 25.  It didn't always work - about 2 out of 3 tries failed.  And it doesn't seem to matter which port is used.  Could this possibly indicate some kind of sporadic problem at the other end?  For instance, this morning about 11 AM i was able to telnet connect several times, but now (6PM) i cannot, although I can telnet connect to others including microsoft as you suggested.

Assuming the connector works, what exactly does this mean?  is the recipient blocking messages from my server but not the ISP's server?  If that's the case, is there something that should be reconfigured at my end?  Could this be related to another Exchange problem I have noticed, which is that there are some addresses that take a long time to send to.  the mail sits in the queue sometimes for a day or so before getting to the other end.  Right now, there is one message in a remote delivery SMTP queue that's been there for 70 minutes.  I have tried forcing the connection several times, but it just sits there.  I suppose I should submit this as a separate question.
LVL 104

Expert Comment

ID: 17106370
If you can telnet to the remote server sometimes, then it would appear to be a problem at their end.

If the emails go through your ISPs server and not direct, then that means the remote site is not accepting email from your location.
You really need to ask them why.
They could be using a blacklist, or making some other kind of checks.

The only thing you can do on your side is ensure that the SMTP banner is correct and that your ISP has set the reverse DNS correctly.


Author Comment

ID: 17108971
I think the problem tracks back to a firewall change recently made and forgotten: setting the firewall to 'auto block sites with unhandled packets.'

apparently part of the handshaking from this site includes some packets sent on port 0, which is a blocked port in my firewall.  turning auto block on caused the firewall to block all new traffic from that site, resulting the mail servers failing to communicate.  it's not clear to me why this became a problem only for that one site; there may have been other problem sites that haven't been reported to me.

in any event, setting up the connector in Exchange worked just fine!  Thanks for all your help.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is a very interesting topic. Ransomware has been around for a while but has increased drastically over the last year or so.
The most emerging queries of the user is to upload Outlook OST mailboxes to Office 365 account. So, here we will provide the manual as well as an automated solution for to transfer OST file to MS Office 365 in an absolute manner.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question