Go Premium for a chance to win a PS4. Enter to Win


Restricted SMTP Service

Posted on 2006-07-13
Medium Priority
Last Modified: 2012-06-27
Cannot send email to one particular address.  When trying to telnet get this response to MAIL FROM command: 550 5.7.1 Restricted SMTP service.

Using Exchange 2000 running under Windows 2000 server.   Exchange System Manager tracker reports these message at "SMTP: Started Outbound Transfer of Message" for a long time, then eventually we'll get an NDR.  the receiving mail server reports "timeout wait for input" from my server and my server "did not issue MAIL/EXPN/VRFY/ETRN during connection to MT4"

Question by:RBECKMN
  • 4
  • 4
LVL 104

Expert Comment

ID: 17102449
Put the domain that you are trying to send to in to dnsreport.com - see if it is just you getting the error or it is everyone.


Author Comment

ID: 17102625
I already did that and also checked it out DNSSTUFF.COM.  It checks out okay.  I can send from other email servers.  

They can send to me, but I can't send to them.
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 17103273
If it checks out with dnsstuff.com (which is the same service as dnsreport.com) then they are blocking you for some reason.

Ask them why.

In the short term, try sending email for that domain via your ISPs SMTP server using an SMTP Connector.

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 17104171
they claim the problem is entirely at my end.

I tried the suggestion from the AMSET info page.  here are the results for various SMTP Connector settings:

(email addresses that I can't get to are like this: john.jones@abc.def.edu.
 the recipient mail server is smtp-mx.abc.def.edu and the recipient domain is abc.def.edu)

Smart Host               Address Space Domain             Result
------------                ---------------------------             --------
ISP Mail server          recipient                                  554 relay access denied

recipient mail server  recipient                                  message tracking: stops
                                                                              at "Submitted to categorizer"
                                                                              message ends up queue labelled:
                                                                              "messages with an unreachable destination"

ISP Mail server          *                                            554 relay access denied

recipient mail server  *                                            554 relay access denied
I also tried checking the "allow messages to be relayed to these domains" to no effect.

On another note:

I had been trying to telnet to mail.abc.def.edu.  
Then I tried telnetting to smtp-mx.abc.def.edu; instead of getting a response I just get a promptless, blank screen that does not acknowledge any SMTP commands.  I have to close the command window to get out of telnet.

My ISP has advised me to reset the firewall to send all outbound SMTP packets to their mail server, but the ISP is a unix shop, they don't know anything about MS Exchange.
LVL 104

Expert Comment

ID: 17104260
Does the ISP require authentication to relay through their server? Some do, some don't. They may also want to know what domain you want to send through their server. It depends how their system is setup.

Relay access denied basically means what it says - the server doesn't know that it can relay for that domain.
Make sure that you are using their client facing SMTP server - often what they put in any instructions for Outlook Express. This will probably be a different server to the one that is in their MX records.

When you telnet to the offending site, you did attempt to connect to port 25?

telnet mail.domain.com 25

What happens if you telnet to something else - such as microsoft.com:

telnet maila.microsoft.com 25


Author Comment

ID: 17104602
Thanks for asking about whether the ISP requires authentication.  I had assumed they didn't and that was correct.  but I called them and it turns out they have two mail servers with almost identical names and I was using the wrong one.  when I set up a connector using the correct mail server, mail goes out from my system to their system and they were able to trace that it left their server ok.  I probably won't find out until tomorrow if it got to the destination so I'll wait 'till then to close this question out, but it looks like it's solved.

Regarding the telnet questions, i was using port 25.  It didn't always work - about 2 out of 3 tries failed.  And it doesn't seem to matter which port is used.  Could this possibly indicate some kind of sporadic problem at the other end?  For instance, this morning about 11 AM i was able to telnet connect several times, but now (6PM) i cannot, although I can telnet connect to others including microsoft as you suggested.

Assuming the connector works, what exactly does this mean?  is the recipient blocking messages from my server but not the ISP's server?  If that's the case, is there something that should be reconfigured at my end?  Could this be related to another Exchange problem I have noticed, which is that there are some addresses that take a long time to send to.  the mail sits in the queue sometimes for a day or so before getting to the other end.  Right now, there is one message in a remote delivery SMTP queue that's been there for 70 minutes.  I have tried forcing the connection several times, but it just sits there.  I suppose I should submit this as a separate question.
LVL 104

Expert Comment

ID: 17106370
If you can telnet to the remote server sometimes, then it would appear to be a problem at their end.

If the emails go through your ISPs server and not direct, then that means the remote site is not accepting email from your location.
You really need to ask them why.
They could be using a blacklist, or making some other kind of checks.

The only thing you can do on your side is ensure that the SMTP banner is correct and that your ISP has set the reverse DNS correctly.


Author Comment

ID: 17108971
I think the problem tracks back to a firewall change recently made and forgotten: setting the firewall to 'auto block sites with unhandled packets.'

apparently part of the handshaking from this site includes some packets sent on port 0, which is a blocked port in my firewall.  turning auto block on caused the firewall to block all new traffic from that site, resulting the mail servers failing to communicate.  it's not clear to me why this became a problem only for that one site; there may have been other problem sites that haven't been reported to me.

in any event, setting up the connector in Exchange worked just fine!  Thanks for all your help.

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question