Exchange 2000 SP3 on W2K SP4 550 5.7.1 Requested action not taken, Message refused

Posted on 2007-03-22
Last Modified: 2010-03-17
I've been working on a box that has W2K server SP4 and Exchange 2K SP3 on it.  people who send e-mail to us randomly get NDRs that say 550 5.7.1 Requested action not taken, Message refused.  The same  person could e-mail again 4 senconds later and it would work fine... it's too intermitent to test... and most of what I have read keeps pointing toward the antivirus scanning the mail or the M: drive.  well... until I was messing with it, nothing had been changed with the antivirus in a long time.  so it doesn't really make sense that it would suddenly start doing this.  any other idea that might shed some light on this?
Question by:cymrich
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 39

Accepted Solution

redseatechnologies earned 500 total points
ID: 18777312
>>well... until I was messing with it, nothing had been changed with the antivirus in a long time.  so it doesn't really make sense that it would suddenly start doing this.

That doesn't matter, anti-virus will occasionally just start doing stupid things.

I have a site here where the AV scanner went nuts and started holding onto random items in the queue - after working fine for years.

Can you check the logs of the AV system or exchange (message tracking) and see if you have any records of these touching your server?

I this one person having an issue sending to you, or is it more widespread?

Author Comment

ID: 18777322
I can check tomorrow.  It's much more widespread... but totally random... the only people that it happens to more than once are the people that e-mail addresses on the server frequesntly (so far).  I didnt think to look at AV logs, but I did search through event logs and checked the AV settings to ensure it was what it was supposed to be.
LVL 39

Expert Comment

ID: 18777337
The randomness makes it difficult to work with, and difficult to test - as well as squarely point the finger at the AV scanner.  If it is weird, chances are it is the AV system - increases in weirdness increase that probability.

If you have good desktop protection, you could uninstall the AV scanner (disabling it is not enough) - alternatively, get a demo of GFI scanning software, install it on a gateway device and then take AV off the server itself.

It all depends on your user count, and their viral intelligence
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users


Author Comment

ID: 18859343
Before I posted this I had already tried re-installing the AV.  that does seem to have fixed the issue, it was so intermitent though that I really wasnt conviced it was going to fix it.

Author Comment

ID: 18859654
I got interupted while typing the post above and must have hit submit by accident.  In any case... they have not had the issue since I reinstalled the AV.
LVL 39

Expert Comment

ID: 18881174
Another reason why I dislike anti-virus programs, they are like airbags that randomly punch you in the face - sure it is additional security, but taking your chances and avoiding the punches certainly looks appealing sometimes...

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question