Solved

Exchange 2000 SP3 on W2K SP4 550 5.7.1 Requested action not taken, Message refused

Posted on 2007-03-22
6
324 Views
Last Modified: 2010-03-17
I've been working on a box that has W2K server SP4 and Exchange 2K SP3 on it.  people who send e-mail to us randomly get NDRs that say 550 5.7.1 Requested action not taken, Message refused.  The same  person could e-mail again 4 senconds later and it would work fine... it's too intermitent to test... and most of what I have read keeps pointing toward the antivirus scanning the mail or the M: drive.  well... until I was messing with it, nothing had been changed with the antivirus in a long time.  so it doesn't really make sense that it would suddenly start doing this.  any other idea that might shed some light on this?
0
Comment
Question by:cymrich
  • 3
  • 3
6 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
Comment Utility
>>well... until I was messing with it, nothing had been changed with the antivirus in a long time.  so it doesn't really make sense that it would suddenly start doing this.

That doesn't matter, anti-virus will occasionally just start doing stupid things.

I have a site here where the AV scanner went nuts and started holding onto random items in the queue - after working fine for years.

Can you check the logs of the AV system or exchange (message tracking) and see if you have any records of these touching your server?

I this one person having an issue sending to you, or is it more widespread?
0
 

Author Comment

by:cymrich
Comment Utility
I can check tomorrow.  It's much more widespread... but totally random... the only people that it happens to more than once are the people that e-mail addresses on the server frequesntly (so far).  I didnt think to look at AV logs, but I did search through event logs and checked the AV settings to ensure it was what it was supposed to be.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
The randomness makes it difficult to work with, and difficult to test - as well as squarely point the finger at the AV scanner.  If it is weird, chances are it is the AV system - increases in weirdness increase that probability.

If you have good desktop protection, you could uninstall the AV scanner (disabling it is not enough) - alternatively, get a demo of GFI scanning software, install it on a gateway device and then take AV off the server itself.

It all depends on your user count, and their viral intelligence
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:cymrich
Comment Utility
Before I posted this I had already tried re-installing the AV.  that does seem to have fixed the issue, it was so intermitent though that I really wasnt conviced it was going to fix it.
0
 

Author Comment

by:cymrich
Comment Utility
I got interupted while typing the post above and must have hit submit by accident.  In any case... they have not had the issue since I reinstalled the AV.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Another reason why I dislike anti-virus programs, they are like airbags that randomly punch you in the face - sure it is additional security, but taking your chances and avoiding the punches certainly looks appealing sometimes...
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now