• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1093
  • Last Modified:

A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients.

Hey guys,

I need some help with this, cause I've been trawling everything from end to end, and I just ... don't ... get it !

A short summary of our environment:

We have an internal Exchange server, which is Exchange 2003. That has an SMTP connector to our Exchange server on the DMZ, which in turn sends mail to the internet. The one on the DMZ I'm told is an Exchange 2000, and it might have been upgraded from version 5.5.

What happens is basically that I receive an NDR containing this:
----------------------------------------------------------------------------------------------------
Your message did not reach some or all of the intended recipients.

      Subject:      Subject
      Sent:      10-10-2007 07:49

The following recipient(s) could not be reached:

      Username on 10-10-2007 17:02
            A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients.  Contact your administrator.
            <fqdn of dmz exchange server #4.4.6>

----------------------------------------------------------------------------------------------------

The following eventlog shows up in the Application eventlog on the internal server

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      SMTP Protocol
Event ID:      7010
Date:            10-10-2007
Time:            16:54:41
User:            N/A
Computer:      InternalExchServer
Description:
This is an SMTP protocol log for virtual server ID 1, connection #70. The client at "192.168.100.10" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first  ". The full command sent was "xexch50 984 2".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

192.168.100.10 is the server in the DMZ.

----------------------------------------------------------------------------------------------------

What I've seen in the SMTP log file

10-10-2007 10:19:25 195.242.120.221 192.168.100.10 EHLO #NAME? 250  
10-10-2007 10:19:25 195.242.120.221 192.168.100.10 MAIL +FROM:<zsh-users-return-11978-bbh=ADDRESS-REMOVED> 250  
10-10-2007 10:19:25 195.242.120.221 192.168.100.10 RCPT +TO:<VALID USER @ OUR DOMAIN> 250  
10-10-2007 10:19:25 195.242.120.221 192.168.100.10 DATA +<tkrat.a5fb7653e65efa90@EXTERNAL DOMAIN 1> 250  
10-10-2007 10:19:25 195.242.120.221 192.168.100.10 QUIT FQDN.EXTERNAL.MAILSCANNER 240  
10-10-2007 10:19:25 192.168.100.29 - - 220+INTERNAL.FQDN.INTERNAL.EXCHANGE.SERVER+Microsoft+ESMTP+MAIL+Service,+Version:+6.0.3790.1830+ready+at++Wed,+10+Oct+2007+12:19:25++0200+ 0  
10-10-2007 10:19:25 192.168.100.29 - EHLO FQDN.DMZ.EXCHANGE.SERVER 0  
10-10-2007 10:19:25 192.168.100.29 - - 250-INTERNAL.FQDN.INTERNAL.EXCHANGE.SERVER+Hello+[192.168.100.10] 0  
10-10-2007 10:19:25 192.168.100.29 - MAIL FROM:<>+SIZE=5593 0  
10-10-2007 10:19:25 192.168.100.29 - - 250+2.1.0+<>....Sender+OK 0  
10-10-2007 10:19:25 192.168.100.29 - RCPT TO:<MY E-MAIL ADDRESS> 0  
10-10-2007 10:19:25 192.168.100.29 - - 250+2.1.5+MY E-MAIL ADDRESS+ 0  
10-10-2007 10:19:25 192.168.100.29 - XEXCH50 1008+2 0  
10-10-2007 10:19:25 192.168.100.29 - - 504+Need+to+authenticate+first 0  
10-10-2007 10:19:25 192.168.100.29 - BDAT 5593+LAST 0  
10-10-2007 10:19:25 192.168.100.29 - - 250+2.6.0++<fTvOSQeSO000004c4@FQDN.DMZ.EXCHANGE.SERVER>+Queued+mail+for+delivery 0  
10-10-2007 10:19:25 192.168.100.29 - QUIT - 0  
10-10-2007 10:19:25 192.168.100.29 - - 221+2.0.0+INTERNAL.FQDN.INTERNAL.EXCHANGE.SERVER+Service+closing+transmission+channel 0  
10-10-2007 10:19:25 130.225.247.86 - - 220+a.mx.EXTERNAL.DOMAIN.2+ESMTP 0  
10-10-2007 10:19:25 130.225.247.86 - EHLO FQDN.DMZ.EXCHANGE.SERVER 0  
10-10-2007 10:19:25 130.225.247.86 - - 250-a.mx.EXTERNAL.DOMAIN.2 0  
10-10-2007 10:19:25 130.225.247.86 - MAIL FROM:<> 0  
10-10-2007 10:19:25 130.225.247.86 - - 250+ok 0  
10-10-2007 10:19:25 130.225.247.86 - RCPT TO:<zsh-users-return-11978-bbh=ADDRESS-REMOVED@EXTERNAL.DOMAIN.2> 0  
10-10-2007 10:19:25 130.225.247.86 - - 250+ok 0  
10-10-2007 10:19:25 130.225.247.86 - DATA - 0  
10-10-2007 10:19:25 130.225.247.86 - - 354+go+ahead 0  
10-10-2007 10:19:30 130.225.247.86 - - 250+ok+1192011672+qp+63457 0  
10-10-2007 10:19:30 130.225.247.86 - QUIT - 0  
10-10-2007 10:19:30 130.225.247.86 - - 221+a.mx.EXTERNAL.DOMAIN.2

I of course anonymized the log entries.

Now, as far as I know, my users don't receive the mails that generate this NDR.

It doesn't happen to all. But it happens to some.

I found out that the smtp virtual server had a non-existing hostname for sending mails to, when it had unresolved recipients. Removed that, tried resending the mail from the gateway of our external spamcompany. Didn't make a difference. Still received the NDR.

The FQDN of our dmz exchange/smtp server was also wrong I found out. I changed that to a valid one. Didn't make a difference.

Other than that, I can't find anything wrong. I read that the XEXCH50 error was completely normal. So that should be good. And I could live with that, if our users received the mails that generate the NDR's ;)

Please, do anyone have any input at all on this subject ? I'm on my knees here ;o)
0
JacobSaaby
Asked:
JacobSaaby
  • 4
1 Solution
 
JacobSaabyAuthor Commented:
Oh, and by the way... When I run WinRoute on the Exchange Server, it reports something weird... It reports the DMZ Exchange server's FQDN as being:

servername.domain.tld

While in fact that is invalid (I changed it, but it didn't make a difference regarding the problem), and should be:

servername.dmz1.domain.tld

Which the Exchange server recognizes as a valid FQDN.

Why WinRoute reports that FQDN, rather than the one I changed it to, I don't know.

But perhaps it's a clue ?
0
 
JacobSaabyAuthor Commented:
And by the way, checked forwarders on the users - it doesn't seem as though any of them have any active forwarding.
0
 
JacobSaabyAuthor Commented:
It seems that we solved it ourselves.

Max hop count on Exchange 2000 seems to be 15. While on 2003 it's been increased to 30. With various mailscanners etc., some exceeded the 15 hops. We increased the 15 to 30, and since yesterday afternoon haven't seen a single one of those NDR's.
0
 
JacobSaabyAuthor Commented:
Sorry, should've been "the default max hop count".
0
 
EE_AutoDeleterCommented:
JacobSaaby,
Because you have presented a solution to your own problem which may be helpful to future searches, this question is now PAQed and your points have been refunded.

EE_AutoDeleter
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now