• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 38223
  • Last Modified:

Exchange server smtp error 500 5.3.3 Unrecognized command

Hi,

I have a problem with commonication between two Exchange servers 2003.

exAsrv-FWsiteA----VPN------FWsiteB----exBsrv

Where:
exAsrv - Exchange 2003
exBsrv - Exchange 2003
FWsiteA - Cisco ASA5505 ver 7.2(2)
FWsiteB - Cisco ASA5505 ver 7.2(2)

Problem is when I try to comunicate with both servers on port 25.

1.
a)From exAsrv.mydomain.local I can telnet to port 25 to exBsrv.mydomain.local, but I see:
220 ****************************************************************************
*****************************************
helo
500 5.3.3 Unrecognized command

b)From exBsrv.mydomain.local I can telnet to port 25 to exAsrv.mydomain.local, but I see:
220 ****************************************************************************
*****************************************
helo
500 5.3.3 Unrecognized command

From RFC I have only information which I don't understand, why command line to long???
      4.2.1.  REPLY CODES BY FUNCTION GROUPS

         500 Syntax error, command unrecognized
            [This may include errors such as command line too long]

2. Another test. I enabled possibilyty on both exchange servers to comunicate on port 252:
a) From exAsrv I can telnet to port 252 to exBsrv, but I see:
220 exBsrv.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at  Fri, 8 Feb 2008 14:43:58 +0100
helo
250 exBsrv.mydomain.local Hello [192.168.1.200]

b)From exBsrv I can telnet to port 252 to exAsrv, but I see:
220 exAsrv.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830
ready at  Fri, 8 Feb 2008 14:45:07 +0100
helo
250 exAsrv.mydomain.local Hello [192.168.0.17]

On the site B exchange server is available from outside as a main server, however I want to
set up replication of both server. But now it is not a problem.

I checked configuration on both cisco routers:
1. NAT rules are setup correctly.
2. I disabled ESMTP inspecion on both sides.

Trraffic seems like is going correctly.

3.
a) Test telnet from host1B.mydomain.local(winXP) to exAsrv.mydomain.local to port 25.
220 ****************************************************************************
*****************************************
helo
250 exAsrv.mydomain.local Hello [192.168.0.23]

b) Test telnet from host2B.mydomain.local(GNU/Linux) to exAsrv.mydomain.local to port 25.

Connected to 192.168.1.200 (192.168.1.200).
Escape character is '^]'.
220 *********************************************************************************************************************
helo
250 exAsrv.mydomain.local Hello [192.168.0.5]

c) Test telnet from host2B.mydomain.local(GNU/Linux) to exAsrv.mydomain.local to port 252

Connected to 192.168.1.200 (192.168.1.200).
Escape character is '^]'.
220 exAsrv.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Fri, 8 Feb 2008 15:17:04 +0100
helo
250 exAsrv.mydomain.local Hello [192.168.0.5]

d) Test telnet from host3B.mydomain.local(WinXP x64) to exAsrv.mydomain.local to port 25.
220 ****************************************************************************
*****************************************
helo
500 5.3.3 Unrecognized command
e) Test telnet from host3B.mydomain.local(WinXP x64) to exAsrv.mydomain.local to port 252.
220 exAsrv.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830
ready at  Fri, 8 Feb 2008 14:45:07 +0100
helo
250 exAsrv.mydomain.local Hello [192.168.0.32]


Does one of you see any regularity as I don't.

Where can be a problem?

I think that somwhere in Windows, but don't see any regularity.
Please note I tested it when software FW are disabled on both sites.

Thank's for any suggestion.


0
d3m00n
Asked:
d3m00n
  • 11
  • 6
2 Solutions
 
FC01Commented:
have you tried opening a command prompt on each of the servers and entering

telnet localhost 25

what reply do you get?

0
 
d3m00nAuthor Commented:
When I telnet on both servers like follow:

exAsrv
telnet 127.0.0.1 25
telnet 127.0.0.1 252

exBsrv
telnet 127.0.0.1 25
telnet 127.0.0.1 252


I see only black window with cursor on the top on the left hand side.

0
 
d3m00nAuthor Commented:
I've just check on onother my mail (Postfix) server:
telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail3.externaldomain.com ESMTP ready
helo
501 Syntax: HELO hostname
helo domain.com
250 mail3.externaldomain.com

And I got reply with code 250 - so it is great, but I don't know where can be a problem on Excahnge servers.

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
FC01Commented:
Can you confirm that the SMTP service is running on each of the servers
0
 
d3m00nAuthor Commented:
Yep. On both servers SMTP services are running.
0
 
d3m00nAuthor Commented:
Sorry for mutliple posts but I want to add as much as possible information.
According to:
telnet localhost 25
telnet localhost 252

on both servers I can telnet but I don't see any information only black window with cursor on the top on the left hand side.

When I type Enter I am goingback to command line.
0
 
FC01Commented:
OK

when in the blank telnet screen, what happens if you type quit and press return.
0
 
d3m00nAuthor Commented:
On both servers when I:
telnet localhost 25

I am "logged" in and whatever character I type I am goint back to command line like:

C:\Documents and Settings\Administrator>



0
 
FC01Commented:
strange

Do you have any firewall software installed on the servers? What version of windows are you running?
0
 
d3m00nAuthor Commented:
I think that we are on good way.

I checked on another Exchange server:
telnet localhost 25

and:

220 domain3.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Fr
i, 8 Feb 2008 16:17:44 +0100
helo
250 domain3.com Hello [127.0.0.1]
quit
221 2.0.0 domain3.com Service closing transmission channel
Connection to host lost.
C:\Documents and Settings\Administrator>


0
 
d3m00nAuthor Commented:
I don't use any software FW. This one which is built in Windows is disabled.

exAsrv- Symantec Mail Security for Microsoft Exchange
exBsrv - F-Secure for Windows Servers.


I've just checked with both disabled and the same problem.

But on the exchange domain3.com I have also F-Secure for Windows Servers and with this enabled I am able to letnet to localhost. So probably there is something with windows settings wrong....hmmm...

0
 
d3m00nAuthor Commented:
On server exAsrv
telnet localhost 21
220 Microsoft FTP Service
quit
221

Connection to host lost.
C:\Documents and Settings\Administrator>

On the other I've not set up any other services yet, but for me it seems like something is wrong with Exchange, isn't it?

0
 
FC01Commented:
Is there anything in the event log relating to exchange or SMTP errors?
0
 
d3m00nAuthor Commented:
FC01 the problem with telnet to localhost is solved.

telnet localhost  25.

220 exBsrv.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at  Fri, 8 Feb 2008 17:41:27 +0100
quit
221 2.0.0 exBsrv.mydomain.local Service closing transmission channel

220 exBsrv.mydomain.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at  Fri, 8 Feb 2008 17:58:07 +0100
helo
250 exBsrv.mydomain.local Hello [127.0.0.1]
quit
221 2.0.0 exBsrv.mydomain.local Service closing transmission channel


Connection to host lost.

C:\Documents and Settings\Administrator>

Connection to host lost.

C:\Documents and Settings\Administrator>

I changed in the Servers->Protocols->SMTP->Default Virtual SMTP Server
in Properties

a) TAB: General
IP adress: from 192.168.x.x to All Unsigned
b) Button Advanced
Filter Enabled:
-Apply Sender Filter
-Apply Recipient Filter
-Apply Connection Filter
-Apply Inteligent Message Filter


And is OK now but still when talnet remotely I have an error 500 as above - but only for port 25

It doesn't make sense for me, do it?


0
 
FC01Commented:
OK
Can you telnet from a machine other than the server itself on the same subnet as as the server?  If you can but still cannot  from the remote site then it has to be the firewall.  
0
 
d3m00nAuthor Commented:
Nope. In the evet viewer I have no errors.

0
 
d3m00nAuthor Commented:
FC01,

You were right.

The problem was with inspection feature in ASA on both sides.

I fixed by disabling it:

no fixup protocol smtp 25

I believe that it must be something wrong with this mail guard.
I will try with the latest firmware version.

I really appreciate your help & patient.

Thanks a lot!
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 11
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now