[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I get rid of error message "This is an SMTP protocol log for virtual server ID 1, connection #67" from MSExchangeTransport?

Posted on 2008-11-19
24
Medium Priority
?
662 Views
Last Modified: 2012-06-21
The server irunning SBS 2003 R2.
Echange is 2004.
Everyday on my Server Performance Report, section Critical Errors in Application Log I get the same entry/error message.
The error message i get is:
Source                              Event ID              Last Occurrence         Total Occurrences
 MSExchangeTransport         7010        11/18/2008 7:29 AM               1
This is an SMTP protocol log for virtual server ID 1, connection #67. The client at "118.168.136.253" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for poi@mail2000.com.tw ". The full command sent was "rcpt TO: <poi@mail2000.com.tw>". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp.  
 
Everyday the IPaddress listed there is different as well as the email address listed.
How can I correct this so I would not get the entry in my report?
I would like to resolve this and move unto other projects.
0
Comment
Question by:j_rameses
  • 15
  • 9
24 Comments
 
LVL 22

Expert Comment

by:65td
ID: 23000244
Is there antivirus software running on the server?
Sounds like malware.
0
 
LVL 22

Expert Comment

by:65td
ID: 23000286
0
 

Author Comment

by:j_rameses
ID: 23004786
yes, I am running antivirus software by McAfee.
Admin passwords are not at default.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:j_rameses
ID: 23016229
65td,

I do not have an open relay.
How do I check for if I have a valid reverse DNS for my mail server.
Please provide details on how to resolve my error message/question above.
0
 
LVL 22

Expert Comment

by:65td
ID: 23016566
From Administrative tools -> open the DNS manager add a DNS if not listed expand the server and it should list Cached Lookups, Forward and reverse lookups.
Review entries and delete as necessary.

0
 

Author Comment

by:j_rameses
ID: 23016664
65td,

I opened up DNS Manager.
I expanded the server.
Three folders are listed:
1) Event Viewer
2) Forward Lookup Zones
3) Reverse Lookup Zones

What am I suppose to be looking for in Forward and reverse lookup zones?
0
 
LVL 22

Expert Comment

by:65td
ID: 23017183
Start by looking for: mail2000.com.tw
0
 

Author Comment

by:j_rameses
ID: 23028185
you mentioned "From Administrative tools -> open the DNS manager add a DNS if not listed expand the server and it should list Cached Lookups, Forward and reverse lookups."
I do not have a lsiting for 'Cached Lookups'.
How do I get that enabled? or to show up in DNS Manager?
0
 

Author Comment

by:j_rameses
ID: 23028196
i do not find a mail2000.com.tw in forward and reverse lookups.
0
 
LVL 22

Expert Comment

by:65td
ID: 23034751
Do you have a client at "118.168.136.253"?
0
 

Author Comment

by:j_rameses
ID: 23038279
I do not know that IP address.
It is not ours.
0
 

Author Comment

by:j_rameses
ID: 23069405
65td, you still there?
I can provide you with snapshots of the pages in the server and attach them to a word document for easy viewing.
0
 

Author Comment

by:j_rameses
ID: 23096954
65td,
Are you still there?
0
 
LVL 22

Expert Comment

by:65td
ID: 23097063
The issue still occurring?

Are other unknown addresses such as  203.69.82.30?

Today's ping of mail2000.com.tw
0
 

Author Comment

by:j_rameses
ID: 23097159
yes, it still is happening.
i get similar ones everyday.
I got 14 hits of this one this morning:
This is an SMTP protocol log for virtual server ID 1, connection #2. The client at "124.11.192.109" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for sseenndd1201@yahoo.com.hk ". The full command sent was "rcpt TO:<sseenndd1201@yahoo.com.hk>". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp.

What can be done to prevent this?
0
 
LVL 22

Expert Comment

by:65td
ID: 23097194
0
 

Author Comment

by:j_rameses
ID: 23097528
according to the link, it is spam trying to get relayed to my server and it is being blocked.
is that the same thing you understood from it?
0
 

Author Comment

by:j_rameses
ID: 23097537
i am not going to try any of the suggestions since it is nothing to worry abou.
I get nervous when I have to make changes to the server.
Do not know for sure if I should or ignore it.
0
 
LVL 22

Expert Comment

by:65td
ID: 23097571
One could monitor the traffic and maybe get a better idea of what's going on.
MS's network monitor 3.2 is pretty good.

http://www.microsoft.com/DownLoads/details.aspx?FamilyID=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&displaylang=en
0
 

Author Comment

by:j_rameses
ID: 23098101
how do u use it
0
 
LVL 22

Expert Comment

by:65td
ID: 23098563
It's nice to use.
Download and install.
See (previous version):
http://support.microsoft.com/kb/812953

and  for version 3.2:
http://support.microsoft.com/kb/955998
0
 

Author Comment

by:j_rameses
ID: 23098757
got to go.
tomorrow can we run an example on how to use it.
i am new to this.
0
 

Author Comment

by:j_rameses
ID: 23105133
65td,
I am here.
Are you there?
So the tutorial can begin?
0
 

Accepted Solution

by:
j_rameses earned 0 total points
ID: 23749247
65td,

I automatically stopped receiving them after I had Microsoft was fixing a different problem with Exchange.
Therefore I am closiing this communiction.
Thank you  for your help, unfortunately I cannot award wany points.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question