We help IT Professionals succeed at work.

#5.7.0 smtp;530 5.7.0 Must issue a STARTTLS command first

anupam1983
anupam1983 asked
on
Medium Priority
2,860 Views
Last Modified: 2012-05-06
Hi Experts,

A user tries to send an email to user@amgen.com and receives an NDR. I sent a test mail using user's mailbox and the external user confirms that he received that email. I've checked at my server end and we are not using TLS settings.
Below is the NDR:

From: System Administrator
Sent: Monday, February 09, 2009 8:39 AM
To: dcharest@amgen.com
Subject: Undeliverable: heavy rain

Your message did not reach some or all of the intended recipients.

Subject:  heavy rain
Sent:     2/9/2009 8:39 AM
The following recipient(s) could not be reached:
    dcharest@amgen.com on 2/9/2009 8:39 AM
The recipient could not be processed because it would violate the security policy in force
<Mailbox_server_name.test.com> #5.7.0 smtp;530 5.7.0 Must issue a STARTTLS command first>

Environment: Exchange 2003+SP2.

Any help is highly appreciable.
Comment
Watch Question

could you review following articles & see if they apply you?

http://support.microsoft.com/default.aspx/kb/329061

Author

Commented:
Thanks Sandeep, I'll go thru it right now...
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
If I saw that error I would put the blame on the recipient's side.
Exchange 2003 doesn't do opportunist TLS, it is either on or off. As long as you don't have an SMTP connector for that domain that is using TLS, the remote server for some reason has tried to use TLS.

-M

Author

Commented:
Hi Guys,

We've a separate secured SMTP connector for that domain who is using TLS. I now understood that the problem is there at recipint's domain. But as this is an intermittent problem, so could you suggest me is it possible to trace their server configuration from our end? If I get the proof of the misconfiguration at recipient's domain, then it'll be easier for me to have a solid proof. OR what step do you suggest me to take after this?

Thank you so very much for your input.

Regards,
Anupam

collect a netmon when you face the problem. you will notice that the recieving server issues a StartTLS command.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
If you have a connector for that domain that wants to use TLS, then every server that receives email for that domain must support TLS. I would suspect that one of them does not. SMTP logs may show you which IP address the connection was made to, but that is about it.

-M

Author

Commented:
Hi Mestha,

"If you have a connector for that domain that wants to use TLS, then every server that receives email for that domain must support TLS."

I may sound STUPID, but stll dying to know How I can come to know that a particular Exchange server is supporting TLS?

Thanks,
Anupam
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
You mean for inbound email?
When the you telnet to port 25 and issue a ehlo, one of the commands returned in the list should be STARTTLS.

-M
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.