Solved

5.7.1 Unable to relay; Mailbox Unavailable; new domains; Exchange 2003

Posted on 2009-07-08
7
4,702 Views
Last Modified: 2013-11-30
Hello Experts!

I have two Exchange 2003 Servers hosting mailboxes for about 40 domains.  I recently tried to add another domain and began having delivery problems.  After much troubleshooting I stepped back and setup a TEST account and domain (a completely different domain from the one we started) and noticed that the issues continued.    I rather not bore you guys with details and jump right to my last step that had left me scratching my head:

- If I OPEN Relay on both exchange servers, all mail delivery for new domains is successful.  If I CLOSE Relays on both exchange servers (as we want and have had for the past 5 years) delivery to the NEW domains fails with the errors below.

- I used http://www.testexchangeconnectivity. com to generate the error in the Code Snippet. I also have my NDR below to show you the issue.

- The problem occurs when mail is sent from any server EXCEPT internal (internal mail flows through fine).  

- Recipient Policies (obviously I hope) have the new domains in them and the changes propagate out.

- The last time we added a domain was about 3 months ago, and had no issues.  


Delivery to the following recipient failed permanently:

    test@testing.chiozzalaw.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay for test@testing.chiozzalaw.com (state 14).
Server returned status code 550 - Mailbox unavailable. The server response was: 5.7.1 Unable to relay for test@testing.chiozzalaw.com

Exception Details:

Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay for test@testing.chiozzalaw.com

Type: System.Net.Mail.SmtpFailedRecipientException

Stack Trace:

at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)

at System.Net.Mail.SmtpClient.Send(MailMessage message)

at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()

Open in new window

0
Comment
Question by:TrialWorks
  • 5
  • 2
7 Comments
 
LVL 9

Expert Comment

by:dexIT
ID: 24804696
Has the server been patched recently?

Have you used the Best Practice Analyzer yet?
http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en
0
 
LVL 2

Author Comment

by:TrialWorks
ID: 24804804
Patches - yes, we do updates about 1ce per month. So that's something that has been on the back of my mind, but we're talking about 3 months worth of patches (or more) possibly.  So, feel l that's a gray area.

I have ran the BPA on these servers in the past few months before, but not for this issue. I'll run them right now and see what it turns out.    Here i thought I covered all the basics but that's one big one I missed.  I'll report back shortly.
0
 
LVL 2

Author Comment

by:TrialWorks
ID: 24804899
I am running the BPA checks now, but wondered if you can answer one quasi-related question. We have been on a back/forth debate about a setting In exchange > SMTP > Virtual Server > Delivery > Advanced > FQDM.    Should that value, under the circumstnaces of having many domain names, be "server.domain.local"  or   "a-record.domain.com"   (local vs. public) ?    I know that the BPA will bring up that value but we could never settle the agreement on what choice is best; it seems that both work.  
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Author Comment

by:TrialWorks
ID: 24805365
So I ran the Exchange BPA and the Exchange Troubleshooter.  In BPA I did a basic health check and connectivity.   That was fine.  In Troubleshooter  I did several tests for Mail Flow.  One came back with a suggestion for error 5.7.1 (after actually picking it as the error) which I exhausted.  It does not apply here.  Then I went through and did mail flow tests, all of which successfully delivered mail - but we know that, because internally there are no problems.   All tests were successful and test messages arrived from the TroubleShooting assistant.  The problem continues from the outside.     The Exchange TA is now examining the tracking logs, but regardless of what it finds, the messages are returned almost instantly.    I did a manual track for the test email address and did not locate the failures on either server, they are bounced before the even enter the queues.  help... :(
0
 
LVL 9

Expert Comment

by:dexIT
ID: 24807281
"I am running the BPA checks now, but wondered if you can answer one quasi-related question. We have been on a back/forth debate about a setting In exchange > SMTP > Virtual Server > Delivery > Advanced > FQDM.    Should that value, under the circumstnaces of having many domain names, be "server.domain.local"  or   "a-record.domain.com"   (local vs. public) ?    I know that the BPA will bring up that value but we could never settle the agreement on what choice is best; it seems that both work.  "

I personally think .local is for best practice,  more anonymous.


How are your relay restrictions setup for this server?
In Delivery do you have anonymous access?
0
 
LVL 2

Author Comment

by:TrialWorks
ID: 24807468
Relay blocks all access EXCEPT for list, and it allows anyone who successfully authenticates to relay. The really bizarre thing is only the new domain(s) added to the policy are subject to the problem, all the others move through. I don't get why swapping relay settings to "allow all except denied list" solves the issue but clearly that's not a solution we want.  And again, only newly added domains.  

Been working on the issue pretty much all day and still nowhere :(  
I did reboot my servers hoping that it may be the solution, but no go.
0
 
LVL 2

Accepted Solution

by:
TrialWorks earned 0 total points
ID: 24843316
Ok - it's fixed.

So, I focused in on a lot of stuff in this, but here is the proper fix.

telnet localhost 25 from the Exchange server.  Do a mail test to the affected domain:
-ehlo
-mail from:whatever@something.com
-rcpt to:test@affecteddomain.com  
UNABLE TO RELAY

That's the focus point.  I initially focused on on the
-relays
-antivirus
-reboots
-recipient policies
-etc... they are all distractions.  Your core issue is that the exchange server cannot figure out where to mail stuff to on its own (how it managed to deliver mail from OL client to the external domain name is beyond me, but that is the error to go on).

So, from there, you know the metabase is corrupt.   You know this because according to KB 895853 , page 4 of 8, there is a bullet point that reads DS2MB metabase key is corrupted (out of the many possibilities for SMTP error 5.7.1).    

Microsoft has a tool, called ExMetabaseCheck which will run, find errors, and near the end it will let you reset both the key and SMTP. Just let it do it.  That's it. Fixed.

Thanks for all of you who contributed... although really this post was more like a blog.  Hope it helps in the future.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Hello Friends, My friends and relatives always ask me how to delete all the various types of emails at once in our g-mail  or windows live account.  So I researched this topic to find a unique solution to this query.  Here it is for those who do …
What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now