Exchange giving out errors with MSExchangeTranport event ID 7004, 7010, 7002

Mcgurupro2
Mcgurupro2 used Ask the Experts™
on
Windows Server 2003 + Exchange 2003 + NAT

i am a service company providing support for this guys and other clients.

Issue started with: user could not send a mail to external addresses but could send to email addresses within the same organization, ABC.com, but could not send to GMAIL.COM or HOTMAIL.com or any other external org.

Did a check under relay permission and everything was fine, the group "Authenticated Users" was permitted to Relay and Submit

Told the user to use the webmail function, thru Web Mail they can send the email to both Internal and External addresses.

Once again this pointed me to the server authentication, but i see nothing different from yesterday configuration, since the problem started today, i used team viewer to enter user machine and see if anything was changed, but according to them all 25 accounts at the remote site could not send to external addresses, well sometime they exaggerate so i tested at least 10 of those accounts and for once the user was telling the truth.

I use 5 of those accounts at the internal domain, logging in and authenticating properly, something not possible at the remote site, what i wanted to test is if i could see a issue with password or any other issue, after logging in on the main site i could send to both external and internal addresses using outlook.

This issue can only be at the remote site, this is my theory anyways, i just don't know what it might be.

By the way if i try to TELNET to the server using telnet mail.xyz.com 25 i don't get anything it just stays there with the cursor and then puts me back on the prompt again. If i do the same command inside the server i get the proper response.

I checked Revers and Forward queries to the domain, using NSLOOKUP and DIG all is 100% working no issues there.

I tried to configure on my PC on of the accounts using the Public IP address of the server and the error is, "Connection to the server was interrupted"... :-/ gosh don't know what else to do.

Another person remotely connected in FRANCE to the server is able to use the public IP address on their outlook and able to receive and send emails to external and internal IP addresses.

I think this entire situation started when i was getting a Few MSExchangeTranport EVNTS ID 7010, 7004 and 7002, i have checked the support documents under MS side and tried some of the solutions, but still what i changed could not have caused this situation, my opinion thou.

I still have many of this errors on my event viewer some of them i can clearly see they are related to SPAM addresses, other are Legit Addresses, been stop due to Relay Authentication issues.

One of the errors says (this is to a Legit address) This is an SMTP protocol for virtula ID 1, connections #9 the client "217.109.37.1" sent a rcpt command and the SMTP server responded with "550 5.7.1 Unable to Relay for xxx@xxx.com the full command was sent to ...... this will probaly cause the connection to fail.

I checked my SPN configuration and the name of the server reflects the name under SPN and the mail server as well.

I am using McAfee AntiSpam premium solutin as well, but i also dont think this is an issue.

Please help.

Admins help get the most responses possible, this is very urgent
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
Under the SMTP virtual server check the Access tab's "Connection" and "Relay" options to make sure there's nothing getting blocked in there.

The firewall could be denying traffic to any IP other than IP's of a spam filtering service or device as well. Have you checked the MX records to see where the mail is being routed?

Author

Commented:
renazonse:

Thanks for you reply.

Relay options is selected, please see pictures to check if i missed something:

When you say MX records are you referring to the DNS records? If yes, then the mail is been routed to my server is the only MX records i got, if you are referring to the Email Headers, i dont know, need to check one, has not crossed myhead yet, would you like to see an email header from the location with the error?

Regards

Exchange-SMTP-Authentication-Box.jpg
Exchange-SMTP-Connection-Box.jpg
Exchange-SMTP-Relay-Box.jpg
Exchange-SMTP-Relay-Users-Box.jpg

Author

Commented:
The event viewer logs they are clogged with 7010 erros referencing to Unable To Relay with the error 550 5.7.1... i just dont see why.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
"The firewall could be denying traffic to any IP other than IP's of a spam filtering service or device as well" i dont follow? please explain.
Sr. Systems Engineer
Top Expert 2009
Commented:
Ok...

In the RELAY box check the checkbox that says "Allow allow all computers which successfully authenticate...". What is that IP? Your server? Use the loopback address for your Exhange server (127.0.0.1) and the internal subnet the clients are on.

The CONNECTION and USERS tabs are fine

On the AUTHENTICATION tab check "Basic Authentication" and, for now, uncheck "Resolve Anonymous Email"

Now, your MX records are the DNS Mail Exchanger records that tell mail servers where to deliver the mail when they send to your domain. Here's an example of the microsoft.com DNS records. You can check yours at dnsstuff.com or mxtoolbox.com for just MX records.

microsoft.com.      A      IN      3600      207.46.232.182
microsoft.com.      A      IN      3600      207.46.197.32
microsoft.com.      NS      IN      172800      ns5.msft.net.
microsoft.com.      NS      IN      172800      ns1.msft.net.
microsoft.com.      NS      IN      172800      ns2.msft.net.
microsoft.com.      NS      IN      172800      ns3.msft.net.
microsoft.com.      NS      IN      172800      ns4.msft.net.
microsoft.com.      SOA      IN      3600      Primary DNS server: ns1.msft.net.
microsoft.com.      MX      IN      3600      mail.messaging.microsoft.com. [Preference = 10] <- MAKE SURE YOU HAVE ONE OF THESE

If you have a spam filtering device or service the filtering server will always have a static IP and from Exchange or from your firewall you can deny all traffic on port 25 to the server from everything but the servers actually delivering the mail to your server. I don't believe it's the case in this situation.

Author

Commented:
Yes that IP is my server, i am using NAT, ok i will try those things and test it.

Yes MX records i have you can check the domain for mail.spie.co.ao and mail.amecspieforaid.co.ao both are correctly registered on the DNSSTUFF, anyways have a look and let me know if am incorrect.

Since they can send emails to internal addresses, i told them to forward me the Internet Headers for 3 examples, one successfully relayed to an internal address, another un-successfully relayed to and external address so we can compare both headers and see what we might be missing.

Thanks for help man, really appreciated you taking your time.

Author

Commented:
Renazonse

Maybe i am missing something but can you check again aunder NSLOOKUP or DIG if youcan see both mail servers

MAIL.SPIE.CO.AO
MAIL.AMECSPIEFORAID.CO.AO

Right now i am trying to resolve the name once again and i cannot find them any longer, i am using my home network, from Work all was fine, here at home using a different provider i cannot resolve the names.

I guess the was on the domain name not been advertised... not sure... anyways i did the changes you asked me on the previous message, i ahve to wait until tomorrow to get it tested nobody at the base today. Sunday.

Thanks for the help so far.
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
I'm able to telnet into your server on port 25 so you should be working now. The only other thing I see is you have no PTR records. This will prevent you from being able to send mail to some domains like AOL since they do reverse lookups on incoming mail. You'll want to have your ISP create PTR records for MAIL.SPIE.CO.AO and MAIL.AMECSPIEFORAID.CO.AO.

Author

Commented:
Thanks for help and i will award the points to you, but i still have doubts:

1. Nothing changed on the server why now this error?
2. The telnet here just gives me a blank screen, i never get the message of HELO like i usually get when i use this command on other servers.
3. The NSLOOKUP or DIG still cannot find anything if i use my home link.

Bloody weird but it is WORKING and sometimes that is all there is to it.
Anyways thanks
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
Sounds like you may have some sort of DNS issue from wherever you're connecting from. Here's my response:

telnet MAIL.AMECSPIEFORAID.CO.AO 25
Trying 196.216.54.58...
Connected to MAIL.AMECSPIEFORAID.CO.AO.
Escape character is '^]'.
220 LDAEXC001.AMECSPIEFORAID.CO.AO Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Mon, 20 Jul 2009 12:34:17 +0100

That's what it should look like when connecting to exchange.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial