[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

5.3.0 smtp;553 5.3.0 and #5.7.1 smtp;550 5.7.1 Access denied

Posted on 2009-12-17
15
Medium Priority
?
3,555 Views
Last Modified: 2012-05-08
Good morning all.

Arlight here is my question for the experts here =]

For about 6 months now i have been able to Email to my military account and my wifes SBC Global account. All this has been done from my exchange 2003 server at home. (we run our own company)

Now the company is called www.myeverydaygifts.com and exchange is using mail.myeverydaygifts.com, nothing has changed, I haven't messed with any settings. And all of a sudden i get these.

xxx.xxx@mybase.af.mil on 12/17/2009 8:01 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mail.myeverydaygifts.com #5.7.1 smtp;550 5.7.1 Access denied>

and this one from SBCGlobal

The message cannot be delivered due to a configuration error on the server. Please contact your Administrator.
            <mail.myeverydaygifts.com #5.3.0 smtp;553 5.3.0 flpd121 - nBHDxom1002222, DNSBL:ATTRBL 521< 71.86.40.42 >_is_blocked.__For_information_see_http://att.net/blocks>

Like i said. Nothing has changed and i can't for the LIFE of me find out what happened.

I have check RDNS with Charter and it's there. you can even do a Rlookup and it will come up.

My external DNS Servers have not changed either... I have an SMTP Connector setup and i have a Smart host setup to goto my ISA 2006 server.

I have checked with MSExchange.net and isaserver.net for any errors i might have created..

So far my config's are correct (per isaserver and msexchange). I can provide more info if you need it.

But those are the ONLY 2 i am having issues with. Yahoo, MSN, Hotmail, Live, Charter, etc etc.. All work just fine.. And what sucks.... Is I need to send to both those domain LOL.. What luck i tell ya..

thank you for the help...
0
Comment
Question by:RIPZeus
  • 8
  • 7
15 Comments
 
LVL 27

Expert Comment

by:shauncroucher
ID: 26072666
The IP address for mail.myeverydaygifts.com is blacklisted with FIVETEN.

See mxtoolbox.com --> Blacklists.

This is probably why you are getting NDR's if this is the public IP your mail will be sent from. Look to be removed, or use your ISP's smarthost instead of a smarthost on your network (I assume ISA is on your network too?)

Shaun
0
 

Author Comment

by:RIPZeus
ID: 26072795
Yes ISA is my firewall.
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 26072971
Have you checked the public IP of ISA to make sure it is not on a blacklist.

The IP of your MX record IS on a blacklist, so if this is the same public IP, that is your reason

Shaun
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:RIPZeus
ID: 26074520
As you guys have pointed I am on the blacklist. for FIVETEN

But what I don't understand, Is that my block of IP's are also on the blacklist. And I haven't used those IP's for email at all...

Now the other question is. Does anyone here have a guide to help me close off my Exchange 2003 server from being a relay?

Also for Shauncroucher
ISA uses the 42 IP for it's IP on the External NIC.
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 26074667
First of all check your Exchange queues, if they are clear then it is unlikely to be an authenticated relay attach on the server.

In that case, make sure port 25 is blocked for outside access on all but your ISA server (I guess ISA is the perfect tool for this) No machine in the network should be able to connect to port 25 outside. This will stop client machines becoming infected.

Your server seems to accept the envelope headers as if it was an open relay, but rejects the message after the DATA command has been completed. This is a bit unusual, usually the SMTP connection is closed after you enter an invalid recipient domain.

Shaun
0
 

Author Comment

by:RIPZeus
ID: 26074770
Can i get a little bit of detail on how to go about looking the problem in exchange?

I will have to close off port 25 when i get home. I think i opened it up when i was messing with it last night. But i am not sure on this.

0
 

Author Comment

by:RIPZeus
ID: 26075088
Also Spamhaus says i am not on any blacklist either

71.86.40.42 is not listed in the SBL

71.86.40.42 is not listed in the PBL

71.86.40.42 is not listed in the XBL
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 26075386
That check means you are not on the 'spamhaus' blacklists. It doesn't mean you are not on any blacklists.

You are on a blacklist - FIVETEN.

For the queues, go to Exchange System Manager --> Server --> Queues and see if there are lots of items in any of these queues. If not, thats good.

Now just make sure that no clients in your LAN can access port 25 outside the LAN. If this is done, thats good.

Then send an email to blackhole21 at five-ten-sg.com listed the IP and asking for removal.

Shaun
0
 

Author Comment

by:RIPZeus
ID: 26079561
Ok, I have locked down Exchange. If you guys could, please run some test and make sure I am good to go, and email has been sent to FIVETEN to get me unblocked.

Also I'm having a small issue. On http://www.mailradar.com, I can't seem to stop all relaying. Are there any steps I can go through to stop this? As Mailradar doesn't seem provide any kind of help on why those test relayed.

These are the 3 that relay.
Method 7]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:23:56 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....Sender OK
>>> RCPT TO: <"relaytest@mailradar.com">
<<< 250 2.1.5 "relaytest@mailradar.com"@myeverydaygifts.com
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel

Method 8]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:23:58 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....Sender OK
>>> RCPT TO: <"relaytest%mailradar.com">
<<< 250 2.1.5 "relaytest%mailradar.com"@myeverydaygifts.com
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel

Method 14]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:24:09 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....Sender OK
>>> RCPT TO: <mailradar.com!relaytest>
<<< 250 2.1.5 mailradar.com!relaytest@myeverydaygifts.com
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel

And would you recommend me upgrading to Exchange 2007? And how big of a differnce is security?

Thnx guys for all the help.
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 26080241
It all looks good now.

The test on mailradar is failing because it looks like you are not validating your internal recipients. This is also known as Recipient Filtering in Exchange.

You are in fact doing validation but it seems you reject after the DATA command and not during the time when you enter the recipient. Probably because ISA or third party in front of Exchange is not checking in realtime and checking recipients

After entering an invalid recipient like INVALIDPERSON@myeverydaygifts.com it should return 5.1.1 User Unknown and not 250 2.1.5 INVALIDPERSON@myeverydaygifts.com

You aren't actually accepting the full message though, so you shouldn't get blacklisted because of this.

Shaun
0
 

Author Comment

by:RIPZeus
ID: 26098640
Got something new.

I donno why. But I am able to email my military account now, but i still can't email SBC accounts.. And it looks only like SBC.

So I still lost. I sent an email to FIVETEN. I have yet to hear anything back from them.

I have run tests after tests after tests.. I can't see to figure out how to comppletely turn off relaying..

Other than that... This is odd. =]
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 2000 total points
ID: 26099156
You are still blacklisted so you can expect to have problem sending mail.

Make sure you don't have any mail queued in Exchange, you don't seem to have Recipient Filtering enabled, so make sure this is enabled.

Open Exchange System Manager
 
Navigate to Global Settings --> Message Delivery --> Properties --> Click Recipient Filter --> Tick to Filter Recipients who are not in the directory.
 
THEN
 
Navigate to ServerName --> Protocols --> SMTP --> Default SMTP Virtual Directory --> Properties --> Advanced --> Edit --> Apply Recipient Filter (check this)
 
Also ensure that Tarpitting is enabled so that you do not become a victim for a directory harvest attack:
 
Open Registry.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters  
Create a DWORD vale of TarpitTime and set this to Decimal 20
 
For more information visit:
 
http://support.microsoft.com/kb/886208 (Queues full of NDR's)
http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html (Tar-pitting explained)

Then you just need to get off the blacklist.

Alternatively, you can set to send outbound mail through your ISP's smarthost, then you don't need to worry about IP reputation, however, if there is an underlying issue, your ISP might get upset with you if you start relaying SPAM through their servers.

Shaun
0
 

Author Comment

by:RIPZeus
ID: 26100347
I don't have any queue's

All email is Sending and Recieving right.. Only issue i have now is SBC... And i thank you so much for the help you have given me.

Looks like everything is good. Email has been sent to FIVETEN.. Just waiting on a reply from them..
0
 

Author Comment

by:RIPZeus
ID: 26101899
Got another odd thing here

Some of the IPs you have submitted for blacklist monitoring have changed their status, as follows:


71.86.40.42 -> old status: pending | new status: whitelisted

This comes from mailradar.com

Now mxtoolbox.com says i am still blacklisted...

I am so confused with these 2 sites.
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 26103083
Basically the mailradar.com site does not check FIVETEN, whereas mxtoolbox does check this one. You are off nearly all lists now, except for the FIVETEN blacklist.

Shaun
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello Friends, My friends and relatives always ask me how to delete all the various types of emails at once in our g-mail  or windows live account.  So I researched this topic to find a unique solution to this query.  Here it is for those who do …
There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
Integration Management Part 2
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month19 days, 11 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question