5.3.0 smtp;553 5.3.0 and #5.7.1 smtp;550 5.7.1 Access denied
Good morning all.
Arlight here is my question for the experts here =]
For about 6 months now i have been able to Email to my military account and my wifes SBC Global account. All this has been done from my exchange 2003 server at home. (we run our own company)
Now the company is called www.myeverydaygifts.com and exchange is using mail.myeverydaygifts.com, nothing has changed, I haven't messed with any settings. And all of a sudden i get these.
xxx.xxx@mybase.af.mil on 12/17/2009 8:01 AM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail.myeverydaygifts.com #5.7.1 smtp;550 5.7.1 Access denied>
and this one from SBCGlobal
The message cannot be delivered due to a configuration error on the server. Please contact your Administrator.
<mail.myeverydaygifts.com #5.3.0 smtp;553 5.3.0 flpd121 - nBHDxom1002222, DNSBL:ATTRBL 521< 71.86.40.42 >_is_blocked.__For_informa
Like i said. Nothing has changed and i can't for the LIFE of me find out what happened.
I have check RDNS with Charter and it's there. you can even do a Rlookup and it will come up.
My external DNS Servers have not changed either... I have an SMTP Connector setup and i have a Smart host setup to goto my ISA 2006 server.
I have checked with MSExchange.net and isaserver.net for any errors i might have created..
So far my config's are correct (per isaserver and msexchange). I can provide more info if you need it.
But those are the ONLY 2 i am having issues with. Yahoo, MSN, Hotmail, Live, Charter, etc etc.. All work just fine.. And what sucks.... Is I need to send to both those domain LOL.. What luck i tell ya..
thank you for the help...
Arlight here is my question for the experts here =]
For about 6 months now i have been able to Email to my military account and my wifes SBC Global account. All this has been done from my exchange 2003 server at home. (we run our own company)
Now the company is called www.myeverydaygifts.com and exchange is using mail.myeverydaygifts.com, nothing has changed, I haven't messed with any settings. And all of a sudden i get these.
xxx.xxx@mybase.af.mil on 12/17/2009 8:01 AM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail.myeverydaygifts.com #5.7.1 smtp;550 5.7.1 Access denied>
and this one from SBCGlobal
The message cannot be delivered due to a configuration error on the server. Please contact your Administrator.
<mail.myeverydaygifts.com #5.3.0 smtp;553 5.3.0 flpd121 - nBHDxom1002222, DNSBL:ATTRBL 521< 71.86.40.42 >_is_blocked.__For_informa
Like i said. Nothing has changed and i can't for the LIFE of me find out what happened.
I have check RDNS with Charter and it's there. you can even do a Rlookup and it will come up.
My external DNS Servers have not changed either... I have an SMTP Connector setup and i have a Smart host setup to goto my ISA 2006 server.
I have checked with MSExchange.net and isaserver.net for any errors i might have created..
So far my config's are correct (per isaserver and msexchange). I can provide more info if you need it.
But those are the ONLY 2 i am having issues with. Yahoo, MSN, Hotmail, Live, Charter, etc etc.. All work just fine.. And what sucks.... Is I need to send to both those domain LOL.. What luck i tell ya..
thank you for the help...
ASKER
Yes ISA is my firewall.
Have you checked the public IP of ISA to make sure it is not on a blacklist.
The IP of your MX record IS on a blacklist, so if this is the same public IP, that is your reason
Shaun
The IP of your MX record IS on a blacklist, so if this is the same public IP, that is your reason
Shaun
ASKER
As you guys have pointed I am on the blacklist. for FIVETEN
But what I don't understand, Is that my block of IP's are also on the blacklist. And I haven't used those IP's for email at all...
Now the other question is. Does anyone here have a guide to help me close off my Exchange 2003 server from being a relay?
Also for Shauncroucher
ISA uses the 42 IP for it's IP on the External NIC.
But what I don't understand, Is that my block of IP's are also on the blacklist. And I haven't used those IP's for email at all...
Now the other question is. Does anyone here have a guide to help me close off my Exchange 2003 server from being a relay?
Also for Shauncroucher
ISA uses the 42 IP for it's IP on the External NIC.
First of all check your Exchange queues, if they are clear then it is unlikely to be an authenticated relay attach on the server.
In that case, make sure port 25 is blocked for outside access on all but your ISA server (I guess ISA is the perfect tool for this) No machine in the network should be able to connect to port 25 outside. This will stop client machines becoming infected.
Your server seems to accept the envelope headers as if it was an open relay, but rejects the message after the DATA command has been completed. This is a bit unusual, usually the SMTP connection is closed after you enter an invalid recipient domain.
Shaun
In that case, make sure port 25 is blocked for outside access on all but your ISA server (I guess ISA is the perfect tool for this) No machine in the network should be able to connect to port 25 outside. This will stop client machines becoming infected.
Your server seems to accept the envelope headers as if it was an open relay, but rejects the message after the DATA command has been completed. This is a bit unusual, usually the SMTP connection is closed after you enter an invalid recipient domain.
Shaun
ASKER
Can i get a little bit of detail on how to go about looking the problem in exchange?
I will have to close off port 25 when i get home. I think i opened it up when i was messing with it last night. But i am not sure on this.
I will have to close off port 25 when i get home. I think i opened it up when i was messing with it last night. But i am not sure on this.
ASKER
Also Spamhaus says i am not on any blacklist either
71.86.40.42 is not listed in the SBL
71.86.40.42 is not listed in the PBL
71.86.40.42 is not listed in the XBL
71.86.40.42 is not listed in the SBL
71.86.40.42 is not listed in the PBL
71.86.40.42 is not listed in the XBL
That check means you are not on the 'spamhaus' blacklists. It doesn't mean you are not on any blacklists.
You are on a blacklist - FIVETEN.
For the queues, go to Exchange System Manager --> Server --> Queues and see if there are lots of items in any of these queues. If not, thats good.
Now just make sure that no clients in your LAN can access port 25 outside the LAN. If this is done, thats good.
Then send an email to blackhole21 at five-ten-sg.com listed the IP and asking for removal.
Shaun
You are on a blacklist - FIVETEN.
For the queues, go to Exchange System Manager --> Server --> Queues and see if there are lots of items in any of these queues. If not, thats good.
Now just make sure that no clients in your LAN can access port 25 outside the LAN. If this is done, thats good.
Then send an email to blackhole21 at five-ten-sg.com listed the IP and asking for removal.
Shaun
ASKER
Ok, I have locked down Exchange. If you guys could, please run some test and make sure I am good to go, and email has been sent to FIVETEN to get me unblocked.
Also I'm having a small issue. On http://www.mailradar.com, I can't seem to stop all relaying. Are there any steps I can go through to stop this? As Mailradar doesn't seem provide any kind of help on why those test relayed.
These are the 3 that relay.
Method 7]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:23:56 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....
>>> RCPT TO: <"relaytest@mailradar.com"
<<< 250 2.1.5 "relaytest@mailradar.com"@
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel
Method 8]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:23:58 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....
>>> RCPT TO: <"relaytest%mailradar.com"
<<< 250 2.1.5 "relaytest%mailradar.com"@
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel
Method 14]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:24:09 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....
>>> RCPT TO: <mailradar.com!relaytest>
<<< 250 2.1.5 mailradar.com!relaytest@my
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel
And would you recommend me upgrading to Exchange 2007? And how big of a differnce is security?
Thnx guys for all the help.
Also I'm having a small issue. On http://www.mailradar.com, I can't seem to stop all relaying. Are there any steps I can go through to stop this? As Mailradar doesn't seem provide any kind of help on why those test relayed.
These are the 3 that relay.
Method 7]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:23:56 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....
>>> RCPT TO: <"relaytest@mailradar.com"
<<< 250 2.1.5 "relaytest@mailradar.com"@
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel
Method 8]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:23:58 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....
>>> RCPT TO: <"relaytest%mailradar.com"
<<< 250 2.1.5 "relaytest%mailradar.com"@
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel
Method 14]
<<< 220 mail.myeverydaygifts.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 18 Dec 2009 06:24:09 -0600
>>> HELO mailradar.com
<<< 250 mail.myeverydaygifts.com Hello [193.230.245.6]
>>> MAIL FROM: <antispam@[71.86.40.42]>
<<< 250 2.1.0 antispam@[71.86.40.42]....
>>> RCPT TO: <mailradar.com!relaytest>
<<< 250 2.1.5 mailradar.com!relaytest@my
>>> QUIT
<<< 221 2.0.0 mail.myeverydaygifts.com Service closing transmission channel
And would you recommend me upgrading to Exchange 2007? And how big of a differnce is security?
Thnx guys for all the help.
It all looks good now.
The test on mailradar is failing because it looks like you are not validating your internal recipients. This is also known as Recipient Filtering in Exchange.
You are in fact doing validation but it seems you reject after the DATA command and not during the time when you enter the recipient. Probably because ISA or third party in front of Exchange is not checking in realtime and checking recipients
After entering an invalid recipient like INVALIDPERSON@myeverydaygi
You aren't actually accepting the full message though, so you shouldn't get blacklisted because of this.
Shaun
The test on mailradar is failing because it looks like you are not validating your internal recipients. This is also known as Recipient Filtering in Exchange.
You are in fact doing validation but it seems you reject after the DATA command and not during the time when you enter the recipient. Probably because ISA or third party in front of Exchange is not checking in realtime and checking recipients
After entering an invalid recipient like INVALIDPERSON@myeverydaygi
You aren't actually accepting the full message though, so you shouldn't get blacklisted because of this.
Shaun
ASKER
Got something new.
I donno why. But I am able to email my military account now, but i still can't email SBC accounts.. And it looks only like SBC.
So I still lost. I sent an email to FIVETEN. I have yet to hear anything back from them.
I have run tests after tests after tests.. I can't see to figure out how to comppletely turn off relaying..
Other than that... This is odd. =]
I donno why. But I am able to email my military account now, but i still can't email SBC accounts.. And it looks only like SBC.
So I still lost. I sent an email to FIVETEN. I have yet to hear anything back from them.
I have run tests after tests after tests.. I can't see to figure out how to comppletely turn off relaying..
Other than that... This is odd. =]
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I don't have any queue's
All email is Sending and Recieving right.. Only issue i have now is SBC... And i thank you so much for the help you have given me.
Looks like everything is good. Email has been sent to FIVETEN.. Just waiting on a reply from them..
All email is Sending and Recieving right.. Only issue i have now is SBC... And i thank you so much for the help you have given me.
Looks like everything is good. Email has been sent to FIVETEN.. Just waiting on a reply from them..
ASKER
Got another odd thing here
Some of the IPs you have submitted for blacklist monitoring have changed their status, as follows:
71.86.40.42 -> old status: pending | new status: whitelisted
This comes from mailradar.com
Now mxtoolbox.com says i am still blacklisted...
I am so confused with these 2 sites.
Some of the IPs you have submitted for blacklist monitoring have changed their status, as follows:
71.86.40.42 -> old status: pending | new status: whitelisted
This comes from mailradar.com
Now mxtoolbox.com says i am still blacklisted...
I am so confused with these 2 sites.
Basically the mailradar.com site does not check FIVETEN, whereas mxtoolbox does check this one. You are off nearly all lists now, except for the FIVETEN blacklist.
Shaun
Shaun
See mxtoolbox.com --> Blacklists.
This is probably why you are getting NDR's if this is the public IP your mail will be sent from. Look to be removed, or use your ISP's smarthost instead of a smarthost on your network (I assume ISA is on your network too?)
Shaun