Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Intermittent issues with SBS Exchange 2003 standard

Posted on 2009-12-23
Medium Priority
Last Modified: 2012-05-08
I could use some help in resolving some issues that I'm having with SBS 2003 stabdard and exchange server.
Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      SMTP Protocol
Event ID:      7004
Date:            12/23/2009
Time:            11:59:46 AM
User:            N/A
Computer:      ASIDC01
This is an SMTP protocol error log for virtual server ID 1, connection #103. The remote host "66.96.130.XX", responded to the SMTP command "mail" with "550 bosauthsmtp09: Host 66.89.41.XX: No unauthenticated relaying permitted  ". The full command sent was "MAIL FROM:<Majidb@OURDOMAIN.com> SIZE=2404  ".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

End user is reporting this message:
our message did not reach some or all of the intended recipients.

      Subject:  RE: blackberry

      Sent:     12/23/2009 12:00 PM

The following recipient(s) cannot be reached:

      'Matt Cioffi' on 12/23/2009 12:00 PM

            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            <asimail01.automationsolutionsinc.com #5.5.0 smtp;550 bosauthsmtp09: Host 66.89.41.XX: No unauthenticated relaying permitted>

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3018
Date:            12/23/2009
Time:            11:50:23 AM
User:            N/A
Computer:      ASIDC01
A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822;keith@ADOMAIN.com (Message-ID <63858742CE041B44B4CD01BB97E5D01A0135C604@asidc01.AutomationSolutionsInc.local>).  
Causes: This message indicates a DNS problem or an IP address configuration problem  
Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.
For more information, click http://www.microsoft.com/contentredirect.asp.

So here are some details that might help.

We upgraded the firewall and added a second internet connection from a different vendor.  I have configured a static route for all SMTP traffic to travel across only one ISP.  That ISP is the original provider.  We did recently have to switch to a new IP range, so our external ip is new.    We have a Barracuda anti-spam fire wall setup and email hits that first, using NAT in the firewall.  I have the mx record set to barracuda.OURDOMAIN.com and I have a DNS record as well pointing to the peoper address, 66.89.41.XX.  I'm thinking that I must have soemthing in the exchange server misconfigured, or is it possible that when we switched to the new range soemthing had to changed on that ISP's side?  In the example of error 1 a second attempt to send worked fine.  Several users havehad this issue.    What should I be looking at to resolve this issue?  Is there something in the SMTP settings that I messed up, maybe DNS entries need to be updated?  MXTOOLBOX reports that reverse dns does not match.  I have been using zoneedit to manage the DNS and MX but it seems like the reverse lookup goes to which is of course wrong.  Does XO need to change that?

Thanks and let me know what else you might need to help me, I'm going a bit out of my mind with this.
Question by:mcioffi209
  • 3
  • 2
LVL 65

Expert Comment

ID: 26116425
How do you route outbound email?
You shouldn't have used a static route. SMTP Connector control how Exchange sends email.
What is normally suggested is that email goes out the same route it comes back in - so that would mean going through your appliance.

However, both of those errors are likely to be outside of your control.
The first error means what it says - the server the message was delivered to cannot relay. However without knowing if there is a relationship between the server rejecting the message and yourself (for example it is one of your ISPs servers).

The second error could also be an indication of a DNS lookup problem, which may not be your issue.


Author Comment

ID: 26116767
By a route I mean that we have load balanced to internet connections, one from XO and one from Comcast.  I have set a route that will have email go through the XO T1 only.

I seemed to be having some strange issues with the mail not coming going correctly until I did that.

The relay error is to an address that we use often.  It is my email address that the company uses to talk to me.  We started having issues around the time of the new firewall, but more so when we setup the new IP range.  So I'm thinking that there must be some sort of issue going on, seeing as we did not have this before and it is faily recent.  

However right now it seems that all inbound email is stalling at the barracuda anti-spam firewall.  Not sure what could be going on, everything seems fine.  All the tests work, mail is coming in and Barracuda is working correctly in that it is classfying it correctly but it will not get delivered to the users inboxes.  internal mail is fine.  Telnet to the smtp port on the exchange server works fine from the test screen in the barracuda, ping works but mail will not flow.

On another note blackberry redirect is not working properly.  Messages are getting stuck in the pending state.  I'm wondering if all of this connected.  I would give 1000 points for this if someone could help me out.

Really bad day.  Any suggestions?

Author Comment

ID: 26117383
Ok, rebooted server and incoming external email is working now.

What I'm wondering is the DNS settings both internal and external are correct.  For example the server is called svrdc01.ourdomain.com and I can change the dns settings via zoneedit.  This is pretty basic, but I want to be sure that I have not made some silly mistake.  The only thing that I cannot change right now is the reverse dns info.  But what would be best practice for setting at the DNS and SMTP config.
LVL 65

Accepted Solution

Mestha earned 2000 total points
ID: 26121087
You need to have a PTR record (reverse DNS) that is valid to allow direct email delivery. Without it, many sites will reject the email.

Best practise is to have all three elements the same - so PTR record, MX record and SMTP Banner.


Author Closing Comment

ID: 31669553
We had the wrong IP block assigned to us by ISP.  Once they corrected that everything seemed fine.  

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month12 days, 5 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question