Intermittent issues with SBS Exchange 2003 standard

Posted on 2009-12-23
Last Modified: 2012-05-08
I could use some help in resolving some issues that I'm having with SBS 2003 stabdard and exchange server.
Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      SMTP Protocol
Event ID:      7004
Date:            12/23/2009
Time:            11:59:46 AM
User:            N/A
Computer:      ASIDC01
This is an SMTP protocol error log for virtual server ID 1, connection #103. The remote host "66.96.130.XX", responded to the SMTP command "mail" with "550 bosauthsmtp09: Host 66.89.41.XX: No unauthenticated relaying permitted  ". The full command sent was "MAIL FROM:<> SIZE=2404  ".  This will probably cause the connection to fail.

For more information, click

End user is reporting this message:
our message did not reach some or all of the intended recipients.

      Subject:  RE: blackberry

      Sent:     12/23/2009 12:00 PM

The following recipient(s) cannot be reached:

      'Matt Cioffi' on 12/23/2009 12:00 PM

            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            < #5.5.0 smtp;550 bosauthsmtp09: Host 66.89.41.XX: No unauthenticated relaying permitted>

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3018
Date:            12/23/2009
Time:            11:50:23 AM
User:            N/A
Computer:      ASIDC01
A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822; (Message-ID <63858742CE041B44B4CD01BB97E5D01A0135C604@asidc01.AutomationSolutionsInc.local>).  
Causes: This message indicates a DNS problem or an IP address configuration problem  
Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.
For more information, click

So here are some details that might help.

We upgraded the firewall and added a second internet connection from a different vendor.  I have configured a static route for all SMTP traffic to travel across only one ISP.  That ISP is the original provider.  We did recently have to switch to a new IP range, so our external ip is new.    We have a Barracuda anti-spam fire wall setup and email hits that first, using NAT in the firewall.  I have the mx record set to and I have a DNS record as well pointing to the peoper address, 66.89.41.XX.  I'm thinking that I must have soemthing in the exchange server misconfigured, or is it possible that when we switched to the new range soemthing had to changed on that ISP's side?  In the example of error 1 a second attempt to send worked fine.  Several users havehad this issue.    What should I be looking at to resolve this issue?  Is there something in the SMTP settings that I messed up, maybe DNS entries need to be updated?  MXTOOLBOX reports that reverse dns does not match.  I have been using zoneedit to manage the DNS and MX but it seems like the reverse lookup goes to which is of course wrong.  Does XO need to change that?

Thanks and let me know what else you might need to help me, I'm going a bit out of my mind with this.
Question by:mcioffi209
    LVL 65

    Expert Comment

    How do you route outbound email?
    You shouldn't have used a static route. SMTP Connector control how Exchange sends email.
    What is normally suggested is that email goes out the same route it comes back in - so that would mean going through your appliance.

    However, both of those errors are likely to be outside of your control.
    The first error means what it says - the server the message was delivered to cannot relay. However without knowing if there is a relationship between the server rejecting the message and yourself (for example it is one of your ISPs servers).

    The second error could also be an indication of a DNS lookup problem, which may not be your issue.


    Author Comment

    By a route I mean that we have load balanced to internet connections, one from XO and one from Comcast.  I have set a route that will have email go through the XO T1 only.

    I seemed to be having some strange issues with the mail not coming going correctly until I did that.

    The relay error is to an address that we use often.  It is my email address that the company uses to talk to me.  We started having issues around the time of the new firewall, but more so when we setup the new IP range.  So I'm thinking that there must be some sort of issue going on, seeing as we did not have this before and it is faily recent.  

    However right now it seems that all inbound email is stalling at the barracuda anti-spam firewall.  Not sure what could be going on, everything seems fine.  All the tests work, mail is coming in and Barracuda is working correctly in that it is classfying it correctly but it will not get delivered to the users inboxes.  internal mail is fine.  Telnet to the smtp port on the exchange server works fine from the test screen in the barracuda, ping works but mail will not flow.

    On another note blackberry redirect is not working properly.  Messages are getting stuck in the pending state.  I'm wondering if all of this connected.  I would give 1000 points for this if someone could help me out.

    Really bad day.  Any suggestions?

    Author Comment

    Ok, rebooted server and incoming external email is working now.

    What I'm wondering is the DNS settings both internal and external are correct.  For example the server is called and I can change the dns settings via zoneedit.  This is pretty basic, but I want to be sure that I have not made some silly mistake.  The only thing that I cannot change right now is the reverse dns info.  But what would be best practice for setting at the DNS and SMTP config.
    LVL 65

    Accepted Solution

    You need to have a PTR record (reverse DNS) that is valid to allow direct email delivery. Without it, many sites will reject the email.

    Best practise is to have all three elements the same - so PTR record, MX record and SMTP Banner.


    Author Closing Comment

    We had the wrong IP block assigned to us by ISP.  Once they corrected that everything seemed fine.  

    Featured Post

    Why do Marketing keep bothering you?

    Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

    Join & Write a Comment

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now