Solved

SMTP relay erro messages

Posted on 2010-11-17
28
2,608 Views
Last Modified: 2012-05-10
Hello:

We work with a 3rd party partner for a specific application.  This 3rd party vendor supports the application and we just support the server end (Windows 2003 Server Std).  This server is in a  workgroup (not in a domain).  The network clients (in a Domain, not a workgroup) map a drive to the server through a batch file and can access the needed application that way.

The application is working pretty well except for the e-mail portion of it.  The database queries are working fine; but, if one would like to e-mail a report from the program the following error pops up: "STMP reported: 5.7.1 Unable to Relay".  

This feature did work until the vendor upgraded a piece of their software.  The SMTP settings in the program are correct and have not changed.  It has the fully qualified domain name of the existing Exchange server.  Keep in mind that this Application Server is in a workgroup, not in a domain with the Exchange server.

Now other workgroup application servers that ask for an SMTP server address have the exact same thing entered in as the rouge Application Server and these other application servers are e-mailing information just fine.

Another PC/Client however gets a different error message when trying to email from that rouge application.  The 2nd error message sates that XXX version 7.05 is not installed.  Go to the downloads page and install it.

Below are screen shots of the relay rule on the Exchange server for this application.  Again this was working until the vendor upgraded some software on teh Server.  It was working up until a month ago and we havebeenusing Exchange for 1 year.

The vendor statea that the upgtrade has nothing to do with the email function.

 Pic1 Pic2 Pic3 Pic4
0
Comment
Question by:Pkafkas
  • 15
  • 10
  • 3
28 Comments
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34159889
To test smtp mail functionality go to the application server and open a dos prompt.

type telnet (email server) 25
type helo domain.internal
type mail from:test@domain.xxx
type rcpt to:internalmailaddress@internal.com
type data
type some junk and hit enter
type . and hit enter
type q to exit.

This is a basic smtp mail conversation and you will get variuos messages depending on what happens. Essentially, follow this through and see what replies come back. You substitute different domains and email addresses obviously and use different combinations of internaland external to test for local delivery (to internal recipients) or external (relay).

Tell us what it responds with.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34160050
Have a look at the below and see does it provide any assistance.

http://msexchangeteam.com/archive/2006/12/28/432013.aspx
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34160058
Ok, this is what happend form my normal domained workstation.

220 Voyager.AD.WCD.ORG Microsoft ESMTP MAIL Service ready at Wed, 17 Nov 2010 16:39:49 -0600
helo wcd.org
250 Voyager.AD.WCD.ORG Hello [10.220.21.65]
mail from:pkafkas@wcd.org
250 2.1.0 Sender OK
rcpt to:pkafkas@wcd.org
250 2.1.5 Recipient OK
data
354 Please start mail input.
this is a test from my workstation in the domain.\\
.
250 Mail queued for delivery.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Pkafkas
ID: 34160067
I will try the commands on the rouge application server tomorrow.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34160074
OK. pkafkas should have received an email based upon that. Now repeat that but change the helo wcd.org to somethiong else and see whathappens. Then change the sender doamin to something els and see what happens.

I am thinking that either the sender domain from theapplication is not being accpeted or the sending email address is using an external domain that is not being accepted.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34160080
I sometimes wish I had a built in spell checker....  :(
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34160138
I know the feeling lol...
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34160187
Thansk for that link JBond, it is very helpful.
Here is a Microsoft KB article that explains the smtp test process a little more in depth:
http://support.microsoft.com/kb/304897
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34160209
Your welcome, and thank you for Microsoft KB article :)
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34160291
This is from the application server.

220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Wed, 17 Nov 2010 1:58:56 -0600
helo wcd.org
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas@wcd.org
500 5.3.3 Unrecognized command
mail from:boxoffice@wcd.org
250 2.1.0 Sender OK
rcpt to:pkafkas@wcd.org
250 2.1.5 Recipient OK
data
354 Please start mail input.
typing info from application server 192.168.1.187
.
250 Mail queued for delivery.


------------

I have not received any e-mails to my email account pkafkas@wcd.org
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34164515
It appears that everything is alredy in place for the 'anonymous' logon and the instructions (please see the screen shots above and the web link: http://msexchangeteam.com/archive/2006/12/28/432013.aspx  (a very nice web article).

When I tried to make sure that the anonymous rule was enabled in the power shell, it basically told me tha tit was already enabled.  Please read below, I copied teh output.

[PS] C:\Windows\System32>Get-ReceiveConnector "Archtics" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -Extend
edRights "ms-Exch-SMTP-Accept-Any-Recipient"
WARNING: Appropriate ACE is already present on object "CN=Archtics,CN=SMTP Receive
Connectors,CN=Protocols,CN=VOYAGER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=WCD,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=AD,DC=WCD,DC=ORG" for account "NT
AUTHORITY\ANONYMOUS LOGON".

Identity                          User                                Deny  Inherited   Rights
--------                           ----                                  ----      ---------    ------
VOYAGER\Archtics     NT AUTHORITY\ANON... False  False         ms-Exch-SMTP-Accept-Any-Recipient


[PS] C:\Windows\System32>
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34164537
I will try the suggested commands with another domain name like yahoo.

Before, when this was working, it only worked for internal e-mail addresses.  That is the application e-mailed to internal users only.  Not to external users.
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34164687
Actually the e-mail address that the application is supposed to be always coming from is 'boxoffice@wcd.org'

I will try a different domain for the helo testing and see what happens.

config screen shot
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34165665
This did not help.


220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Thu, 18 Nov 2010 10:25:02 -0600
helo wi.rr.com
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas1@wi.rr.com
rc501 5.1.7 Invalid address
rcpt to:pkafkas@wcd.org
data
503 5.5.2 Need mail command
503 No sender.
mail from:pkafkas1@wi.rr.com
503 5.5.2 Need mail command
mail from:pkafkas@wcd.org
250 2.1.0 Sender OK
rcpt to:petros_kaukas@yahoo.com
250 2.1.5 Recipient OK
data
354 Please start mail input.
test from the app server to yahoo account
.
250 Mail queued for delivery.

---------

220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Thu, 18 Nov 2010 1:36:39 -0600
helo ad.wcd.org
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas@wcd.org
250 2.1.0 Sender OK
rcpt to:pkafkas@wcd.org
500 5.3.3 Unrecognized command
rcpt to:pkafkas@wcd.org
500 5.3.3 Unrecognized command
rcpt to:pkafkas@wcd.org
250 2.1.5 Recipient OK
data
354 Please start mail input.
10:38 am
.
250 Mail queued for delivery.
q
500 5.3.3 Unrecognized command

------------

220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Thu, 18 Nov 2010 10:39:24 -0600
helo wcd.org
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas@wcd.org
501 5.5.4 Unrecognized parameter
mail from:test@wcd.org
250 2.1.0 Sender OK
rcpt to:petros_kaukas@yahoo.com
250 2.1.5 Recipient OK
data
354 Please start mail input.
10:40 am
.
250 Mail queued for delivery.
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34166262
I have received no e-mails to either of the emails listed above.  
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34168892
Sorry, been off for the night. Don't be disheartened yet, those responses give us more information to track down.

From the first response above, it looks as though it is not allowing the sending email address to relay.

mail from:pkafkas1@wi.rr.com
rc501 5.1.7 Invalid address

Here is a Microsoft article, but I don't think it is quite right as you are specifying a domain, it is just not recognising it. I wonder if it cannot reolve it?

I'll keep looking.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34168978
Response 2 above looks better as it recognises the senders address as vaild, but there is something restricting the basic commands. Possibly some restriction set on your Exchange server.

http://technet.microsoft.com/en-us/library/bb123686.aspx has a good description of the smtp test process.

Can you please try again with boxoffice@wcd.org as the sender and your address as the recipient, with NOTIFY=success,failure
try RCPT TO:"youremail address"

We need a better response at that point. Type the commands in Caps as per the document in case that is enforced in the RFC.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34169008
One more question, there is nothing like a firewall between the sending server and the Exchange server is there???
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34169073
Hello,

1.  There is no firewall between the Application Server and the Exchange server.

2.  Should I enter the commands as follows:

type telnet (email server) 25
type helo wcd.org
type mail from:boxoffice@wcd.org
type rcpt to:pkafkas@wcd.org
type NOTIFY=success,failure
type data
type some junk and hit enter
type . and hit enter
type q to exit.
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34169121
According to " http://msexchangeteam.com/archive/2006/12/28/432013.aspx " if I change the Receive connector properties to use 'exchange users' - group instead of the 'Anonymous' - group I will be opening a spam security hole.  Others can use this box to e-mail spoof our organization

I am not sure that is a good idea becasuse other business partners connect to this box and who knows what can happen if those other devices get compromised..
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34169130
change the rcpt to: to be RCPT TO:

It seems most of the references use upper case and maybe it needs it. Type each command and if there is not a success response we need to find out why.

type telnet (email server) 25
type set localecho
type HELO wcd.org
type MAIL FROM:boxoffice@wcd.org
type RCPT TO:pkafkas@wcd.org
type NOTIFY=success,failure
type DATA
type some junk and hit enter
hit enter (blank line
type something else here
type . and hit enter
type q to exit.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34169212
Any time you start letting other devices send email through your system you open up a hole. You need to think carefully about what you are allowing, and where from. I personally find the Exchange "new way" to be confusing, and have to spend time checking each thing I do 50 times to be sure. The key is to allow the least through to get the job done.

If this box can send mail to your internal recipients, then anyone getting control of that box can use it to spam you. Not much you can do about that if you allow it in. I gather that it is not trying to send emails to external recipients, so the risk is limited to internal spam issues.
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34169975
When we were using GroupWise (IP address on the 192.168.1.X/ subnet.) emails were able to be sent from this app server to both internal and external e-mail addresses.

Since we migrated to Exchange (Exchange Server on different subnet) only the internal  emails were able to receive from this app server.

Since this latest upgrade, from the vendor, no emails were able to be sent.  Now what they can do is just export the report to a .pdf or whatever and then save it somewhere.  Then e-mail the report as an attachment.

To be honest I think this way is a lot more secure and I do not think its that big of a deal.  What do you guys think?
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34170090
If the server is not publicy accessible, then I guess the risk is minimal and the ease of use probably ouweighs the risk. No doubt it is more secure without email access but do you really want to cause your customers more hassle for minimal risk?

That decision is entirely yours, we should be able to get it working thoguh and you can make that decision separately.

0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34173200
Yes, it was just food for thought.  But again you are correct 'Trackhappy' that is a seperate question.

The consultant that helped us migrate from our GroupWise System to Excahnge, also setup the 'Receive Connector' rule for this app server.  

Like I mentined when we went to Exchange only e-mails to internal (wcd.org) e-mails were working.  You cn see the properties of this rule from teh screen shot above. This was set for 'Anonymous'.

But now its not working at all.  Except if the users just send the report as an attachment, instead of e-maling directly from the application.  You may see the screen shot above with the E-mail confi tab.
0
 
LVL 1

Author Comment

by:Pkafkas
ID: 34193438
Anyone?
0
 
LVL 1

Accepted Solution

by:
Pkafkas earned 0 total points
ID: 34248840
We got it to work.  Appearetnly since the Recevie conectros were nto working, we tried soemthing else instead.

1.  In the properties of the 'Client recevie connectors' option.  There is an 'Authenticatin' tab.

2.  I un-checked.  'Offer basic Authentication only after starting TLS (see attachemnt). authentication tab.
3.  Then I saw that a specific username is needed to be used.  I added the @ad.wcd.org (fully qualified domain name) to the user account.  In the Active directoy properties (please see attachment). Account settings
4.  Then for the account settings, in the application, I needed to put the username 'username@ad.wcd.org' then everything else could be the same.
     a.  See attachment. final config in application.
0
 
LVL 1

Author Closing Comment

by:Pkafkas
ID: 34281074
I figured this out with the help of our Exchange consultant.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question