Solved

SMTP relay erro messages

Posted on 2010-11-17
28
2,380 Views
Last Modified: 2012-05-10
Hello:

We work with a 3rd party partner for a specific application.  This 3rd party vendor supports the application and we just support the server end (Windows 2003 Server Std).  This server is in a  workgroup (not in a domain).  The network clients (in a Domain, not a workgroup) map a drive to the server through a batch file and can access the needed application that way.

The application is working pretty well except for the e-mail portion of it.  The database queries are working fine; but, if one would like to e-mail a report from the program the following error pops up: "STMP reported: 5.7.1 Unable to Relay".  

This feature did work until the vendor upgraded a piece of their software.  The SMTP settings in the program are correct and have not changed.  It has the fully qualified domain name of the existing Exchange server.  Keep in mind that this Application Server is in a workgroup, not in a domain with the Exchange server.

Now other workgroup application servers that ask for an SMTP server address have the exact same thing entered in as the rouge Application Server and these other application servers are e-mailing information just fine.

Another PC/Client however gets a different error message when trying to email from that rouge application.  The 2nd error message sates that XXX version 7.05 is not installed.  Go to the downloads page and install it.

Below are screen shots of the relay rule on the Exchange server for this application.  Again this was working until the vendor upgraded some software on teh Server.  It was working up until a month ago and we havebeenusing Exchange for 1 year.

The vendor statea that the upgtrade has nothing to do with the email function.

 Pic1 Pic2 Pic3 Pic4
0
Comment
Question by:Pkafkas
  • 15
  • 10
  • 3
28 Comments
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
To test smtp mail functionality go to the application server and open a dos prompt.

type telnet (email server) 25
type helo domain.internal
type mail from:test@domain.xxx
type rcpt to:internalmailaddress@internal.com
type data
type some junk and hit enter
type . and hit enter
type q to exit.

This is a basic smtp mail conversation and you will get variuos messages depending on what happens. Essentially, follow this through and see what replies come back. You substitute different domains and email addresses obviously and use different combinations of internaland external to test for local delivery (to internal recipients) or external (relay).

Tell us what it responds with.
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
Have a look at the below and see does it provide any assistance.

http://msexchangeteam.com/archive/2006/12/28/432013.aspx
0
 

Author Comment

by:Pkafkas
Comment Utility
Ok, this is what happend form my normal domained workstation.

220 Voyager.AD.WCD.ORG Microsoft ESMTP MAIL Service ready at Wed, 17 Nov 2010 16:39:49 -0600
helo wcd.org
250 Voyager.AD.WCD.ORG Hello [10.220.21.65]
mail from:pkafkas@wcd.org
250 2.1.0 Sender OK
rcpt to:pkafkas@wcd.org
250 2.1.5 Recipient OK
data
354 Please start mail input.
this is a test from my workstation in the domain.\\
.
250 Mail queued for delivery.
0
 

Author Comment

by:Pkafkas
Comment Utility
I will try the commands on the rouge application server tomorrow.
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
OK. pkafkas should have received an email based upon that. Now repeat that but change the helo wcd.org to somethiong else and see whathappens. Then change the sender doamin to something els and see what happens.

I am thinking that either the sender domain from theapplication is not being accpeted or the sending email address is using an external domain that is not being accepted.
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
I sometimes wish I had a built in spell checker....  :(
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
I know the feeling lol...
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
Thansk for that link JBond, it is very helpful.
Here is a Microsoft KB article that explains the smtp test process a little more in depth:
http://support.microsoft.com/kb/304897
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
Your welcome, and thank you for Microsoft KB article :)
0
 

Author Comment

by:Pkafkas
Comment Utility
This is from the application server.

220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Wed, 17 Nov 2010 1:58:56 -0600
helo wcd.org
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas@wcd.org
500 5.3.3 Unrecognized command
mail from:boxoffice@wcd.org
250 2.1.0 Sender OK
rcpt to:pkafkas@wcd.org
250 2.1.5 Recipient OK
data
354 Please start mail input.
typing info from application server 192.168.1.187
.
250 Mail queued for delivery.


------------

I have not received any e-mails to my email account pkafkas@wcd.org
0
 

Author Comment

by:Pkafkas
Comment Utility
It appears that everything is alredy in place for the 'anonymous' logon and the instructions (please see the screen shots above and the web link: http://msexchangeteam.com/archive/2006/12/28/432013.aspx  (a very nice web article).

When I tried to make sure that the anonymous rule was enabled in the power shell, it basically told me tha tit was already enabled.  Please read below, I copied teh output.

[PS] C:\Windows\System32>Get-ReceiveConnector "Archtics" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -Extend
edRights "ms-Exch-SMTP-Accept-Any-Recipient"
WARNING: Appropriate ACE is already present on object "CN=Archtics,CN=SMTP Receive
Connectors,CN=Protocols,CN=VOYAGER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=WCD,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=AD,DC=WCD,DC=ORG" for account "NT
AUTHORITY\ANONYMOUS LOGON".

Identity                          User                                Deny  Inherited   Rights
--------                           ----                                  ----      ---------    ------
VOYAGER\Archtics     NT AUTHORITY\ANON... False  False         ms-Exch-SMTP-Accept-Any-Recipient


[PS] C:\Windows\System32>
0
 

Author Comment

by:Pkafkas
Comment Utility
I will try the suggested commands with another domain name like yahoo.

Before, when this was working, it only worked for internal e-mail addresses.  That is the application e-mailed to internal users only.  Not to external users.
0
 

Author Comment

by:Pkafkas
Comment Utility
Actually the e-mail address that the application is supposed to be always coming from is 'boxoffice@wcd.org'

I will try a different domain for the helo testing and see what happens.

config screen shot
0
 

Author Comment

by:Pkafkas
Comment Utility
This did not help.


220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Thu, 18 Nov 2010 10:25:02 -0600
helo wi.rr.com
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas1@wi.rr.com
rc501 5.1.7 Invalid address
rcpt to:pkafkas@wcd.org
data
503 5.5.2 Need mail command
503 No sender.
mail from:pkafkas1@wi.rr.com
503 5.5.2 Need mail command
mail from:pkafkas@wcd.org
250 2.1.0 Sender OK
rcpt to:petros_kaukas@yahoo.com
250 2.1.5 Recipient OK
data
354 Please start mail input.
test from the app server to yahoo account
.
250 Mail queued for delivery.

---------

220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Thu, 18 Nov 2010 1:36:39 -0600
helo ad.wcd.org
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas@wcd.org
250 2.1.0 Sender OK
rcpt to:pkafkas@wcd.org
500 5.3.3 Unrecognized command
rcpt to:pkafkas@wcd.org
500 5.3.3 Unrecognized command
rcpt to:pkafkas@wcd.org
250 2.1.5 Recipient OK
data
354 Please start mail input.
10:38 am
.
250 Mail queued for delivery.
q
500 5.3.3 Unrecognized command

------------

220 voyager.ad.wcd.org Microsoft ESMTP MAIL Service ready at Thu, 18 Nov 2010 10:39:24 -0600
helo wcd.org
250 voyager.ad.wcd.org Hello [192.168.1.187]
mail from:pkafkas@wcd.org
501 5.5.4 Unrecognized parameter
mail from:test@wcd.org
250 2.1.0 Sender OK
rcpt to:petros_kaukas@yahoo.com
250 2.1.5 Recipient OK
data
354 Please start mail input.
10:40 am
.
250 Mail queued for delivery.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:Pkafkas
Comment Utility
I have received no e-mails to either of the emails listed above.  
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
Sorry, been off for the night. Don't be disheartened yet, those responses give us more information to track down.

From the first response above, it looks as though it is not allowing the sending email address to relay.

mail from:pkafkas1@wi.rr.com
rc501 5.1.7 Invalid address

Here is a Microsoft article, but I don't think it is quite right as you are specifying a domain, it is just not recognising it. I wonder if it cannot reolve it?

I'll keep looking.
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
Response 2 above looks better as it recognises the senders address as vaild, but there is something restricting the basic commands. Possibly some restriction set on your Exchange server.

http://technet.microsoft.com/en-us/library/bb123686.aspx has a good description of the smtp test process.

Can you please try again with boxoffice@wcd.org as the sender and your address as the recipient, with NOTIFY=success,failure
try RCPT TO:"youremail address"

We need a better response at that point. Type the commands in Caps as per the document in case that is enforced in the RFC.
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
One more question, there is nothing like a firewall between the sending server and the Exchange server is there???
0
 

Author Comment

by:Pkafkas
Comment Utility
Hello,

1.  There is no firewall between the Application Server and the Exchange server.

2.  Should I enter the commands as follows:

type telnet (email server) 25
type helo wcd.org
type mail from:boxoffice@wcd.org
type rcpt to:pkafkas@wcd.org
type NOTIFY=success,failure
type data
type some junk and hit enter
type . and hit enter
type q to exit.
0
 

Author Comment

by:Pkafkas
Comment Utility
According to " http://msexchangeteam.com/archive/2006/12/28/432013.aspx " if I change the Receive connector properties to use 'exchange users' - group instead of the 'Anonymous' - group I will be opening a spam security hole.  Others can use this box to e-mail spoof our organization

I am not sure that is a good idea becasuse other business partners connect to this box and who knows what can happen if those other devices get compromised..
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
change the rcpt to: to be RCPT TO:

It seems most of the references use upper case and maybe it needs it. Type each command and if there is not a success response we need to find out why.

type telnet (email server) 25
type set localecho
type HELO wcd.org
type MAIL FROM:boxoffice@wcd.org
type RCPT TO:pkafkas@wcd.org
type NOTIFY=success,failure
type DATA
type some junk and hit enter
hit enter (blank line
type something else here
type . and hit enter
type q to exit.
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
Any time you start letting other devices send email through your system you open up a hole. You need to think carefully about what you are allowing, and where from. I personally find the Exchange "new way" to be confusing, and have to spend time checking each thing I do 50 times to be sure. The key is to allow the least through to get the job done.

If this box can send mail to your internal recipients, then anyone getting control of that box can use it to spam you. Not much you can do about that if you allow it in. I gather that it is not trying to send emails to external recipients, so the risk is limited to internal spam issues.
0
 

Author Comment

by:Pkafkas
Comment Utility
When we were using GroupWise (IP address on the 192.168.1.X/ subnet.) emails were able to be sent from this app server to both internal and external e-mail addresses.

Since we migrated to Exchange (Exchange Server on different subnet) only the internal  emails were able to receive from this app server.

Since this latest upgrade, from the vendor, no emails were able to be sent.  Now what they can do is just export the report to a .pdf or whatever and then save it somewhere.  Then e-mail the report as an attachment.

To be honest I think this way is a lot more secure and I do not think its that big of a deal.  What do you guys think?
0
 
LVL 9

Expert Comment

by:Trackhappy
Comment Utility
If the server is not publicy accessible, then I guess the risk is minimal and the ease of use probably ouweighs the risk. No doubt it is more secure without email access but do you really want to cause your customers more hassle for minimal risk?

That decision is entirely yours, we should be able to get it working thoguh and you can make that decision separately.

0
 

Author Comment

by:Pkafkas
Comment Utility
Yes, it was just food for thought.  But again you are correct 'Trackhappy' that is a seperate question.

The consultant that helped us migrate from our GroupWise System to Excahnge, also setup the 'Receive Connector' rule for this app server.  

Like I mentined when we went to Exchange only e-mails to internal (wcd.org) e-mails were working.  You cn see the properties of this rule from teh screen shot above. This was set for 'Anonymous'.

But now its not working at all.  Except if the users just send the report as an attachment, instead of e-maling directly from the application.  You may see the screen shot above with the E-mail confi tab.
0
 

Author Comment

by:Pkafkas
Comment Utility
Anyone?
0
 

Accepted Solution

by:
Pkafkas earned 0 total points
Comment Utility
We got it to work.  Appearetnly since the Recevie conectros were nto working, we tried soemthing else instead.

1.  In the properties of the 'Client recevie connectors' option.  There is an 'Authenticatin' tab.

2.  I un-checked.  'Offer basic Authentication only after starting TLS (see attachemnt). authentication tab.
3.  Then I saw that a specific username is needed to be used.  I added the @ad.wcd.org (fully qualified domain name) to the user account.  In the Active directoy properties (please see attachment). Account settings
4.  Then for the account settings, in the application, I needed to put the username 'username@ad.wcd.org' then everything else could be the same.
     a.  See attachment. final config in application.
0
 

Author Closing Comment

by:Pkafkas
Comment Utility
I figured this out with the help of our Exchange consultant.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now