Solved

550 Administrative prohibitio

Posted on 2014-09-29
13
290 Views
Last Modified: 2014-09-30
I am running exchange 2013, with CU3.   Everything seems to be running fine, but Google is trying to send us emails.

It's for google hangouts.

What's interesting is that we're receiving emails just fine from esupport@google.com, but when they send us other emails for google hangout, it doesn't work.   They are claiming they are receiving the below error message.

Description: Google tried to deliver your message, but it was rejected by the server for the recipient domain domain.org by mail.domain.org. [66.xxx.xxx.xxx]. The error that the other server returned was: 550 Administrative prohibition

I've done some googling, but nothing concrete comes up.

Any ideas?
0
Comment
Question by:afacts
  • 7
  • 3
  • 3
13 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 40350470
First - Exchange 2013 CU3 is no longer supported. You need to stay current to be supported, either the current CU, or the previous one. You could go to SP1 and still be supported though, but CU3 is defiantly unsupported.

Do you have any anti spam software on the server. Using the anti-spam agents in Exchange? AV or firewall scanning the smtp traffic?

Simon.
0
 

Author Comment

by:afacts
ID: 40350504
What do you mean CU3 is not supported, it's only like 4 or 5 months old?  oh well.  I guess I need to upgrade to SP1, but I'm a bit scared as to upgrade to SP1, I read that it does a complete uninstall of exchange and then reinstalls it.

In the past, when that took place, all my custom configurations got lost, so that's why I'm not really anticipating on performing the upgrade.

My hardware firewall has anti-spam, but I don't have any software installed on my exchange server.   All other emails are fine, so I'm a bit perplexed about receiving this error message.

How can I tell if I'm using the anti-spam agents in exchange, I guess I'm not sure, I would have to check.
0
 

Author Comment

by:afacts
ID: 40350534
so under malware filter, it's enabled, with the lowest priority, I guess by default.
I don't remember turning it on, so it's what ever got turned on by default.
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 40350596
What do you mean CU3 is not supported, it's only like 4 or 5 months old?  oh well.  I guess I need to upgrade to SP1, but I'm a bit scared as to upgrade to SP1, I read that it does a complete uninstall of exchange and then reinstalls it

Cumulative Update 6 is the latest now. Service Pack 1 is Cumulative Update 4. I would go to CU6. One noteworthy mention though is that CU6 seems to break litigation hold in Exchange. Tony Redmond speculates this won't be fixed until CU7.

In the past, when that took place, all my custom configurations got lost, so that's why I'm not really anticipating on performing the upgrade.

That should not have happened.


My hardware firewall has anti-spam, but I don't have any software installed on my exchange server.   All other emails are fine, so I'm a bit perplexed about receiving this error message.

Does your firewall have any logs for anti-spam? That way you can see the reason for the rejection? Also, check Exchange Server Message Tracking Logs to see if it even reached the Exchange server. My guess is though that the firewall stopped it.

so under malware filter, it's enabled, with the lowest priority, I guess by default.
 I don't remember turning it on, so it's what ever got turned on by default.

During the install of Exchange 2013 it prompts you whether or not you want to install the Malware filter. By default the installer has it turned on. It can be turned off with PowerShell if desired. But first check your Exchange Tracking Logs to see if your message is even making it to Exchange.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40350794
CU3 is almost twelve months old - it was released in November of last year.
The support cycle is well documented - the Exchange product team blogged on it.
http://blogs.technet.com/b/exchange/archive/2013/02/08/servicing-exchange-2013.aspx

All Exchange 2013 updates are a remove and reinstall of the product. It is the best way, resolves a lot of problems. It also means if you do a new installation of Exchange you can use the current CU for the update.

Simon.
0
 

Author Comment

by:afacts
ID: 40350798
so  are you saying that it's best to wait until CU7 comes out?
I don't know what the "litigation hold" is.

I actually checked using powershell if the email that should have arrived in exchange, but it never made it in exchange.

If my exchange servers sends this message:
Google tried to deliver your message, but it was rejected by the server for the recipient domain domain.org by mail.domain.org. [66.xxx.xxx.xxx]. The error that the other server returned was: 550 Administrative prohibition

Doesn't that mean that it made it to my exchange server?  I'm just trying to find out how to resolve this type of problem?
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:afacts
ID: 40350816
Simon,

so does that mean that all my receive and send connectors I created, I have to recreate those?
How about the rest of the data that I have, does it save all of my configuration?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40350829
so  are you saying that it's best to wait until CU7 comes out?
 I don't know what the "litigation hold" is.

Litigation hold gives you the ability to put a mailbox on hold so the user can't delete any items that could be used in a court case. If you aren't using that. Or have another appliance or service outside of Exchange that provides that for you, then you can safely update to CU6.

If you don't see it in Message Tracking, you could try and browse manually through the SMTP Receive Protocol log. Sometimes connections are dropped here and never logged any further.

But my guess is still the firewall. Can you temporarily disable anti-spam on the firewall to test? Or, do you have logging on the firewall to see if the message was blocked?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40350871
When you install the cumulative update, all settings are retained. Therefore if you have created additional connectors, those will be retained as well.

As this message was rejected at the point of delivery it isn't going to appear in message tracking. The only place it would appear is in the logs for the receive connector, which are not enabled by default.

CU7 is due at some point next month. Hard to say whether to wait or not.

Simon.
0
 

Author Comment

by:afacts
ID: 40351019
How do I enable the the logs for the receive connector?
Then what command would I use to search for a specific email by email address?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40351164
From EAC.

Mail Flow >> Receive Connectors >> double click your connector (most like the Default Frontend) >> on the General tab click Verbose. Click Ok. Restart the Transport Service.
0
 

Author Comment

by:afacts
ID: 40351214
Will this cause the logs to grow exponentially?
Is this log something I only turn on for testing purposes, or can I leave it enabled always?
0
 

Author Comment

by:afacts
ID: 40353026
I made some changes to my firewall and after testing again today, I received the email.

The culprit was my firewall, which I suspected.

Thanks guys for the good info.  I'll plan to upgrade to SP1 in a few weeks I think.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now