Prev: Exchange 2007 OWA issue
Next: cross-forest connect problem Availbility service
From: Brian on 16 Jun 2008 11:47
Hi All

For the last couple of weeks, we have been getting random issues where some
mail servers on the internet will start to deny our email. The message
returned in the DNR from our Exchange server is "550 5.7.1 relaying denied".
Not all servers do this, and some messages go right through, while others
will queue up and make repeated attempts to deliver.

We have our own MX, and our Exchange 2003 server is published behind an ISA
2004 firewall. I have verified with our ISP that all of our DNS records are
correct.

When the problem occurs, if I run telnet on the exchange server and connect
to port 25 on one of the problem destinations, it will accept a message.
However according to on server admin I spoke with, their server didn't even
show any attempt to connect coming from our Exchange itself.

The really strange thing is that if I reboot the ISA server, all the queued
messages deliver. However, at no time does the ISA server log show it is
rejecting anything from the Exchange server.

I checked kb895853 and all the configuration seem to be right. I have
allowed anonymous connectionin the SMTP protocol and my entire IP range is
allowed to conenct to the server. Our DNS servers are using the correct
forwarding IPs.

The error that was in the event log that seems to indicate there is a
problem is as follows:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004
Date: 5/30/2008
Time: 8:49:42 AM
User: N/A
Computer: GATEWAY2
Description:
This is an SMTP protocol error log for virtual server ID 1, connection #344.
The remote host "204.202.25.75", responded to the SMTP command "mail" with
"530 authentication required for relay (#5.7.1) ". The full command sent
was "MAIL FROM:<user(a)ourdomain>". This will probably cause the connection
to fail.

and also event id 4000:
Message delivery to the remote domain 'kwic.com' failed for the following
reason: Unable to bind to the destination server in DNS.

These domains are just samples. When this problem starts, the email for many
domain (including hotmail) starts to back up in our delivery queue.

The confusing part is that restart the ISA firewall fixes the problem. So
its not a firewall issue, otherwise I would think we'd always have a
problem. That other issue is that this only happens with some address, not
all. So it doesn't sound like a config issue. So any suggestions or ideas
would be appreciated.

Thanks
Brian


From: Rich Matheisen [MVP] on 16 Jun 2008 22:12
"Brian" <Reply2Me(a)Here> wrote:

[ snip ]

>The confusing part is that restart the ISA firewall fixes the problem. So
>its not a firewall issue,

ISA is a firewall, too. :-)

>otherwise I would think we'd always have a
>problem. That other issue is that this only happens with some address, not
>all. So it doesn't sound like a config issue. So any suggestions or ideas
>would be appreciated.

The "Unable to bind to DNS" usually means just that. Either the DNS is
having a problem, or your network is having a problem, or the domain's
a phony.

If the "unable to relay" always identifies the IP address as an
address outside your network, and the command identified is "MAIL
FROM" then it may not be a relay problem, but a configuration problem
at the destination server -- but you say that the problem goes away if
you restart ISA, so there's something else going on that's not related
to Exchange.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott(a)getronics.com
Or to these, either: mailto:h.pott(a)pinkroccade.com mailto:melvin.mcphucknuckle(a)getronics.com mailto:melvin.mcphucknuckle(a)pinkroccade.com
From: Brian on 19 Jun 2008 09:15
"Rich Matheisen [MVP]" <richnews(a)rmcons.com.NOSPAM.COM> wrote

> If the "unable to relay" always identifies the IP address as an
> address outside your network, and the command identified is "MAIL
> FROM" then it may not be a relay problem, but a configuration problem
> at the destination server -- but you say that the problem goes away if
> you restart ISA, so there's something else going on that's not related
> to Exchange.

It always shows the IP is outside, but in conversation with our ISP, they
never showed any record of an attempt to connect to deliver the message. So
the message is not getting out. Its not showing any traffic on our ISA
server either, so I think that means the message is never getting past
Exchange. I'm just not sure how the message correlates with what is
happening.

Brian


From: Brian on 19 Jun 2008 11:52
Oh, I guess I should clarify about our ISP. When the problem occurs, I can't
send them mail. It just queues up on the Exchange server. So I had them
check to see if they showed any connection attempts from our IP.

We deliver our own email from here.


From: Rich Matheisen on 19 Jun 2008 20:42
On Thu, 19 Jun 2008 09:15:45 -0400, "Brian" <Reply2Me(a)Here> wrote:

>"Rich Matheisen [MVP]" <richnews(a)rmcons.com.NOSPAM.COM> wrote
>
>> If the "unable to relay" always identifies the IP address as an
>> address outside your network, and the command identified is "MAIL
>> FROM" then it may not be a relay problem, but a configuration problem
>> at the destination server -- but you say that the problem goes away if
>> you restart ISA, so there's something else going on that's not related
>> to Exchange.
>
>It always shows the IP is outside, but in conversation with our ISP, they
>never showed any record of an attempt to connect to deliver the message. So
>the message is not getting out. Its not showing any traffic on our ISA
>server either, so I think that means the message is never getting past
>Exchange. I'm just not sure how the message correlates with what is
>happening.

Your SMTP log file will have the record of the conversation between
your server and the ISP's server (or the server you're connected to).
 | 
Pages: 1
Prev: Exchange 2007 OWA issue
Next: cross-forest connect problem Availbility service