Microsoft KB Archive/895857

= SMTP mail cannot be sent or cannot be received in Exchange Server =

Article ID: 895857

Article Last Modified on 6/26/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-





This article is a consolidation of the following previously available articles: 312415 and 895857

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.



SYMPTOMS
When you use Microsoft Exchange Server 5.5, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or Microsoft Windows Small Business Server 2003, you or an e-mail client may experience one or more of the following symptoms:  Local e-mail clients cannot receive incoming Simple Mail Transfer Protocol (SMTP) mail. Local e-mail clients cannot send SMTP mail. You cannot send or receive mail on specific domains.  When external e-mail clients try to send SMTP mail to your Exchange computer, they receive non-delivery reports (NDRs) that contain text that is similar to one of the following messages:

Message 1
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was ' @. '. Subject ' ', Account: '. . ', Server: ' mail. . ', Protocol: SMTP, Server Response: '550 5.7.1 Unable to relay for '  @. ', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

Message 2
The following addresses had permanent fatal errors - (  @ . )(reason: 550 5.7.1 Unable to relay for   @ . )

Message 3
&quot;<> on / /   Could not deliver the message in the time limit specified. Please retry or contact your administrator. < #4.4.7>&quot;

Message 4
Error transferring to. . ; SMTP Protocol Returned a Permanent Error 550 request denied

Message 5
554 5.6.1 Body type not supported by Remote Host.

Message 6
The following addresses had permanent fatal errors -

< > (reason: 552 Requested mail action aborted: exceeded storage allocation)

  When local e-mail clients try to send SMTP mail, the mail cannot be sent. Additionally, the local e-mail clients receive an NDR that contains text that is similar to one of the following messages:

Message 1
550 No relay allowed

Message 2
550 Relay Denied

Message 3
550 5.7.1 Unable to relay for. >

 When local e-mail clients try to send SMTP mail, they receive a non-delivery report that is similar to the following:

-Original Message-

From: System Administrator

Sent:

To: ' '

Subject: Undeliverable:

Your message did not reach some or all of the intended recipients.

Subject:

Sent:

The following recipient(s) could not be reached:

' ' on 3

Could not deliver the message in the time limit specified. Please retry or contact your administrator.

< #4.4.7>

 When you use Microsoft Outlook MAPI, you receive the following error message:

The following recipient(s) could not be reached: ' @. ' on. No transport provider was available for delivery to this recipient.

</li> You cannot receive e-mail that is sent from an Internet-based e-mail client. For example, you cannot receive e-mail that is sent from a Hotmail client.</li> You cannot send e-mail messages that include attachments.</li> Attachments that you expect to receive in an e-mail message are missing. Or, the attachments have been corrupted.</li> Messages that have large attachments are rejected.</li> The Post Office Protocol version 3 (POP3) protocol cannot be authenticated, and you receive the following error message:

550 5.7.1 relaying denied from local server.

</li> Duplicate e-mail messages are sent to a recipient. The recipient may receive the same e-mail message five or six times.</li> You receive duplicate incoming SMTP messages.</li> Microsoft Outlook clients or Microsoft Outlook Express clients receive an 0x800CCC79 error message when they try to send e-mail.</li> When you send messages that contain binary MIME (8bitmime) parts, you receive the following text in an NDR:

554 5.6.1 Body type not supported by Remote Host.

</li> The X-LINK2STATE verb is not passed.</li> Authentication problems occur between servers over a routing group connector.</li> When you send the EHLO Extended SMTP (ESMTP) command to the Exchange computer, you receive one of the following responses: <ul> 500 Unrecognized command</li> Command unrecognized</li> OK</li></ul> </li> <li>When you send any ESMTP command to the Exchange computer, the command is not accepted.</li> <li>You cannot establish a telnet session with the Exchange computer on port 25.</li> <li>You establish a telnet session with the Exchange computer on port 25, but the session is disconnected when you press a key.</li> <li>When you try to telnet to the Exchange Server Internet Mail Service, it responds with a series of asterisks (*) where the host name is expected. For example, the Exchange Server Internet Mail Service may send the following response:

250 *********************

</li> <li> When you view the Application log, you see an event that is similar to the following: Event Type: Warning

Event Source: MSExchangeTransport

Event Category: Connection Manager

Event ID: 4000

Description: Message delivery to the remote domain ' ' failed for the following reason: The connection was dropped by the remote host. </li> <li>You may receive the following NDR from some domains:

Your mail system could not find a way to successfully communicate with the destination system. Please notify your administrator. e-mail domain 5.5.0

Although messages are successfully delivered to most destinations, some messages are consistently not delivered to specific domains. Some NDRs may replace parts of the message address with xxxxxx. For example, some NDRs may include the following:

user @xxxxxxxxx.xxx

Alternatively, you may receive the following NDR from some domains:

Your message did not reach some or all of the intended recipients.

Subject: Test Message

Sent: 2/12/2002 8:07 AM

The following recipient(s) could not be reached:

on 2/12/2002 8:14 AM

There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.

< #5.5.0 smtp;500 Syntax error, command unrecognized>

</li></ul>

<div class="cause_section">

CAUSE
These issues may occur if you have one or more firewalls installed on your domain. Some issues that are listed in the &quot;Symptoms&quot; section may occur if any one of the following conditions is true: <ul> <li>You are running Microsoft Internet Security and Acceleration (ISA) Server 2000 on the network. Additionally, you have configured filters for SMTP.</li> <li>You are running PIX Software, version 4.0 or a later version, from Cisco Systems, Inc. By default, the Mailguard feature in PIX Software is turned on. The Mailguard feature permits only the following seven SMTP commands to pass through the firewall: <ul> <li>Helo</li> <li>Mail</li> <li>Rcpt</li> <li>Data</li> <li>Rset</li> <li>Noop</li> <li>Quit</li></ul>

The Mailguard feature does not permit any other SMTP command to pass through the firewall. Therefore, some commands do not reach your Exchange computer. PIX Software responds to both denied commands and permitted commands with the &quot;OK&quot; response.</li> <li>You are running Raptor Firewall from Symantec Corporation or Firewall-1 from Check Point Software Technologies Ltd. When the SMTP proxy is running on these products, not all SMTP commands are permitted to pass through the firewall. The performance of these firewall products is similar to the performance of PIX Software.</li> <li>You are running Wingate Proxy/Firewall from C&C Software Solutions. If your Exchange computer is behind a Wingate Proxy/Firewall, you cannot receive SMTP mail that is sent from a Lotus Notes client or from a Hotmail client.</li> <li>You are running Firebox 1000 firewall from WatchGuard Technologies, Inc., and you change the IP address of your Exchange computer.</li> <li>You set the maximum message size on a firewall to limit the size of incoming messages.</li> <li>You are running SonicWALL firewall from Sonic Systems Inc. Issues may occur if the port that this firewall is connected to is not set to 10 megabytes (MB) half duplex.</li> <li>You enable the Simple Mail Transfer Protocol (SMTP) Proxy service on the WatchGuard Firebox. If you use the SMTP Proxy service to specify which message headers are included with a message, the SMTP Proxy service may remove the bdata (binarymime) packet from the message transmission. This behavior may cause an NDR.</li></ul>

<div class="workaround_section">

WORKAROUND
Use one of the following workarounds, depending on which kind of firewall you are running.

If you are running ISA Server 2000
If you running ISA Server 2000, disable the SMTP filters. To do this, follow these steps:
 * 1) Start the ISA Management console.
 * 2) In the console tree, expand Servers and Arrays, and then expand the   object that you want.
 * 3) Expand Access Policy, and then click IP Packet Filters.
 * 4) In the Configure Firewall Protection task pad, double-click a filter rule that is related to SMTP.
 * 5) On the General tab, click to clear the Enable this filter check box, and then click OK.
 * 6) Repeat steps 4 and 5 for any other filter rules related to SMTP.
 * 7) Exit the ISA Management console.

If you are running PIX Software, Raptor Firewall, or Firewall-1
To permit the SMTP commands that you require to reach your Exchange computer, you must turn off the SMTP command filter.

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Note A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks and the Internet.

For information about how to turn off the SMTP command filter on your firewall, contact the manufacturer of your firewall product.

For information about how to contact the manufacturer of your firewall product, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

For information about how to contact Check Point Software Technologies Ltd., visit the following Check Point Software Technologies Web site:

http://www.checkpoint.com/index.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you are running Wingate Proxy/Firewall
To work around this issue, you must replace the Wingate Proxy/Firewall. For information about alternative firewall programs that may replace Wingate Proxy/Firewall, contact C&C Software Solutions. For information about how to contact C&C Software Solutions, visit the following C&C Software Solutions Web site:

http://www.ccsoftware.ca/wingate/

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you are running Firebox 1000 firewall
To work around this issue on a Firebox 1000 firewall, you must remove and then reinstall the SMTP proxy service. For more information about how to remove and then reinstall the SMTP proxy service on the Firebox 1000 firewall, contact WatchGuard Technologies, Inc. For information about how to contact WatchGuard Technologies, visit the following WatchGuard Technologies Web site:

http://www.watchguard.com/

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you use the SMTP Proxy service on the WatchGuard Firebox to specify which message headers are included with a message
To work around this issue, disable the WatchGuard Firebox SMTP Proxy service. WatchGuard has a software update to correct this behavior. To obtain the update, contact WatchGuard support.

If you are running SonicWALL firewall
To work around this issue, configure the port on your router where the SonicWALL firewall is connected to 10 MB half duplex. For more information about how to configure your router, contact the manufacturer of your router.

For information about how to contact the manufacturer of your router, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you set the maximum message size on a firewall
To work around this issue, turn off or increase the maximum message size setting on the firewall. For more information, contact the manufacturer of your firewall.

For information about how to contact the manufacturer of your firewall, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

<div class="moreinformation_section">

MORE INFORMATION
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Additional query words: XCON

Keywords: kbtshoot kbprb KB895857

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.