Microsoft KB Archive/886692

= Microsoft.com now blocks incoming SMTP mail from servers that use dynamic IP addresses =

Article ID: 886692

Article Last Modified on 7/25/2007

-

APPLIES TO


 * Customer Service and Support Information

-



INTRODUCTION
As part of our continuing efforts to help protect the Microsoft network from unsolicited commercial e-mail (UCE) and computer viruses, Microsoft has blocked e-mail that is sent from any Simple Mail Transfer Protocol (SMTP) server that has a dynamic IP address assigned. In this scenario, blocked computers include computers that access the Internet by using a dial-up connection, a DSL connection, or a cable modem connection where those connections use IP addresses that are dynamically assigned by the Internet service provider (ISP).

Note UCE is also known as spam.



MORE INFORMATION
If you try to send e-mail to @microsoft.com from an e-mail server that has a dynamically assigned IP address, you receive a non-delivery report (NDR) from the system administrator similar to the following:

The following recipient(s) could not be reached:

@microsoft.com on 11/01/00 8:14 AM

The originator does not have permission to submit message

dns;. Failed 5.7.1 SMTP;550

5.7.1 Your IP address  appears to be dynamically assigned. Please smarthost your mail through your ISP's mail server. If your IP is static or for more information, please contact us at @microsoft.com.

Note The  that is mentioned in the 5.7.1 response is a special e-mail address that bypasses the dynamic IP check. The address will respond with instructions on how you configure a Microsoft Exchange mail server or another server to forward mail through a smart host. The auto-response also contains instructions on how to contact our real-time blocking list provider for updates to the list.

We have blocked these dynamic IP addresses to help increase the security of the Microsoft network. We have determined that most UCEs, and many of the Trojan horse programs that currently circulate the Internet, come from dynamically-assigned IP addresses.



To work around this issue, use one of the following methods.

Method 1: Obtain a static IP address
Contact your ISP to obtain a static IP address. Assign this IP address to the Internet-facing interface of your firewall or e-mail server.

Method 2: Forward all e-mail messages to a smart host
Forward all your e-mail messages to your ISP. The e-mail messages are then delivered successfully because you ISP's e-mail server has a static IP address assigned. To do this, you must first contact your ISP for the details about which computer to forward your e-mail to. To configure Microsoft Exchange to forward e-mail to a smart host, follow these steps.

For Microsoft Exchange Server 2007

 * 1) Start the Exchange Management Console.
 * 2) Expand Server Configuration, and then click Hub Transport.
 * 3) In the Hub Transport pane, click the Send Connectors tab, and then click New Send Connector in the Actions pane.
 * 4) On the Introduction page, type a name for this connector in the Name box. In the Select the intended use for this Send connector box, click Internet, and then click Next.
 * 5) On the Address Space page, click Add.
 * 6) In the Add Address Space dialog box, type *, click to select the Include all subdomains check box, and then click OK.

Note When this is complete, you will see an entry that includes all domains (*), and of the smtp type.
 * 1) Click Next.
 * 2) On the Network settings page, click Route mail through the following smart hosts, and then click Add.
 * 3) In the Add smart host dialog box, click IP address or Fully qualified domain name (FQDN), type the IP address or FQDN of the SMTP gateway server, and then click OK.

Note The IP address or FQDN information is provided by the ISP.
 * 1) Click Next.
 * 2) In the Configure smart host authentication settings page, click Basic Authentication, and then type the credentials that are provided by the ISP.
 * 3) Click Next.
 * 4) On the Source Server page, click Add, and then add the appropriate Hub Transport servers.

Note Hub transport servers will already be selected by the wizard.
 * 1) Click Next.
 * 2) On the New Connector page, click New to create the new Send Connector.
 * 3) On the Completion page, click Finish.

For Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server
 Start Exchange System Manager. If administrative groups are enabled, expand Administrative Groups, and then expand your administrative group. If routing groups are enabled, expand Routing Groups, and then expand the routing group that you want to work with. Right-click Connectors, point to New, and then click SMTP Connector. In the Name box, click the General tab, and then type a name for this connector. Click Forward all mail through this connector to the following smart hosts. In the Forward all mail through this connector to the following smart hosts box, type the IP address of your ISPs' server.

Note You must enclose this IP address in brackets. For example, type [ ] .</li> Click Add, click an SMTP virtual server, and then click OK. If you have multiple Exchange servers, you must select the SMTP virtual server that you want to use to deliver outgoing SMTP mail.

Note Typically, only the Default SMTP Virtual Server items appear in the SMTP virtual server instances list in a single-server environment.</li> Click the Address Space tab.</li> Click Do not allow public folder referrals.</li> Click Add, click SMTP, and then click OK.</li> Leave the default asterisk (*) in the E-mail domain box, leave 1 in the Cost box, and then click OK.</li> If the ISP requires that you authenticate this connection, click the Advanced tab, click Outbound Security, and then select the appropriate authentication type for the smart host. After you have selected the outgoing security option, click OK two times.</li> Restart the Microsoft Exchange Routing Engine service and the Simple Mail Transfer Protocol (SMTP) service for these changes to take effect. To restart these services, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type services.msc, and then click OK.</li> Right-click Microsoft Exchange Routing Engine, and then click Restart.</li> Right-click Simple Mail Transfer Protocol (SMTP), and then click Restart.</li></ol> </li></ol>

For Microsoft Exchange Server 5.5
<ol> Start the Microsoft Exchange Administrator program.</li> Expand your site, expand Configuration, and then click Connections.</li> In the right pane, double-click Internet Mail Service .</li> Click the Connections tab, and then click Forward all messages to host.</li> In the Forward all messages to host box, type IP address of your ISP's server.

Note You must enclose this IP address in brackets. For example, type [ ] .</li> <li>Click OK, and then click OK when you receive the following message:

The Microsoft Exchange Internet Mail Service must be restarted for your changes to take effect. Stop and start the Internet Mail Service using the Services icon in Windows NT Control Panel.

</li> <li>Restart the Microsoft Exchange Internet Mail Service. To do this, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to Settings, and then click Control Panel.</li> <li>Double-click Services.</li> <li>Click Microsoft Exchange Internet Mail Service, click Stop, and then click Yes when you receive the following message:

Are you sure you want to stop the Microsoft Exchange Internet Mail Service service?

</li> <li>Click Microsoft Exchange Internet Mail Service, and then click Start.</li></ol> </li></ol>

Keywords: kbhowto kbinfo KB886692

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.