exchange 2000 error 5.7.1

[nohamsters]

Some of my users are receiving NDR with the following errors: I don't know if it is our server or the other domains.

The following recipient(s)could not be reached:

recipients name.edu on date and time
You do not have permission to send to this recipient. For assistance, contact your administrator.
<Exchange.domain.com #5.7.1 smtp; 5.7.1 Unable to relay for recipients name.

Clients:Outlook 2002, XP Pro SP1
Server: Windows 2000 Server w/sp3, Exchange 2000 server w/sp3.
Mail is flowing inside the LAN fine and mail to the outside is flowing ok except for this happening a few times a day to only a few users. Any help would be great.

 

[dmulk]

Amen. I have the EXACT same symptom. The only difference in my setup is that I have SP4 running on my Server 2000.

When an email is sent to certain email addresses, I get the:

You do not have permission to send to this recipient. For assistance, contact your administrator.
<Exchange.domain.com #5.7.1 smtp; 5.7.1 Unable to relay for recipients name.

Only happens to certain messages.

If you find a fix for this, please post it, I will do the same.

 

[jbud]

What type of e-mail addresses are these? Internal or External?

If they're internal, are there delivery restrictions in place on the user?

 

[dmulk]

Mine are external.

It only happens once in a while. I have the Exchange Post SP-3 Service pack installed also....

Thanks,

<D>

 

[zoeythecat]

This error relates to your server being on a black list as being spammed. The email is being sent to a domain that has your server blocked. You need to find out where you are being black listed and have them remove your server from the black list.

 

[dmulk]

Actually, I think it is a remote problem. I tried emailing the address from my Yahoo account and it came back with the same error.

Is it possible that the server I am trying to send to is misconfigured or blacklisted?

Thanks,

<D>

 

[zoeythecat]

I would think its possible. If you are not having problems sending to any other domain then I would think somehow it is blocking you from sending email to their domain. That is what this error relates to. There is some other info on this error on Microsoft's knowledgebase.

 

[rtichnor]

First, go here

http://www.ordb.org/lookup

Put your mail server's IP address in and hit the 'Submit Query' button. This will tell you wether or not you are listed as a spam relay.

If this comes back with your e-mail server being labeled a 'spam relay' then you have some work ahead of you. Fix your mail server, then follow the instructions on the site to help get your mail server's IP address removed from this database. (I had to go through this HELL myself, pain pain pain) You may also have to go to a few other sites to have yourself removed from all the major black-list databases. (More pain)

Now, if your e-mail server is not labeled a 'spam relay' then I would check the MX record in DNS to see if you have an IP address in there, or if you have a legit name. I had an entry with my e-mail server's IP address, not the name of my e-mail server which is an RFC compliance issue I beleive. So make sure you have a name like exchange.mydomain.com not the IP address. Good luck !

 

[nohamsters]

Jbud the email addresses are all sent to external domains.
Rtichnor I checked ordb.org for relaying and came back as not listed in their database. I will check the MX record on Monday. Thanks for the replies.

 

[Peibol]

Try to do this:

In the command line write: Retrace

This tool will contact the DNS server and will solve troubles that the table might have.

I hope this work!

 

[Flinty]

Just wanted to add another problem child to the bunch. We have an 1100 user Exchange environment and we get these NDR's a couple of times a week. A resend by the user will usually end up going through. These are not to any domain in particular which may point to a communication &quot;hiccup&quot; between the PO/BH and DNS?? Usually when I am able to test with the domain in question, everything is fine (which could be anywhere from minutes to hours later).

Just as an example, a user sent a message to 12 recipients at 5 different domains....ALL of them bounced with the 5.7.1 error. A resend a few hours later (this happened in the early morning hours) went through without problems. While being blacklisted may also generate these messages, I'm positive that in our case, that is not so (as resends go through 99% of the time). The 2 TIDs at MS that I've found on this kinda contradict each other:

http://support.microsoft.com/defaul...kb/articles/q283/2/87.asp&NoWebContent=15.7.1

http://www.microsoft.com/exchange/techinfo/tips/Trblsht_Tip01.asp

To summarize, the first link states &quot;update to SP3&quot; and the second link points to either recipient policy issues or virtual SMTP server setting issues. I've run down the list and made sure that we were set up correctly and the errors still persist. If anyone has any insight into this, it would be much appreciated. Thanks.

 

[rtichnor]

Try this...

http://www.microsoft.com/exchange/techinfo/tips/Trblsht_Tip01.asp

 

[ACraib]

I had this problem before and I tracked it down (in my case) to my e-mail gateway / virus scanner being off line. Exchange would send back a 5.7.1 NDR istead of Queing the meesage for resending.

I thought it may be because the gateway machine was being over loaded so I've upgraded to a faster server andthe problem has droppped off my still does appear once a month or so.

 

[matthewataylor]

I have the same issue, there is one external domain in particular that gets bounced back. I checked the ordb blacklist and I am not on it. The domain I am sending to does not seem to have any problems receiving from others outside my office. Sounds to me like the problem lies on my end.

Any other suggestions?!?!??!

'
Much Appreciated

 

[xmsre]

In your external DNS, do you have a PTR record? Exchange, and many spam filtering programs, do a reverse lookup on incoming mail. If the reverse lookup fails, the inbound message is rejected. This is by design. If the reverse lookup fails, the spam filtering software cannot determine if the domain the message is coming from is on the deny list or not, therefore the message is rejected.

Get with your ISP, or whoever is hosting your external DNS.

 

[Davetoo]

Just for clarification, Exchange 2000 does not use the reverse DNS &quot;feature&quot; to disallow email from coming into the Exchange server. Please read

http://support.microsoft.com/default.aspx?scid=kb;en-us;297412&Product=exch2k

for further info. A blurb from that site is:

Some messaging systems verify the existence of the e-mail domain of the sender before they accept a &quot;Mail from: user@domain.com&quot; Simple Mail Transfer Protocol (SMTP) entry at the beginning of a new message delivery session. If the domain name cannot be resolved by means of Domain Name System (DNS), the session is disconnected and an error 501 is generated. This behavior is mainly used to prevent you from receiving spam (unsolicited e-mail messages). Microsoft Exchange Server 5.5 and later do not use this feature.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[xmsre]

Exchange only does a Reverse lookup if you tell it to. You only get the error if you have domains, not IP addresses listed on the deny. Why? Well, it's a long a sordid story...

http://support.microsoft.com/?kbid=304897

 

[Davetoo]

xmsre,

You said &quot; If the reverse lookup fails, the inbound message is rejected.&quot; in reference to having Exchange set to do a reverse DNS lookup. It is to that that I was addressing. The reverse DNS lookup on Exchange 2000 will not stop an inbound email from arriving at a users mailbox, assuming the recipient is a valid mailbox on that Exchange server.

According to that article you posted, you'd have to write an event sink to handle a situation where you wanted to reject an inbound email that failed a reverse DNS lookup.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[matthewataylor]

I have DNS running at my site, does the ptr record reside here on at my ISP???

 

[xmsre]

Actually, you have it backwards lander215.

From the referenced article:

&quot;This behavior occurs because Microsoft SMTP products do not perform a directory lookup before accepting SMTP e-mail messages for delivery. Microsoft SMTP products only check the recipient's domain to see if it is a local or explicitly allowed domain.&quot;

Exchange does check the domain to see if it's restricted.

Exchange does not look up the user in active directory before accepting the message.