SMTP mail cannot be sent or cannot be received in Exchange Server (895857)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 5.5
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
This article is a consolidation of the following previously available articles: 312415 and 895857

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

SYMPTOMS

When you use Microsoft Exchange Server 5.5, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or Microsoft Windows Small Business Server 2003, you or an e-mail client may experience one or more of the following symptoms:
  • Local e-mail clients cannot receive incoming Simple Mail Transfer Protocol (SMTP) mail.
  • Local e-mail clients cannot send SMTP mail.
  • You cannot send or receive mail on specific domains.
  • When external e-mail clients try to send SMTP mail to your Exchange computer, they receive non-delivery reports (NDRs) that contain text that is similar to one of the following messages:

    Message 1

    The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'User_Name @ Domain.Domain_Root'. Subject 'Subject_Of_The_Message', Account: ' Mail . Domain .Domain_Root', Server: ' mail . Domain .Domain_Root', Protocol: SMTP, Server Response: '550 5.7.1 Unable to relay for ' User_Name @ Domain.Domain_Root', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

    Message 2

    The following addresses had permanent fatal errors ----- ( User_Name @Domain.Domain_Root)(reason: 550 5.7.1 Unable to relay for User_Name @Domain.Domain_Root)

    Message 3

    "<> on Day/Month/YearTime Could not deliver the message in the time limit specified. Please retry or contact your administrator. <FQDN_Of_The_Sending_Server #4.4.7>"

    Message 4

    Error transferring to Mail.Domain .Domain_Root; SMTP Protocol Returned a Permanent Error 550 request denied

    Message 5

    554 5.6.1 Body type not supported by Remote Host.

    Message 6

    The following addresses had permanent fatal errors -----
    <User_Name@Domain.Domain_Root> (reason: 552 Requested mail action aborted: exceeded storage allocation)
  • When local e-mail clients try to send SMTP mail, the mail cannot be sent. Additionally, the local e-mail clients receive an NDR that contains text that is similar to one of the following messages:

    Message 1

    550 No relay allowed

    Message 2

    550 Relay Denied

    Message 3

    550 5.7.1 Unable to relay for Domain_Name.Domain_Root>
  • When local e-mail clients try to send SMTP mail, they receive a non-delivery report that is similar to the following: -----Original Message-----
    From: System Administrator
    Sent: DateTime
    To: 'Recipients_Name'
    Subject: Undeliverable: Subject_Of_Original_Message
    Your message did not reach some or all of the intended recipients.
    Subject: Subject_Of_Original_Message
    Sent: DateTime
    The following recipient(s) could not be reached:
    'Recipients_Name' on 3DateTime
    Could not deliver the message in the time limit specified. Please retry or contact your administrator.
    <FQDN_Of_The_Sending_Server#4.4.7>
  • When you use Microsoft Outlook MAPI, you receive the following error message:
    The following recipient(s) could not be reached: 'Recipients_Name @ Domain_Name.Domain_Root' on DateTime. No transport provider was available for delivery to this recipient.
  • You cannot receive e-mail that is sent from an Internet-based e-mail client. For example, you cannot receive e-mail that is sent from a Hotmail client.
  • You cannot send e-mail messages that include attachments.
  • Attachments that you expect to receive in an e-mail message are missing. Or, the attachments have been corrupted.
  • Messages that have large attachments are rejected.
  • The Post Office Protocol version 3 (POP3) protocol cannot be authenticated, and you receive the following error message:
    550 5.7.1 relaying denied from local server.
  • Duplicate e-mail messages are sent to a recipient. The recipient may receive the same e-mail message five or six times.
  • You receive duplicate incoming SMTP messages.
  • Microsoft Outlook clients or Microsoft Outlook Express clients receive an 0x800CCC79 error message when they try to send e-mail.
  • When you send messages that contain binary MIME (8bitmime) parts, you receive the following text in an NDR:554 5.6.1 Body type not supported by Remote Host.
  • The X-LINK2STATE verb is not passed.
  • Authentication problems occur between servers over a routing group connector.
  • When you send the EHLO Extended SMTP (ESMTP) command to the Exchange computer, you receive one of the following responses:
    • 500 Unrecognized command
    • Command unrecognized
    • OK
  • When you send any ESMTP command to the Exchange computer, the command is not accepted.
  • You cannot establish a telnet session with the Exchange computer on port 25.
  • You establish a telnet session with the Exchange computer on port 25, but the session is disconnected when you press a key.
  • When you try to telnet to the Exchange Server Internet Mail Service, it responds with a series of asterisks (*) where the host name is expected. For example, the Exchange Server Internet Mail Service may send the following response:

    250 *********************

  • When you view the Application log, you see an event that is similar to the following: Event Type: Warning
    Event Source: MSExchangeTransport
    Event Category: Connection Manager
    Event ID: 4000
    Description: Message delivery to the remote domain 'FQDN_Of_Domain' failed for the following reason: The connection was dropped by the remote host.
  • You may receive the following NDR from some domains:Your mail system could not find a way to successfully communicate with the destination system. Please notify your administrator. e-mail domain 5.5.0 Although messages are successfully delivered to most destinations, some messages are consistently not delivered to specific domains. Some NDRs may replace parts of the message address with xxxxxx. For example, some NDRs may include the following:

    user @xxxxxxxxx.xxx

    Alternatively, you may receive the following NDR from some domains:Your message did not reach some or all of the intended recipients.

    Subject: Test Message
    Sent: 2/12/2002 8:07 AM

    The following recipient(s) could not be reached:
    'user@externaldomain.com' on 2/12/2002 8:14 AM
    There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
    <server.yourdomain.com #5.5.0 smtp;500 Syntax error, command unrecognized>

CAUSE

These issues may occur if you have one or more firewalls installed on your domain. Some issues that are listed in the "Symptoms" section may occur if any one of the following conditions is true:
  • You are running PIX Software, version 4.0 or a later version, from Cisco Systems, Inc. By default, the Mailguard feature in PIX Software is turned on. The Mailguard feature permits only the following seven SMTP commands to pass through the firewall:
    • Helo
    • Mail
    • Rcpt
    • Data
    • Rset
    • Noop
    • Quit
    The Mailguard feature does not permit any other SMTP command to pass through the firewall. Therefore, some commands do not reach your Exchange computer. PIX Software responds to both denied commands and permitted commands with the "OK" response.
  • You are running Raptor Firewall from Symantec Corporation or Firewall-1 from Check Point Software Technologies Ltd. When the SMTP proxy is running on these products, not all SMTP commands are permitted to pass through the firewall. The performance of these firewall products is similar to the performance of PIX Software.
  • You are running Wingate Proxy/Firewall from C&C Software Solutions. If your Exchange computer is behind a Wingate Proxy/Firewall, you cannot receive SMTP mail that is sent from a Lotus Notes client or from a Hotmail client.
  • You are running Firebox 1000 firewall from WatchGuard Technologies, Inc., and you change the IP address of your Exchange computer.
  • You set the maximum message size on a firewall to limit the size of incoming messages.
  • You are running SonicWALL firewall from Sonic Systems Inc. Issues may occur if the port that this firewall is connected to is not set to 10 megabytes (MB) half duplex.
  • You enable the Simple Mail Transfer Protocol (SMTP) Proxy service on the WatchGuard Firebox. If you use the SMTP Proxy service to specify which message headers are included with a message, the SMTP Proxy service may remove the bdata (binarymime) packet from the message transmission. This behavior may cause an NDR.

WORKAROUND

Use one of the following workarounds, depending on which kind of firewall you are running.

If you are running PIX Software, Raptor Firewall, or Firewall-1

To permit the SMTP commands that you require to reach your Exchange computer, you must turn off the SMTP command filter.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Note A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks and the Internet. For more information about in which you cannot send or receive e-mail messages behind a Cisco PIX firewall, click the following article number to view the article in the Microsoft Knowledge Base:

320027 Cannot send or receive e-mail messages when you are behind a Cisco PIX firewall


For information about how to turn off the SMTP command filter on your firewall, contact the manufacturer of your firewall product.

For information about how to contact the manufacturer of your firewall product, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z



For information about how to contact Check Point Software Technologies Ltd., visit the following Check Point Software Technologies Web site:

http://www.checkpoint.com/index.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you are running Wingate Proxy/Firewall

To work around this issue, you must replace the Wingate Proxy/Firewall. For information about alternative firewall programs that may replace Wingate Proxy/Firewall, contact C&C Software Solutions. For information about how to contact C&C Software Solutions, visit the following C&C Software Solutions Web site:

http://www.ccsoftware.ca/wingate/

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you are running Firebox 1000 firewall

To work around this issue on a Firebox 1000 firewall, you must remove and then reinstall the SMTP proxy service. For more information about how to remove and then reinstall the SMTP proxy service on the Firebox 1000 firewall, contact WatchGuard Technologies, Inc. For information about how to contact WatchGuard Technologies, visit the following WatchGuard Technologies Web site:

http://www.watchguard.com/

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you use the SMTP Proxy service on the WatchGuard Firebox to specify which message headers are included with a message

To work around this issue, disable the WatchGuard Firebox SMTP Proxy service. WatchGuard has a software update to correct this behavior. To obtain the update, contact WatchGuard support.

If you are running SonicWALL firewall

To work around this issue, configure the port on your router where the SonicWALL firewall is connected to 10 MB half duplex. For more information about how to configure your router, contact the manufacturer of your router.

For information about how to contact the manufacturer of your router, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z



Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

If you set the maximum message size on a firewall

To work around this issue, turn off or increase the maximum message size setting on the firewall. For more information, contact the manufacturer of your firewall.

For information about how to contact the manufacturer of your firewall, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

MORE INFORMATION

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MajorLast Reviewed:11/8/2005
Keywords:kbtshoot kbprb KB895857 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.