transport, 5.7.1 smtp 550 Error outbound mail

microsoft.public.exchange2000.transport - Microsoft Exchange Server


transport >> 5.7.1 smtp 550 Error outbound mail

by Mary » Thu, 02 Oct 2003 02:21:29 GMT

In several sites in our forest (6 child domains) we have
an intermittent problem sending outbound external email.
Users get an immediate NDR with the message:

The following recipient(s) could not be reached:

' XXXX@XXXXX.COM ' on 10/1/2003 8:48 AM
You do not have permission to send to this
recipient. For assistance, contact your system
administrator.
<oakbrook04.us.tmsw.com #5.7.1 smtp;550 5.7.1
Unable to relay for XXXX@XXXXX.COM >

If user resends a few minutes later, it goes through fine.
No pattern we can discern. Seems to happen in sites where
there is no root domain dc. In our case, 2 sites in 1
child domain, in same routing group. Bridgehead gets no
such errors, member server does.

Yes, we have checked the box on the SMTP virtual server
that says "Allow all computers which successfully
authenticate to relay, regardless of the list above".
Seems like x.400 queue is in use - I've never seen
messages in there, but queues do appear and disappear as
in SMTP queue(read somewhere that this is the case within
routing groups?) - is there a setting there that needs to
change?

Any ideas of how to fix this? We would really appreciate
any assistance - the VP's are getting pretty hot about it
even though it only happens a few times a day.

Top

transport >> 5.7.1 smtp 550 Error outbound mail

by Jorge Calderon » Sat, 04 Oct 2003 07:25:42 GMT


Have you check to see if Exchange is sending out mail via
a second network card on the server. If so it may be that
you fire wall does not have permission to send out via
that second card.
fine.
Top

transport >> 5.7.1 smtp 550 Error outbound mail

by Daniel Longley [MSFT] » Thu, 09 Oct 2003 22:45:45 GMT

i Mary,

It sounds like this may be due to an authentication problem between the
member server and the bridgehead server, possibly because of the DC
placement issues you mentioned.

The theory goes as follows...

This is supposedly only affecting outbound external email, and the 5.7.1
NDRs are being generated by the member server, in response to a protocol
reject by the bridgehead server (oakbrook04.us.tmsw.com is the name of your
bridgehead rejecting the relay, correct?).

The default SMTP configuration on your bridgehead is correct in that it
allows all authenticated clients to relay. The catch is that your member
server attempts to authenticate at the beginning of its SMTP connection when
relaying through the bridgehead, but if it fails to authenticate it still
goes ahead with the relay attempt anyway. Then if it tries to relay a
recipient, it doesn't have the benefit of being authenticated, so your
bridgehead will treat it as it would any other anonymous SMTP client (i.e.
reject), since you're not an open relay by default.

Note that for recipients with internal email addresses (configured via your
recipient policies), your bridgehead is going to consider those "local" and
hence not an unauthorized relay attempt, regardless of whether your member
server successfully authenticates or not. That would explain why any
internal email recipients being relayed through that bridgehead would be
unaffected.

Exchange 2000 relies on Windows to perform its authentication work. If your
Windows domain infrastructure is not handling authentication requests
properly, your Exchange servers won't be able to reliably authenticate their
SMTP connections with each other. Specifically, the authentication in your
case which is at issue is the one between the machine account of the member
server and the machine account of the bridgehead server
(DOMAIN\MemberServerName$ and DOMAIN\BridgeheadServerName$).

So, yes, normally that checkbox on the bridgehead SMTP virtual server makes
everything work. That breaks down when authentication breaks down though.

Ok, to try and be as helpful as possible, here is what I can suggest:

To take some of the heat off, as a temporary workaround you can add the IP
address of the member server to the bridgehead SMTP virtual server's
explicit relay accept list. That's configured in the same place you saw the
checkbox for allowing authenticated clients to relay. That should allow your
mail through, and without opening up any relay holes for you, since that
member server is supposed to have access anyway (normally through
authentication).

The next thing I'd do is look for expert help with your DC deployment if you
think that you really are having intermittent authentication failures
between machine accounts. e.g. Post information about your problem to a
group such as microsoft.public.win2000.active_directory, noting your AD
site/domain layout and which domain(s) and site your bridgehead and member
server in question are in.

Another option that is always on the table is to log a call with PSS. Then
your problem would get guaranteed attention directly from Exchange and
Windows AD experts.

Hope this helps!

--
Daniel Longley
Exchange Transport Developer
Microsoft Corporation

****** Disclaimer ******
This posting is provided "AS IS" with no warranties, and confers no rights.

Note: Please do NOT reply to this e-mail address. It is used for newsgroup
purpose
Top
Similar Threads

1. Error - #5.0.0 smtp;550 Invalid recipient/sender mailing addres 

Hi !

i have 2 domains.

i have my own domain @companyA.com.

we have forwards for some addresses from this domain to the other domain, my 
other domain called: @B.companyB.com.

companyB.com is an ISP and many organizations send through companyB.com, the 
names of these companies:

@xxx.companyB.com
@yyy.companyB.com

when we send a test mail directly from @companyA.com to @B.companyB.com 
without Forwarding, we can get it.

when we send email from another domains (for example : @xxx.companyB.com
@yyy.companyB.com) to @B.companyB.com we cant get the e-mails and we are 
getting this error message:

#5.0.0 smtp;550 Invalid recipient/sender mailing address.

i think, maybe the problem is because we send from companyB.com to outside 
(companyA.com) and then the mail return to this domain by the forwards.

from another domains : yahoo.com, gmail.com etc .. we can get e-mails !!!

can you help me please?

thanks !

2. Error - #5.0.0 smtp;550 Invalid recipient/sender mailing addre - Manage MS Exchange Server

3. Cannot receive Internet Mail - Error 5.5.0 smtp 550 request denied 

Hi,

This is very strange, up till yesterday we were receiving e-mail but this 
morning, any person trying to send us e-mails is receiving the above 
mentioned error. Strangely enough, I still can recevie e-mails from Gmail but 
not from hotmail or other domains... (although form some they are).. 

Any Clue... At the moment my domain is coexisting with exchange 5.5 althoug 
smtp routing is being used at the 2003 server and the one at 5.5 is there idle

4. Change outbound server in header to fix 550 Can't verify your host name error - Manage MS Exchange Server

5. error message smtp;550 5.7.1 

I had a client get the following error message with a returned e-mail.  Does 
anyone know what this means and what can be done?

Your message did not reach some or all of the intended recipients.

      Subject:  Aging Accounts Receivable

      Sent:     5/28/2008 3:19 PM


The following recipient(s) could not be reached:

       XXXX@XXXXX.COM  on 5/28/2008 3:41 PM

            You do not have permission to send to this recipient.  For 
assistance, contact your system administrator.

            <mailserver2.hq.ancsports.com #5.7.1 smtp;550 5.7.1 Requested 
action not taken: message refused>

6. SMTP Error Code: 550 5.1.1. - Manage MS Exchange Server

7. smtp error 550 

When my users reply to an earthlink account i get the following message.
xxx-fs1.xxx.com #5.5.0 smtp;550-EarthLink does not recognize your computer 
(xx.xx.xx.xx) as connecting from an EarthLink connection.  If this is in 
error, please contact technical support

8. POP3/SMTP external authentication error "550 5.7.1 Unable to Relay" - Manage MS Exchange Server