Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1

Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Message Routing

Message

Guest -> Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (14.Jul.2004 8:00:00 PM)
Hi We have Exchange 2003 Enterprise server running on Windows 2003 Standard Server. Whenever users send an e-mail to many people at the same time NDRs are created by the server. I have already tested the smtp connectivity to the remote server. There is no problem connection to remote smtp server. To find out the problem I enabled the diagnostics Logging on all Categories of MSExchangeTransport and POP3Svc. When user sent a message to many people one of the many errors was logged in event viewer. See one of the event below. Event Type: Warning Event Source: MSExchangeTransport Event Category: Connection Manager Event ID: 4007 Date: 13/07/2004 Time: 9:19:21 AM User: N/A Computer: Exchange2003 Description: Message delivery to the host '66.163.202.65' failed while delivering to the remote domain 'accessair.ca' for the following reason: An SMTP protocol error occurred. The SMTP verb which caused the error is 'RCPT'. The response from the remote server is '550 5.7.1 Unable to relay for receipient@accessair.ca '. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: d7 02 04 c0 +..+ And following NDR was delivered in Outlook. Your message did not reach some or all of the intended recipients. Subject: Test message Sent: 7/13/2004 9:19 AM The following recipient(s) could not be reached: receipient@accessair.ca on 7/13/2004 9:19 AM You do not have permission to send to this recipient. For assistance, contact your system administrator. <exchange2003.ourdomain.com #5.7.1 smtp;550 5.7.1 Unable to relay for receipient@accessair.ca> Now in the event log IP address of accessair.ca mail server shows 66.163.202.65 I queried the MX record and A record of the accessair.ca DNS showed A record of accessair.ca as 66.163.202.65 DNS showed MX record mx.radiant.net DNS showed A record of mx.radiant.net as 216.21.129.51 Problem is SMTP is not delivering to its MX record IP. Instead of that it is attempting to connected to the A record IP of accessair.ca. We are using internal DNS server running on our Windows 2000 Advanced Server domain controller. These internal DNS are setup to connect to external DNS Servers for external domain queries. Is there something wrong in SMTP DNS query mechanism? Is there compatibility issue between Windows 2003 SMTP DNS Client and Windows 2000 DNS Servers?

bitst0rm -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (23.Jul.2004 6:45:00 AM)
I'm dealing with the EXACT same issue. However it seems to be intermittent. SMTP logs show that from time to time Exchange attempts to send to the A record instead of the MX. The rest of the time it sends to the MX.... I suspect its a DNS problem but its so difficult to reproduce that i cannot confirm. Has anyone else experienced this?

Guest -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (4.Aug.2004 9:21:00 PM)
I am having the exact same problems as the ones listed above

bcomtom -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (5.Aug.2004 9:27:00 PM)
Same issue occurring at our site. Sent MS our SMTP log which showed different IP addresses for same recipient in two different emails sent within minutes of one another. Have not heard back.

bcomtom -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (6.Aug.2004 7:59:00 PM)
I did find a solution that works for our client site: in the SMTP virtual server configure external DNS servers to bypass the Windows DNS server (System Manager \| Properties of virtual SMTP Server item \| Delivery tab \| Advanced button \| Configure button). I heard from MS regarding the issue. Basically, according to the source, the A record is returned when the MX record is unavailable. I don't believe this is correct but who knows? Tom

Andrew Denham -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (17.Aug.2004 4:28:00 PM)
I have also come across this DNS MX/A record IP address issue with both: Exchange Server 2003 + Windows 2003 DNS Windows 2000 Server SMTP + Windows 2003 DNS I see from this post that it can also occur with Exchange 2003 + Windows 2000 DNS. I had raised this issue with Microsoft PSS, but after extensive logging and diagnostic tests the root cause could not be located. Our site is clearly not the only one affected by this issue. I will try to re-open the case... This problem has to be related to some fundamental DNS issue. BComTom's posting "I heard from MS regarding the issue. Basically, according to the source, the A record is returned when the MX record is unavailable." may be correct. But under what circumstances may the MX record appear to be available one minute and not the next? As with BComTom, we have also experienced "different IP addresses for same recipient in two different emails sent within minutes of one another". I would have expected DNS caching to mean that once an incorrect MX query result had been returned that it would persist in the cache resulting in many consecutive delivery failures, but this is not the case. Re-sending the failed e-mail usually results in deliver to the correct MX host. If anyone makes progress with this issue please post the fix/workaround here!

Guest -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (20.Aug.2004 10:41:00 PM)
It is nice to see that other people are having the same problems as me too! I have been pulling out my hair for over a week now thinking that it was a reverse DNS issue preventing the remote mail server from accepting messages from my Exchange box. After reviewing the SMTP loggs I can see that exhcnage is clearly connecting to the wrong SMTP server in an attempt to deliver the message! After looking at the full A records for the domain in question Exchange is connecting to the A records rather than the MX record. Hopefully MS will respond to so of the other posters here with a fix.

Guest -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (30.Aug.2004 8:13:00 PM)
Has anyone found a solution? I'm having the exact same problem described here and users are starting to notice more and more. Usually I tell them to send again, and it works fine.. but this can only last so long and I'd like to figure out how to solve it properly. Thanks!

skantechtech -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (1.Sep.2004 4:00:00 PM)
I am also having the same issues on my network, running MS Exchange 2003, SP1 on Windows Server 2003 standard. I am beginning to notice a pattern. I fixed the issue for one user by upgrading their Outlook to Outlook 2003. - it appears to only happen when a user is replying, not when they send a new message. - it appears to happen when the user is using a version of Outlook prior to Outlook 2003. I hope this helps. Melissa Stroud mstroud@firstlab.com

Andrew Denham -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (2.Sep.2004 10:03:00 AM)
Our experience of this A record/MX record problem does not tally with the above conclusions. Issue does arise with Outlook 2003 clients on both new messages and replies and has also occurred with Windows 2000 SMTP sending messages generated by a VB.Net program. Microsoft PSS want me to remove our firewall in order to investigate this issue further, not very practical! (Our firewall is the only non-Microsoft item involved in the process). For the record, we are using a Netscreen 25 firewall, and I would be interested if any of the above authors could confirm that their problem occurs with other firewall products (especially Microsoft ISA Server!)

skantechtech -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (3.Sep.2004 7:05:00 PM)
I apologize, since my last message I have noticed that I am also getting these NDR's in other situations as well, seems to be more prevalent to a small handfull of domains. Sometimes it works, sometimes it doesn't. I checked my smtp log and noticed that it is pulling the A record IP address just like it does for you guys. Has anyone checked for any hotfixes or anything. Or found this issue anywhere else on the internet?

Andrew Denham -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (4.Sep.2004 10:14:00 AM)
Issue can only arise for domains where A record(s) exist for domainname.com. It is quite common for DNS entries to only have an A record for 'WWW' and MX records. This is probably why issue appears to be restricted to a handful of domains.

skantechtech -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (8.Sep.2004 11:22:00 PM)
I may have resolved our issue. I discovered that we could not provide our own reverse DNS, it had to be on our provider's DNS server. I had them add a PTR record for my mail server, now I appear to have the ability email the problematic domains. I contacted MS today about the issue before adding the reverse DNS. They said they would look into it, because it should generate a different error if reverse DNS was the problem.

skantechtech -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (13.Sep.2004 11:34:00 PM)
My last resolution did not fix the issue. I worked with Microsoft and now it appears to be fixed. 1 - Microsoft Exchange - SMTP Virtual Servers - Properties Remove all IP addresses. Let TCP/IP do the work. 2 - I set up TCP/IP on the mail server to look at my local servers. 3 - I went into my DNS Servers in the DNS snap-in. Forwarders tab. One of the DNS servers I had listed was no longer operational. Called my ISP, got new primary and secondary DNS IP addresses, they were apparently weeding out old servers and setting new ones up. Also per MS added 198.6.100.218 as a DNS server to my forwarder list. On the DNS and Mail servers ipconfig /flushdns ipconfig /registerdns restart net logon service Everthing appears to be running smooth, no one received an invalid NDR today. Will continue to monitor. Here is a cut and paste from my ticket with MS> When Exchange 2000 sends e-mail to the Internet using DNS to resolve external domain names a DNS query is done for the remote domain's MX records. In the event that the initial MX query returns a "server failure", Exchange 2000 will fall back to a DNS A record query. If this query is successful and there is an A record for the domain in question that happens to be listening on port 25, Exchange will make a connection to that server. However, if this server does not relay e-mail for the intended domain a NDR will be generated with a 5.7.1, or 5.5.0 error message. There are several domains that have A records that point to IP addresses that accept connections on port 25, but do not relay for the same name space: Mindspring.com is one example. Resolution - - - - - Resolve the DNS resolution problems that are causing occasional MX record failures. Examples: 1. Internal DNS servers use forwarders to resolve external DNS queries and one of the DNS servers in the list returns "server failure" when doing DNS queries. Action: remove this DNS server from the forwarders tab. 2. The Exchange server has multiple default gateways set on a multi-homed server. This is not a recommended configuration and can cause a number of unexpected network problems. If the internal DNS server the internal NIC points to cannot resolve external DNS queries, this problem can occur. Action: remove the default gateway from one of the NICs.

Andrew Denham -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (17.Sep.2004 11:45:00 AM)
Unfortunately I can not "resolve the DNS resolution problems that are causing occasional MX record failures". Neither of the MS examples apply in our case. We only have DNS forwarders set-up on our Windows 2003 Server Domain Controllers. We have been able to reproduce this A record/MX record problem when using various ISPs name servers as our forwarders.

SimonShaw -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (7.Oct.2004 4:17:00 PM)
Have you seen this article? Perhaps related? http://support.microsoft.com/default.aspx?scid=kb;en-us;828263

Andrew Denham -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (8.Oct.2004 10:33:00 AM)
I had come across this large UDP packet size DNS problem. The symptoms are different, if you run one of the affected Firewall products you will always get MX lookup problems with certain domains. The A record/MX record problem is intermittent for the same domain i.e. one minute you will get the A record returned and a few minutes later you will get the correct MX record.

Guest -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (11.Oct.2004 4:05:00 PM)
Same issue.

mmiller@virtual-mis.com -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (25.Oct.2004 7:53:00 PM)
I recently ran into this same problem on a Windows 2003 server running GFI MailEssentials/MailSecurity. The SMTP server would randonly fail to deliver emails to certain domains. Although not the case with my installation it appears that this is also a problem for Exchange 2003 server, maybe 2000? The problem only manifests itself when a company has multiple MX records associated with their domain name (e.g. domain.com instead of mail.domain.com), and the first one is slow to respond sometimes. The company also has to have an A record for the domain name (domain.com) that points to another host that responds to an SMTP connection. The email failure occurs when the first email server fails to respond in a timely manner for whatever reason. The Microsoft SMTP server erroneously fails to try the second email server (the next MX record) and instead tries to connect to the server defined by the domains A record. If this server accepts the connection it tries to deliver the mail and often this will fail as this server might be a web server for example. Microsoft article ID 837993 documents a Hotfix that is available on request. This Hotfix changes the connection failure sequence such that the email server tries all of the destination email servers defined by the MX records prior to failing over to the A record. I have applied it on several servers and it does resolve the problem. Matt

Guest -> RE: Exchange 2003 SMTP DNS NDR Relaying Denied 5.7.1 (27.Oct.2004 12:39:00 PM)
Where can I obtain such hotfix ?

Page: [1] 2 next > >>