Re: server rejects messages
- From: "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
- Date: Wed, 6 Sep 2006 09:57:09 -0500
In addition, you should enable message tracking and see what that shows is
happening to the messages. You can track messages based on the sender, so
if it truly is hitting your server, it will show up in the message tracking
logs.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom> wrote
in message news:O%23pH%236b0GHA.2516@xxxxxxxxxxxxxxxxxxxxxxx
You are still snipping the log file. Don't. The SMTP logs don't always
log information in order (especially true if there are multiple smtp
converstations going on). Picking and choosing which lines to post means
that you may have left out something critical. If you are going to post a
portion of the smtp log, please make sure that you copy/paste the entire
section. It's better to include more than not enough :-)
That being said, if this is the smtp log from your Exchange server, I see
no sign of a 550 error during the smtp conversation. I do however see
that it looks like there are 2 different MTA's at your ISP that seem to be
working on the same smtp converstation - that's weird. I also don't see a
line in there (though you may not have included it - see above) stating
that your server has queued the message for delivery. Your server is not
responsible for the message until it actually accepts it for delivery.
Take your ISP out of the loop temporarily and let your clients send mail
directly to your server. That means changing your MX records, but it's a
step that probably needs to be done in order to troubleshoot. If that
fixes the problem, then there is something going on with your ISP that is
causing the problem.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"MR" <comconix@xxxxxxxxxxxxxxxx> wrote in message
news:upRfMrW0GHA.5048@xxxxxxxxxxxxxxxxxxxxxxx
OK Here goes then
SMTP log messages:
212.150.49.72, mtain1.barak.net.il, 8/20/2006, 22:45:18, SMTPSVC1,
HEVRON, 10.1.1.1, 0, 36, 39, 250, 0, MAIL, -, FROM:<tik@xxxxxxxx>,
212.150.49.72, mtain1.barak.net.il, 8/20/2006, 22:45:18, SMTPSVC1,
HEVRON, 10.1.1.1, 0, 82, 0, 250, 0, RCPT, -,
TO:<no-spam@xxxxxxxxxxxxxxxx>,
212.150.49.75, mtain4.barak.net.il, 8/20/2006, 22:45:18, SMTPSVC1,
HEVRON, 10.1.1.1, 453, 1092, 123, 250, 0, DATA, -,
<20060820.154332.3088.2.tik@xxxxxxxx>,
212.150.49.75, mtain4.barak.net.il, 8/20/2006, 22:45:18, SMTPSVC1,
HEVRON, 10.1.1.1, 0, 4, 67, 240, 547, QUIT, -, mtain4.barak.net.il,
212.150.49.72, mtain1.barak.net.il, 8/20/2006, 22:45:35, SMTPSVC1,
HEVRON, 10.1.1.1, 16609, 1138, 101, 240, 16672, QUIT, -,
mtain1.barak.net.il,
Rejection message:
From: Internet Mail Delivery postmaster@xxxxxxxxxxxxxxxxxxx
To: tik@xxxxxxxx
Date: Sun, 20 Aug 2006 22:45:35 +0300 (IDT)
Subject: Delivery Notification: Delivery has failed
Message-ID: 0J4B00E64AVZ1Y00@xxxxxxxxxxxxxxxxxxx
This report relates to a message you sent with the following header
fields:
Message-id: 20060820.154332.3088.1.tik@xxxxxxxx
Date: Sun, 20 Aug 2006 15:43:19 -0400
From: Tik tik@xxxxxxxx
To: no-spam@xxxxxxxxxxx
Your message cannot be delivered to the following recipients:
Recipient address: @hevron.biconix.com:no-spam@xxxxxxxxxxxxxxxx
Original address: no-spam@xxxxxxxxxxx
Reason: SMTP transmission failure has occurred
Diagnostic code: smtp;550 5.7.1 Requested action not taken: message
refused
Remote system: dns;hevron.biconix.com
(TCP|10.11.1.11|35053|62.90.12.234|25)
FYI barak is my ISP. all my incoming mail passes thru them and they only
forward mail with predefined addresses. in this case it is my valid
address which i have obfuscated
Thanks for your help
"Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
wrote in message news:eI$$GYS0GHA.4016@xxxxxxxxxxxxxxxxxxxxxxx
Unless you are posting from somewhere else (or from the web), your
domain is revealed in the NNTP message headers.
In general, the type of folks that will DOS you aren't the ones that
frequent these newsgroups. It is common knowledge that one usually
shouldn't post a full e-mail address inside of a message, but I've never
heard of someone being DOS'd from posting a domain name in the
newsgroups.
Your choice, but I'm saying that when you obfuscate domain information,
it makes it next to impossible to help you.
You can always open up a support case with Microsoft...
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"MR" <comconix@xxxxxxxxxxxxxxxx> wrote in message
news:O7FPzzR0GHA.3656@xxxxxxxxxxxxxxxxxxxxxxx
it appears that the records do appear in the SMTP log. so it looks like
there is a connections being made.
i am hesitating to place the domain info in a public place, i have had
denial of service attacks in the past and would rather not post the
information publicly. is there some other way that i can send you the
info?
thanks
"Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
wrote in message news:%23WOq9rR0GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
You need to make sure that you have SMTP Protocol logging enabled
(properties of the SMTP Virtual Server). With that on, you can look
through the logs and see if that remote system is even making a
connection to your server, or if it is being kicked back somewhere
else.
The other thing you might try doing is letting us know what the actual
domain names are. When you mask everything with domainxx.com, it
makes it very hard to troubleshoot what is going on.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"MR" <comconix@xxxxxxxxxxxxxxxx> wrote in message
news:eQoBqPR0GHA.4044@xxxxxxxxxxxxxxxxxxxxxxx
Some of our clients have been complaining that email they send to us
keeps bouncing back to with the following error message:
Recipient address: @Server.domainxx.com:User@xxxxxxxxxxxxxxxxx
Original address: User@xxxxxxxxxxxx
Reason: SMTP transmission failure has occurred
Diagnostic code: smtp;550 5.7.1 Requested action not taken: message
refused
Remote system: dns;Server.domainxx.com
(TCP|10.11.1.11|65002|62.190.112.34|25)
It is fairly consistent that some clients cannot send us ANY mail, it
all gets bounced back at them. we can't figure out why or where the
messages are being rejected. we are not filtering any senders or
recipients (except we do "Filter recipients who are not in the
Directory".)
Is there a way to specify which domains or users are valid senders?
(not all the senders have fixed IP addresses.)
is there a way to figure out where the problem is occurring?
Our configuration is Exchange 2003 with SP2 (Version: 6.5.7638.1) on
windows 2003 Enterprise Server
we have installed the Intelligent message filtering on the Exchange
Server with the Blocking threshold set at 6 and the move threshold
set at 4. we have tried to relax the blocking threshold but that did
not help (but it did allow more SPAM thru).
thanks for your help
m
.
- Follow-Ups:
- Re: server rejects messages
- From: MR
- Re: server rejects messages
- References:
- server rejects messages
- From: MR
- Re: server rejects messages
- From: Ben Winzenz [Exchange MVP]
- Re: server rejects messages
- From: MR
- Re: server rejects messages
- From: Ben Winzenz [Exchange MVP]
- Re: server rejects messages
- From: MR
- Re: server rejects messages
- From: Ben Winzenz [Exchange MVP]
- server rejects messages
- Prev by Date: Re: Public folder appointment marked as read only
- Next by Date: Re: Can I create a Global Rule?
- Previous by thread: Re: server rejects messages
- Next by thread: Re: server rejects messages
- Index(es):
Relevant Pages
|
