RE: strange email errors

Dear Customer,

Thank you for posting here. My name is Iverson and I'm glad to be working
with you.

From the description, I understand two problem was encountered.

1. The NDR message 550 5.5.1 and 5.7.1 unable to relay messages were
received.
2. The event ID error 7010 and 7004 were received.

Please understand these two problems may be not related, I suggest we deal
with the problems separately. I appreciate your understanding on this.

# Let's get down to the first issue. Based on my research, this problem
may occur due to multiple factors and we have to check some settings and
perform some tests to narrow down the issue first.

Step 1. Check Relay configuration on the SBS server
=========================
Since this issue is related with relay restriction, so I would first like
you to check the relay configuration on the SBS server.
1. Open the Exchange System Manager
2. Navigate to Servers -> YourServer -> Protocols -> STMP -> Default SMTP
virtue server
3. Open SMTP virtue server properties page.
4. In the Access tab, click Relay button.
5. "Only the list below" should be select and the list should be "SBS LAN
subnet", "127.0.0.1" and "SBS external NIC IP" and they are granted.
6. "Allow all computers which successfully authenticated to relay,
regardless of the list above" should be checked.
7. If making any change, please restart the SMTP virtue server and Exchange
Routing Engine Service.

Step 2. Telnet the destination mail server to check the effect
========================
When the issue happens again, in the Exchange Server, please telnet the
destination mail server which you cannot send mail to by the following
steps.

a. Click Start, click Run, type telnet, and then click OK.
b. At the Microsoft Telnet command prompt, type open server_name 25, and
then press ENTER.
c. To verify that you are successfully connected to the SMTP Mail Service,
type helo domain.com, and then press ENTER.
d. Type mail from: , and then press ENTER.
e. Type rcpt to: , and then press ENTER.
f. Type "quit" (without the quotation marks), and then press ENTER two
times to close the connection to the server and leave the Telnet session
running.

For more information about these 6 steps, please refer to the following
article.

XFOR: Telnet to Port 25 of IMC to Test IMC Communication:
http://support.microsoft.com/?id=153119

Please let me know the result and capture a screen shot and send to me at
v-iversx@xxxxxxxxxxxxx, if there is any error during this process and
attach it in your reply.

Step 3. Create a New SMTP Connector to test the issue
=====================================
Please also refer to the following steps to create a new SMTP Connector to
Bypass DNS Name Resolution to Test SMTP Mail Flow to Remote Domains

a. In Exchange System Manager, right-click the Connectors container, click
New, and then click SMTP Connector.
b. Type an appropriate name, and then click the "Forward all mail through
this connector to the following smart hosts" option. Type the IP

address:[10.0.0.1] of a problematic mail domain in square brackets.

c. Click Add, and then select a bridgehead.
d. Click the Address Space tab, click Add, click SMTP, and then click OK.

e. In the "Email domain" box, type the SMTP address space without the at
(@) symbol. For example, type "emaildomain.com" (without the quotation
marks).

f. Because Exchange must receive messages for this domain also, click to
select the "Allow messages to be relayed to these domains" check box. This
setting makes it possible for all SMTP virtual servers that are listed on
the Bridgehead tab to accept messages for domain.

g. Click OK. Restart SMTP service and test the issue again.

If the problem doesn't occur any more, please check the configuration of
your DNS server

More Information:
-----------------------------
XCON: How to Bypass DNS Name Resolution to Test SMTP Mail Flow to Remote
Domains
http://support.microsoft.com/?id=285863

HOW TO: Install and Configure SMTP Connectors in Exchange 2000 Server
http://support.microsoft.com/?id=314961

Meanwhile, would you please check the original connector Properties. Please
right click SmallBusiness SMTP connector, and let me know whether "Use
DNS¡­" or "Forward¡­to the following smart hosts" is selected.

Step 4. Reverse DNS Lookup.
=====================
The destination mail server may require reverse DNS lookup before it
accepts e-mail. Therefore, please contact your ISP to make sure they have
configured a Reverse DNS Lookup Zone for your Internet domain and create a
PTR record of your Exchange server in the Reserve Lookup DNS Zone. You
could also come to http://www.dnsreport.com to check your PTR record and
make sure it could be queried consistently.

Step 5. Static IP address
=================
The destination mail server may require static public IP address of the
Exchange server. So please make sure that your Exchange Server is not using
dynamic IP addresses.

Step 6. Check Blacklist
================
Please make sure your Exchange server is not included in the destination
mail server's blacklist.

Step 7. If the issue persists, please drag a sample of the NDR message to
the desktop and it will be saved as an .msg file. After this, please use
WinZip to compress it and send the file to me at v-iversx@xxxxxxxxxxxxx for
further analysis. I will check the header information of the NDR message.

# Regarding the second issue "7004 and 7010", if there is not an additional
Exchange Server in the Exchange 2003 organization in the SBS 2003 network,
we can set the SuppressExternal registry key to 1. This setting prevents
Exchange Server from trying to send the XEXCH50 command outside the
Exchange organization. Detailed steps as below:

Note: XEXCH50 is an Exchange ESMTP extension that is used to relay certain
properties, such as envelope properties, message properties, and recipient
properties. The XEXCH50 command is a short command. An XEXCH50 command that
has received a success type response is then followed by a binary large
object (BLOB) of variable size. (The size corresponds to the first argument
of the XEXCH50 command). It is expected that Exchange 2003 will block
inbound XEXCH50 data from other Exchange organizations by default, and in
this regard, the fact that it is responding with "504 Need to authenticate
first" is actually correct.

Configure the XEXCH50 Registry Subkey
-----------------------------------------------
In Exchange Server 2003, you can suppress the sending of the XEXCH50
command to external domains. To do so, follow these steps.

1. Click "Start", click "Run", type "regedit" (without the quotation marks)
in the "Open" box, and then click "OK".
2. Locate the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\XEXCH50

Note: If the XEXCH50 registry subkey is not present, create it. To do
this, point to "New" on the "Edit" menu, and then click "Key". In the "New
Key #1" box, type "XEXCH50" (without the quotation marks), and then press
ENTER.

3. Right-click "XEXCH50", point to "New", and then click "DWORD Value".
4. In the "New Value #1" box, type "SuppressExternal" (without the
quotation marks), and then press ENTER.
5. Right-click "SuppressExternal", and then click "Modify".
6. In the "Value data" box, type "1" (without the quotation marks), and
then click "OK".
7. Quit Registry Editor.

Alternatively, you can configure the SMTP connector properties to use the
HELO command instead of the EHLO command. When Exchange Server sends the
HELO command, it does not receive the list of commands that the remote
server supports, and reverts to simple SMTP commands. None of the extended
SMTP command verbs are used.

To configure the SMTP connector, follow these steps:

1. Start the Exchange System Manager utility.
2. If Administrative Groups are turned on, expand Administrative Groups,
and then expand First Administrative Group.
3. Expand Connectors, right-click the SMTP connector that you use to
connect to the remote domain, and then click Properties.
4. Click the Advanced tab, click to select the Send HELO instead of EHLO
check box, click Apply, and then click OK.

For More Information:

843106 How to troubleshoot the "504 need to authenticate first" SMTP
protocol error
http://support.microsoft.com/default.aspx?scid=kb;EN-US;843106

Hope this helps. If there are any updates, please feel free to get in
touch. I am looking forward to hearing from you.

Best Regards,

Iverson Xue, MCSE (MSFT)
Microsoft Online Partner Support

Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.