|
Home > Archive > IIS and SMTP > August 2007 > #5.7.1 smtp;550 5.7.1 Unable to deliver to <user@xxxx.com>>
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
#5.7.1 smtp;550 5.7.1 Unable to deliver to <user@xxxx.com>>
|
|
|
| The CEO at my firm is not able to send mail to a friend at a particular mail
domain. I have read countless articles on the MS KB as well as links within
the article and nothing has resolved the issue. I have a PIX 515E firewall
that has the fix protocol smtp 25 command enabled. I read an article stating
that this command should be disabled and I tried sending to the recipient
with the same error message. Sounds like it could possibly be an permissions
issue being that it states on the bounceback email that "You do not have
permission to send to this recipient." I am fairly confident that are mail
domain has not been blacklisted on the recipients mail server. Any insights
would be greatly appreciated.
--
Glen
| |
|
| Sorry this message was posted twice. The first time I tried posting it I got
a message stating that the service was unavailable. My apologies
--
Glen
"Glen" wrote:
> The CEO at my firm is not able to send mail to a friend at a particular mail
> domain. I have read countless articles on the MS KB as well as links within
> the article and nothing has resolved the issue. I have a PIX 515E firewall
> that has the fix protocol smtp 25 command enabled. I read an article stating
> that this command should be disabled and I tried sending to the recipient
> with the same error message. Sounds like it could possibly be an permissions
> issue being that it states on the bounceback email that "You do not have
> permission to send to this recipient." I am fairly confident that are mail
> domain has not been blacklisted on the recipients mail server. Any insights
> would be greatly appreciated.
>
> --
> Glen
| |
| Sanford Whiteman 2007-08-08, 1:16 am |
| On Tue, 07 Aug 2007 19:12:03 -0400, Glen <Glen@discussions.microsoft.com=
> =
wrote:
> The CEO at my firm is not able to send mail to a friend at a
> particular mail domain.
> I have a PIX 515E firewall that has the fix protocol smtp 25 command
> enabled.
PIX SMTP fixup breaks (E)SMTP authentication. If you require
authentication before relaying, no one will be able to relay through
the PIX. It's a very straightforward broken/fixed situation.
> Sounds like it could possibly be an permissions issue being that it
> states on the bounceback email that "You do not have permission to
> send to this recipient."
If this error is being generated by the recipient's correct MX, this
means the remote MX has received the delivery attempt, but has
rejected the attempt. This is invariably a result of the remote MX's
policies, whether they are based on a local user@domain, domain or IP.
If the error is being generated by a mailserver deeper inside the
recipient's domain (beyond the MX level), then this is also a result
of remote domain policies, probably content-based in this case, or
quite feasibly a false positive based on internal misconfiguration at
their end.
If the error is being generated by a server that is neither an MX nor
mailbox server for the recipient's domain, then you are sending to the
wrong remote server, indicating that someone's DNS is broken, either
your local resolver or their public DNS zone.
Do an
nslookup -q=3Dmx example.com
from your outbound mailserver, where example.com is the recipient's
domain. Post back with the output. Include the actual domain, not a
fake.
> I am fairly confident that are mail domain has not been blacklisted
> on the recipients mail server.
.... a confidence based on what?
--Sandy
| |
|
| Sandy, thank you for your reply. Here is the nslookup per your request.
Thanks again.
Glen
-- Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
H:\>nslookup -q=mx sfgiants.com
Server: mpbf-mail.mpbf.local
Address: 10.10.1.2
Non-authoritative answer:
sfgiants.com MX preference = 50, mail exchanger = mail.sfgiants.com
sfgiants.com MX preference = 10, mail exchanger = catcher.sfgiants.com
sfgiants.com nameserver = ns-west.cerf.net
sfgiants.com nameserver = ns-east.cerf.net
catcher.sfgiants.com internet address = 216.101.236.4
mail.sfgiants.com internet address = 216.101.236.3
ns-east.cerf.net internet address = 207.252.96.3
ns-west.cerf.net internet address = 192.153.156.3
H:\>
Glen
"Sanford Whiteman" wrote:
> On Tue, 07 Aug 2007 19:12:03 -0400, Glen <Glen@discussions.microsoft.com>
> wrote:
>
>
>
> PIX SMTP fixup breaks (E)SMTP authentication. If you require
> authentication before relaying, no one will be able to relay through
> the PIX. It's a very straightforward broken/fixed situation.
>
>
> If this error is being generated by the recipient's correct MX, this
> means the remote MX has received the delivery attempt, but has
> rejected the attempt. This is invariably a result of the remote MX's
> policies, whether they are based on a local user@domain, domain or IP.
>
> If the error is being generated by a mailserver deeper inside the
> recipient's domain (beyond the MX level), then this is also a result
> of remote domain policies, probably content-based in this case, or
> quite feasibly a false positive based on internal misconfiguration at
> their end.
>
> If the error is being generated by a server that is neither an MX nor
> mailbox server for the recipient's domain, then you are sending to the
> wrong remote server, indicating that someone's DNS is broken, either
> your local resolver or their public DNS zone.
>
> Do an
>
> nslookup -q=mx example.com
>
> from your outbound mailserver, where example.com is the recipient's
> domain. Post back with the output. Include the actual domain, not a
> fake.
>
>
> .... a confidence based on what?
>
> --Sandy
>
| |
| Sanford Whiteman 2007-08-08, 7:19 am |
| > Sandy, thank you for your reply. Here is the nslookup per your
> request. Thanks again.
The nslookup checks out, so your mailserver's resolver is returning
the correct results for the remote domain.
That eliminates the possibility that you are connecting to the wrong
remote mailserver (which can result in self-evident policy violations,
for example when you connect to an old, deconfigured MX, or a
webserver that does not accept incoming for the domain but does listen
on port 25, etc.).
It leaves open the question of what mailserver -- yours, their mx, or
their mailbox server -- is generating your DSNs. What is the full text
of a sample DSN? Please include header information so I can see the
whole path.
--Sandy
| |
|
| Sandy, what is the easiest way to create a full text of a sample dsn? Thanks!
--
Glen
"Sanford Whiteman" wrote:
>
> The nslookup checks out, so your mailserver's resolver is returning
> the correct results for the remote domain.
>
> That eliminates the possibility that you are connecting to the wrong
> remote mailserver (which can result in self-evident policy violations,
> for example when you connect to an old, deconfigured MX, or a
> webserver that does not accept incoming for the domain but does listen
> on port 25, etc.).
>
> It leaves open the question of what mailserver -- yours, their mx, or
> their mailbox server -- is generating your DSNs. What is the full text
> of a sample DSN? Please include header information so I can see the
> whole path.
>
> --Sandy
>
| |
| Sanford Whiteman 2007-08-08, 1:21 pm |
| > Sandy, what is the easiest way to create a full text of a sample dsn?
Copy/paste the text of a received .EML file.
All mail clients have a way of viewing message source.
--Sandy
| |
|
| Sandy, I hope this is what you requested. If not, let me know. Thanks!
Microsoft Mail Internet Headers Version 2.0
Received: from mpbf-mail.mpbf.local ([10.10.1.2]) by mail.mpbf.com with
Microsoft SMTPSVC(6.0.3790.1830);
Mon, 6 Aug 2007 17:33:55 -0700
Received: from mpbf-mail.mpbf.local (127.0.0.1) by mpbf-mail.mpbf.local
(MlfMTA v3.2r1b3) id hmuuv60171s5 for <gsakamoto@mpbf.com>; Mon, 6 Aug 2007
17:33:55 -0700 (envelope-from <lmrobbins@avaya.com> )
Received: from nj300815-nj-outbound.avaya.com ([198.152.12.100])
by mpbf-mail.mpbf.local (SonicWALL 5.0.3.8711)
with SMTP; Mon, 06 Aug 2007 17:33:53 -0700
Received: from 100.6.9.135.in-addr.arpa (HELO 306181ANEX2.global.avaya.com)
([135.9.6.100])
by nj300815-nj-outbound.avaya.com with ESMTP; 06 Aug 2007 20:36:29 -0400
X-IronPort-AV: i="4.19,226,1183348800";
d="scan'208,217"; a="46353663:sNHT16793748"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7D88A.FE766FB6"
Subject: You are Invited to an Exclusive VIP Reception
Date: Mon, 6 Aug 2007 18:36:27 -0600
Message-ID:
< 90CA2570634FC84991D33CFB53DB1A103C8F0D@3
06181ANEX2.global.avaya.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: You are Invited to an Exclusive VIP Reception
Thread-Index: AcfYiv2ZVYRlWVKiQtunBdFcq3ttZg==
From: "Robbins, Laurie (Laurie)" <lmrobbins@avaya.com>
To: "Glen Sakamoto" <gsakamoto@mpbf.com>
X-Mlf-Threat: nothreat
X-Mlf-Threat-Detailed: nothreat;none;none;rules_rules_Score=-4.56_Lang=1
X-Mlf-UniqueId: i200708070033530063520
Return-Path: lmrobbins@avaya.com
X-OriginalArrivalTime: 07 Aug 2007 00:33:55.0109 (UTC)
FILETIME=[A2C27D50:01C7D88A]
------_=_NextPart_001_01C7D88A.FE766FB6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01C7D88A.FE766FB6
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01C7D88A.FE766FB6--
--
Glen
"Sanford Whiteman" wrote:
>
> Copy/paste the text of a received .EML file.
>
> All mail clients have a way of viewing message source.
>
> --Sandy
>
| |
| Sanford Whiteman 2007-08-09, 1:20 am |
| > Sandy, I hope this is what you requested. If not, let me know. Thanks!
I was looking for the headers and body of a _DSN_.
--Sandy
| |
|
| Sandy, I am struggling to find the headers and body of a DSN
--
Glen
"Sanford Whiteman" wrote:
>
> I was looking for the headers and body of a _DSN_.
>
> --Sandy
>
| |
| Sanford Whiteman 2007-08-10, 1:20 am |
| > Sandy, I am struggling to find the headers and body of a DSN
The full text of a DSN (bounce notification) will let us see the full path
back from the last successful hop. That's the easiest way to find out
whose server -- your outbound, their MX, or their mailbox server --
generated the DSN.
People who are unfamiliar with mail headers often guess that bounces
originated either closer or farther away than they actually did.
When you can next get your hands on such a message, please post it.
--Sandy
| |
|
| Sandy, I am guessing the hangup is on my mail server since the DSN message
comes back shortly after attempting to send the message. I can't say that
there are any other mail domains that my users have not been able to send
email to. I hope this gives you a little more insight as to where and what
the hangup is. Thanks again for your continued help.
Glen
Microsoft Mail Internet Headers Version 2.0
From: postmaster@MPBF.com
To: gsakamoto@mpbf.com
Date: Fri, 10 Aug 2007 09:04:02 -0700
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary=" 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com"
X-DSNContext: 7ce717b1 - 1194 - 00000002 - 00000000
Message-ID: <i89QtpfTY00000117@mail.mpbf.com>
Subject: Delivery Status Notification (Failure)
-- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com
Content-Type: text/plain; charset=unicode-1-1-utf-7
-- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com
Content-Type: message/delivery-status
-- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com
Content-Type: message/rfc822
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7DB68.1111D8D4"
Subject: Test, please disregard
Date: Fri, 10 Aug 2007 09:04:00 -0700
Message-ID: < 560090C01FCC694286890B6C5911BFF88B1356@m
pbf-mail.mpbf.local>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Test, please disregard
Thread-Index: AcfbaAd5kP7+BoefQimTHGrFPOpERA==
From: "Glen Sakamoto" <gsakamoto@mpbf.com>
To: <rkoplick@sfgiants.com>
------_=_NextPart_001_01C7DB68.1111D8D4
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01C7DB68.1111D8D4
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01C7DB68.1111D8D4--
-- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com--
--
Glen
"Sanford Whiteman" wrote:
>
> The full text of a DSN (bounce notification) will let us see the full path
> back from the last successful hop. That's the easiest way to find out
> whose server -- your outbound, their MX, or their mailbox server --
> generated the DSN.
>
> People who are unfamiliar with mail headers often guess that bounces
> originated either closer or farther away than they actually did.
>
> When you can next get your hands on such a message, please post it.
>
> --Sandy
>
| |
|
| Hi Sandy,
Not sure if this is the correct DSN message you were looking for. I am still
unable to reach that mail domain for whatever reason. Any other suggestions
would be greatly appreciated. Thanks again!
--
Glen
"Glen" wrote:
[vbcol=seagreen]
> Sandy, I am guessing the hangup is on my mail server since the DSN message
> comes back shortly after attempting to send the message. I can't say that
> there are any other mail domains that my users have not been able to send
> email to. I hope this gives you a little more insight as to where and what
> the hangup is. Thanks again for your continued help.
>
> Glen
>
> Microsoft Mail Internet Headers Version 2.0
> From: postmaster@MPBF.com
> To: gsakamoto@mpbf.com
> Date: Fri, 10 Aug 2007 09:04:02 -0700
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> boundary=" 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com"
> X-DSNContext: 7ce717b1 - 1194 - 00000002 - 00000000
> Message-ID: <i89QtpfTY00000117@mail.mpbf.com>
> Subject: Delivery Status Notification (Failure)
>
> -- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com
> Content-Type: text/plain; charset=unicode-1-1-utf-7
>
> -- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com
> Content-Type: message/delivery-status
>
> -- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com
> Content-Type: message/rfc822
>
> X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
> Content-class: urn:content-classes:message
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----_=_NextPart_001_01C7DB68.1111D8D4"
> Subject: Test, please disregard
> Date: Fri, 10 Aug 2007 09:04:00 -0700
> Message-ID: < 560090C01FCC694286890B6C5911BFF88B1356@m
pbf-mail.mpbf.local>
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: Test, please disregard
> Thread-Index: AcfbaAd5kP7+BoefQimTHGrFPOpERA==
> From: "Glen Sakamoto" <gsakamoto@mpbf.com>
> To: <rkoplick@sfgiants.com>
>
> ------_=_NextPart_001_01C7DB68.1111D8D4
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> ------_=_NextPart_001_01C7DB68.1111D8D4
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
>
> ------_=_NextPart_001_01C7DB68.1111D8D4--
>
> -- 9B095B5ADSN=_01C7D91225CF09340000187Amai
l.mpbf.com--
>
> --
> Glen
>
>
> "Sanford Whiteman" wrote:
>
|
|
|
|
|