Troubleshoot mail relay issues in Exchange Server 2003 and in Exchange 2000 Server

Article translations Article translations
Article ID: 895853 - View products that this article applies to.
Expand all | Collapse all

On This Page

Summary

A computer that is running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server can be configured as a mail relay. Therefore, mail that is sent to another domain or from another domain can be forwarded to the destination by your Exchange computer. However, some issues can occur if your Exchange computer or an account on your Exchange computer is configured as an open mail relay. Additionally, some issues can occur if the mail relay is configured incorrectly.

An Exchange computer that is configured as an open mail relay can be used to send unsolicited commercial email, also known as spam. If other mail servers identify your Exchange computer as an unsolicited commercial email server, your Exchange computer may be added to block lists. Therefore, you might have problems when you send mail to other domains. To resolve this issue, you must reconfigure your Exchange computer so that is not an open mail relay. Then, you must remove your Exchange computer from the block lists.

If your Exchange computer is not an open mail relay, an account on your Exchange computer may be used to send unsolicited commercial email. Therefore, you must prevent someone from using the compromised account.

This article describes the symptoms of mail relay issues and includes steps to correct the configuration of your Exchange computer.

INTRODUCTION

This article describes the following:
  • How to troubleshoot mail relay issues in Exchange Server 2003 and in Exchange 2000 Server
  • How to prevent your Exchange computer from being used as an open mail relay
  • How to set up SMTP domains for incoming mail and relay mail in Exchange
Exchange provides full Simple Mail Transfer Protocol (SMTP) mail services. The Exchange SMTP server can be used to receive mail and to relay mail to other Exchange computers on your network or to other SMTP servers on the Internet. Mail relay permits Exchange mail clients to send mail to users in other organizations. If mail relay is not permitted, the Exchange computer can only receive and send mail for users who are in the same mail domain as the Exchange computer.

When it relays mail, the Exchange computer can forward mail that is addressed to mail domains other than its own domain. This behavior lets Exchange forward mail to any internal or external network SMTP server.

You must be careful when Internet users can access your Exchange computer. This is because your Exchange computer may be used as a mail relay by unscrupulous users. These users may forward mail to your Exchange SMTP server to distribute unsolicited commercial mail, also known as spam, to many computers. This could have an adverse effect on the available bandwidth for your Internet connection. Additionally, it could lead to your Exchange computer being added to "black hole" lists of open mail relays. If your Exchange computer is added to such a list, other mail servers might not accept mail from your domain.

Symptoms of mail relay issues

One or more of the following symptoms can occur when you experience mail relay issues.

Click here to expand or collapse the list



Possible causes of NDRs that contain error code 5.0.0, 5.7.1, or 5.7.3


Click here to expand or collapse the list


Possible causes of events 1701, 1709, 1710, 4001, and 7004

Click here to expand or collapse the list



If your Exchange computer is configured as an open mail relay that sends unsolicited commercial email

If other mail servers list your Exchange computer as a messaging server that sends unsolicited commercial email, you may experience one or more of the following symptoms:
  • You cannot send mail to an increasing number of domains.
  • Unsolicited commercial email appears in your mail queues, and you detect that your Exchange computer sends unsolicited commercial email.
  • A remote domain informs you that it receives unsolicited commercial email from your Exchange computer.
  • You receive NDRs that contain error code 5.0.0 or 5.7.1.
  • Events 7004 and 4001 are logged in the Application log.
This issue can occur if your Exchange computer is configured as an open mail relay. Alternatively, this issue can occur if an account on your Exchange computer has been compromised and is being used as a mail relay.


To resolve this issue, click here to expand or collapse the steps


If mail relay occurs from an account on an Exchange computer that is not configured as an open mail relay

Determine whether an account on your Exchange computer sends authenticated relayed mail.

To do this, click here to expand or collapse the steps

Prevent an account from authenticating with the Exchange computer to send relayed mail.

To do this, click here to expand or collapse the steps 


How to set up SMTP domains for incoming mail and for relay mail

You may want to accept mail for one or more of the following classes of Internet SMTP domains:
  • Domains that are local to your Exchange organization
  • Domains that are not local to your Exchange organization
  • Domains that are shared between your Exchange organization and another SMTP server

Domains that are local to your Exchange organization

To accept mail from domains that are local to your Exchange organization, create a recipient policy that includes an address that is similar to the following:
SMTP:@Domain.Domain_Root
For more information about how to create a recipient policy, click the following article number to view the article in the Microsoft Knowledge Base:
249299 How to configure recipient policies in Exchange

Domains that are not local to your Exchange organization

To accept mail from domains that are not local to your Exchange organization, create an SMTP connector. For more information about how to configure an SMTP connector, click the following article number to view the article in the Microsoft Knowledge Base:
265293 How to configure the SMTP connector in Exchange 200x

Domains that are shared between your Exchange organization and another SMTP server

To accept mail from domains that are shared between your Exchange organization and another SMTP server, set up an SMTP connector. To do this, follow the steps in the "Domains that are not local to your Exchange organization" section. However, when you add the domain to your recipient policies so that your users can receive mail from the address, clear the This Exchange Organization is responsible for all mail delivery to this address check box. For more information about how to share SMTP domains together with another mail system, click the following article number to view the article in the Microsoft Knowledge Base:
321721 How to share an SMTP address spaces in Exchange 2000 Server or in Exchange Server 2003

How to troubleshoot NDRs that contain error code 5.7.1 or 5.7.3

Error codes 5.7.1 and 5.7.3 and Application log events 1709, 1710, or 1701 occur under various conditions. The following scenarios describe these conditions and explain how to resolve the respective NDRs and Application log events.

Collapse this imageExpand this image
2683283
Note NDRs that contain error code 5.7.1 may contain the following message:

“The originator does not have permission to submit message.”

This message can be misleading because it implies that the sender has a permissions problem. However, the actual reason for this NDR is that the remote domain has prohibited the domain that is sending the mail from relaying the mail. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
262354 Misleading NDR when sending to remote domain that does not allow relay

Scenario 1: Authenticated computers are not allowed to relay mail

If the Allow all computers which successfully authenticate to relay regardless of the list above check box is not selected on the SMTP virtual server, you may receive NDRs that contain error code 5.7.1. To select the Allow all computers which successfully authenticate to relay regardless of the list above check box, follow these steps.

Click here to expand or collapse the steps


Scenario 2: Anonymous access to SMTP virtual servers is disabled

If the Anonymous access check box is not selected, you may receive NDRs that contain error code 5.7.1. To select the Anonymous access check box, follow these steps.

Click here to expand or collapse the steps


Scenario 3: The DNS feature is configured incorrectly

If the DNS feature is configured incorrectly, you may receive NDRs that contain error code 5.7.1 or 5.7.3. Additionally, event 1701, 1709, or 1710 may be logged in the Application log. To troubleshoot the DNS configuration, make sure that mail exchanger (MX) records point to the correct SMTP virtual server. If the DNS feature is configured incorrectly, incoming SMTP connection attempts may randomly connect to the wrong SMTP virtual server.

Scenario 4: There is no matching recipient policy for proxy addresses

If users in an organization have email addresses that do not match any of the existing recipient policies in the organization, senders who send mail to these users may receive NDRs that contain error code 5.7.1 or 5.7.3. Additionally, event 1707, 1709, or 1710 may be logged in the Application log. Typically, the proxy addresses of users in the organization should match at least one recipient policy in the organization.

Collapse this imageExpand this image
2683283
Note The term "proxy addresses" refers to the SMTP domains that are local to the organization. For more information about how to create new recipient policies or how to update existing recipient policies, click the following article number to view the article in the Microsoft Knowledge Base:
319065 How to work with the Exchange Recipient Update Service

Scenario 5: The destination server requires additional authentication

If anonymous authentication is not permitted by the destination server, you may receive NDRs that contain error code 5.7.3. Make sure that the sending client or the sending server can authenticate to the destination server.

Collapse this imageExpand this image
2683283
Note Error code 5.7.3 can also occur when the destination server cannot find the intended recipient.

Scenario 6: The ISA Server 2000 SMTP publishing rule is not updated

If you use ISA Server 2000, and the SMTP publishing rule is not updated, you may receive NDRs that contain error code 5.7.1 or 5.7.3. Additionally event 1701, 1709, or 1710 may be logged in the Application log. This issue occurs if you use ISA Server 2000 and one of the following conditions is true:
  • The external IP address of the ISA server is changed.
  • The IP address of the SMTP publishing rule is not updated to reflect the new external IP address of the ISA server.
  • The Isactrl service is not restarted after the IP address of the SMTP publishing rule is updated.

References

For more information about Exchange mail relay, click the following article numbers to view the articles in the Microsoft Knowledge Base:
304897 SMTP relay behavior in Windows 2000, Windows XP, and Exchange Server
313395 How to examine relay restrictions for anonymous SMTP connections and filter unsolicited e-mail messages in Exchange 2000 Server
319356 How to prevent unsolicited commercial e-mail in Exchange 2000 Server
324958 How to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server
310356 How to prevent mail relay in the IIS 5.0 SMTP server in Windows 2000
257538 How to obtain additional information from Internet mail or unsolicited commercial e-mail

Properties

Article ID: 895853 - Last Review: July 12, 2013 - Revision: 10.1
Applies to
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange 2000 Server Standard Edition
Keywords: 
kbtshoot kbhowtomaster KB895853

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com