SMTP典型错误:“550 5.7.1 Uable to relay user@domain.com”的研究

SMTP典型错误:“550 5.7.1 Uable to relay user@domain.com” 的研究

----------------------------------------------------------------

The information in this article applies to:

- Microsoft Exchange 2000 Server

----------------------------------------------------------------

现象：

同类错误的表象:

错误发生的环境	详细错误报告[/b]
能够从Outlook客户端向外发送邮件(如user@Sohu.com)，但是从Outlook Express客户端却不能这么做	OutlookExpress弹出一个错误对话框，说“处理所需任务时出错”。 错误描述： 由于服务器拒绝收件人之一，无法发送邮件。被拒绝的电子邮件地址是“zhengyun_ustc@XXX.com”。主题'test'；账户：'mailserver'，服务器：'mailserver'，协议：SMTP，服务器响应：'550 5.7.1 Unable to relay for zhengyun_ustc@XXX.com'，端口：25，安全（SSL）：否，服务器错误：550，错误号：0x800CCC79
在VBScript脚本中，如果指定SMTP Server来向外发送邮件，会得到0X0804020F的错误号； 但是不指定SMTP Server，默认用Pickup方式，让本地的SMTP Service来向外发送邮件却是可以的 (脚本示范在附录A中)	弹出一个标题为“Windows 脚本宿主”的错误对话框。错误描述为： 错误： the Server rejected one or more recipient address.The server response was:550 5.7.1 Unable to relay for zhengyun_ustc@XXX.com 代码： 8004020F
	5.7.1[/b]错误号一般会伴随有应用程序日志的事件[/b]ID 1709[/b]和[/b]1710:[/b] Event Type: Warning Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 1709 Date: 9/6/2000 Time: 5:21:28 AM User: N/A Computer: SERVERNAME Description: An SMTP client did not authenticate before attempting to send mail. Access was denied.[/b] Data: 0000: 05 00 07 80 ...? Event Type: Warning Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 1710 Date: 9/5/2000 Time: 3:31:03 PM User: N/A Computer: SERVERNAME Description: An SMTP client authenticated as user "NT AUTHORITY\ANONYMOUS LOGON" attempted to send as "User.one@domain.edu". Access was denied because the authenticated client does not have permission to Send As this SMTP address.[/b] Data: 0000: 05 00 07 80 ...?
向一个不允许中继的远程域发送邮件	Non-Delivery Report (NDR)[/b]详细错误报告[/b]:[/b] The following recipient(s) could not be reached: User@Remotedomain.com on 1/6/00 7:58 PM The originator does not have permission to submit message dns;Wsilver.com failed 5.7.1 smtp;550 5.7.1 Unable to relay for User@Remotedomain.com

我们先来了解一下前面报告的错误号的含义:

0X8004020F的错误号的定义：

可以参看CDO For Exchange 2000或者CDO For Windows 2000的错误号定义：

Error Name	Value	Remarks
CDO_E_RECIPIENTS_REJECTED	0x8004020FL	The server rejected one or more recipient addresses. The server response was: %1.

5.7.1错误号的定义：

DSN(Delivery Status Notifications in Exchange 2000 Server[/b])描述了三种情况：

Ø Success (as 2.<X.X> numerical codes)

Ø Persistent transient failure (as 4.<X.X> numerical codes)

Ø Permanent failures (as 5.<X.X> numerical codes)

详细定义可以参见RFC 1891和RFC1893。

Numerical Code: 5.7.1：

Possible Cause:

n General access denied, sender access denied ? the sender of the message does not have the privileges necessary to complete delivery.

n You are trying to relay your mail via another SMTP server and it does not permit you to relay.

n The recipient might have mailbox delivery restrictions enabled. For example, a recipient’s mailbox delivery restriction was sent to receive from a Distribution List only and non-member’s email will be rejected with this error.

Troubleshooting: Check system privileges and attributes for the contact and

retry the message. Also make sure you are running Exchange 2000 Service Pack

1 or later for other potential known issues.

附录A：

Dim objMessage set objMessage = CreateObject("CDO.Message") With objMessage .from = "User@XXX.com" .To = "zhengyun_ustc@XXX.com" .TextBody = "body" .Subject = "Subject" With .Configuration .Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 'cdoSendUsingPort .Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "mailserver.tomocorp.com" .Fields(cdoSMTPServerPort) = 25 .Fields.update End With End With objMessage.send

原因与解决方法：

出错的几种原因：

第一种解释：

《XCON: NDRs May Result Based on SMTP Configuration [Q274638]》给出的适合Exchange的解释：

发生5.7.1错误可能是由于Exchange的System Manager中的SMTP虚拟服务器的设置中没有选中“allow computers which successfully authenticate to relay[/b]”复选框。如下所示，

先打开SMTP Virtual Server的属性页的Access页：

然后点击“Relay”按钮，察看“Allow all computers which successfully authenticate to relay,regardless of the list above”[/b]是否选中：

[/b]

或者是DNS没有被正确配置。应该确保MX纪录指向正确的SMTP虚拟服务器。如果DNS没有配正确，incoming SMTP connection可能会随机连接到错误的SMTP虚拟服务器。

也可能收件人的邮件地址并不符合现有的收件人策略。

解决办法：正确地配置DNS MX记录；

允许验证通过的机器能够被中继；

让所有的SMTP虚拟服务器允许匿名访问。

然后重启这些虚拟服务、SMTP服务、Routing Engine服务等来使设置起效。

[/b]

第二种解释：

《OL2000: SMTP Relay Blocking Error Sending E-mail [Q214402]》给出了的解释：

ü You are logged in to a Local Area Network (LAN) that has an Internet gateway and attempt to send e-mail through an Internet Service Provider's SMTP gateway.

ü You are logged onto an Internet Service Provider (ISP) and attempt to send e-mail through another Internet Service Provider's SMTP gateway.

ü You are using a cable modem or ADSL to get to another Internet Service Provider and attempt to send e-mail through that ISP's SMTP gateway.

这种问题的发生是ISP们的设置所造成的，ISP们这样做，是为了防止SPAM(垃圾邮件)。比如SOHU和新浪的SMTP服务就是ESMTP命令集，用这些服务器发送邮件，就需要先通过身份验证，否则会得到如下所示的提示：

SOHU的反应：

220 smtp01.sohu.com ESMTP
250 smtp01.sohu.com
505 Error:Client was not authenticated

新浪的反应：

220 sina.com ESMTP

250 sina.com

553 -------------------------------------------------------

SMTP登录出错。

-------------------------------------------------------------

第三种解释：

《XCON: SMTP Clients Receive Relaying Prohibited Error Message [Q295164]》给出了一种解释：可能是Outlook Express所在的客户端与服务器端之间有一个Cisco防火墙，而该火墙启用了SMTP inspection。

(Extension to SMTP (ESMTP) commands can also be removed by Pix firewall software.)

解决之道：不让火墙进行SMTP inspection。

第四种解释：

《XCON: Misleading NDR Sending to Remote Domain [Q262354]》说，也可能是Remote Domain已经禁止Sending Domain中继。也就是说，是对方禁止，而不是本地服务器禁止这种行为。

给出错误解决步骤比较详细的文档：

《Health Monitor Is Unable to Send E-Mail via Local SMTP Server [Q280043]》中给出的检查步骤比较详细，这里就简单列出两个检查点：

n Verify the Binding Order

n Verify the Relay Settings for the Exchange SMTP Virtual Server

小结：

这种“Unable to relay user@externaldomain.com”的错误通常属于设计意图。也就是说，为了防止Internet上的Unsolicited Commercial E-Mail (UCE)，Microsoft的SMTP服务，默认，是不允许一封邮件通过它中继到外面的邮件地址的！

详细情况可以参看《SMTP Service Release Notes》。

下面是其中的一段话：

------------------------------------------------------------

Restrictions on Relaying Mail Through Microsoft SMTP Service

------------------------------------------------------------

Because of the growing problem on the Internet concerning Unsolicited Commercial

E-Mail (UCE), Microsoft SMTP Service, by default, does not allow mail to be

relayed through it to an external e-mail address. Mail addressed to any domain

not configured for the SMTP site is rejected with the error "550 Unable to relay

for <mail address>." To allow mail to be relayed from specific IP

addresses, change the settings in the "Relay Restrictions" section of the

"Directory Security" property sheet.

NOTE: Changing the settings to allow unrestricted relay through your SMTP server

on the Internet makes your site a prime target for UCE. UCE can consist of

special offers, commentaries, or any message a sender wants to convey to as many

recipients as possible across the Internet. Often, senders relay UCE through

well-known, trusted servers on the Internet to make messages appear as though

they originated from a trusted host, or to make it difficult to determine the

origin of the messages.

Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=12665