Question

Locked

SBS 2003 - SMTP: 504 Need to Authenticate First

By jgreer ·
I currently have SBS 2003 using DNS to route email. Currently I have a 1/3rd of our emails being returned for error: 504 need to authenticate first. I have completed the steps in Microsoft's knowledgebase and regarding authentication. No improvement. Any idea's on what else I can do to correct this issue?

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

ISP SMTP blocking

by Churdoo In reply to SBS 2003 - SMTP: 504 Need ...

What kind of internet connection are you using? Is it a broadband connection like DSL or cable? If so, then it's likely that your ISP blocks SMTP traffic destined outside of their network.

If this is the case, then in order to send email, you'll have to
a) configure SBS to SMARTHOST to your ISP email servers and follow their procedures for outbound SMTP and/or authentication
b) upgrade your ISP account to allow outbound SMTP
c) use an outside service like Postini and use a port other than port 25 for your outbound SMTP.

Collapse -

SMTP Response

by jgreer In reply to ISP SMTP blocking

Something must be wrong. THe ISP claims they do not close port 25, I cannot use their servers for relay since they don't allow it. I configured our server to send email across the DNS. But still seem to have these errors.

Does anyone else have any other ideas?

Collapse -

This might work for your DNS issue.

Clean Your DNS Cache to Fix Browsing Problems


If you've found yourself hitting DNS errors or 404 pages in your browser but you know your net connection is working fine, it might be time to flush and restart Windows' DNS cache. The How-To Geek shows how to do this in three command line entries, although you might only need the first to see results. After launching a command prompt as an administrator and closing down Firefox (which has its own DNS cache), enter the following:

ipconfig /flushdns
net stop dnscache
net start dnscache


An easier and quicker way of doing this in XP is to:
1) go to Start
2) go to Run
3) Type: services.msc
4) click Enter.
5) Then locate "DNS Client"
6) Right click on it.
7) From there, click Restart
....................................................................................

Put into a .bat file.
@echo off
echo .*** RUNNING IPCONFIG /FLUSHDNS ***
pause
ipconfig /flushdns
echo .*** STOP THE DNS CACHE ***
pause
net stop dnscache
echo .*** START THE DNS CACHE ***
pause
net start dnscache
Or:

@echo off
echo .*** RUNNING IPCONFIG /FLUSHDNS ***
ipconfig /flushdns
echo .*** STOP THE DNS CACHE ***
start /wait net stop dnscache
echo .*** START THE DNS CACHE ***
pause
net start dnscache
That way no pauses, and start /wait forces the batch file to wait until the net stop dnscache finshes before trying to start it

............................................................................................

Commandline-ophobes can also right-click on the connection, either in the Network Connections control panel applet or in the taskbar (if you have it set to always display there), and choose "Repair".
In addition to flushing the DNS cache, this renews the DHCP lease, flushes the NETBIOS cache, and reregisters NetBIOS and IP address with WINS.
.........................................................................................................................

Please post back if you have any more problems or questions.
If this info is useful, please give a thumbs up. Thanks

Collapse -

SMTP ...

by Churdoo In reply to SMTP Response

... to public email domains does not require authentication. So perhaps SMTP authentication is enabled on outbound connections when none is required.

So if you're in fact connecting directly to recipient SMTP servers via DNS MX record lookups, then make sure you are using "Anonymous Access" for your outbound SMTP connections.

I believe that you said you're using SBS so this is configured in the CEICW (configure email and internet connection weeeeeezard).

Collapse -

No authentication active anywhere on SMTP

by jgreer In reply to SMTP ...

I checked the protocols and connectors and verified no authentication is required. Both have anonymous and then reran the connection wizard. Still no improvement.

Collapse -

post the exact error

by CG IT In reply to SBS 2003 - SMTP: 504 Need ...

including all information. It's possible that who you are sending email to will not accept the email unless your Exchange can authenticate itself through a reverse lookup.

Also, more and more many email servers will reject email from other email servers that have dynamic public IP addresses. They do this because spammers typically use dynamic addressing to get around ip blocking.

Collapse -

Exact Error Messages

by jgreer In reply to post the exact error

Our IP is not dynamic and per our provider they have setup a reverse dns record for our exchange server.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event I 7010
Date: 9/9/2008
Time: 8:38:47 AM
User: N/A
Computer: ServerName
Description:
This is an SMTP protocol log for virtual server ID 1, connection #15. The client at "209.242.148.130" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 2040 2". This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

and

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event I 7004
Date: 9/9/2008
Time: 8:12:30 AM
User: N/A
Computer: ServerName
Description:
This is an SMTP protocol error log for virtual server ID 1, connection #13. The remote host "208.42.183.52", responded to the SMTP command "rcpt" with "554 <recipients_address>: Relay access denied ". The full command sent was "RCPT TO:<recipients_address> ". This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

Collapse -

who is hosting what? Where was the message sent?

by CG IT In reply to Exact Error Messages

your Small Business Server hosts your domain's [not FQDN] DNS and Exchange services.

Mail sent out via Exchange will go to most places. There are some mail servers that will request a reverse lookup before they accept mail. your SBS DNS server needs to perform this verification process because the mail is send from your IP address [public] for your public domain name and SBS needs to confirm this, not someone elses DNS server

Typically SBS creates a reverse lookup zone but if it didn't you need to make one.

Another issue is "relay access denied". all mail servers should deny relaying and your SBS box Exchange server should as well. The return message error indicates your trying to relay through the remote host [208.42.183.52]. and the secure connection is denied meaning that your not on the relay allow list. That's why I ask where was the message sent? you shouldn't be trying to relay email via Exchange or someone else's mail server and if you are then you should setup with the remote host people your Exchange server as an allowed relay host [which is like asking god to win the lottery probably will never happen].

When you setup SBS, it will setup the domain as .local you should leave it as .local then when you run the connect to the internet wizard, there is a section where you add in your public domain name [the .com/net/org name. you do that and choose SMTP and DNS for mail. Your domain name registar [not ISP unless you got your public domain name from them] hosts the authoritation name servers for your public domain name [or you can specify your SBS box DNS server to be authoritation for your public domain name]if you have a static IP address assigned for your public domain name, then you simply have your domain name registar list that address in their name servers. Traffic is then sent to your public address which comes in your WAN interface to your SBS box.

This is the default way SBS works for Exchange email and your SBS box should reflect this unless you use POP3.

Collapse -

Answers

by jgreer In reply to who is hosting what? Wher ...

Our provider is Covad services - they do not permit usage of their smtp so we are using the send email using DNS with two DNS servers provided by Covad. Our internal DNS server has just the .local - so if I setup a zone for our actual external mail then that should correct the issue, right?

Also, we are not relaying at all, I have disabled all relay settings yet this error still occurs. I even deleted and recreated the smtp connector. The bouncing emails is occuring on many different addresses, those are just two. This has occurred with about 1/3rd of our email which is a few hundred per day.

Collapse -

reply

by CG IT In reply to Answers

no you do not create any records in DNS for your public domain name eg .com/net/org

SBS handles the translation between the .local and .com headers on email sent out via Exchange. when you ran the connect to the internet wizard, you choose how exchange will operate [SMTP or POP3] and the you provide your public domain name [Exchange puts the correct header in for mail]

Still fuzzy on what Covad does for you as far as DNS services. Covad should do nothing more that answer internet whois queries by providing public domain name to public IP address translation provided that Covad is the authoritative DNS server for your public domain name.

Usually how this works is authoritative name servers provide name resolution to your public address. If yahoo needs to send mail to you, yahoo will create a query "whois" your domain name. I assume Covad will provide the answer your domain name is your public IP address. The MX record, if they provide this service, is nothing more that saying @your domain is your domain name and your domain name then resolves to your public IP address. A reverse query is the opposite. Whois YOUR public IP address needs to resolve to your domain name. If it doesn't many email servers will reject the mail believing that the mail is relay mail [ip address doesn't match up with public domain name].

Taking a shot at the dark, but it sounds like somewhere, Covad DNS servers are doing more than they should or are not doing, correctly, what needs to be done. Again, Covad DNS servers should do no more that provide name resolution for your public IP address and if they provide MX records, resolve that to your public domain name which then resolves to your public IP address.

Example and MX record looks like this

<your domain name>10<your domain name>

A records looks like this

<your domain name> = <public IP address>

MX resolution says @<domain name>.com resolves to <domain name>.com

<domain>.com resolves to <XXX.XXX.XXX.XXX [your public address]

Mail is routed to your public IP address which your perimeter router should then forward port 25 traffic to your SBS box NIC[if your using 2 NICs then SMTP traffic is forwarded to the NIC classified as the external NIC. [the one that connects to your perimeter router]. If mail has to go someplace else before it gets to you, or if another server answers a query for your domain name with a different address than your IP address, then it's considered relay.

Back to Software Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums