How can I tell why an inbound or outbound message bounced, based on the SMTP reply code?

If your inbound messages are bouncing back to the senders, have them inspect the bounced messages for SMTP reply codes generated by the message security service (see below). If the bounced messages contain codes generated by the message security service, then the message security service is at fault, and you can use those codes as a starting point for troubleshooting the cause of the messages not getting through.

 

If your outbound messages are bouncing, inspect them for the same system-generated codes, and apply the same troubleshooting principles.

In cases where the problem lies with your message security service, consult the

If the bounced messages contain SMTP reply codes that were not generated by the message security service, then there is likely a problem with the sender’s or recipient’s mail server, or with the way the message was addressed. SMTP reply codes outside the scope of the message security service are also designed to aid in troubleshooting message delivery problems.

SMTP Reply Codes Generated by the Message Security Service

The message security service generates SMTP reply codes of its own, and also passes SMPT codes between sending and receiving Mail Transfer Agents (MTAs).

Codes generated by the message security service are specific to components of the service, and can indicate things like:

  • The intended recipient was not registered with the service
  • The message was identified as spam or virus infected
  • The sender’s domain was identified as a source of spam
  • The message violated some aspect of your company’s email policy, for example, by including credit-card numbers or prohibited language

 

These reply codes are identified by the suffix - psmtp; for example: 550 No such user - psmtp.

SMTP codes that the message security service passes between MTAs do notinclude the - psmtp suffix.

Here is a list of the codes generated by the message security service, organized by the components of the service.

Connection Manager Automatic & Manual Blocks:

 

Delivery Manager:

 

Spool Manager:

 

Non Account Bouncing:

 

Spam Blocking:

 

Virus Blocking:

  • 451 Possible Virus Detected, try again later - psmtp
  • 451 Please try again for virus detection - psmtp
  • 571 Virus Blocked - psmtp
  • 571 Virus detected - psmtp

 

Content Manager:

 

Attachment Manager:

 

TLS:

 

SMTP Codes Generated by MTAs and Relayed by Message Security Service

SMTP codes that the message security service simply passes on behalf of sending or receiving MTAs do not contain the - psmtp suffix.

Here is a list of SMTP codes generated by MTAs (along with brief explanations).

101 Cannot open connection (The sending MTA cannot open a connection to the receving MTA)

200 Nonstandard success response (see rfc876)

211 System status or System help reply (Mail server status, or reply to request for Help information)

214 Help message (Reply to Help command, URL to information about the SMTP software running on the server)

220 domain Service ready (The mail service is running)

221 domain Service closing transmission channel (Server is ending mail session, no more mail to send)

250 Requested mail action okay, completed (Message successfully delivered)

251 User not local; will forward to (The specified user is not local to the server, but the server will forward the mail message)

252 Cannot VRFY user, but will accept message and attempt delivery (Address appears valid but server cannot verify; server will attempt to deliver message)

354 Start mail input; end with <CRLF>.<CRLF> (Server has received From and To information, and is asking for message body)

421 domain Service not available, closing transmission channel (Mail transfer service is unavailable)

450 Requested mail action not taken: mailbox unavailable (Server could not deliver message, mailbox unavailable, possibly due to server maintenance on mailbox or server down)

451 Requested action aborted: local error in processing (Indicates different problems like bad configuration of sending server, resource constraint on sending server, local firewall stripping out SMTP commands)

452 Requested action not taken: insufficient system storage (Server disk space is full)

500 Syntax error, command unrecognized (Last command not recognized as valid SMTP command, command improperly formatted, command too long)

501 Syntax error in commands or arguments (Correct command but bad syntax in commands or arguments, often a malformed email address)

502 Command not implemented (Last command recognized, but not implemented by server)

503 Bad sequence of commands (Last command sent out of sequence, for example, DATA sent before RECV, possibly due to dropped packet)

550 Requested action not taken: mailbox unavailable (Mailbox can't be found or you don't have access rights)

551 User not local; please try forward path (The specified user is not local to the server and the message was not delivered, but the server returns a forwarding address)

552 Requested mail action aborted:exceeded storage allocation (Mailbox has exceeded storage allocation)

553 Requested action not taken: mailbox name not allowed (Email address was not syntactically correct)

554 Transaction failed (Transaction failed for unknown reason)

SMTP Reply Codes Grouped by SMTP Command

The following list groups the SMTP reply codes by the SMTP commands with which they can be associated. This can help you identify at what point the process failed.

HELO

250, 421, 500, 501, 504, 521

EHLO

250, 421, 500, 501, 504, 521

MAIL

250, 421, 451, 452, 500, 501, 552

RCPT

250, 251, 421, 450, 451, 452, 500, 501, 503, 521, 550, 551, 552, 553

DATA

354, 421, 451, 500, 501, 503, 554

SEND

250, 421, 451, 452, 500, 501, 502, 552

SOML

250, 421, 451, 452, 500, 501, 502, 552

SAML

250, 421, 451, 452, 500, 501, 502, 552

RSET

200, 250, 421, 500, 501, 504

VRFY

250, 251, 421, 500, 501, 502, 504, 550, 551, 553

EXPN

250, 421, 500, 501, 502, 504, 550

HELP

211, 214, 421, 500, 501, 502, 504

NOOP

200, 250, 421, 500

QUIT

221, 500

TURN

250, 500, 502, 503

Enhanced SMTP Reply Codes

The following list contains enhanced SMTP reply codes used by some mail servers. It also contains some notes and recommendations regarding Microsoft Exchange Server.

2.0.0 (nonstandard success response, see rfc876).

2.1.1 System status, or system help reply.

2.1.4 Help message.

2.2.0 Service ready.

2.2.1 Service closing transmission channel.

2.5.0 Requested mail action okay, completed.

2.5.1 User not local; will forward to.

3.5.4 Start mail input; end with ". "

4.2.1 Service not available, closing transmission channel.

4.2.2 The recipient has exceeded their mailbox limit. It could also be that the delivery directory on the Virtual server has exceeded its limit (default: 22 MB).

4.3.1 Not enough disk space on the delivery server. Microsoft says this NDR may be reported as an out-of-memory error.

4.3.2 Classic temporary problem: the Administrator has frozen the queue.

4.4.1 Intermittent network connection. The server has not yet responded. Classic temporary problem. If it persists, you will also receive a 5.4.x status code.

4.4.2 The server started to deliver the message but the connection was broken.

4.4.6 Too many hops. The message is likely looping.

4.4.7 Problem with a timeout. Check receiving server connectors.

4.4.9 A DNS problem. Check your smart host setting on the SMTP connector. For example, verify that the SMTP format is correct. Also, use square brackets in the IP address [197.89.1.4]. You can get this same NDR error if you have been deleting routing groups.

4.5.0 Requested mail action not taken: mailbox unavailable.

4.5.1 Requested action aborted: local error in processing.

4.5.2 Requested action not taken: insufficient system storage.

4.6.5 Multi-language situation. Your server does not have the correct language code page installed.

5.0.0 Syntax error, command unrecognized. You receive this NDR when you try to send email via telnet and make a typing mistake. More likely, a routing-group error, no routing connector, or no suitable address space in the connector. (Try adding * in the address space.)

5.0.1 Syntax error in parameters or arguments.

5.0.2 Command not implemented.

5.0.3 Bad sequence of commands.

5.0.4 Command parameter not implemented.

5.1.x Problem with email address.

5.1.0 Often seen with contacts. Check the recipient address.

5.1.1 Another problem with the recipient address. Possibly the user was moved to another server in Active Directory. Maybe an Outlook client replied to a message while offline.

5.1.3 Another problem with contacts. Address field maybe empty. Check the address information.

5.1.4 Two objects have the same address, which confuses the categorizer.

5.1.5 Destination mailbox address invalid.

5.1.6 Problem with homeMDB or msExchHomeServerName - check how many users are affected. Sometimes running RUS (Recipient Update Service) cures this problem. Mailbox may have moved.

5.1.7 Problem with senders mail attribute, check properties sheet in ADUC.

5.2.x NDR caused by a problem with the large size of the email.

5.2.1 The message is too large. Else it could be a permissions problem. Check the recipient’s mailbox.

5.2.2 Sadly, the recipient has exceeded their mailbox limit.

5.2.3 Recipient cannot receive messages this big. Server or connector limit exceeded.

5.2.4 Most likely, a distribution list or group is trying to send an email. Check where the expansion server is situated.

5.3.0 Problem with MTA. Someone may have been editing the registry to disable the MTA / Store driver.

5.3.1 Mail system full. Possibly a Standard edition of Exchange reached the 16 GB limit.

5.3.2 System not accepting network messages. Look outside Exchange for a connectivity problem.

5.3.3 Remote server has insufficient disk space to hold email. Check SMTP log.

5.3.4 Message too big. Check limits, System Policy, connector, virtual server.

5.3.5 Multiple Virtual Servers are using the same IP address and port. See Microsoft TechNet article: 321721 Sharing SMTP. Email probably looping.

5.4.0 DNS Problem. Check the Smart host, or check your DNS. It means that there is no DNS server that can resolve this email address. Could be a Virtual Server SMTP address.

5.4.1 No answer from host. Not Exchange’s fault, check connections.

5.4.2 Bad connection.

5.4.3 Routing server failure. No available route.

5.4.4 Cannot find the next hop. Check the Routing Group Connector. Perhaps you have Exchange servers in different Routing Groups, but no connector.

5.4.6 Looping problem A contact has the same email address as an Active Directory user. One user is probably using an Alternate Recipient with the same email address as a contact.

5.4.7 Delivery time-out. Message is taking too long to be delivered.

5.4.8 Microsoft advises to check your recipient policy. SMTP address should be cp.com NOT server.cp.com.

5.5.0 Requested action not taken: mailbox unavailable. Underlying SMTP 500 error. Sending server tried EHLO, the recipient’s server did not understand and returned a 550 or 500 error. Set up SMTP logging.

5.5.2 Possibly the disk holding the operating system is full. Or "Requested mail action aborted: exceeded storage allocation" if you are executing an SMTP.

5.5.3 More than 5,000 recipients. Check the Global Settings, Message Delivery properties. Or "Requested action not taken: mailbox name not allowed" if you are executing an SMTP.

5.5.4 Transaction failed.

5.5.5 Wrong protocol version.

5.6.3 More than 250 attachments.

5.7.1 Permissions problem. For some reason the sender is not allowed to email this account. Perhaps an anonymous user is trying to send mail to a distribution list.

Check SMTP Virtual Server Access Tab. Allow computers that successfully authenticate to relay.

User may have a manually created email address that does not match a System Policy.

Exchange 2003 SBS gives this error if IMF is set to "reject" and the message falls into that top threshold. Click System Manager > Global Settings > Message Delivery (right click > Properties) > Intelligent Message Filtering; then set "When blocking messages", to No Action, and see if that message goes away. The threshold might need to be set higher if it's happening a lot.

5.7.2 Distribution list cannot expand and so is unable to deliver its messages.

5.7.3 Check external IP address of ISA server. Make sure it matches the SMTP publishing rule.

5.7.4 Extra security features not supported. Check delivery server settings.

5.7.5 Cryptographic failure. Try a plain message with encryption.

5.7.6 Certificate problem, encryption level maybe to high.

5.7.7 Message integrity problem.

 

Note: See rfc2821 for the basic specification of SMTP; see also rfc1123 for important additional information. See rfc1893 and rfc2034 for information about enhanced status codes. Check the RFC index for further mail-related RFCs.