1

We have an in house MS Exchange 2016 server. It has been running well for a few years now. This is happening more and more often. A user gets a kickback stating the email was undeliverable. There have been no changes in the system for sometime so it is very interesting this error pops up like some sort of configuration error. I've noticed this happens mostly with gmail and comcast, but a few come from other domains.

I'd like know where to find where the SMTP server is defined as 127.0.0.1.

Thanks,

Here is the actual (revised) email the user gets:

 From: Microsoft Outlook 
 Sent: Tuesday, August 20, 2019 9:12 AM
 To: FUser LUser
 Subject: Undeliverable: RE: Payment Needed - VMC Design Order


 EXCHANGE2016 rejected your message to the following email addresses:
 FRecp LRecp (Recp@gmail.com)
 A problem occurred while delivering your message to this email address. Try sending your message again. If the problem continues, please contact your email admin.



 EXCHANGE2016 gave this error:
 No SMTP server defined. Use real server address instead of 127.0.0.1 in your account. 








 Diagnostic information for administrators:

 Generating server: EXCHANGE2016.DAMIN.GOT


 Recp@gmail.com
 EXCHANGE2016
 Remote Server returned '550 No SMTP server defined. Use real server address instead of 127.0.0.1 in your account.'


 Original message headers:

 Received: from EXCHANGE2016.DAMIN.GOT (10.1.7.8) by EXCHANGE2016.DAMIN.GOT
  (10.1.7.8) with Microsoft SMTP Server (TLS) id 15.1.225.42; Tue, 20 Aug 2019
  09:11:48 -0500
 Received: from EXCHANGE2016.DAMIN.GOT ([fe80::4d0e:7a20:4aa0:90e1]) by
  EXCHANGE2016.DAMIN.GOT ([fe80::4d0e:7a20:4aa0:90e1%13]) with mapi id
  15.01.0225.041; Tue, 20 Aug 2019 09:11:42 -0500
 From: FUser LUser <user@inc.net>
 To: FFRecp LRecp LFRecp LRecp <Recp@gmail.com>
 Subject: RE: Payment Needed - VMC Design Order
 Thread-Topic: Payment Needed - VMC Design Order
 Thread-Index: AdVO5uopoQqQJ3urQyi6W+fJb7TlCQAL3KAAALdwjfAADmk+gAEYTI/gAD6dUAAAChE60A==
 Date: Tue, 20 Aug 2019 14:11:42 +0000
 Message-ID: <b9b88a1a5994480fa06dc14e3f9aeefd@inc.net>
 References: <936b8d6054c545a1b3e6fcb0d4715299@inc.net>
  <B97211AC-415F-4BE5-A474-128A1CB22260@gmail.com>
  <e619b685832a4c5791719ce673ee303e@inc.net>
  <DCF49E6C-C5FC-461A-8AC1-6BE0ECB8F06A@gmail.com>
  <1946286a00714a919b5852d9b2b95f2a@inc.net>
  <2E859AE7-400D-452B-847B-F2AC47CEC021@gmail.com>
 In-Reply-To: <2E859AE7-400D-452B-847B-F2AC47CEC021@gmail.com>
 Accept-Language: en-US
 Content-Language: en-US
 X-MS-Has-Attach: yes
 X-MS-TNEF-Correlator:
 x-originating-ip: [10.1.2.52]
 x-avast-antispam: clean, score=10
 x-original-content-type: application/ms-tnef
 Content-Type: multipart/mixed;
 boundary="_004_b9b88a1a5994480fa06dc14e3f9aeefdincnet_"
 MIME-Version: 1.0
Harry Johnston
  • 6,005
  • 4
  • 35
  • 52
noobInTraining
  • 21
  • 1
  • 6
  • To avoid any possible confusion, are the emails that are being rejected coming *from* your domain and being rejected *by* gmail, comcast, etc., or are they coming *from* gmail, comcast, etc., and being rejected *by* your domain? – Harry Johnston Aug 29 '19 at 21:13
  • @HarryJohnston The question states that the mail is coming from local users and being rejected by the local Exchange server. – Michael Hampton Aug 29 '19 at 21:15
  • @MichaelHampton, I'm prepared to defer to your expertise, but I don't understand how you drew that conclusion. – Harry Johnston Aug 29 '19 at 21:19
  • @HarryJohnston I just read the question. It wasn't difficult. – Michael Hampton Aug 29 '19 at 21:22
  • @MichaelHampton, but the email message explicitly says that the "Remote Server" generated the 550 error. Surely that means gmail.com? – Harry Johnston Aug 29 '19 at 21:50
  • @HarryJohnston No, that is plainly not a Gmail message. In fact, a quick Google suggests that it comes from anti-virus software. Someone's really messed up on this Exchange server. – Michael Hampton Aug 29 '19 at 22:01
  • @MichaelHampton, ah, so the Exchange server *thinks* the message came from gmail.com but actually the connection had been intercepted by some sort of anti-virus solution? Sounds reasonable. Should that be an answer, do you think, or is it too speculative? – Harry Johnston Aug 29 '19 at 22:16
  • 1
    @HarryJohnston I'm still trying to figure out exactly which anti-virus software it is, but that might be enough for the OP to figure it out on their own. – Michael Hampton Aug 29 '19 at 22:16
  • We use AVG for antivirus protection. Part of the kickback email states "x-avast-antispam: clean, score=10" still trying to run down why it shows avast. I did disable the email scanning on the server but it did not change anything. – noobInTraining Aug 30 '19 at 14:50

2 Answers2

1

John's solution works, but you don't need to disable the whole Mail Shield. instead disable only Scan outbound emails (SMTP) in Avast Settings.

Go to Avast Interface > Settings > Protection > Select Core Shields > Under shield settings, go to Mail Shield tab section > Disable Scan outbound emails (SMTP).

enter image description here

Junaid Pathan
  • 111
  • 2
1

If you use avast on your server, you need to disable the Spam Shield and Mail Shield components on your server. Apparently they are for workstation use only. You can leave the "Exchange" Shield on to keep protecting your email server.

Source: https://forum.avast.com/index.php?topic=228734.0

Re: Avast Business Antivirus - block e-mail from my server to gmail

Quote from: kel2 on September 03, 2019, 04:12:23 PM

Found this ... Why has it been working for so long and now stopped ... https://kb.support.business.avast.com/GetPublicArticle?title=No-SMTP-Server-Defined-Error-BAV#

I'm unsure how to answer your question, but like the Avast Firewall, both the Mail Shield and the Anti-spam components are designed only for workstations and not mail servers. I've heard our development/production team are working on a permanent solution that will automatically remove these components if the Avast installation detects Exchange on the server.

John
  • 26
  • 1