Some firewalls and network devices filter out certain Extended Simple Mail Transfer Protocol (ESMTP) commands or "verbs." This can break communications between Exchange 2000, Exchange 2003, and other SMTP mail servers.
If you can't or don't want to modify how traffic is being filtered, you can still get around this problem by disabling the ESMTP verbs that are being blocked by your firewalls or network devices.
Below are the ESMTP verbs that can be disabled. Some of these may be rejected explicitly by a firewall or network device.
- TURN/ATRN
- ETRN
- DSN
- ENHANCEDSTATUSCODES
- 8bitmime
- BINARYMIME
- CHUNKING
The best way to make changes to your ESMTP verb list is to use the ADSI Edit utility to modify the appropriate value in Active Directory, which will then replicate to the Metabase.
- Open the Configuration Container on an Active Directory domain controller and navigate to Configuration -> Services -> Microsoft Exchange -> <organization> -> Administrative Groups -> <admin_group> -> Servers -> <server> -> Protocols -> SMTP -> <virtual_server>. (Since this setting is a per-virtual-server setting, it's possible to change it for some SMTP virtual servers but not for others.)
- View the msExchSmtpInboundCommandSupportOptions property.
- Select Edit Attribute.
- The default value for this attribute is 3503297 (decimal). To figure out which options to disable, take this number and subtract the corresponding decimal values for each option:
DSN: 64
ETRN: 128
TURN/ATRN: 1024
ENHANCEDSTATUSCODES: 4096
CHUNKING: 1048576
BINARYMIME: 2097152
8bitmime: 4194304
For instance, if you only want to disable CHUNKING, use 2454721 (3503297 minus 1048576). To disable DSN and CHUNKING, you'd use 2454657 (3503297minus 64 minus1048576).
- Apply the changes. (Note that the changes will need to be replicated from your domain controller before they take effect.)
This process is described in slightly more detail in Microsoft Knowledge Base article 257569, "How to turn off ESMTP verbs in Exchange 2000 Server and in Exchange Server 2003."
One command often blocked by network boxes is actually not on this list -- BDAT. This ESMTP verb in turn attempts to invoke CHUNKING. In such a case, you probably will need to turn off CHUNKING until another workaround can be found.
A couple important side notes to keep in mind:
- If you make these changes, they should only be done in a provisional way. Also, you should document them explicitly so they can be undone when they are no longer needed -- for instance, after you update your network devices to allow these ESMTP verbs transparently.
- It's always best to try and update the problematic network device first (if that's the source of the problem) before disabling any ESMTP verbs, since it can have unwanted side effects.
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:
FAQ: Exchange Server non-delivery reports (NDRs)
Tip: Beware of firewalls that block Exchange's SMTP/POP3 communications
Tip: Firewall policies and SMTP line lengths
Tip: How HTTP verbs can 'hang' Outlook Web Access
Expert Advice: Cisco PIX firewall causing Exchange connectivity problems
Step-by-Step Guide: How to use ISA Server as an SMTP filter
Reference Center: Firewall tips and resources
Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.
