How and why to disable certain ESMTP verbs

Some firewalls and network devices filter out certain Extended Simple Mail Transfer Protocol (ESMTP) commands or "verbs." This can break communications between Exchange 2000, Exchange 2003, and other SMTP

    Requires Free Membership to View

mail servers.

If you can't or don't want to modify how traffic is being filtered, you can still get around this problem by disabling the ESMTP verbs that are being blocked by your firewalls or network devices.

Below are the ESMTP verbs that can be disabled. Some of these may be rejected explicitly by a firewall or network device.

  • ETRN
  • DSN
  • 8bitmime

The best way to make changes to your ESMTP verb list is to use the ADSI Edit utility to modify the appropriate value in Active Directory, which will then replicate to the Metabase.

  1. Open the Configuration Container on an Active Directory domain controller and navigate to Configuration -> Services -> Microsoft Exchange -> <organization> -> Administrative Groups -> <admin_group> -> Servers  -> <server> -> Protocols -> SMTP -> <virtual_server>. (Since this setting is a per-virtual-server setting, it's possible to change it for some SMTP virtual servers but not for others.)

  2. View the msExchSmtpInboundCommandSupportOptions property.

  3. Select Edit Attribute.

  4. The default value for this attribute is 3503297 (decimal). To figure out which options to disable, take this number and subtract the corresponding decimal values for each option:

    DSN: 64
    ETRN: 128
    TURN/ATRN: 1024
    CHUNKING: 1048576
    BINARYMIME: 2097152
    8bitmime: 4194304

    For instance, if you only want to disable CHUNKING, use 2454721 (3503297 minus 1048576). To disable DSN and CHUNKING, you'd use 2454657 (3503297minus 64 minus1048576).

  5. Apply the changes. (Note that the changes will need to be replicated from your domain controller before they take effect.)

This process is described in slightly more detail in Microsoft Knowledge Base article 257569, "How to turn off ESMTP verbs in Exchange 2000 Server and in Exchange Server 2003."

One command often blocked by network boxes is actually not on this list -- BDAT. This ESMTP verb in turn attempts to invoke CHUNKING. In such a case, you probably will need to turn off CHUNKING until another workaround can be found.

A couple important side notes to keep in mind:

  • If you make these changes, they should only be done in a provisional way. Also, you should document them explicitly so they can be undone when they are no longer needed -- for instance, after you update your network devices to allow these ESMTP verbs transparently.

  • It's always best to try and update the problematic network device first (if that's the source of the problem) before disabling any ESMTP verbs, since it can have unwanted side effects.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • FAQ: Exchange Server non-delivery reports (NDRs)
  • Tip: Beware of firewalls that block Exchange's SMTP/POP3 communications
  • Tip: Firewall policies and SMTP line lengths
  • Tip: How HTTP verbs can 'hang' Outlook Web Access
  • Expert Advice: Cisco PIX firewall causing Exchange connectivity problems
  • Step-by-Step Guide: How to use ISA Server as an SMTP filter
  • Reference Center: Firewall tips and resources

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

    This was first published in November 2006

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.