Forum Discussion

tdb2022's avatar
tdb2022
Copper Contributor
Jun 02, 2022

500 5.3.3 Unrecognized command

Hi all,

 

Our exchange 2016 server start acting up in the last couple days without any configuration changes. I see a few "500 5.3.3 Unrecognized command" in ProtocolLog\SmtpSend.

500 5.3.3 Unrecognized command 'Received:',

500 5.3.3 Unrecognized command '10.2.3.4',

500 5.3.3 Unrecognized command 'cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)',

 

They seem to be from the mail header.

 

Received: from MAIL.DOMAIN.LOCAL (10.2.3.4) by MAIL.DOMAIN.LOCAL
(10.2.3.4) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28 via Mailbox
Transport; Thu, 2 Jun 2022 08:40:47 -0700

 

Where do I look to troubleshoot this issue?

Below is log of a complete session

 

2022-06-02T14:00:55.424Z,Inbound Proxy Internal Send Connector,08DA442F66879163,0,,10.2.3.4:2525,*,None,Set Session Permissions
2022-06-02T14:00:55.424Z,Inbound Proxy Internal Send Connector,08DA442F66879163,1,,10.2.3.4:2525,*,,attempting to connect
2022-06-02T14:00:55.424Z,Inbound Proxy Internal Send Connector,08DA442F66879163,2,10.2.3.4:7323,10.2.3.4:2525,+,,
2022-06-02T14:00:55.426Z,Inbound Proxy Internal Send Connector,08DA442F66879163,3,10.2.3.4:7323,10.2.3.4:2525,<,"220 MAIL.DOMAIN.LOCAL Microsoft ESMTP MAIL Service ready at Thu, 2 Jun 2022 07:00:55 -0700",
2022-06-02T14:00:55.426Z,Inbound Proxy Internal Send Connector,08DA442F66879163,4,10.2.3.4:7323,10.2.3.4:2525,*,,Proxying inbound session with session id 08DA442F66879162
2022-06-02T14:00:55.426Z,Inbound Proxy Internal Send Connector,08DA442F66879163,5,10.2.3.4:7323,10.2.3.4:2525,>,EHLO MAIL.DOMAIN.LOCAL,
2022-06-02T14:00:55.426Z,Inbound Proxy Internal Send Connector,08DA442F66879163,6,10.2.3.4:7323,10.2.3.4:2525,<,250 MAIL.DOMAIN.LOCAL Hello [10.2.3.4] SIZE PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XEXCH50 XRDST XSHADOWREQUEST,
2022-06-02T14:00:55.426Z,Inbound Proxy Internal Send Connector,08DA442F66879163,7,10.2.3.4:7323,10.2.3.4:2525,>,X-ANONYMOUSTLS,
2022-06-02T14:00:55.426Z,Inbound Proxy Internal Send Connector,08DA442F66879163,8,10.2.3.4:7323,10.2.3.4:2525,<,220 2.0.0 SMTP server ready,
2022-06-02T14:00:55.428Z,Inbound Proxy Internal Send Connector,08DA442F66879163,9,10.2.3.4:7323,10.2.3.4:2525,*," CN=mail.example.com CN=, OU=, O=, L=, S=, C=US 11A1111A11AA1A1A 1111A1A1A111111AAA1A1111111A11AA11A1A1A1 2022-01-17T14:42:01.000Z 2023-02-16T23:13:35.000Z mail.example.com;autodiscover.example.com;attachments.example.com;",Remote certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2022-06-02T14:00:55.428Z,Inbound Proxy Internal Send Connector,08DA442F66879163,10,10.2.3.4:7323,10.2.3.4:2525,*,,"TLS protocol SP_PROT_TLS1_2_CLIENT negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
2022-06-02T14:00:55.428Z,Inbound Proxy Internal Send Connector,08DA442F66879163,11,10.2.3.4:7323,10.2.3.4:2525,*,1111A1A1A111111AAA1A1111111A11AA11A1A1A1,Received certificate Thumbprint
2022-06-02T14:00:55.428Z,Inbound Proxy Internal Send Connector,08DA442F66879163,12,10.2.3.4:7323,10.2.3.4:2525,>,EHLO MAIL.DOMAIN.LOCAL,
2022-06-02T14:00:55.428Z,Inbound Proxy Internal Send Connector,08DA442F66879163,13,10.2.3.4:7323,10.2.3.4:2525,<,250 MAIL.DOMAIN.LOCAL Hello [10.2.3.4] SIZE PIPELINING DSN ENHANCEDSTATUSCODES AUTH NTLM LOGIN X-EXPS EXCHANGEAUTH GSSAPI NTLM X-EXCHANGEAUTH SHA256 8BITMIME BINARYMIME CHUNKING XEXCH50 XRDST XSHADOWREQUEST XPROXY XPROXYFROM X-MESSAGECONTEXT ADRC-2.1.0.0 EPROP-1.2.0.0 XSYSPROBE XORIGFROM XMESSAGEVALUE,
2022-06-02T14:00:55.429Z,Inbound Proxy Internal Send Connector,08DA442F66879163,14,10.2.3.4:7323,10.2.3.4:2525,>,X-EXPS EXCHANGEAUTH SHA256 ,
2022-06-02T14:00:55.429Z,Inbound Proxy Internal Send Connector,08DA442F66879163,15,10.2.3.4:7323,10.2.3.4:2525,>,<Binary Data>,
2022-06-02T14:00:55.431Z,Inbound Proxy Internal Send Connector,08DA442F66879163,16,10.2.3.4:7323,10.2.3.4:2525,<,235 <authentication information>,
2022-06-02T14:00:55.432Z,Inbound Proxy Internal Send Connector,08DA442F66879163,17,10.2.3.4:7323,10.2.3.4:2525,*,SMTPSendEXCH50 SendRoutingHeaders SendForestHeaders SendOrganizationHeaders SMTPSendXShadow,Set Session Permissions
2022-06-02T14:00:55.433Z,Inbound Proxy Internal Send Connector,08DA442F66879163,18,10.2.3.4:7323,10.2.3.4:2525,>,XPROXYFROM SID=08DA442F66879162 IP=54.174.52.105 PORT=26425 DOMAIN=pgg14b.bf06x.hubspotemail.net SEQNUM=1 PERMS=1073 AUTHsrc=Anonymous,
2022-06-02T14:00:55.433Z,Inbound Proxy Internal Send Connector,08DA442F66879163,19,10.2.3.4:7323,10.2.3.4:2525,<,250 XProxyFrom accepted,
2022-06-02T14:00:55.433Z,Inbound Proxy Internal Send Connector,08DA442F66879163,20,10.2.3.4:7323,10.2.3.4:2525,*,,sending message with RecordId 672 and InternetMessageId <email address removed for privacy reasons>
2022-06-02T14:00:55.433Z,Inbound Proxy Internal Send Connector,08DA442F66879163,21,10.2.3.4:7323,10.2.3.4:2525,>,MAIL FROM:<1axb1gnx15zcvod4t2zmm2480v01slc4lps5lm-user=email address removed for privacy reasons> SIZE=0 AUTH=<> XMESSAGEVALUE=MediumHigh,
2022-06-02T14:00:55.433Z,Inbound Proxy Internal Send Connector,08DA442F66879163,22,10.2.3.4:7323,10.2.3.4:2525,>,RCPT TO:<email address removed for privacy reasons>,
2022-06-02T14:00:55.434Z,Inbound Proxy Internal Send Connector,08DA442F66879163,23,10.2.3.4:7323,10.2.3.4:2525,<,250 2.1.0 Sender OK,
2022-06-02T14:00:55.434Z,Inbound Proxy Internal Send Connector,08DA442F66879163,24,10.2.3.4:7323,10.2.3.4:2525,<,250 2.1.5 Recipient OK,
2022-06-02T14:00:55.434Z,Inbound Proxy Internal Send Connector,08DA442F66879163,25,10.2.3.4:7323,10.2.3.4:2525,>,BDAT 66472,
2022-06-02T14:00:55.565Z,Inbound Proxy Internal Send Connector,08DA442F66879163,26,10.2.3.4:7323,10.2.3.4:2525,<,451 4.7.0 Timeout waiting for client input,
2022-06-02T14:00:55.565Z,Inbound Proxy Internal Send Connector,08DA442F66879163,27,10.2.3.4:7323,10.2.3.4:2525,*,,Wrote to network 66472 bytes read from inbound proxy layer over 8 msecs for nexthopfqdn messageid <email address removed for privacy reasons>
2022-06-02T14:00:55.566Z,Inbound Proxy Internal Send Connector,08DA442F66879163,28,10.2.3.4:7323,10.2.3.4:2525,*,,successfully added connection to cache.
2022-06-02T14:01:22.847Z,Inbound Proxy Internal Send Connector,08DA442F66879163,29,10.2.3.4:7323,10.2.3.4:2525,*,,Proxying inbound session with session id 08DA442F66879166
2022-06-02T14:01:22.847Z,Inbound Proxy Internal Send Connector,08DA442F66879163,30,10.2.3.4:7323,10.2.3.4:2525,>,RSET,
2022-06-02T14:01:22.847Z,Inbound Proxy Internal Send Connector,08DA442F66879163,31,10.2.3.4:7323,10.2.3.4:2525,<,500 5.3.3 Unrecognized command 'Received:',
2022-06-02T14:01:22.847Z,Inbound Proxy Internal Send Connector,08DA442F66879163,32,10.2.3.4:7323,10.2.3.4:2525,>,XPROXYFROM SID=08DA442F66879166 IP=148.105.11.166 PORT=34766 DOMAIN=mail166.sea71.mcsv.net SEQNUM=1 PERMS=1073 AUTHsrc=Anonymous,
2022-06-02T14:01:22.847Z,Inbound Proxy Internal Send Connector,08DA442F66879163,33,10.2.3.4:7323,10.2.3.4:2525,<,500 5.3.3 Unrecognized command '10.2.3.4',
2022-06-02T14:01:22.847Z,Inbound Proxy Internal Send Connector,08DA442F66879163,34,10.2.3.4:7323,10.2.3.4:2525,>,QUIT,
2022-06-02T14:01:22.848Z,Inbound Proxy Internal Send Connector,08DA442F66879163,35,10.2.3.4:7323,10.2.3.4:2525,<,500 5.3.3 Unrecognized command 'cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)',
2022-06-02T14:01:22.848Z,Inbound Proxy Internal Send Connector,08DA442F66879163,36,10.2.3.4:7323,10.2.3.4:2525,-,,Local

 

Thank you,

TDB

2016
Exchange Server

1 Reply

  • tdb2022's avatar
    tdb2022
    Copper Contributor
    Jun 07, 2022
    I found the problem. It's the GFI MaillEssentials greylist. Don't any error after disable Greylist in Anti-Spam filters.