Tag Archives: SMTP server reply codes

SMTP server reply codes

SMTP server reply codes

List of the main SMTP server reply codes, with explanation and hints how to do it.

The SMTP server reply codes can be used to help determine why an email bounced, or why you’re receiving an SMTP error when sending an email.

CODEDeclarationTask to solving
101The server is unable to connect.Try to change the server’s name (maybe it was spelt incorrectly) or the connection port.
111Connection refused or inability to open an SMTP stream.This error normally refers to a connection issue with the remote SMTP server, depending on firewalls or misspelled domains. Double-check all the configurations and in case ask your provider.
211System status message or help reply.It comes with more information about the server.
214A response to the HELP command.It contains information about your particular server, normally pointing to a FAQ page.
220SMTP server is ready.It’s just a welcome message. Just read it and be happy that everything is working.
221The server is closing its transmission channel. It can come with side messages like “Goodbye” or “Closing connection”.The mailing session is going to end, which simply means that all messages have been processed.
250Its typical side message is “Requested mail action okay completed”: meaning that the server has transmitted a message.The oppsite of an error: everything has worked and your email has been delivered.
251“User not local will forward”: the recipient’s account is not on the present server, so it will be relayed to another.It’s a normal transfer action. For other information check out our article on what is an SMTP server.
252The server cannot verify the user, but it will try to deliver the message anyway.The recipient’s email account is valid, but not verifiable. Normally the server relays the message to another one that will be able to check it.
354The side message can be very cryptic (“Start mail input end <CRLF>.<CRLF>”). It’s the typical response to the DATA command.The server has received the “From” and “To” details of the email, and is ready to get the body message.
420“Timeout connection problem”: there have been issues during the message transfer.This error message is produced only by GroupWise servers. Either your email has been blocked by the recipient’s firewall, or there’s a hardware problem. Check with your provider.
421The service is unavailable due to a connection problem: it may refer to an exceeded limit of simultaneous connections, or a more general temporary problem.The server (yours or the recipient’s) is not available at the moment, so the dispatch will be tried again later.
422The recipient’s mailbox has exceeded its storage limit.Try to contact the user via another channel to alert him and ask to create some free space in his mailbox.
431Not enough space on the disk, or an “out of memory” condition due to a file overload.This error may depend on too many messages sent to a particular domain. You should try again sending smaller sets of emails instead of one big mail-out.
432Typical side-message: “The recipient’s Exchange Server incoming mail queue has been stopped”.It’s a Microsoft Exchange SMTP Server reply error code. You should contact it to get more information: generally it’s due to a connection problem.
441The recipient’s server is not responding.There’s an issue with the user’s incoming server: yours will try again to contact it.
442The connection was dropped during the transmission.A typical network connection problem, probably due to your router: check it immediately.
446The maximum hop count was exceeded for the message: an internal loop has occurred.Ask your SMTP provider to verify what has happened.
447Your outgoing message timed out because of issues concerning the incoming server.This happens generally when you exceeded your server’s limit of number of recipients for a message. Try to send it again segmenting the list in different parts.
449A routing error.Like error 432, it’s related only to Microsoft Exchange. Use the CLI route print.
450“Requested action not taken – The user’s mailbox is unavailable”. The mailbox has been corrupted or placed on an offline server, or your email hasn’t been accepted for IP problems or blacklisting.The server will retry to mail the message again, after some time. Anyway, verify that is working on a reliable IP address.
451“Requested action aborted – Local error in processing”. Your ISP’s server or the server that got a first relay from yours has encountered a connection problem.It’s normally a transient error due to a message overload, but it can refer also to a rejection due to a remote antispam filter, ask your SMTP provider to check. Exchange issue: 451 4.7.0 Temporary server error. Please try again later. PRX. If the DC “lags” then this error also frequently shows up.
452Too many emails sent or too many recipients: more in general, a server storage limit exceeded.Again, the typical cause is a message overload. Usually the next try will succeed: in case of problems on your server it will come with a side-message like “Out of memory”.
471An error of your mail server, often due to an issue of the local anti-spam filter.Contact your SMTP service provider to fix the situation.
500A syntax error: the server couldn’t recognize the command.It may be caused by a bad interaction of the server with your firewall or antivirus. Read carefully their instructions to solve it.
501Another syntax error, not in the command but in its parameters or arguments.In the majority of the times it’s due to an invalid email address, but it can also be associated with connection problems (and again, an issue concerning your antivirus settings).
502The command is not implemented.The command has not been activated yet on your own server. Contact your provider to know more about it.
503The server has encountered a bad sequence of commands, or it requires an authentication.In case of “bad sequence”, the server has pulled off its commands in a wrong order, usually because of a broken connection. If an authentication is needed, you should enter your username and password.
504A command parameter is not implemented.Like error 501, is a syntax problem; you should ask your provider.
510/511Bad email address.One of the addresses in your TO, CC or BBC line doesn’t exist. Check again your recipients’ accounts and correct any possible misspelling.
512A DNS error: the host server for the recipient’s domain name cannot be found.Check again all your recipients’ addresses: there will likely be an error in a domain name (like mail@domian.com instead of mail@domain.com).
513“Address type is incorrect”: another problem concerning address misspelling. In few cases, however, it’s related to an authentication issue.Doublecheck your recipients’ addresses and correct any mistake. If everything’s ok and the error persists, then it’s caused by a configuration issue (simply, the server needs an authentication).
523The total size of your mailing exceeds the recipient server’s limits.Re-send your message splitting the list in smaller subsets.
530Normally, an authentication problem. But sometimes it’s about the recipient’s server blacklisting yours, or an invalid email address.Configure your settings providing a username+password authentication. If the error persists, check all your recipients’ addresses and if you’ve been blacklisted.
541The recipient address rejected your message: normally, it’s an error caused by an anti-spam filter.Your message has been detected and labeled as spam. You can ask the recipient to whitelist you.
550It usually defines a non-existent email address on the remote side.Though it can be returned also by the recipient’s firewall (or when the incoming server is down), the great majority of errors 550 simply tell that the recipient email address doesn’t exist. You should contact the recipient otherwise and get the right address.
551“User not local or invalid address – Relay denied”. Meaning, if both your address and the recipient’s are not locally hosted by the server, a relay can be interrupted.It’s a (not very clever) strategy to prevent spamming. You should contact your ISP and ask them to allow you as a certified sender. Of course, with a professional SMTP provider you won’t ever deal with this issue.
552“Requested mail actions aborted – Exceeded storage allocation”: simply put, the recipient’s mailbox has exceeded its limits.Try to send a simple message: that usually happens when you dispatch emails with big attachments, so check them first.
553“Requested action not taken – Mailbox name invalid”. That is, there’s an incorrect email address into the recipients line.Check all the addresses in the TO, CC and BCC field. There should be an error or a misspelling somewhere.
554This means that the transaction has failed. It’s a permanent error and the server will not try to send the message again.The incoming server detects that your email is spam, or your IP has been blacklisted. Check carefully if you ended up in some spam lists, or rely on a professional SMTP service that will fixes this problem.

If that you have understanding of what an SMTP Server reply response code is, here are 21 common SMTP response codes, as laid out in RFC 821 (RFC stands for Request for Comments documents).

Realtime Blackhole Lists with Postfix

Realtime Blackhole Lists (RBL) and Domain Name System BlockList (DNSBL) are publicly available lists on the Internet, with addresses and servers that have recently been the source of malicious and unwanted or suspicious activity, such as the sending of spam or phishing e-mails.

Prevent SPAM and phishing emails

Blacklists were created to prevent the flood of unwanted emails. IP addresses of suspicious mail senders reported by spamtraps are collected on blacklists. E-mail servers compare received e-mails to see whether the sender is on a blacklist. If the classification is positive, the e-mail is moved directly to the Junk E-mail folder or not accepted at all and rejected by the server.

The widely used open-source spam filters SpamAssassin from the Apache project, and the Postfix MTA (Mail Transfer Agent) for Unix and Unix derivatives, are particularly suitable for integration. This tutorial deals with the integration of Realtime Blackhole Lists (RBL) and DNS Based Realtime Blocklists (DNSBL) using Postfix.

How to use DNS-based Blackhole List on Postfix

As the name suggests, querying a DNSBL is, from a technical point of view, a DNS query. DNS-based blackhole lists are queried in near real time, DNSBLs are adding in the/etc/postfix/main.cffile usually under smtpd_recipient_restrictions, as shown in the example.

smtpd_recipient_restrictions = permit_mynetworks,
        reject_invalid_helo_hostname,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
        reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],
        reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99],
        reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99],
        warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255],
        reject_rbl_client dnsbl-1.uceprotect.net,
        reject_rbl_client bl.0spam.org=127.0.0.[7..9],
        reject_unverified_recipient,
        Permit

There are usually many more rules for checking the criteria, this tutorial will show how to use DNSBL query.

  A right-hand side blacklist (RHSBL) is a listing that contains the domain names of spammers, which mail servers can be programmed to reject. RHSBL functions the same way as a domain name system blacklist (DNSBL) with one important distinction: RHSBLs include domain names rather than IP addresses.

The sooner the better – the verification is done before queuing, with the guidelines be carried out undersmtpd_client_restrictions

smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_client_restrictions = permit_mynetworks,
        reject_non_fqdn_hostname,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        reject_non_fqdn_sender,
        reject_unauth_pipelining,
        reject_unknown_sender_domain,
        reject_unknown_hostname,
        reject_unknown_client,
        reject_invalid_hostname,
        reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
        reject_rhsbl_sender hostkarma.junkemailfilter.com=127.0.0.2,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        Permit

With this check, the DNSBL query takes place before writing to the mail spool, and a NOQUEUE: reject: is returned. The advantage comes from the fact that the system resources are used less.

As after any change, Postfix must be reloaded.

$ postfix reload

SBL DNSBL Black List testing

The Black List test record 127.0.0.2 is the loopback address of the SBL DNS zone like “sbl.spamhaus.org” used for testing SBL configuration on mailservers. It is also listed in most other DNSBL systems as the standard testing address for those zones, as recommended by RFC5782 and RFC6471.

$ dig +short ANY 2.0.0.127.zen.spamhaus.org @your_dns
"https://www.spamhaus.org/sbl/query/SBL2"
"https://www.spamhaus.org/query/ip/127.0.0.2"
127.0.0.2
127.0.0.10
127.0.0.4

Note. If you are using a free “open DNS resolver” service such as the Google Public DNS (8.8.8.8) in most cases they will return a “not listed” (NXDOMAIN) reply from Spamhaus’ public DNSBL servers. It is recommend using your own DNS servers when doing DNSBL queries to Spamhaus.

The DNSBL query for the dummy record returns 127.0.0.2 if the IP is listed as a spam source in the database. To check a domain query, for example 0spam.org, a lookup to bl.0spam.org can by used, depending on the respective DNSBL.

$ host 2.0.0.127.bl.0spam.org

The query with reverse loopback address of bl.0spam.org.

$ host -tTXT 2.0.0.127.bl.0spam.org

Querying the TXT record from 0spam.org outputs the following.

2.0.0.127.bl.0spam.org descriptive text "This listings is for RFC Compliance. See RFC 5782. For support and listing removal go to https://0spam.org Possible Values: 127.0.0.1(General Listings), 127.0.0.2(depreciated) 127.0.0.3(can-spam violators) 127.0.0.4(non RFC compliant) 127.0.0.5(repeat of" "fender) 127.0.0.6(bouncing email to the wrong server) 127.0.0.7(open relay) 127.0.0.8(bouncing spoofed emails) 127.0.0.9(fraud/scam, malware or illegal/abusive content)"

Some DNSBLs provide useful information, such as multiple loopback addresses able to testing queries.

$ dig +short TXT 2.0.0.127.hostkarma.junkemailfilter.com @8.8.8.8
"Black listed at hostkarma http://ipadmin.junkemailfilter.com/remove.php?ip=127.0.0.2"
"Black listed (authentication hacker) at hostkarma http://ipadmin.junkemailfilter.com/remove.php?ip=127.0.0.2"
"White listed 127.0.0.2 See http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists"
"Yellow listed 127.0.0.2 See http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists"

$ dig +short ANY 2.0.0.127.multi.surbl.org
127.0.0.254
"wild.surbl.org permanent test point"

$ dig +short ANY 2.0.0.127.psbl.surriel.com
"Listed in PSBL, see http://psbl.org/listing?ip=127.0.0.2"
127.0.0.2

$ dig +short ANY 2.0.0.127.dnsbl.sorbs.net
127.0.0.10
"Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?127.0.0.2"
127.0.0.5
"Open SMTP Relay See: http://www.sorbs.net/lookup.shtml?127.0.0.2"
127.0.0.7
"Exploitable Server See: http://www.sorbs.net/lookup.shtml?127.0.0.2"
127.0.0.2
"HTTP Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2"
127.0.0.3
"SOCKS Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2"

$ dig +short ANY 2.0.0.127.bl.nordspam.com
"RFC5782 TEST-record."
127.0.0.2

$ dig +short ANY 2.0.0.127.truncate.gbudb.net
127.0.0.2
"Test Record"

queries can be narrowed down, for example to only get the RBL addresses from U.S. by using usa.bl.blocklist.de

$ host -t any 2.0.0.127.usa.bl.blocklist.de
2.0.0.127.usa.bl.blocklist.de has address 127.0.0.2
2.0.0.127.usa.bl.blocklist.de descriptive text "Infected System, see http://www.blocklist.de/en/view.html?ip=127.0.0.2"

The zone bruteforcelogin.bl.blocklist.de queries IPs that attacks Joomla, WordPress and other web logins via brute force attacks, or ftp.bl.blocklist.de queries only IPs from which FTP attacks have been recorded. The individual RBL zones with used return codes and guidelines can be found on the websites of the DNSBL providers. Whitelists such as DNSWL are also used to avoid false positives.

dnswl.org E-Mail Reputation Protect against false positives

DNSWL.ORG

E-Mail Reputation Protect against false positives

Useful Frequently Asked Questions (FAQ) by Spamhaus.org

  DNS-based Blackhole List (DNSBL) not allow exceed 1,000 requests per second, if the requests exceed 1,000 per second, the rsync method should be applied.

$ rsync -z psbl-mirror.surriel.com::psbl/psbl.txt .

GitHub Postfix main configuration main.cf

Table of some DNSBLs

List NameWebsiteBlocklist Typ
nixspamnixspam.orgIP-based
spamhausspamhaus.org
sbl.spamhaus.org
xbl.spamhaus.org
dbl.spamhaus.org
zen.spamhaus.org
IP-based
Domain-based
Combined List (SBL, SBLCSS, XBL, PBL)
CBLcbl.abuseat.orgIP-based
Spamcopspamcop.orgIP-based
SwiNOGswinog.chIP-based
SURBLsurbl.orgDomain-based
SORBSsorbs.netIP-based
URIBLuribl.comDomain-based
Mailspikemailspike.orgCombined List
Blocklist.deblocklist.deIP-based
Barracudacentralbarracudacentral.orgIP-based
UCEPROTECTwww.uceprotect.netIP-based
JunkEmailFilterjunkemailfilter.comIP-based
Domain-based
0spam0spam.orgIP-based
NordSpamnordspam.comIP-based
GBUdbgbudb.comIP-based

Conclusion

DNSBLs are generally the first line of defense against spam. The DNSLB providers pursue their own requirements for criteria and quality, the results must be determined in order to make the choice of DNSBLs so that they meet the desired requirements and criteria. Most postmasters rely on real-time DNS-based blocklists (DNSBL). Messages from these are not even accepted or the information from a listing is included in the spam scoring. These methods are also technically described by the IETF: https://tools.ietf.org/html/rfc5782

  • 0spam.org free DNSBL for eMail Service providers
  • blocklist.de free and voluntary anti-fraud/abuse service
  • spamhaus IP and domain reputation data
  • Surbl reputation data provided in near real-time feeds
  • dnswl.org E-Mail Reputation Protect against false positives