Interpretation of 5xx errors in Icewarp SMTP
Posted by Michael Filip, Last modified by Michal Irik on 06 March 2017 06:57 AM

5xx errors in IceWarp SMTP


SMTP delivery errors can occur in SMTP session log. You can find them by checking the Logs tab from the Main Menu > Status tab > Logs


 SMTP 5xx


Make sure that you have your logs set up on debug or exteded logging, so all the information is written in the log file. You can setup this by navigating to Main Menu > System tab > Services


 SMTP Log Extended

Category "5" indicates that a message was not delivered.

The table below lists the most common SMTP errors with a short description to help you understand their cause, and provides brief remedy instructions. Consult further documentation before you modify any security settings. 

Code En. Code Error Phrase Description Remedy Instructions
500 5.5.1 Command unrecognized The SMTP command currently used was unrecognized or is not supported by the SMTP service. Review the syntax of the last command and try again.
Another possibility is that you are trying to use telnet and the telnet connection to your server is not allowed. Check the settings in administration console: Mail Service – Security – Advanced.
501 5.5.2 Domain name required Sender has no domain specified (usually in MAIL FROM). Specify the sender's domain name and try again.
The problem will be with user's email client, not your server. The email client configuration is probably not supplied with a domain name.
501 5.5.2 Unbalanced SMTP session syntax invalid (usually unbalanced brackets). Check the syntax of the last command and the configuration of corresponding .dat files.
501 5.5.4 Syntax error in parameters scanning Common syntax error. You probably mis-typed last command or last string is invalid. Check the syntax of the last command.
501 5.5.1 HELO/EHLO requires domain address Usually when there was blank or invalid string sequence after HELO/EHLO command. Retry the SMTP greeting with correct HELO/ELHO command.
501 5.0.0 Authentication canceled The process of authentication was canceled for any reason. Restart the authentication process by using proper command.
501 5.7.1 Message is too long Exceeded message size limit Review settings of limits on server/domain/user levels.
501 5.7.1 Permission denied 1) Username given in AUTH differs from sender in mail FROM 1) Disable this – check in administration console: Mail – Security – Advanced – Reject if SMTP AUTH different from sender.
2) Message submission is active and not used by local sender, or unauthenticated access to submission port 2) Local senders has to use submission port or disable this setting using the C_Mail_SMTP_Delivery_MessageSubmission API variable.
3) Milter filter returns error in envfrom stage 3) Check used filter.
501 5.7.1 Sender domain must exist MX record of sender's domain was not found Disable this – check in administration console: Mail – Security – DNS – Reject if originator's domain doesn't exist or disable the C_Mail_Security_Protection_RejectMX API variable.
501 5.7.1 Sender IP must resolve Reverse DNS query on sender's IP failed Disable this – check in administration console: Mail – Security – DNS – Reject if originator's IP has no rDNS or disable the C_Mail_Security_Protection_RejectrDNS API variable.
501 5.7.1 Sender refused by the DNSBL Sender's domain was blacklisted by DNSBL server Check used DNSBL server or you can disable this feature in administration console: Mail – Security – DNS – Use DNSBL or by the C_Mail_Security_Protection_DNSBL API variable.
501 5.7.1 Soft quota applied Mail sending is blocked When the quota is exceeded, the user still can receive mails as normally, but each attempt to send mail will fail.
502 5.5.1 Sorry, we do not support this operation This operation is not allowed. You can allow/disable particular operations and commands from the administration console: Mail Service – Security – Advanced.
503 5.5.1 Incorrect command sequence A supported command was used in invalid order. For example command RCPT TO used before MAIL FROM or DATA command used when RCPT TO command was not accepted. Solution depends on the context in which this error occurred. Check the last few commands sequence. (ad 2. check settings of default folders - for versions older than 11.2)
503 5.5.1 Authentication already done Error occurs by re-authentication.  
503 5.5.1 HELO/EHLO command required Greeting error. HELO/EHLO command is required by the server. You have to use HELO or EHLO command. You can deactivate this option in administration console, or create a Bypass: Mail Service – Security – Advanced.
503 5.5.1 HELO/EHLO already specified Greeting used again.  
504 5.7.6 Unrecognized authentication type Invalid authentication type. Incorrect or none type of AUTH specified. Use the command AUTH with proper authentication type.
530 5.7.1 Authentication required [AUTH] Authentication with command AUTH is required. Use AUTH command (SMTP Server requires authentication) or disable this authentication type in administration console.
535 5.7.1 Authentication credentials invalid 1) The username/password combination provided during authentication was invalid. 1) Re-enter both the username and password and authenticate again.
2) Milter filter auth action 2) Check used filter.
550 5.1.1 User unknown; rejecting 1) Recipient's domain is set to reject unknown accounts 1) Review setting of Domain – Options – Unknown accounts – Action.
2) User was not found on other servers in a distributed domain 2) Check other servers in your distributed domain for given account.
550 5.1.1 User %s has invalid forward set and no mailbox; rejecting It is returned, when somebody is trying to send a mail to a user, who has NULL mailbox and non of their forwards is valid. (Then the mail is undeliverable).  
550 5.7.1 Access to recipient not allowed [SPF-SRS] SRS hash check failed for received NDR You can disable this security check in Mail – Security – DNS – Use SRS NDR Validation or via the C_Mail_SMTP_Other_SPFSRSNDRVerify API variable.
550 5.7.1 We do not relay Server is not open for relay. Refer to this FAQ.
550 5.7.1 We do not relay, account limits apply   Check the account limits for the particular user account, its domain and on the server level.
550 5.7.1 You have rights to send mail to local domains only The user who gets this error is allowed to send mail only to local domains. Disable this option in the administration console: Management – <User> – Options – User can send mail to local domains only.
550 5.7.1 Access not allowed 1) Server blocked access by a blacklist filter, or 1) Review server black list filter settings or set a bypass file.
2) Reject if originator's domain is local and not authorized option turned on. 2) Local users have to authorize themselves so if they do not have this set up in their e-mail clients and you turned this on they are not allowed to send.
550 5.7.1 Access to not allowed by rules 1) Server blocked user access by a blacklist filter/rule, or 1) Review server black list filters and user rules or set a bypass item.
2) Server blocked access from the originating server by HELO/EHLO Filter. 2) Whitelist the originating server in HELO/EHLO filter, or remove it from blacklist, or create a Bypass.
550 5.7.1 Permission denied    
550 5.1.1 Unknown local user    
550 5.1.1 Unknown user; rejecting Unknown user account. The recipient is not local, thus reject the message. Behavior and the treatment of messages coming to unknown user accounts can be set from administration console: Management –<Domain> – Options – Unknown Accounts.
551 5.1.1 No such user found User account is not local.  
551 5.1.1 No such mailing list found Mailing list is not local.  
552 5.2.2 Mailbox has exceeded the limit Recipient's mailbox is full and C_Mail_SMTP_Other_FullMailboxPermanentError has been set. Check recipient's quota on server/domain/user levels.
554 5.3.4 Message size exceeds fixed maximum message size Too many data was sent by the user. User account has an amount limitation. You can increase or disable amount limit from administration console – Management – <User> – Limits tab. Make sure all 3 levels (server, domain and user) are set to 0 (stands for unlimited).
554 5.7.1 Permission denied 1) Access restriction to all services is enabled and sender's IP address was found in denied list. 1) Check service's access list in System – Services – <Service> – Properties – Access or disable the C_System_Services_Firewall API variable
2) User sent some data before greeting from server was sent.
3) Milter filter returns error in connect stage.
554 5.7.1 Message cannot be accepted, rules rejection 1) Sender is blacklisted. 1) Check system and recipient's blacklist.
2) External filter rejects the message. 2) Check used external filters.
3) Milter filter returns error in eom stage. 3) Check used external filters.
554 5.7.1 Message cannot be accepted, virus found Virus was found in the message body or in the message attachment. If you think the attachment is not harmless (false positive), try to alter the configuration of the anti-virus engine (Quarantine instead of Reject), or create a Bypass entry.
554 5.7.1 Message cannot be accepted, content filter rejection Content filter applied and the message was rejected. Review the content filter settings in administration console.
554 5.7.1 Message cannot be accepted, spam filter rejection Message is probably spam. If you think this message is spam (false positive), try to alter the configuration of the anti-spam engine, index the message by Bayesian or create a blacklist entry.
554 5.7.1 Message cannot be accepted, spam rejection Message is probably spam. If you think this message is not spam (false positive), try to alter the configuration of the anti-spam engine, index the message by Bayesian or create a whitelist entry.
554 5.7.1 Message deleted by filter   Alter your content filters configuration.
554 5.7.1 Message cannot be accepted, filter rejection The message was rejected. Check your filter settings and configuration.
554 5.7.1 Permission denied. Maximal parallel connections from this IP reached Number of connections coming from particular IP address exceeds the limit of max number of parallel connections. Click the Bypass button in intrusion prevention settings (SMTP specific rules) to specify an IP address (or a range of IP addresses), where this limit is not applied.
Or increase the value of c_mail_smtp_general_parallelipconnectionslimit variable. Zero means no limit.
554   Could not connect and send the mail to recipient Client session – target server not responding Check target server.
554   Could not verify SSL connection Client session – target server SSL certificate cannot be verified Check target server.
554   Permanent problems with the remote server Client session – server returned 4xx or 0xx status Try again later.
554   ... while issuing MX query Client session – cannot obtain MX for target server Check DNS
554   Could not resolve target DNS Client session – cannot contact DNS Check DNS
554   Too many hops Message was redirected by more than C_Mail_SMTP_Other_MaxHopCount SMTP servers Check mail delivery path recorded in the Received headers.