html

When an Exchange Server deployment starts rejecting valid emails with the 550 5.1.1 recipient rejected SMTP error, it's often a configuration nightmare. Here's how I debugged this for a client migrating to Exchange/Outlook:

Start with these PowerShell commands to check recipient filtering:

# Check recipient filtering settings
Get-RecipientFilterConfig | Select-Object Enabled,BlockListEnabled,RecipientValidationEnabled

# Verify the recipient exists
Get-Recipient -Identity "name@client.org" | Select-Object PrimarySmtpAddress,RecipientType

Incorrect transport rules often cause this. Check with:

Get-TransportRule | Where-Object {$_.State -eq "Enabled"} | 
    Select-Object Name,State,Priority,Description

Enable protocol logging and examine the SMTP conversation:

# Enable protocol logging
Set-ReceiveConnector "Default Frontend" -ProtocolLoggingLevel Verbose

# Sample log analysis (search for 550 responses)
Get-Content "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\ProtocolLog\SmtpReceive\*.log" | 
    Select-String "550 5.1.1"

In my case, these solutions resolved the issue:

• Disabled Recipient Filter agent temporarily: Disable-TransportAgent "Recipient Filter Agent"
• Modified the default receive connector permissions
• Added specific IP ranges to connection filtering exceptions

For deeper inspection, create a test script to analyze SMTP responses:

using System.Net.Mail;
using System.Net;

try {
    var client = new SmtpClient("mail.client.org", 25);
    client.Credentials = new NetworkCredential("test@client.org", "password");
    client.Send("from@yourdomain.com", "name@client.org", "Test", "SMTP Test");
} catch (SmtpException ex) {
    Console.WriteLine($"Status: {ex.StatusCode}");
    Console.WriteLine($"Response: {ex.Message}");
    if (ex.InnerException != null) 
        Console.WriteLine($"Details: {ex.InnerException.Message}");
}

After making changes, always verify with:

Test-Mailflow -TargetEmailAddress "name@client.org" -SenderEmailAddress "test@yourdomain.com"

---

The 550 5.1.1 recipient rejected error typically indicates a delivery failure when Exchange Server rejects incoming messages. This SMTP status code breaks down as:

5 - Permanent failure
1 - Addressing status
1 - Bad destination mailbox address

Based on the described scenario where headers are missing in bounce messages, potential root causes include:

• Recipient address validation failing in Exchange transport rules
• DNS resolution issues between sender/recipient domains
• Missing or incorrect SPF/DKIM/DMARC records
• Exchange recipient filtering configuration problems

To properly debug this SMTP rejection, gather these technical details:

# PowerShell command to check Exchange recipient filtering
Get-RecipientFilterConfig | fl

# MX record lookup (replace with actual domain)
nslookup -type=mx client.org

The client's IT team should verify these Exchange settings:

# Check accepted domains
Get-AcceptedDomain

# Verify transport rules
Get-TransportRule | Where {$_.Name -like "*reject*"}

Request the Exchange admin to run message tracking:

# Exchange message tracking command
Get-MessageTrackingLog -Sender "name@client.org" -EventID "FAIL"

For more advanced troubleshooting, capture raw SMTP conversations:

// C# SMTP client with logging
var client = new SmtpClient("mail.client.org") {
    EnableSsl = true,
    UseDefaultCredentials = false,
    Credentials = new NetworkCredential("user", "pass")
};
client.SendCompleted += (s, e) => {
    if (e.Error != null) {
        File.WriteAllText("smtp_error.log", 
            $"{DateTime.Now}: {e.Error.Message}\n{e.Error.StackTrace}");
    }
};

Verify network-level connectivity using these methods:

# Test SMTP port connectivity
Test-NetConnection mail.client.org -Port 25

# Alternative using PowerShell
$tcp = New-Object System.Net.Sockets.TcpClient
try {
    $tcp.Connect("mail.client.org", 25)
    $tcp.Connected
} finally {
    $tcp.Dispose()
}

Key DNS records to validate:

# Check SPF record
Resolve-DnsName client.org -Type TXT | 
    Where-Object {$_.Strings -like "*v=spf1*"}

# Verify reverse DNS
Resolve-DnsName -Name [server-ip] -Type PTR

If the issue persists, examine the transport pipeline:

# View transport agents
Get-TransportAgent | Format-Table Name,Enabled,Priority

# Check receive connectors
Get-ReceiveConnector | fl Name,Enabled,RemoteIPRanges

Bypass local Outlook to isolate the issue:

# Python SMTP test script
import smtplib

try:
    with smtplib.SMTP('smtp.yourisp.com', 587) as server:
        server.starttls()
        server.login('your@email.com', 'password')
        server.sendmail(
            'you@yourdomain.com',
            'name@client.org',
            'Subject: SMTP Test\n\nTest message body')
    print("Email sent successfully")
except Exception as e:
    print(f"Error: {str(e)}")