How to Troubleshoot and Fix Exchange Server 550 5.1.1 “Recipient Rejected” Error in Outlook 2007


26 views

html

When an Exchange Server deployment starts rejecting valid emails with the 550 5.1.1 recipient rejected SMTP error, it's often a configuration nightmare. Here's how I debugged this for a client migrating to Exchange/Outlook:

Start with these PowerShell commands to check recipient filtering:

# Check recipient filtering settings
Get-RecipientFilterConfig | Select-Object Enabled,BlockListEnabled,RecipientValidationEnabled

# Verify the recipient exists
Get-Recipient -Identity "name@client.org" | Select-Object PrimarySmtpAddress,RecipientType

Incorrect transport rules often cause this. Check with:

Get-TransportRule | Where-Object {$_.State -eq "Enabled"} | 
    Select-Object Name,State,Priority,Description

Enable protocol logging and examine the SMTP conversation:

# Enable protocol logging
Set-ReceiveConnector "Default Frontend" -ProtocolLoggingLevel Verbose

# Sample log analysis (search for 550 responses)
Get-Content "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\ProtocolLog\SmtpReceive\*.log" | 
    Select-String "550 5.1.1"

In my case, these solutions resolved the issue:

  • Disabled Recipient Filter agent temporarily: Disable-TransportAgent "Recipient Filter Agent"
  • Modified the default receive connector permissions
  • Added specific IP ranges to connection filtering exceptions

For deeper inspection, create a test script to analyze SMTP responses:

using System.Net.Mail;
using System.Net;

try {
    var client = new SmtpClient("mail.client.org", 25);
    client.Credentials = new NetworkCredential("test@client.org", "password");
    client.Send("from@yourdomain.com", "name@client.org", "Test", "SMTP Test");
} catch (SmtpException ex) {
    Console.WriteLine($"Status: {ex.StatusCode}");
    Console.WriteLine($"Response: {ex.Message}");
    if (ex.InnerException != null) 
        Console.WriteLine($"Details: {ex.InnerException.Message}");
}

After making changes, always verify with:

Test-Mailflow -TargetEmailAddress "name@client.org" -SenderEmailAddress "test@yourdomain.com"

The 550 5.1.1 recipient rejected error typically indicates a delivery failure when Exchange Server rejects incoming messages. This SMTP status code breaks down as:

5 - Permanent failure
1 - Addressing status
1 - Bad destination mailbox address

Based on the described scenario where headers are missing in bounce messages, potential root causes include:

  • Recipient address validation failing in Exchange transport rules
  • DNS resolution issues between sender/recipient domains
  • Missing or incorrect SPF/DKIM/DMARC records
  • Exchange recipient filtering configuration problems

To properly debug this SMTP rejection, gather these technical details:

# PowerShell command to check Exchange recipient filtering
Get-RecipientFilterConfig | fl

# MX record lookup (replace with actual domain)
nslookup -type=mx client.org

The client's IT team should verify these Exchange settings:

# Check accepted domains
Get-AcceptedDomain

# Verify transport rules
Get-TransportRule | Where {$_.Name -like "*reject*"}

Request the Exchange admin to run message tracking:

# Exchange message tracking command
Get-MessageTrackingLog -Sender "name@client.org" -EventID "FAIL"

For more advanced troubleshooting, capture raw SMTP conversations:

// C# SMTP client with logging
var client = new SmtpClient("mail.client.org") {
    EnableSsl = true,
    UseDefaultCredentials = false,
    Credentials = new NetworkCredential("user", "pass")
};
client.SendCompleted += (s, e) => {
    if (e.Error != null) {
        File.WriteAllText("smtp_error.log", 
            $"{DateTime.Now}: {e.Error.Message}\n{e.Error.StackTrace}");
    }
};

Verify network-level connectivity using these methods:

# Test SMTP port connectivity
Test-NetConnection mail.client.org -Port 25

# Alternative using PowerShell
$tcp = New-Object System.Net.Sockets.TcpClient
try {
    $tcp.Connect("mail.client.org", 25)
    $tcp.Connected
} finally {
    $tcp.Dispose()
}

Key DNS records to validate:

# Check SPF record
Resolve-DnsName client.org -Type TXT | 
    Where-Object {$_.Strings -like "*v=spf1*"}

# Verify reverse DNS
Resolve-DnsName -Name [server-ip] -Type PTR

If the issue persists, examine the transport pipeline:

# View transport agents
Get-TransportAgent | Format-Table Name,Enabled,Priority

# Check receive connectors
Get-ReceiveConnector | fl Name,Enabled,RemoteIPRanges

Bypass local Outlook to isolate the issue:

# Python SMTP test script
import smtplib

try:
    with smtplib.SMTP('smtp.yourisp.com', 587) as server:
        server.starttls()
        server.login('your@email.com', 'password')
        server.sendmail(
            'you@yourdomain.com',
            'name@client.org',
            'Subject: SMTP Test\n\nTest message body')
    print("Email sent successfully")
except Exception as e:
    print(f"Error: {str(e)}")