Exchange 2003: Event ID 7010, “504 Need to authenticate first”

What prompted this post is a conversation I had with a reader who had followed the instructions that I detailed in the SMTP Server Remote Queue Length Alerts, and the SMTP Queue length follow-up posts. The problem he was seeing was actually two-fold, but as it relates to this post the concern was the 7010 events in the application log.

Application Log
Event ID 7010
Source “MSExchangeTransport”
Category: “SMTP Protocol”
Description “This is an SMTP protocol log for virtual server ID 1, connection #XXX The client at "IPAddress" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first". The full command sent was "xexch50 1828 2". This will probably cause the connection to fail.”

After looking into the issue a bit more, I wanted to post some information on the blog. In the situation that my reader was working with, this really wasn’t a problem. In fact, it’s normal behavior for Exchange 2003 in his configuration. Specifically, he’s running SBS 2003, and Exchange 2003. What was happening in his case was that an external server was attempting to send mail to his Exchange server using the XEXCH50 protocol commands. This behavior really isn’t expected by Exchange 2003, and as a result it’s logging this message.

To elaborate, Exchange 2003 only accepts XEXCH50 protocol commands from clients who authenticate, and have been given Send As permission on the receiving SMTP virtual server object. In an Exchange 2003 organization, this should only be happening between Exchange servers in the same organization. The fact that he’s receiving this error is simply his Exchange server saying, “Hey I can’t process this, because the sender isn’t an authenticated server that’s part of my organization”. If you’re seeing this between Exchange servers that are part of the same organization, you should check KB article 843106 for additional troubleshooting details.