none
External User receiving many NDRs

    Question

  • Hi,

    I have a problem with NDRs on Exchange 2013. A user received an external email and the sender keeps receiving many NDRs. Since last Wednesday he got about 650 NDRs of that message.

    The strange thing about this, is that my user received  the message, but the sender (external one) keeps receiving NDRs of "message exceeded the limit"

    My problem here is not related to the message, but about this repeating of the NDR to the sender.

    Please Help.

    Monday, April 18, 2016 3:44 PM

All replies

  • Hello,

    Post a complete NDR message here as a text.


    My LinkedIn profile

    Monday, April 18, 2016 3:58 PM
  • Hi,

    According to your description, I understand that external user receive tons of NDRs after send one message to your internal mail account.
    If I misunderstand your concern, please feel free to let me know.

    I want to double confirm:
    1. Whether other external account experience this issue?
    2. Does that message deliver to internal mailbox correctly?
    3. Do you configure firewall or other spam application between Exchange server and internet? Do you configure throttle limitation for message?

    For resting, please try to disable NDR function for external domain:
    Get-RemoteDomain | Set-RemoteDomain -NDREnabled $false

    Moreover, please post the detail NDR as Robert mentioned for further assistance.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Tuesday, April 19, 2016 7:28 AM
    Moderator
  • Hi Allen,

    Yes you understood it right.

    1. This is the first complaint I received about repeated NDRs

    2. The message was delivered correctly according to our internal receiver.

    3. We have Cisco ESA for external email SPAM control and I don't think we have throttle limitation configured. I have to double check that.

    About disabling NDR for external email, won't that cause us problems? I read somewhere that it could get our domain to a blacklist.

    About posting the NDR message, what would that help? as I said in my question, my problem here is this continuous sending of the message. I want to know how to stop it, or make it behave normally, which is, sending it once. Is it possible?

    Thanks.

     

    Tuesday, April 19, 2016 9:14 AM
  • Hi Allen,

    Yes you understood it right.

    1. This is the first complaint I received about repeated NDRs

    2. The message was delivered correctly according to our internal receiver.

    3. We have Cisco ESA for external email SPAM control and I don't think we have throttle limitation configured. I have to double check that.

    About disabling NDR for external email, won't that cause us problems? I read somewhere that it could get our domain to a blacklist.

    About posting the NDR message, what would that help? as I said in my question, my problem here is this continuous sending of the message. I want to know how to stop it, or make it behave normally, which is, sending it once. Is it possible?

    Thanks.

     

    yes.  there's always some helpful information in the NDR.  Also have you verified they aren't spamming you with a whole bunch of emails and the NDRs are legit?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Tuesday, April 19, 2016 12:48 PM
  • Well, they seem legit

    Some information are in Portuguese, hope is not a problem for you guys.
     

    Falha na entrega a estes destinatários ou grupos:

    user@mydomain.co.ao
    Ocorreu um problema durante a entrega desta mensagem neste endereço de correio electrónico. Tente enviar novamente esta mensagem. Se o problema persistir, contacte o suporte técnico da sua organização.

    A organização seguinte rejeitou a sua mensagem: mx3.mydomain.co.ao.



    Informações de diagnóstico para administradores:

    Servidor de origem: externaldomain.local

    user@mydomain.co.ao
    mx3.mydomain.co.ao #<mx3.mydomain.co.ao #5.0.0 smtp; 552 #5.3.4 message size exceeds limit> #SMTP#

    Cabeçalhos originais da mensagem:

    Return-Path: <Externaluser@externaldomain.co.ao>
    Received: from externaldomain.local (localhost [127.0.0.1])
            by externaldomain.local (Postfix) with ESMTP id 03387A000C
            for <user@mydomain.co.ao>; Thu, 14 Apr 2016 15:01:33 +0100 (WAT)
    Received: from srvexxxx02.externaldomain.local (srvexxxx02.externaldomain.local [192.168.192.XX])
            (using TLSv1 with cipher AES256-SHA (256/256 bits))
            (No client certificate requested)
            by externaldomain.local (Postfix) with ESMTPS
            for <user@mydomain.co.ao>; Thu, 14 Apr 2016 15:01:00 +0100 (WAT)
    Received: from SRVEXCXX.externaldomain.local ([fe80::f40e:8a6f:3a35:7d00]) by
     srvexxxx.externaldomain.local ([::1]) with mapi id 14.03.0279.002; Thu, 14 Apr 2016
     10:46:46 +0100
    From: External User - Externaldomain <Externaluser@externaldomain.co.ao>
    To: "user@mydomain.co.ao" <user@mydomain.co.ao>
    Subject: Dell Report 
    Thread-Topic: Dell Report 
    Thread-Index: AdGWL+D96gjvdVMMSeO0+2rLPS3j2AAAoIAA
    Date: Thu, 14 Apr 2016 09:46:41 +0000
    Message-ID: <9B2B5417C075CA4F98E321D80FE107336CEC4A7F@externaldomain.local>
    Accept-Language: pt-PT, en-US
    Content-Language: pt-PT
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator:
    x-originating-ip: [10.11.10.XX]
    x-kse-attachmentfiltering-interceptor-info: protection disabled
    x-kse-serverinfo: srvexxxx.externaldomain.local, 9
    x-kse-antivirus-interceptor-info: scan successful
    x-kse-antivirus-info: PasswordProtected, bases: 4/14/2016 6:22:00 AM
    Content-Type: text/plain
    MIME-Version: 1.0
    X-KSMG-Rule-ID: 1
    X-KSMG-Message-Action: skipped, AntiVirus
    X-KSMG-AntiSpam-Lua-Profiles: 94673 [Apr 14 2016]
    X-KSMG-AntiSpam-Version: 5.5.9.33
    X-KSMG-AntiSpam-Envelope-From: Externaluser@externaldomain.co.ao
    X-KSMG-AntiSpam-Auth: dkim=none
    X-KSMG-AntiSpam-Rate: 0
    X-KSMG-AntiSpam-Status: not_detected
    X-KSMG-AntiSpam-Method: none
    X-KSMG-AntiSpam-Moebius-Timestamps: 4074060, 4074399, 4074373
    X-KSMG-AntiSpam-Info: LuaCore: 429 429 6a1508c87bf68f13be0465c30886f11be0a06ffa, {More_Than_4,5_MB}, externaldomain.co.ao:7.1.1;d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;127.0.0.199:7.1.2
    X-KSMG-AntiSpam-Interceptor-Info: scan successful
    X-KSMG-AntiPhishing: Clean, bases: 2016/04/12 09:02:30
    X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.0.0.557, bases: 2016/04/14 09:26:00 #7499428


    • Edited by bileps Tuesday, April 19, 2016 2:30 PM Change some info
    Tuesday, April 19, 2016 2:23 PM
  • Hi,

    Sorry for delay, base on message, it indicate that the source domain generate this NDR.

    It might be something message size limitation settings in source domain, you can contain administrator for source domain to check.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Tuesday, April 26, 2016 2:20 AM
    Moderator
  • Well, they seem legit

    Some information are in Portuguese, hope is not a problem for you guys.
     

    Falha na entrega a estes destinatários ou grupos:

    user@mydomain.co.ao
    Ocorreu um problema durante a entrega desta mensagem neste endereço de correio electrónico. Tente enviar novamente esta mensagem. Se o problema persistir, contacte o suporte técnico da sua organização.

    A organização seguinte rejeitou a sua mensagem: mx3.mydomain.co.ao.



    Informações de diagnóstico para administradores:

    Servidor de origem: externaldomain.local

    user@mydomain.co.ao
    mx3.mydomain.co.ao #<mx3.mydomain.co.ao #5.0.0 smtp; 552 #5.3.4 message size exceeds limit> #SMTP#

    Cabeçalhos originais da mensagem:

    Return-Path: <Externaluser@externaldomain.co.ao>
    Received: from externaldomain.local (localhost [127.0.0.1])
            by externaldomain.local (Postfix) with ESMTP id 03387A000C
            for <user@mydomain.co.ao>; Thu, 14 Apr 2016 15:01:33 +0100 (WAT)
    Received: from srvexxxx02.externaldomain.local (srvexxxx02.externaldomain.local [192.168.192.XX])
            (using TLSv1 with cipher AES256-SHA (256/256 bits))
            (No client certificate requested)
            by externaldomain.local (Postfix) with ESMTPS
            for <user@mydomain.co.ao>; Thu, 14 Apr 2016 15:01:00 +0100 (WAT)
    Received: from SRVEXCXX.externaldomain.local ([fe80::f40e:8a6f:3a35:7d00]) by
     srvexxxx.externaldomain.local ([::1]) with mapi id 14.03.0279.002; Thu, 14 Apr 2016
     10:46:46 +0100
    From: External User - Externaldomain <Externaluser@externaldomain.co.ao>
    To: "user@mydomain.co.ao" <user@mydomain.co.ao>
    Subject: Dell Report 
    Thread-Topic: Dell Report 
    Thread-Index: AdGWL+D96gjvdVMMSeO0+2rLPS3j2AAAoIAA
    Date: Thu, 14 Apr 2016 09:46:41 +0000
    Message-ID: <9B2B5417C075CA4F98E321D80FE107336CEC4A7F@externaldomain.local>
    Accept-Language: pt-PT, en-US
    Content-Language: pt-PT
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator:
    x-originating-ip: [10.11.10.XX]
    x-kse-attachmentfiltering-interceptor-info: protection disabled
    x-kse-serverinfo: srvexxxx.externaldomain.local, 9
    x-kse-antivirus-interceptor-info: scan successful
    x-kse-antivirus-info: PasswordProtected, bases: 4/14/2016 6:22:00 AM
    Content-Type: text/plain
    MIME-Version: 1.0
    X-KSMG-Rule-ID: 1
    X-KSMG-Message-Action: skipped, AntiVirus
    X-KSMG-AntiSpam-Lua-Profiles: 94673 [Apr 14 2016]
    X-KSMG-AntiSpam-Version: 5.5.9.33
    X-KSMG-AntiSpam-Envelope-From: Externaluser@externaldomain.co.ao
    X-KSMG-AntiSpam-Auth: dkim=none
    X-KSMG-AntiSpam-Rate: 0
    X-KSMG-AntiSpam-Status: not_detected
    X-KSMG-AntiSpam-Method: none
    X-KSMG-AntiSpam-Moebius-Timestamps: 4074060, 4074399, 4074373
    X-KSMG-AntiSpam-Info: LuaCore: 429 429 6a1508c87bf68f13be0465c30886f11be0a06ffa, {More_Than_4,5_MB}, externaldomain.co.ao:7.1.1;d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;127.0.0.199:7.1.2
    X-KSMG-AntiSpam-Interceptor-Info: scan successful
    X-KSMG-AntiPhishing: Clean, bases: 2016/04/12 09:02:30
    X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.0.0.557, bases: 2016/04/14 09:26:00 #7499428


    This looks like the External Domain is sending YOUR user NDR's.  I would reach out to their email admin and see if they can figure out what is causing that.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Tuesday, April 26, 2016 1:36 PM