none
Recover mail lost due to distribution list rejecting mail from non-authenticated senders

    Question

  • Hi,

    I have a bit of a situation, hoping to reach out as google isn't getting me anywhere on this topic.

    We recently gave out a smtp address tied to a distribution group which was accidentally configured to only allow messages if senders were authenticated. A few dozen external customers sent emails which were processed by our email gateway, and successfully delivered to Exchange which was a surprise to me.

    Once in the Exchange environment, I can see tracking logs showing its path as below:

    RunspaceId              : d6fee167-5fa3-4d58-9354-b10402c9dacf
    Timestamp               : 4/29/2016 9:53:34 AM
    ClientIp                : 10.10.X.X
    ClientHostname          : GATEWAY1
    ServerIp                : 10.11.X.X
    ServerHostname          : EXCHANGE1
    SourceContext           : 08D36FD672846E86;2016-04-29T13:53:34.862Z;0
    ConnectorId             : EXCHANGE1\Exchange Connector
    Source                  : SMTP
    EventId                 : RECEIVE
    InternalMessageId       : 13683389
    MessageId               : <bb3a65e077043968b99b37d681fc2e48@mail.hotmail.com>
    Recipients              : {distribution_list@internal.local}
    RecipientStatus         : {}
    TotalBytes              : 41037
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : Yadda yadda
    Sender                  : externaluser@hotmail.com
    ReturnPath              : externaluser@hotmail.com
    MessageInfo             : 00A: NTS:
    MessageLatency          :
    MessageLatencyType      : None
    EventData               : {[FirstForestHop, EXCHANGE1.internal.local]}
    RunspaceId              : d6fee167-5fa3-4d58-9354-b10402c9dacf
    
    
    RunspaceId              : d6fee167-5fa3-4d58-9354-b10402c9dacf
    Timestamp               : 4/29/2016 9:53:35 AM
    ClientIp                :
    ClientHostname          : EXCHANGE1
    ServerIp                :
    ServerHostname          :
    SourceContext           :
    ConnectorId             :
    Source                  : ROUTING
    EventId                 : FAIL
    InternalMessageId       : 13683389
    MessageId               : <bb3a65e077043968b99b37d681fc2e48@mail.hotmail.com>
    Recipients              : {distribution_list@internal.local}
    RecipientStatus         : {550 5.7.1 RESOLVER.RST.AuthRequired; authentication required}
    TotalBytes              : 41037
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               : {<34af8566-3405-4204-95d1-b0f0703e8280@internal.local>}
    MessageSubject          : Yadda yadda
    Sender                  : externaluser@hotmail.com
    ReturnPath              : externaluser@hotmail.com
    MessageInfo             :
    MessageLatency          :
    MessageLatencyType      : None
    EventData               :

    Message tracking doesn't show these items as existing anywhere. I haven't done a discovery search yet, planning on it but not expecting a result. Our gateway doesn't retain mail if it succesfully hands it off to Exchange, which it did.

    Have these mails disappeared into thin air? No bounceback went out. No notification to the destination user or receiving user.

    If anyone has dealt with anything like this before, please let me know if you found a way to recover these messages.

    Thank you,



    • Edited by Derek_M Monday, May 2, 2016 9:13 PM
    Monday, May 2, 2016 9:11 PM

All replies

  • If they made it to the Exchange server, it would have rejected them and returned an NDR.  The messages wouldn't be hanging around anywhere.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    • Proposed as answer by Andy DavidMVP Tuesday, May 3, 2016 12:10 PM
    • Unproposed as answer by Derek_M Tuesday, May 3, 2016 8:08 PM
    Tuesday, May 3, 2016 1:55 AM
    Moderator
  • Hi, 

    Make sure you have not disabled external NDR on your remote domain. You can check this with

    Get-RemoteDomain | ft Name, NDREnabled

    If it is disabled you can enabled it with (change YOUR_REMOTE_NAME to match your environment)

    Set-Remotedomain YOUR_REMOTE_NAME -NDREnabled $true

    Patrik

    Tuesday, May 3, 2016 5:35 AM
  • Hi,

    So, are these a few dozen external customers all hotmail accounts? How about other types of external accounts? Like Gmail.

    If there are any transport rules related to this issue?

    If you send message from your exchange account to that hotmail account, will he received?

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Tuesday, May 3, 2016 8:47 AM
    Moderator
  • If they made it to the Exchange server, it would have rejected them and returned an NDR.  The messages wouldn't be hanging around anywhere.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thanks for the reply. There was no NDR sent, but the messages also don't exist in any of the users mailboxes who are part of the distribution group. I have run a discovery search and verified it came up empty. However, exchange has in fact accepted the email. Here is the log from our gateway below. I am confused as you are. I have never seen Exchange accept an email, then fail the route (legitimately due to the configuration of the distribution group) but NOT send a NDR.

    09:53:35.056 Starting thread 3940 for new message B5723675e0002.000000000001.0006.mml 40233 bytes, Threads(New:2, Deferred:0, Static:1, DNS:1)
    09:53:35.056 Thread 3940 running on 29 Apr 2016 (using v7.5.5.8150) for B5723675e0002.000000000001.0006.mml
    09:53:35.056 Attempting delivery of B5723675e0002.000000000001.0006.mml via route domain.local - static route
    09:53:35.056 Delivering to exchange1.domain.local via IPv4 protocol
    09:53:35.056 Delivering via Forward to Host A|AAAA(exchange1.domain.local) IP(10.11.X.X):25
    09:53:35.056 RX: <220 exchange1.domain.local Microsoft ESMTP MAIL Service ready at Fri, 29 Apr 2016 09:53:34 -0400>
    09:53:35.056 TX: <EHLO gateway1>
    09:53:35.056 RX: <250-exchange1.domain.local Hello 10.10.X.X]>
    09:53:35.056 RX: <250-SIZE>
    09:53:35.056 RX: <250-PIPELINING>
    09:53:35.056 RX: <250-DSN>
    09:53:35.056 RX: <250-ENHANCEDSTATUSCODES>
    09:53:35.056 RX: <250-STARTTLS>
    09:53:35.056 RX: <250-X-ANONYMOUSTLS>
    09:53:35.056 RX: <250-AUTH NTLM>
    09:53:35.056 RX: <250-X-EXPS GSSAPI NTLM>
    09:53:35.056 RX: <250-8BITMIME>
    09:53:35.056 RX: <250-BINARYMIME>
    09:53:35.056 RX: <250-CHUNKING>
    09:53:35.056 RX: <250-XEXCH50>
    09:53:35.056 RX: <250-XRDST>
    09:53:35.056 RX: <250 XSHADOW>
    09:53:35.056 TX: <MAIL FROM:<random@user.org> SIZE=40233>
    09:53:35.056 RX: <250 2.1.0 Sender OK>
    09:53:35.056 TX: <RCPT TO:<internal_dist_group_blocking_non_auth_messages@domain.local>>
    09:53:35.056 RX: <250 2.1.5 Recipient OK>
    09:53:35.056 TX: <DATA>
    09:53:35.056 RX: <354 Start mail input; end with <CRLF>.<CRLF>>
    09:53:35.213 RX: <250 2.6.0 <bb3a65e077043968b99b37d681fc2e48@user.org> [InternalId=13683389] Queued mail for delivery>
    09:53:35.213 TX: <QUIT>
    09:53:35.213 RX: <221 2.0.0 Service closing transmission channel>
    09:53:35.213 Thread exiting for B5723675e0002.000000000001.0006.mml after 157 millisecs
    09:53:35.213 Message B5723675e0002.000000000001.0006.mml to recipient internal_dist_group_blocking_non_auth_messages@domain.local was successful
    

    Tuesday, May 3, 2016 8:02 PM
  • Hi, 

    Make sure you have not disabled external NDR on your remote domain. You can check this with

    Get-RemoteDomain | ft Name, NDREnabled

    If it is disabled you can enabled it with (change YOUR_REMOTE_NAME to match your environment)

    Set-Remotedomain YOUR_REMOTE_NAME -NDREnabled $true

    Patrik

    Thanks for your reply. I am going to look into this now. NDR's have traditionally been operational in this environment, however I have not confirmed they were operational against a distribution group configured to reject mail from non-authenticated users (because there shouldn't have been any configured this way). I will reply with results.

    Tuesday, May 3, 2016 8:06 PM
  • Hi,

    So, are these a few dozen external customers all hotmail accounts? How about other types of external accounts? Like Gmail.

    If there are any transport rules related to this issue?

    If you send message from your exchange account to that hotmail account, will he received?

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Thanks for your reply.

    Actually none were hotmail, I just threw that in there to keep the actual customer in this example private. Mail flow to/from all the external users involved is fine, we have been reaching out to them. However their initial emails never made it in, all with the failed route as per the transaction logs above. Accepted by gateway, forwarded to exchange, ACCEPTED by exchange, forwarded to the distribution group and that's where it stops...route fails and no NDR sent. The messages can not be found.

    Tuesday, May 3, 2016 8:08 PM