none
All external senders receive NDRs to one recipient even though the recipient receives the mail RRS feed

  • Question

  • I have a strange problem where mail from an external sender to just one user mailbox in an Exchange 2007 environment  generates an NDR for the sender, however the recipient receives the mail perfectly fine. It is really hard to find out what is causing this NDR because it shows in the tracking logs as it was successfully delivered.

    The mail does pass through messagelabs.com for filtering, but it would appear this has no influence because the NDR comes from the exchange server itself. This happens for just one user on all the SMTP addresses they have.

    Below is a copy of the NDR

    Any advice would be appreciated:

    Delivery has failed to these recipients or groups:

    postmaster@OurDomainName.Com The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message. If the problem continues, please contact your helpdesk.

    Diagnostic information for administrators:

    Generating server: internalDomainName.local

    postmaster@OurDomainName.Com Remote Server returned '< #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found>'

    Original message headers:

    Received: from onyx.net (194.176.73.101) by SaMa-Edin.internalDomainName.local  (10.5.12.1) with Microsoft SMTP Server id 8.3.298.1; Wed, 31 Jul 2013  20:12:00 +0100 Received: from mail6.bemta3.messagelabs.com (mail6.bemta3.messagelabs.com  [195.245.230.39])         by mx1.onyx.net (Postfix) with ESMTP id 22CC3B6C08E     for  <sam@OurDomainName.Com>; Wed, 31 Jul 2013 20:13:58 +0100 (BST) Received: from [195.245.230.51:2333] by server-7.bemta-3.messagelabs.com id  6E/5B-22631-6F169F15; Wed, 31 Jul 2013 19:13:58 +0000 X-Env-Sender: ritchie.thornton@enablesit.com X-Msg-Ref: server-8.tower-33.messagelabs.com!1375298037!3673232!1 X-Originating-IP: [195.130.217.51] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:   VHJ1c3RlZCBJUDogMTk1LjEzMC4yMTcuNTEgPT4gNDc4NTUz\n X-StarScan-Received: X-StarScan-Version: 6.9.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 22620 invoked from network); 31 Jul 2013 19:13:57 -0000 Received: from service64.mimecast.com (HELO service64.mimecast.com)  (195.130.217.51)  by server-8.tower-33.messagelabs.com with SMTP; 31 Jul 2013  19:13:57 -0000 Received: from EIT-LHD-MBX02.enablesit.com (u84-19-44-108.user.cust.vaioni.com  [84.19.44.108]) (Using TLS) by service64.mimecast.com; Wed, 31 Jul 2013  20:13:57 +0100 Received: from EIT-LHD-MBX02.enablesit.com (10.20.30.207) by  EIT-LHD-MBX02.enablesit.com (10.20.30.207) with Microsoft SMTP Server (TLS)  id 15.0.620.29; Wed, 31 Jul 2013 20:10:37 +0100 Received: from EIT-LHD-MBX02.enablesit.com ([fe80::cce8:29f0:248c:ee1]) by  EIT-LHD-MBX02.enablesit.com ([fe80::cce8:29f0:248c:ee1%13]) with mapi id  15.00.0620.020; Wed, 31 Jul 2013 20:10:25 +0100 From: Ritchie Thornton <Ritchie.Thornton@enablesit.com> To: "sam@OurDomainName.Com" <sam@OurDomainName.Com> Subject: Test message Thread-Topic: Test message Thread-Index: Ac6OIdMkZ03Kmt75Qumx3DHhlKBZDQ== Date: Wed, 31 Jul 2013 19:10:25 +0000 Message-ID: <cad7a58690eb4c06aad8d1337cba637c@EIT-LHD-MBX02.enablesit.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [82.3.252.79] MIME-Version: 1.0 X-MC-Unique: 113073120135700902 X-MTA: WoppleMail-1.0 Return-Path: ritchie.thornton@enablesit.com Content-Type: multipart/related; boundary="MCBoundary=_113073120135702302"


    Wednesday, July 31, 2013 8:18 PM

Answers

  • Finally fixed it!

    Rich, your suggestion got me to look in the right place. Thank you.

    When looking in the verbose protocol logs for the receive connector I could see that it was forwarding to postmaster@ourdomain.com which seemed strange. There was no postmaster mailbox on the server. After creating one the issue went away.

    I can’t really explain why there was a copy going to postmaster in the first place, but I am happy with the outcome.

    Thank you all for your suggestions.

    • Marked as answer by Ritchie71 Monday, August 5, 2013 7:47 PM
    Monday, August 5, 2013 7:40 PM

All replies

  • Hi

    I've seen this before when the mail is being forwarded (copied) to another mailbox that is generating the NDR.

    Steve

    Wednesday, July 31, 2013 8:21 PM
  • Hi Steve,

    Thanks for the speedy response. Unfortunately I have checked this and it is not the case. I checked via powershell also in case the GUI was hiding anything.

    Thanks,

    Ritchie

    Wednesday, July 31, 2013 8:53 PM
  • Have you check  deleting the outlook cache and typing e-mail address manually for that particular user ?

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Wednesday, July 31, 2013 8:58 PM
  • Check the SMTP protocol log and see if there were more then one RCPT TO for the message. If additional recipients were Bcc'd they wouldn't appear in the message headers.

    --- Rich Matheisen MCSE&I, Exchange MVP

    • Proposed as answer by Balwan Singh Tuesday, August 13, 2013 6:57 PM
    Thursday, August 1, 2013 12:56 AM
  • Its really starnge , but as suggested by tariq delete the local outlook cahche of user or ask the sender to type the email address manually, dont catch the address from cache.

    Balwan Singh

    Thursday, August 1, 2013 10:51 PM
  • The strange thing is this is not happening to people internally. These would be the users with the cached addresses in their outlook. It is all external people emailing in, people emailing for the first time who could not possibly have the a cached entry.

    I think I am going to have to backup, remove and recreate the mailbox. I am completely out of ideas.

    Friday, August 2, 2013 7:23 AM
  • have you tried to send mail from your Gmail, hotmail or others Email Id.  Use the ID you never use to send mail to that perticular ID.

    i hope mail will be deliver without NDR.  if it happen , then there is no problem at your end


    Balwan Singh

    Friday, August 2, 2013 9:05 AM
  • I have sent from multiple external accounts that have not been used to send to this sender before. He is getting lots of people phoning stating that there messages are not being delivered (even though they are), so we can assume it is happening from any external sender. 

    Friday, August 2, 2013 9:20 AM
  • Very strange problem indeed. I was looking at the Exchange 2007 mail flow chart in an attempt to visualize this.

    http://technet.microsoft.com/en-us/library/aa996349(v=exchg.80).aspx

    (Diagram at bottom)

    It looks like both messages from internal and external senders are placed in the submission queue.

    Then the categorizer performs: 1) recipient resolution, 2) Routing resolution and 3) Content conversion.

    I would guess that the problem is occurring there... but why?

    ***

    Was this user moved or migrated at some point?

    I was reading another post where it was explained that Exchange uses the SMTP address for external mail routing but the legacy X500 for internal. If you run...

    Get-Mailbox | fl

    on that user, are there any entries that look incorrect?

    Hypothesis: something is wrong with the SMTP address but the X500 value is correct... (???).

    Otherwise, some possible actions:

    1) Increase logging level on... Information Store? And then find the "needle in the haystack"?

    2) Have you tried to send a message to the user from the outside using Telnet?

    http://exchange.mvps.org/smtp_frames.htm

    That might eliminate any additional formatting of a regular email message and allow you to see if the problem is really due to something at the most basic "bare-bones" level.

    Not sure if that will help but that what I would try or at least look into.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, August 2, 2013 10:37 AM
  • If you haven't checked your SMTP protocol log, please do so. You should find the 550 response in there. In response to what RCPT TO address was the 550 sent?

    You can only trust YOUR log files, not the purported recipient in the message headers.


    --- Rich Matheisen MCSE&I, Exchange MVP

    Saturday, August 3, 2013 1:17 AM
  • Finally fixed it!

    Rich, your suggestion got me to look in the right place. Thank you.

    When looking in the verbose protocol logs for the receive connector I could see that it was forwarding to postmaster@ourdomain.com which seemed strange. There was no postmaster mailbox on the server. After creating one the issue went away.

    I can’t really explain why there was a copy going to postmaster in the first place, but I am happy with the outcome.

    Thank you all for your suggestions.

    • Marked as answer by Ritchie71 Monday, August 5, 2013 7:47 PM
    Monday, August 5, 2013 7:40 PM