none
Can't Send Emails To Large Batch Of Recipients, Message Rejected RRS feed

  • Question

  • I could use some major help in troubleshooting an email issue that we are having.  Our setup is a one month old SBS 2011 server with Exchange 2010 and all relevant updates and service packs.  We are running Symantec Mail Security as our Spam Application.

    We have no trouble sending emails to singal address or a even a few address for that matter.  However, when we have an email that has a few hundred to a 1,000+ contacts the large majority of them get rejected.  I have checked to ensure we aren't blacklisted so I am not really sure what is going on.  Our Exchange server is setup plain stock except I have changed all message attachment and size limits to 99MB.  When we send these large messages we aren't attaching any kind of document so this isn't an issue either.

    How would you go about troubleshooting this issue.  The exact error message we receive is below.

       

    XXXXXXXXXXXXXXXXXXXXXXXXXXXX.com  rejected your message to the following e-mail addresses:

    'John Smith' (john@smith.com)

    XXXXXXXXXXXXXXXXXXXXXXXXXXX.com  gave this error:
    Unable to deliver to <john@smith.com> 

    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or other restriction may be preventing delivery.

    We desperately need to be able to send to large batches of clients at a time without issue.

    Thanks so much for all your help in advance!

    Wednesday, October 10, 2012 7:54 AM

Answers

  • On Mon, 15 Oct 2012 05:27:47 +0000, CoMpUtErGoD20XX wrote:
     
    >Thanks so much for your help. Sorry for the delay in getting back to everyone.
    >
    >As requested the full NDR is at the bottom of this message. I have removed some of the personal information and change it to *'s but the important stuff should all be there.
    >
    >I just enabled smtp logging. I haven't had a chance to contact the client yet about their settings. I will have another large message sent out as soon as I can but it may take sometime before they are ready to send another blast.
     
    Looking at the NDR, it says that "g****.g*******.com" rejected the
    message. Your machine's name is, presumably, in the "e**.com" domain.
     
    The message was addressed to someone in the "f*********.com" domain.
     
    So, why are you sending mail for "f*********.com" to a machine named
    "g****.g*******.com"? Is that your ISP's relay server? Or is that the
    name of the machine that the MX record for the target domain uses?
     
    Given that set of names I don't think your problem is Exchange. Your
    SMTP Send protocol logs will show you who sent the 550 status unless
    there were more than 5000 RCPT TO addresses in the message (that's
    your envelope recipient limit).
     
    Here are the relevant bits form the NDR:
     
    Who bounced the message:
    g****.g*******.com rejected your message to the following e-mail
    addresses:
     
    The recipient of the message:
    'J*** S*****' (js**@f*********.com)
     
    Why the message was rejected:
    g****.g****.com gave this error:
    Unable to deliver to <j**********@f*********.com>
     
    g****.g*******.com #550 5.7.1 Unable to deliver to
    <j**********@f*********.com> ##
     
     
    The message sender:
    From: V* G* <V*@e**.com>
     
     
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, October 15, 2012 1:28 PM
  • Hello,

    The smtp logging shouldn't cause performance issue.

    You send an email today and generate the NDR"email address doesn't exist". The NDR means these email address are not correct or these recipient don't exist.

    Please try to only send an email to these recipient and check the result.


    Cara Chen

    TechNet Community Support


    Wednesday, October 17, 2012 8:44 AM
    Moderator

All replies

  • On Wed, 10 Oct 2012 07:54:07 +0000, CoMpUtErGoD20XX wrote:
     
    >
    >
    >I could use some major help in troubleshooting an email issue that we are having. Our setup is a one month old SBS 2011 server with Exchange 2010 and all relevant updates and service packs. We are running Symantec Mail Security as our Spam Application.
    >
    >We have no trouble sending emails to singal address or a even a few address for that matter. However, when we have an email that has a few hundred to a 1,000+ contacts the large majority of them get rejected. I have checked to ensure we aren't blacklisted so I am not really sure what is going on. Our Exchange server is setup plain stock except I have changed all message attachment and size limits to 99MB. When we send these large messages we aren't attaching any kind of document so this isn't an issue either.
    >
    >How would you go about troubleshooting this issue. The exact error message we receive is below.
    >
    >XXXXXXXXXXXXXXXXXXXXXXXXXXXX.com rejected your message to the following e-mail addresses: 'John Smith' (john@smith.com) XXXXXXXXXXXXXXXXXXXXXXXXXXX.com gave this error: Unable to deliver to <john@smith.com> Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or other restriction may be preventing delivery.
    >
    >
    >
    >We desperately need to be able to send to large batches of clients at a time without issue.
     
    Is XXXXXXXXXXXXXXXXXXXXXXXXX.com your server/domain?
     
    How about posting the rest of the NDR?
     
    Have you changed the maximum number of recipients allowed by the
    transport?
     
    (Get-TransportConfig).MaxRecipientEnvelopeLimit
     
    http://technet.microsoft.com/en-us/library/bb124405.aspx
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Wednesday, October 10, 2012 3:38 PM
  • Hello,

    Please check the maximum number of recipients.

    Please disable any AV/AS scanning on your Exchange server and test again.

    Default, there are only three transport agents enabled. Please run the cmdlet “Get-TransportAgent” to check if there are any other transport agents enabled. If there exists other transport agent enabled, please disable them and test again.

    Please enable the smtp logging to check if there is any information related to the issue.

    Please contact recipient side to make sure whether there is any limitation.


    Cara Chen

    TechNet Community Support


    Thursday, October 11, 2012 2:46 AM
    Moderator
  • Thanks for the suggestions.  I ran out of time today to perform troubleshooting.  I will work more on this tomorrow and report back once I have performed the requested steps.

    Thanks so much for the replies.

    Thursday, October 11, 2012 7:17 AM
  • Hello,

    Any update?


    Cara Chen

    TechNet Community Support

    Monday, October 15, 2012 1:43 AM
    Moderator
  • All,

    Thanks so much for your help.  Sorry for the delay in getting back to everyone.

    As requested the full NDR is at the bottom of this message.  I have removed some of the personal information and change it to *'s but the important stuff should all be there.

    I just enabled smtp logging.  I haven't had a chance to contact the client yet about their settings.  I will have another large message sent out as soon as I can but it may take sometime before they are ready to send another blast.

    [PS] C:\Windows\system32>(Get-TransportConfig).MaxRecipientEnvelopeLimit

                                                    IsUnlimited                                                       Value
                                                    -----------                                                       -----
                                                          False                                                        5000

    [PS] C:\Windows\system32>Get-TransportAgent

    Identity                                           Enabled         Priority
    --------                                           -------         --------
    SMSMSERoutingAgent                                 True            1
    SMSMSESMTPAgent                                    True            2
    Transport Rule Agent                               True            3
    Text Messaging Routing Agent                       True            4
    Text Messaging Delivery Agent                      True            5
    Connection Filtering Agent                         True            6
    Content Filter Agent                               True            7
    Sender Id Agent                                    True            8
    Sender Filter Agent                                True            9
    Recipient Filter Agent                             True            10
    Protocol Analysis Agent                            True            11

    NDR Start:

    From: Microsoft Outlook 
    Sent: Wednesday, October 03, 2012 4:37 PM
    To: V* G*
    Subject: Undeliverable: Gotta Love it from Tony C*
     
     
    g****.g*******.com  rejected your message to the following e-mail addresses:
     
    'J*** S*****' (js**@f*********.com)
     
    g****.g****.com  gave this error:
    Unable to deliver to <j**********@f*********.com> 
     
    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
     
     
     
     
     
     
     
    Diagnostic information for administrators:
     
    Generating server: MyServer.e**.local
     
    j**********@f*********.com
    g****.g*******.com  #550 5.7.1 Unable to deliver to <j**********@f*********.com> ##
     
    Original message headers:
     
    Received: from MyServer.e**.local ([fe80::2c86:c4ed:4fca:717a]) by
     MyServer.e**.local ([fe80::2c86:c4ed:4fca:717a%10]) with mapi id
     14.02.0318.001; Wed, 3 Oct 2012 16:37:15 -0400
    Content-Type: multipart/mixed;
            boundary="_000_C92F1102D66FB945963AEE2DD6E43AB686122BT410SBS201121esi4_"
    From: V* G* <V*@e**.com>
    Subject: Gotta Love it from Tony C*
    Thread-Topic: Gotta Love it from Tony C*
    Thread-Index: Ac2hpt138zd2HIahSVyOqIp6Ji7Ilg==
    Date: Wed, 3 Oct 2012 20:37:14 +0000
    Message-ID: <C92F1102D66FB945963AEE2DD6E43AB686122B@MyServer.e**.local>
    Accept-Language: en-US
    Content-Language: en-US
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator: <C92F1102D66FB945963AEE2DD6E43AB686122B@MyServer.e**.local>
    x-originating-ip: [192.168.50.109]
    MIME-Version: 1.0

    NDR End:

    Monday, October 15, 2012 5:27 AM
  • Hello,

    By default, there are only three transport agents(Transport rule agent, text messaging routing agent and text messaging delivery agent) enabled, please disable other agents and check the result.

    If these contacts are distribution group members, please make sure if you assign moderator and check if there is any transport rule.

    Please collect smtp log.

     


    Cara Chen

    TechNet Community Support

    Monday, October 15, 2012 8:01 AM
    Moderator
  • On Mon, 15 Oct 2012 05:27:47 +0000, CoMpUtErGoD20XX wrote:
     
    >Thanks so much for your help. Sorry for the delay in getting back to everyone.
    >
    >As requested the full NDR is at the bottom of this message. I have removed some of the personal information and change it to *'s but the important stuff should all be there.
    >
    >I just enabled smtp logging. I haven't had a chance to contact the client yet about their settings. I will have another large message sent out as soon as I can but it may take sometime before they are ready to send another blast.
     
    Looking at the NDR, it says that "g****.g*******.com" rejected the
    message. Your machine's name is, presumably, in the "e**.com" domain.
     
    The message was addressed to someone in the "f*********.com" domain.
     
    So, why are you sending mail for "f*********.com" to a machine named
    "g****.g*******.com"? Is that your ISP's relay server? Or is that the
    name of the machine that the MX record for the target domain uses?
     
    Given that set of names I don't think your problem is Exchange. Your
    SMTP Send protocol logs will show you who sent the 550 status unless
    there were more than 5000 RCPT TO addresses in the message (that's
    your envelope recipient limit).
     
    Here are the relevant bits form the NDR:
     
    Who bounced the message:
    g****.g*******.com rejected your message to the following e-mail
    addresses:
     
    The recipient of the message:
    'J*** S*****' (js**@f*********.com)
     
    Why the message was rejected:
    g****.g****.com gave this error:
    Unable to deliver to <j**********@f*********.com>
     
    g****.g*******.com #550 5.7.1 Unable to deliver to
    <j**********@f*********.com> ##
     
     
    The message sender:
    From: V* G* <V*@e**.com>
     
     
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, October 15, 2012 1:28 PM
  • On Mon, 15 Oct 2012 05:27:47 +0000, CoMpUtErGoD20XX wrote:
     
    Looking at the NDR, it says that "g****.g*******.com" rejected the
    message. Your machine's name is, presumably, in the "e**.com" domain.
     
    The message was addressed to someone in the "f*********.com" domain.
     
    So, why are you sending mail for "f*********.com" to a machine named
    "g****.g*******.com"? Is that your ISP's relay server? Or is that the
    name of the machine that the MX record for the target domain uses?
     
    Given that set of names I don't think your problem is Exchange. Your
    SMTP Send protocol logs will show you who sent the 550 status unless
    there were more than 5000 RCPT TO addresses in the message (that's
    your envelope recipient limit).
     
    Here are the relevant bits form the NDR:
     
    Who bounced the message:
    g****.g*******.com rejected your message to the following e-mail
    addresses:
     
    The recipient of the message:
    'J*** S*****' (js**@f*********.com)
     
    Why the message was rejected:
    g****.g****.com gave this error:
    Unable to deliver to <j**********@f*********.com>
     
    g****.g*******.com #550 5.7.1 Unable to deliver to
    <j**********@f*********.com> ##
     
     
    The message sender:
    From: V* G* <V*@e**.com>
     
     
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP

    Yes, my server is in the "e**.com" domain.  The end users email is in the "f*********.com" domain. 

    The "g****.g*******.com" domain is not part of our systems or our isps to my knowledge.  I guess this is 

    the name of the machine that the MX record for the target domain uses?  Our ISP is comcast and our domain name is at EZNetTools (not my choice) but exchange and everything is run from our sbs 2011 server with no relay that I am aware of.

    The message was sent to about 100 people in total I am told.  So we are no where near the 5000 envelope.

    You mentioned that my problem isn't most likely exchange and state the exchange send protocol log may show something more.  This would be true for this particular message though because I just turned on smtp logging, correct?  Meaning I would have to send another and see if we get similar ndrs and then look at the log?

    Thanks for your help.

    Monday, October 15, 2012 3:21 PM
  • Hello,

    Yes, you enable smtp send protocol log may get some useful information. Smtp protocol logging contains smtp receive protocol log and smtp send protocol log.

    After you enable smtp send protocol log, you need sending another message and check the log.


    Cara Chen

    TechNet Community Support

    Tuesday, October 16, 2012 1:48 AM
    Moderator
  • On Mon, 15 Oct 2012 15:21:02 +0000, CoMpUtErGoD20XX wrote:
     
    [ snip ]
     
    >Yes, my server is in the "e**.com" domain. The end users email is in the "f*********.com" domain.
    >
    >The "g****.g*******.com" domain is not part of our systems or our isps to my knowledge. I guess this is
    >the name of the machine that the MX record for the target domain uses?
     
    That's easy enough for you to check. You know the domain and can find
    the name and IP address.
     
    >Our ISP is comcast and our domain name is at EZNetTools (not my choice) but exchange and everything is run from our sbs 2011 server with no relay that I am aware of.
     
    So your send connector is set up to deliver outbound e-mail directly
    to the target domain?
     
    >The message was sent to about 100 people in total I am told. So we are no where near the 5000 envelope.
     
    100 people all in the same domain, or 100 people spread over several
    domains?
     
    >You mentioned that my problem isn't most likely exchange and state the exchange send protocol log may show something more. This would be true for this particular message though because I just turned on smtp logging, correct? Meaning I would have to send another and see if we get similar ndrs and then look at the log?
     
    Well, yeah. You can't look at the log if it wasn't configured.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Tuesday, October 16, 2012 2:31 AM
  • Rick,

    I thought that was the obvious answer but I figured I would rather look dumb and ask than to assume.  I am onsite tomorrow so hopefully we can send out a new message batch and see some results in the logs.

    Thanks!

    Tuesday, October 16, 2012 4:20 AM
  • We did send an email blast today.  The message was sent to 148 recipients.  We received a total of 31 NDRs.  After looking through the majority of the NDRs it appears that we don't have an exchange issue after all.  The overall majority of the NDRs state "email address doesn't exist".  I then used an online utility to verify several messages and sure enough they are all bad.

    So all the panic wasn't necessary at this point.  Is there any harm or major performance issues with leaving smtp logging turned on or should I switch it off until we actually have an issue?

    Thanks for your help!

    Wednesday, October 17, 2012 4:52 AM
  • Hello,

    The smtp logging shouldn't cause performance issue.

    You send an email today and generate the NDR"email address doesn't exist". The NDR means these email address are not correct or these recipient don't exist.

    Please try to only send an email to these recipient and check the result.


    Cara Chen

    TechNet Community Support


    Wednesday, October 17, 2012 8:44 AM
    Moderator
  • Thanks for the note about smtp logging.  Yes, we contacted several of the people that were getting these messages from and they did update their emails without passing the information along.

    Thanks.

    Wednesday, October 17, 2012 10:36 PM
  • Hello,

    I don't understand the sentence"they did update their emails without passing the information along", and you mean you send an email to these recipient successfully or unsuccessfully.


    Cara Chen

    TechNet Community Support

    Monday, October 22, 2012 2:08 AM
    Moderator
  • On Mon, 22 Oct 2012 02:08:21 +0000, cara chen wrote:
     
    >I don't understand the sentence"they did update their emails without passing the information along", and you mean you send an email to these recipient successfully or unsuccessfully.
     
    He means that they changed their e-mail addresses and didn't notify
    anyone.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, October 22, 2012 2:57 AM
  • Hello,

    Thank you for your explanation.

    And CoMpUtErGo20XX, if there is any update.


    Cara Chen

    TechNet Community Support

    Monday, October 22, 2012 3:29 AM
    Moderator