locked
Can anyone make sense of this NDR Delivery Failure message? RRS feed

  • Question

  • My partner's office hasn't been able to receive any emails today.  She mentioned the problem to me and I thought I'd take a look at the NDR she receive when she sent a test email from her Hotmail account (all senders have been getting the same NDR).

    I'm not helping their IT department out - I'm just interested in the NDR.

    It's not an NDR I've seen before - but from the looks of it I would say they've got a DNS issue.  They're a big multinational company with a big IT department.

    Server is Exchange 2003

    Subject: Delivery Status Notification (Failure)

    This is an automatically generated Delivery Status Notification.

    Delivery to the following recipients failed.

          (her@email address here)

    Reporting-MTA: dns;bay0-omc2-s8.bay0.hotmail.com Received-From-MTA: dns;BAY402-EAS38 Arrival-Date: Mon, 20 Aug 2012 04:49:31 -0700 Final-Recipient: rfc822;her@email addressAction: failed Status: 5.4.0


    • Edited by BadBoyHouse Monday, August 20, 2012 6:08 PM
    Monday, August 20, 2012 6:08 PM

Answers

  • 5.4.0 is something DNS, however it would appear that the recipient host is not sending back the full text. Some mail admins think this is a "good" thing to do as it doesn't help the spammers, but of course spammers will not see the NDR as they will be using a compromised machine. I doubt if it is Exchange accepting the email, most large sites will have something between Exchange and the internet.

    Last time I saw something like this it was down to a blacklist being shutdown, but I haven't heard of one going recently.

    Not really enough information to diagnose further.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    • Proposed as answer by Shabarinath Tuesday, August 21, 2012 12:11 AM
    • Marked as answer by Zi FengModerator Tuesday, August 28, 2012 2:08 AM
    Monday, August 20, 2012 10:47 PM

All replies

  • 5.4.0 is something DNS, however it would appear that the recipient host is not sending back the full text. Some mail admins think this is a "good" thing to do as it doesn't help the spammers, but of course spammers will not see the NDR as they will be using a compromised machine. I doubt if it is Exchange accepting the email, most large sites will have something between Exchange and the internet.

    Last time I saw something like this it was down to a blacklist being shutdown, but I haven't heard of one going recently.

    Not really enough information to diagnose further.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    • Proposed as answer by Shabarinath Tuesday, August 21, 2012 12:11 AM
    • Marked as answer by Zi FengModerator Tuesday, August 28, 2012 2:08 AM
    Monday, August 20, 2012 10:47 PM
  • Cheers.  I thought it could be a DNS issue.

    What sort of stuff do large sites have between Exchange and the internet?

    Also, out of interest, what would a blacklist being shut down mean with an NDR like this?

    Tuesday, August 21, 2012 8:23 AM
  • Appliance of some kind is usually used between the Internet and Exchange.

    In the past, I have seen blacklist operators return a blacklist error on every query, so all email is blocked, in an attempt to get people to stop using their servers before they shut down.

    However as there isn't enough information in the NDR it is impossible to say what the actual cause is.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Tuesday, August 21, 2012 9:16 AM