?
Solved

Exchange 2000 NDR's... errors?  HELP!

Posted on 2003-02-26
9
Medium Priority
?
227 Views
Last Modified: 2006-11-17
We run Exchange 2000 SP3 on Win2K Server SP3 and have it configured to send all NDR reports to me (we only have about 20 exchange users, so not TOO many NDR's come my way). Occasionally - a few times a week - I will get NDR's that look like the ones below. (I changed the email of the person who it was sent to "userid@theirserver.com" and our mail server to "mail.ourserver.com")

I notice that it says below "You do not have permission to send to this recipient".  Strange, especially considering that the recipient has nothing to do with our company and is outside our domain.

Occasionally we get other NDR's that look similar to the one below that have:

"There was a SMTP communication problem with the recipient's email server."

or

"The destination server for this recipient could not be found in Domain Name Service (DNS). Please verify the email address and retry."

(I get this last one - with the DNS 'error' most often - about 10 times a day.  Keep in mind that we probably send on average about 500 emails a day)

I spoke to the person who sent the email, and she said that she sends e-mail to this particular recipient at least once a day and this is the first time it has ever bounced back. She says it came back fairly quickly, but not immediately which leads me to believe that it left our mail server okay and was bounced by the recipient's mail server for some reason. Out of curiosity as well, I sent an e-mail to the intended recipient and it was received and replied to just fine. I had our employee try to resend it 15 mins ago, and so far all is good. Was the NDR just a fluke, or is it indicitive of a deeper problem?  I tend to think that it's a problem on our end (with DNS?) becuase this happens so often, and with at least SOME known good addresses.

Also an FYI, anonymous relay has been disabled on our mail server, and our server is not on any Blackhole or spam lists.

As far as NDR's go, can anyone help decipher these messages? Are these *normal* to see? Could there be something wrong with how DNS is configured for our domain - either in AD, or our ISP? Or are these NDR's a result of "the other end"? Are there any settings I should check to make sure our DNS is working properly? The only reason we have DNS here internally is to run Exchange and AD.

Any help is MUCH appreciated!

-------------------------------------------------
Example of NDR:
-------------------------------------------------
-----Original Message-----
From: System Administrator
Sent: Wednesday, February 19, 2003 11:46 AM
To: JOE SMITH (E-mail)
Subject: Undeliverable: RESCHEDULED Meeting


Your message did not reach some or all of the intended recipients.

Subject: RESCHEDULED Meeting
Sent: 2/19/2003 11:45 AM

The following recipient(s) could not be reached:

JOE SMITH (E-mail) on 2/19/2003 11:46 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.ourserver.com #5.7.1 smtp;550 5.7.1 Unable to relay for
userid@theirserver.com>
-------------------------------------------------
-------------------------------------------------
0
Comment
Question by:jtb33byu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 2

Expert Comment

by:dankennedy
ID: 8031450
When you get this one...
"The destination server for this recipient could not be found in Domain Name Service (DNS). Please verify the email address and retry."

Does the domain of the recipient exist? Or was there just a typo by the user?

JOE SMITH (E-mail) on 2/19/2003 11:46 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.ourserver.com #5.7.1 smtp;550 5.7.1 Unable to relay for
userid@theirserver.com>

For this one, I'd have the user try removing and recreating the contact (JOE SMITH (E-mail)). I've seen people get this NDR when the contact is corrupt.
0
 
LVL 2

Expert Comment

by:dankennedy
ID: 8031459
Also, for DNS, make sure your Exchange server is set to use the internal DNS server for name resolution, and not an external one. Make sure the internal DNS server's MX record is correct and pointing to your internal exchange server.
0
 

Author Comment

by:jtb33byu
ID: 8034399
You're right about the NDR's that come back as:

"The destination server for this recipient could not be found in Domain Name Service (DNS). Please verify the email address and retry."

The domains are either typo's or non-existant.

We get the error:

JOE SMITH (E-mail) on 2/19/2003 11:46 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.ourserver.com #5.7.1 smtp;550 5.7.1 Unable to relay for
userid@theirserver.com>

even when e-mail addresses are just manually typed into the "To:" field in Outlook.  So I don't know what the problem could be there...


As for our internal DNS, the MX record on it points to mail.ourdomain.com which has only an internal IP address (192.168.1.X) and is statically routed by a firewall to an external IP.

You say that my Exchange server should use only my internal DNS server for name resolution?  Just to make sure I am doing it correctly, how do I verify that my Exchange server is set to use internal DNS for name resolution?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:dankennedy
ID: 8034540
To check the DNS server, just check the general Windows IP configuration. At a command prompt...

ipconfig /all

Also, make sure the user does not have an internet mail account setup in Outlook. These clients are using Outlook right? Because this error...

mail.ourserver.com #5.7.1 smtp;550 5.7.1 Unable to relay for

Seems like the client might be trying to send the message using an internet mail account (SMTP), or that the client is not authenticating properly to the server. Check to make SURE they aren't using Outlook express by accident.

Also, you said your MX record is pointing to mail.ourserver.com and, mail.ourserver.com is pointing to the internal IP of your exchange server right? Your internal DNS should in no way point at the firewall or things will really get wacky. Your DNS server should also be configured to be primary on the ourserver.com domain.

Let me know if any of this helps...
0
 

Author Comment

by:jtb33byu
ID: 8034721
You're right about the NDR's that come back as:

"The destination server for this recipient could not be found in Domain Name Service (DNS). Please verify the email address and retry."

The domains are either typo's or non-existant.

We get the error:

JOE SMITH (E-mail) on 2/19/2003 11:46 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.ourserver.com #5.7.1 smtp;550 5.7.1 Unable to relay for
userid@theirserver.com>

even when e-mail addresses are just manually typed into the "To:" field in Outlook.  So I don't know what the problem could be there...


As for our internal DNS, the MX record on it points to mail.ourdomain.com which has only an internal IP address (192.168.1.X) and is statically routed by a firewall to an external IP.

You say that my Exchange server should use only my internal DNS server for name resolution?  Just to make sure I am doing it correctly, how do I verify that my Exchange server is set to use internal DNS for name resolution?
0
 
LVL 2

Expert Comment

by:dankennedy
ID: 8035000
I'm guessing that repost wasn't on purpose :)
0
 

Author Comment

by:jtb33byu
ID: 8035212
Yeah, sorry, I refreshed the page and it seemed to double post...  very strange how it did it before and after your post...

Anyway, yes the server is configured to use internal DNS first, and then use two external DNS (from our ISP) 2nd and 3rd...  I knew about ipconfig, but thought from you post that there was a way to tell exchange specifically which DNS server to use...  my mistake!

All of our users use Outlook 2K, no one has OE set up, but a few users do have an ISP pop3 account set up in addition to their exchange account, though this "issue" happens even from users who do not have any other accounts set up in Outlook.

"Also, you said your MX record is pointing to mail.ourserver.com and, mail.ourserver.com is pointing to the internal IP of your exchange server right? Your internal DNS should in no way point at the firewall or things will really get wacky. Your DNS server should also be configured to be primary on the ourserver.com domain."

Well, our internal DNS has the MX record pointing to mail.ourdomain.com but internally, mail.ourdomain.com resolves to 192.168.1.X - an internal IP.  For users OUTSIDE our network, our ISP's DNS resolves mail.ourdomain.com to an internet visible IP which is pointed to our router which in turn is sent to a firewall that routes all requests for mail.ourdomain.com on port 25 to the internal IP for our exchange server.  I think this is the correct way to do it, no?
0
 
LVL 2

Accepted Solution

by:
dankennedy earned 300 total points
ID: 8035310
Yes, your DNS is configured correctly, however, you said on your Exchange server, you have two ISP DNS servers listed. This is usually not a good idea, and I would guess is what is causing your problems. If the Exchange server (for whatever reason) tries to use the external DNS server, it will resolve mail.ourserver.com to the external address of the firewall, that confuses Exchange because it won't be able to send information to that IP, I've seen many weird problems when using an ISP DNS server.

I'd suggest removing those two DNS servers and using only internal DNS servers for the Exchange server. If you have more then one server, install DNS on both and make one the secondary DNS server.
0
 

Author Comment

by:jtb33byu
ID: 8042445
Okay, I took the superfulous DNS entries out of the E2K server and we'll see what happens with it.

I appreciate you help thus far.  If it solves the problem by the end of the day, I'll be back and give you the points.

Thanks!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question