Exchange 2003 internet mail routing help

If it is only doing it for non existant users then enable the feature for Exchange to filter out non-existant users.

To enable this option:

1. Expand ESM, Message Delivery.
2. Right click on "Message Delivery" and choose Properties.
3. Click on the tab "Recipient Filtering".
4. Enable the option "Filter Recipients who are not in the directory."

You then need to enable the Recipient Filter on the SMTP Server.

1. Still in ESM, Expand Admin Groups, <your admin groups>, Server, <your server>, Protocols, SMTP.
2. Right click on SMTP Virtual Server and choose Properties.
3. Click on "Advanced" next to the IP address on the first tab.
4. With the IP address selected, choose "Edit".
5. Enable "Apply Recipient Filter".
6. Click Apply/OK until clear.  

Simon.

Thank you Simon,
That worked and was very helpful. Now that I have turned this on when I email from an outside account to a former employee I do not receive a NDR (johndoe@company.com) I do however receive a NDR when I send to a non valid company address. (ljljljlj@company.com)
Any Ideas?
Thank you

Update we are recieving the same errors again and the mail is looping after adding the recipient filter.

If you are not getting an NDR for ex-employees then the email address is still in the system somewhere. You need to find it and remove it.
Confirm whether this is the case by trying to add the email address to something else and see if Exchange throws an error.

As for your second issue - what exactly is looping and between what - the internet and your external mail server - external mail server and Exchange?

If it is between the Exchange server and the Internet mail server then I would start to look at the configuration of the Internet mail server. It sounds like it isn't allowing NDRs back out again.

Simon.

For example:
I have received this errror this morning. See Below
when i email address that has never been a former email address i get the ndr no problem.  so that tells me that ndr are coming out from the internet e-mail server. Does this answer anything. If you need anymore info about my setup let me know. Thank you again for your help.

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3005
Date:            9/13/2004
Time:            9:00:27 AM
User:            N/A
Computer:      exchange2003
Description:
A non-delivery report with a status code of 4.4.6 was generated for recipient rfc822;rroyer@companyxyz.com (Message-ID  <2ec601c4998a$d4243ff4$c6d1b8b0@maxpower.co.uk>).  
Cause: The maximum hop count was exceeded for this message.  This non-delivery report can also be caused if a looping condition exists between sending and receiving servers that are not in the same Exchange organization. In this situation, the message bounces back and forth until the hop count is exceeded.  A configuration error in the e-mail system can also cause the message to bounce between two servers or to be forwarded between two recipients.      
Solution: The maximum hop count is a property set on each virtual server and you can manually override it.  The default maximum hop count is 15. Also, check for any situations that might cause loops between servers.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: cd 02 04 c0               Í..À    

I am beginning to feel that the "Internet" server is the cause of the problems.
With the other settings and information you have indicated are not problems caused by Exchange. Exchange problems are pretty similar - this is SMTP and the SMTP element of Exchange/Windows is very robust and rarely causes problems.

If you don't administrate this machine then I would ask whoever does to look at it. It is not handling NDR or SMTP traffic connections correctly.

Simon.

OK, here is what is happening as best as I can figure it out:

1. When I send email from the outside world to a ficticious, never-been-used address (e.g. plokijqwerty@companyabc.com), the Internet server sees the domain companyabc.com and correctly routes the incoming message to our Exchange server. The Exchange server responds to the Internet server with:

550 5.1.1 User unknown

The Internet server then gives up and sends an NDR to the originating party. This is all normal, verified and correct behavior.

2. However, when I send an email from the outside world to an email address which is defunct, (by that I mean that it belonged to a former employee or something like that), for example joewilson@companyabc.com, then the Internet mail server forwards it to the Exchange server as expected, but the Exchange server does *not* respond with a 550. For some reason it treats addresses differently when they *used* to exist, but no longer do, as opposed to addresses which *never* existed.

Whatever the case, the Exchange accepts the message from the Internet server, and tries to deliver it. Since that address is not associated with any mailbox on the Exchange server, and since that server is the only Exchange server in our Organization, it seems that it essentially punts, and sends the message back out the only other transport available to it: the SMTP connector to the Internet server.

The Internet server receives it, examines the domain of the recipient, correctly concludes the companyabc.com should be routed to the Exchange server, and sends it right back, starting the whole process all over again. This back and forth happens 15 times or so until one or the other of the servers decides that too many hops have been traversed, at which point it drops the message and flags an error in either syslog or event viewer.

I have verified all of the above by examining logs, reading message queues, doing message tracking, and sending lots of test messages from my yahoo account. I guess what this boils down to is somehow instructing the Exchange server to treat deleted addresses the same as those which never existed. When an employee leaves, we delete the mailbox, but often we will assign the deleted user's email address to their supervisor's mailbox for a time. After a while, the SMTP address is removed from their supervisor as well. We also often just delete the mailbox without doing this too.

Maybe we are not deleting old users the proper way, I don't know. What I do know is that somewhere, deep in the bowels of my Exchange data store, those addresses are trapped and clung to as though stuck in a digital purgatory. I would like to free them. Any help would be appreciated.

You could try the old fashioned way of dealing with old email addresses - that is a blackhole.
Create a new distribution list but don't add any members to it.
Then add the email addresses that you want to "blackhole" to the list of email addresses for the list. the email messages will come in and disapear in to the blackhole.

Have you checked the addresses are no longer valid on Exchange? Enter the email address in Outlook then click on the body. Outlook will attempt to lookup the address and attach it to something.

Simon.

Great thank you for all your help Simon! atleast i have some solutions to try.