Improve company productivity with a Business Account.Sign Up


Using nslookup to troubleshoot an email problem.

Posted on 2006-06-26
Medium Priority
Last Modified: 2008-03-04

The company I work for started to upgrade from Exchange 5.5 to Exchange Server 2003.  I was not part of the upgrade process and the person who started the process is no longer employed here.  I'm an Exchange novice and I have been trying to address a few problems that have come up recently.  One of them is Event ID: 3018.  I'm not sure if it has something to do with open relay.  
In the Event ID 3018 message it mentions using nslookup to troubleshoot the problem.  I'm not clear on how to use nslookup to troubleshoot the problem and MS kbid 200525 on using nslookup isn't very clear to me.  Could someone shed a little light on using nslookup to troubleshoot my problem?


Question by:spectragases
LVL 35

Expert Comment

ID: 16984476
What is the problem that you are facing?
LVL 31

Expert Comment

ID: 16984624
nslookup is a command-line utility found in Win2000 and higher (I don't think it was in NT4).  You start it from a CMD prompt; so first, open a command prompt box from your start menu, and type in the word nslookup .  It has a good help system that you can access by entering a question mark ? , and you terminate by typing exit .  It is generally used to troubleshoot DNS issues, but when you are interested specifically in email delivery, you confine its display to MX records.  A typical session consists of just two lines (ignoring the nslookup and exit lines):

set type=mx

LVL 18

Expert Comment

ID: 16984885
Check this for event id 3018:

As per Microsoft: "This event is logged when a non-delivery report is generated because of a problem with DNS or an IP address. The numeric code is generally 5.4.0. This indicates that an "Authoritative Host was not found".

This usually indicates the recipient's DNS address couldn't be resolved; maybe the sender mistyped the address. Try nslookup on the domain part of “user@domain”. It's also possible a literal IP address was used, and the IP address was invalid.

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.


Expert Comment

ID: 16985269
To solve the outbound DNS issue please do the foolowing:

-Click Start->RUN->CMD
-Type nslookup
-press enter
-press enter.

check if you get the IPs of Google,

if yes

then you must check the DNSs configured in your SMTP protocol

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)

Make sure the list is EMPTY

if no

Check the DNS which ur server is using in the local area connection, it must be a vaild DNS IP address and routable.

Please note if you are using a proxy browsing the Internet doesn't meen that you have a valid DNS IP configured.

Thank you.
LVL 104

Expert Comment

ID: 16985572
Rather than trying to work around the suggested solutions, it would be better to look at the problem. We can probably tell you how to fix the issue rather than trying to work with the solution suggested elsewhere.

If you are getting error messages about non-delivery reports, then these are normal. Users will make mistakes.
If you are getting LOTS of error messages about non-delivery reports then that could indicate a problem.


Author Comment

ID: 16987783
OK, msghaleb.  You've explained it so that someone with little Exchange troubleshooting experience (like myself;) could understand quickly.  I was able to use nslookup as per your instructions.  Then I opened system manager and the field external DNS field was blank.

I left out the fact that this server is running GFI MailEssentials for Exchange/SMTP v11...not sure if that will help.

How do I check to see if a server is being used as an open relay?

I saw some messages suggesting to check my route and topology and to use WinRoute to ensure routes are properly replicated between servers and routing groups.  I ran WinRoute on the server and not sure how to interpret it...I know, I'm a mess!  Just picked up a MS Exchange Server 2003 reference over the weekend.  Can you explain WinRoute like you did nslookup?


Expert Comment

ID: 16990422
here what you want, but I would be really thankful if you can explain for me your problem in details.

1st of all how to check if your server has open relay?

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)
-Click on the Access tab
-Click Relay

make sure that "only the list below" is selected
the list is empty
"Allow all computers that succefully authinticate to relay..." is Selected.

2nd to check routing

-Click Start->Run->CMD
-Type in: tracert
-Press Enter.

You should get something like the following: (you are ok in this case)

Tracing route to []
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms
  2    <1 ms    <1 ms    <1 ms
  3    <1 ms     1 ms     1 ms
  4     8 ms     8 ms     8 ms
  5     8 ms     7 ms     7 ms

IF you didn't get similar results, and you for example get something like the following:

Unable to resolve target system name

Then you have 100% DNS problem.

Please make sure that your File System Antivirus is not securing port 25 or 110, e.g. if you have Symantec Corp. 9 or later disable the internet mail security on the Exchange server.

Thank you.

Author Comment

ID: 16996705
My original problem was that some users were complaining of NDR's.  Here is one of the users NDR that was forwarded to me.  this happened to be one of the owners of the company so I was a little pressured..sorry for the lack of a better description.

From:       System Administrator  
Sent:      Saturday, June 24, 2006 9:48 PM
To:      'Ron Rattray'
Subject:      Undeliverable: Neriki Valve Purchasing

Your message did not reach some or all of the intended recipients.

      Subject:      Neriki Valve Purchasing
      Sent:      6/22/2006 9:52 AM

The following recipient(s) could not be reached:

      'Ron Rattray' on 6/24/2006 9:48 PM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            < #4.4.7>

Anyway, I ran a virus scan of the server from a Symantec AV console yesterday and it came cack with w32.beagle@mm!zip, trojan.tooso.R, and w32.netsky.D@mm!enc.  I deleted the viruses and have not had any complaints since.
I'm not sure if that resolved the problem yet but I will keep you posted.
One more thing.  I did follow your instructions to check to see if the server was setup to relay and it was not.  Is there a site that I can check to see if I have been black listed as an open relay server?

Expert Comment

ID: 16999119
There is no a specific web site which will tells you if you are black listed or not, as it's all organizations and it depends you are black listed with which one of them.

I'm an employee at you send me e-mail, and my company is using ORDB for preventing e-mails from black listed domains (or companies), so if you are black listed at ORDB I wont see your mail, and if not I will receive it, even if you are black listed in other organizations.

The solution is, use your mail normally, and if you are black listed anywhere, you will get an NDR which states that you are black listed at Organization (e.g. ORDB), please close your relay and inform us.

What you have to do it, to take the organization name and go to there website, check ur mail server and if you find your self black listed, just send them an e-mail informing them that you closed your relay, they will check your server and then they will remove you from their list.

I highly recommend for you some things:

1 - Disable or Remove the Internet Mail option in Symantec Corp. from your Exchange server.
2 - Use Symantec Mail Security for Exchange to secure your Exchange server.
3 - Make sure that the Symantec Corp. is not scanning the Exchange folders, please follow this like:

More Information:

When you have a virus on your file system, Symantec Corp will remove it, but if you have a virus in an attachment in a mail message, Symantec Corp will delete the Exchange log file which contain the virus, and Exchange will not start because of a missing log file, that's why Symantec Corp. should not scan your Exchange files, and Symantec Mail Security should be used instead.

ORDB is one of the open relay organizations,

Accepted Solution

msghaleb earned 1000 total points
ID: 17168001
I hope that my answers was useful so far.

Thank you.

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In migration, Powershell can be a very crucial tool to achieve success and finalize projects within deadline or even fix issues. X500 or Legacy Exchange DN Attribute can cause lots of issue during the migration
Importing Outlook PST contacts to Exchange Server can become a complicated task. Situations arise where an Exchange user is not able to import contacts from PST to Exchange Mailboxes in an efficient manner. Try SysTools Exchange Import to move conta…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question