Using nslookup to troubleshoot an email problem.

Posted on 2006-06-26
Last Modified: 2008-03-04

The company I work for started to upgrade from Exchange 5.5 to Exchange Server 2003.  I was not part of the upgrade process and the person who started the process is no longer employed here.  I'm an Exchange novice and I have been trying to address a few problems that have come up recently.  One of them is Event ID: 3018.  I'm not sure if it has something to do with open relay.  
In the Event ID 3018 message it mentions using nslookup to troubleshoot the problem.  I'm not clear on how to use nslookup to troubleshoot the problem and MS kbid 200525 on using nslookup isn't very clear to me.  Could someone shed a little light on using nslookup to troubleshoot my problem?


Question by:spectragases
LVL 35

Expert Comment

Comment Utility
What is the problem that you are facing?
LVL 31

Expert Comment

Comment Utility
nslookup is a command-line utility found in Win2000 and higher (I don't think it was in NT4).  You start it from a CMD prompt; so first, open a command prompt box from your start menu, and type in the word nslookup .  It has a good help system that you can access by entering a question mark ? , and you terminate by typing exit .  It is generally used to troubleshoot DNS issues, but when you are interested specifically in email delivery, you confine its display to MX records.  A typical session consists of just two lines (ignoring the nslookup and exit lines):

set type=mx

LVL 18

Expert Comment

Comment Utility
Check this for event id 3018:

As per Microsoft: "This event is logged when a non-delivery report is generated because of a problem with DNS or an IP address. The numeric code is generally 5.4.0. This indicates that an "Authoritative Host was not found".

This usually indicates the recipient's DNS address couldn't be resolved; maybe the sender mistyped the address. Try nslookup on the domain part of “user@domain”. It's also possible a literal IP address was used, and the IP address was invalid.


Expert Comment

Comment Utility
To solve the outbound DNS issue please do the foolowing:

-Click Start->RUN->CMD
-Type nslookup
-press enter
-press enter.

check if you get the IPs of Google,

if yes

then you must check the DNSs configured in your SMTP protocol

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)

Make sure the list is EMPTY

if no

Check the DNS which ur server is using in the local area connection, it must be a vaild DNS IP address and routable.

Please note if you are using a proxy browsing the Internet doesn't meen that you have a valid DNS IP configured.

Thank you.
LVL 104

Expert Comment

Comment Utility
Rather than trying to work around the suggested solutions, it would be better to look at the problem. We can probably tell you how to fix the issue rather than trying to work with the solution suggested elsewhere.

If you are getting error messages about non-delivery reports, then these are normal. Users will make mistakes.
If you are getting LOTS of error messages about non-delivery reports then that could indicate a problem.

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!


Author Comment

Comment Utility
OK, msghaleb.  You've explained it so that someone with little Exchange troubleshooting experience (like myself;) could understand quickly.  I was able to use nslookup as per your instructions.  Then I opened system manager and the field external DNS field was blank.

I left out the fact that this server is running GFI MailEssentials for Exchange/SMTP v11...not sure if that will help.

How do I check to see if a server is being used as an open relay?

I saw some messages suggesting to check my route and topology and to use WinRoute to ensure routes are properly replicated between servers and routing groups.  I ran WinRoute on the server and not sure how to interpret it...I know, I'm a mess!  Just picked up a MS Exchange Server 2003 reference over the weekend.  Can you explain WinRoute like you did nslookup?


Expert Comment

Comment Utility
here what you want, but I would be really thankful if you can explain for me your problem in details.

1st of all how to check if your server has open relay?

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)
-Click on the Access tab
-Click Relay

make sure that "only the list below" is selected
the list is empty
"Allow all computers that succefully authinticate to relay..." is Selected.

2nd to check routing

-Click Start->Run->CMD
-Type in: tracert
-Press Enter.

You should get something like the following: (you are ok in this case)

Tracing route to []
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms
  2    <1 ms    <1 ms    <1 ms
  3    <1 ms     1 ms     1 ms
  4     8 ms     8 ms     8 ms
  5     8 ms     7 ms     7 ms

IF you didn't get similar results, and you for example get something like the following:

Unable to resolve target system name

Then you have 100% DNS problem.

Please make sure that your File System Antivirus is not securing port 25 or 110, e.g. if you have Symantec Corp. 9 or later disable the internet mail security on the Exchange server.

Thank you.

Author Comment

Comment Utility
My original problem was that some users were complaining of NDR's.  Here is one of the users NDR that was forwarded to me.  this happened to be one of the owners of the company so I was a little pressured..sorry for the lack of a better description.

From:       System Administrator  
Sent:      Saturday, June 24, 2006 9:48 PM
To:      'Ron Rattray'
Subject:      Undeliverable: Neriki Valve Purchasing

Your message did not reach some or all of the intended recipients.

      Subject:      Neriki Valve Purchasing
      Sent:      6/22/2006 9:52 AM

The following recipient(s) could not be reached:

      'Ron Rattray' on 6/24/2006 9:48 PM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            < #4.4.7>

Anyway, I ran a virus scan of the server from a Symantec AV console yesterday and it came cack with w32.beagle@mm!zip, trojan.tooso.R, and w32.netsky.D@mm!enc.  I deleted the viruses and have not had any complaints since.
I'm not sure if that resolved the problem yet but I will keep you posted.
One more thing.  I did follow your instructions to check to see if the server was setup to relay and it was not.  Is there a site that I can check to see if I have been black listed as an open relay server?

Expert Comment

Comment Utility
There is no a specific web site which will tells you if you are black listed or not, as it's all organizations and it depends you are black listed with which one of them.

I'm an employee at you send me e-mail, and my company is using ORDB for preventing e-mails from black listed domains (or companies), so if you are black listed at ORDB I wont see your mail, and if not I will receive it, even if you are black listed in other organizations.

The solution is, use your mail normally, and if you are black listed anywhere, you will get an NDR which states that you are black listed at Organization (e.g. ORDB), please close your relay and inform us.

What you have to do it, to take the organization name and go to there website, check ur mail server and if you find your self black listed, just send them an e-mail informing them that you closed your relay, they will check your server and then they will remove you from their list.

I highly recommend for you some things:

1 - Disable or Remove the Internet Mail option in Symantec Corp. from your Exchange server.
2 - Use Symantec Mail Security for Exchange to secure your Exchange server.
3 - Make sure that the Symantec Corp. is not scanning the Exchange folders, please follow this like:

More Information:

When you have a virus on your file system, Symantec Corp will remove it, but if you have a virus in an attachment in a mail message, Symantec Corp will delete the Exchange log file which contain the virus, and Exchange will not start because of a missing log file, that's why Symantec Corp. should not scan your Exchange files, and Symantec Mail Security should be used instead.

ORDB is one of the open relay organizations,

Accepted Solution

msghaleb earned 250 total points
Comment Utility
I hope that my answers was useful so far.

Thank you.

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Add a SafeSender to Exchange 6 22
microsoft exchange 2010 3 33
Exchange 2010 Mailbox Database offline 2 51
exchange, mailbox 4 18
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now