No NDR's when sending to non-existent external address

Hi all,

For some unknown reason our exchange 2003 server has stopped sending NDR's when an email is sent externally to an address which does not exist, but does if an email is sent internally to an address which does not exist, i.e.

Send an email to xxx@mydomain.com (an address which does not exist internally) and exchange reports a NDR

Send an email to xxx@notmydomain.com (an address which does not exist externally) and exchange does not report a NDR.

I have checked that no filters are applied in Global Settings > Message Delivery.  I have also set it to send a copy of any NDR's to my account and nothing comes through when sending an email to an invalid external address.  Allow non-delivery reports is also ticked in Global Settings > Internet message format

The server is up to date with all updates, etc.

Hoping you can help
LVL 5
adolphus850Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
flyguybobConnect With a Mentor Commented:
Do this...
Go to your Exchange server, or Exchange front-end.
Open a command prompt
type nslookup
type set type=mx
type gmail.com
The lowest preference should be
gmail.com       MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
type set type=a
gmail-smtp-in.l.google.com
You should get - 72.14.205.27


type Telnet gmail-smtp-in.l.google.com 25
See if this comes up:
220 mx.google.com ESMTP somethinghere

If so, you are not being proxied.
Send an e-mail to an external account (you can do something similar to the above) and look at the headers.  Look to see if there is something between your server and the first hop of the remote system (in this case the gmail-smtp-in.l.google.com 72.14.205.27 address).
Do the same on a message from the outside in.  See if there is something between their system and your system.

If you are using a firewall with mail control software, see if it has a protection provision to suppress NDRs.  Check the same for your anti-virus and anti-spam software, if you are (hopefully) running some.

0
 
flyguybobCommented:
Adolphus -
Have you tried this with an external account, such as a Hotmail account?  It could be that some locations have turned off their NDRs.
The setting that you set, allow non-delivery reports, is for senders external to your organization attempting to send inside your org.
If you try bob@notadomainwhichreallyreallyexistsbutactuallydoesnot.com, you should get an NDR.
...and if your Exchange server is front-ended by another SMTP server(s), say that of your ISP, they may block the NDRs to prevent NDR attacks, such as those related where they spoof an address, such as CEO@Mycompany.com and the reply-to is CEO@mycompany.com.  That address does not exist, so it floods the postmaster mailbox.

Bob
0
 
adolphus850Author Commented:
Hi Bob,

That's my understanding of it too.  If i send an email to bob@notadomainwhichreallyreallyexistsbutactuallydoesnot.com, i should get a NDR but i'm not.

I've turned on the following diagnostics logging but nothing is showing up in the event log either:

Routing Engine\Service - Maximum
Categorizer - Maximum
SMTP Protocol - Maximum
NDR - Maximum

I can see the categorizer realise that its for another domain and firing the message off, but i would assume that at this point a NDR event should be generated indicating that exchange could not find the address.

Adol
0
 
adolphus850Author Commented:
Hi bob,

I'll accept your answer there.  We relay our mail before it leaves our organisation to another machine which adds on the disclaimer.  The antivirus on the 'disclaimer' machine appears to be blocking the response to exchange which would normally trigger a NDR.  I assume this traffic must be slightly different to a read or delivery receipt, etc. as we have been getting those fine.

Many thanks for your help and pointing in the right direction,

Adol
0
 
flyguybobCommented:
Thanks.  That relay will be what is blocking the NDR.  The key is to find, from the vendor, if it is an anti-spam setting, a message defense setting, or if it is not a setting at all.  If you want to post the vendor information, I would be more than happy to dig through their website and/or documentation to find the reference as to why it is doing this.  If not, thanks a bunch for the A grade and the response!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.