Solved

Exchange Server says user doesn't exist - But it does!

Posted on 2009-03-31
21
295 Views
Last Modified: 2012-05-06
Hi,
We have an Exchange Server that on occassions (and what appears to be completly random) rejects messages with the following:

did not reach the following recipient(s):USER@DOMAIN,co.uk on Fri Mar 27 05:13:25 2009 The e-mail account does not exist at the organization this messagewas sent to. Check the e-mail address, or contact the recipientdirectly to find out the correct address.<SERVER.DOMAIN.LOCAL #5.1.1>

However, the address does exist!!!
If I use tracking, it says the message has left the organisation.
It is a Windows Server 2003 Std, and Exchange 2003.  Both are fully updated.

The same user can try again in half and hour and all is OK.

Many Thanks
0
Comment
Question by:Samantha Smith
  • 11
  • 5
  • 5
21 Comments
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24028616
Are you sending out of your organisation or sending internally?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24028767
We can send out emails without problem, and all internal email is fine.  It is just some inbound emails.  The above NDR was sent to me from someone who had tried emailing us unsuccessfully.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24033587
its definately not a mis spelling in the address? or a , instead of a . ?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24036677
No, it's happend several times from several locations. I have also tested it from Hotmail and received the same once or twice.

Something to add....  The mail server also has GFI Mail Essentials for Anti-Spam running.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24036944
Is the server that is mentioned in the NDR your Exchange server?  
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24036993
Yes.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24037004
Have the users in question recently been moved between Admin groups/ Servers? When the mail fails is the sender typing in the SMTP address or replying to a previously sent email?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24037070
The users have been the same for 2 years.  Although the problem is quite new (that we know of).  No changes/moves have taken place.  The error so far has only happened when someone types the smtp address.  We have checked the spelling with them and this is OK.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24038673
Are you using recipient filtering on your server? If not, then you should be.
The fact the message was bounced by your server means you could be causing back scatter and also puts your server at risk of an NDR attack.

Furthermore, with recipient filtering enabled that will give you a clear idea where the problem is. For example, a similar error can be generated by an invalid delegate on the user account.

Simon.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24038837
Have you checked your eventlogs to see if there is any additional data.  It may also be an idea to increase logging.
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 1

Author Comment

by:Samantha Smith
ID: 24043769
Recipient filtering was not enabled.  It is now.  Nothing appears in the event logs, but I will also increase logging.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24045362
Did you also enable the tar pit? If not then you need to do that as well, otherwise your server is at risk of directory harvest attack.

http://www.amset.info/exchange/filter-unknown.asp

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24047139
I have added to the registry as per your link.  This clearly gives me a better configuration.
Do you beleive this will also solve my initial problem?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24052136
All it will do is verify whether your server is rejecting the message or something else. It provides you with a known response from the server.

If the error continues identically to the one that has been posted in the original question, then the email is being rejected after delivery.
If it bounces back with a different error then it is something else.

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24087608
I had another complaint of the same problem today.  I have used message tracking and the attahed was displayed.
The sender got an NDR from our server that says the User does not exist.

error.JPG
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24087751
So the message came in, but was rejected. If you have recipient filtering enabled then it got past that, so the domain recognises the user is valid and allows the message to be delivered.

What else is on the server? Antispam? Does that have any recipient validation functionality?

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24087972
Yes recipiant filtering is enabled and working well.  Also installed is GFI Mail Essentials, which we use for Anti-Spam.  It has several checks but no recipient validation.  In fact, any messages that it rejects are delivered to the Administrator mail box.  It may be worth mentioning, I have journaling on.  The message is not in the journal, but the NDR that we sent back is.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24088168
Considering it is getting in, means the message is being blocked internally. GFI is still the place I would be looking to begin with. Some tools have a copy of the AD users internally and it may not be updating correctly.

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24101175
GFI is now disabled.  We have very little spam, so a few days testing is no major problem.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24136296
No issues since last comment.  I will continue to monitor for a further week.
0
 
LVL 1

Author Closing Comment

by:Samantha Smith
ID: 31564738
Thanks.  Since removing the Anti-Spam product, all seems to have been fine.  I can confirm this as the Journal mailbox is recording all outgoing mail, including the NDR's, and no NDR's are appearing.  I will re-address the Spam issue in due course.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now