Exchange Server says user doesn't exist - But it does!

Hi,
We have an Exchange Server that on occassions (and what appears to be completly random) rejects messages with the following:

did not reach the following recipient(s):USER@DOMAIN,co.uk on Fri Mar 27 05:13:25 2009 The e-mail account does not exist at the organization this messagewas sent to. Check the e-mail address, or contact the recipientdirectly to find out the correct address.<SERVER.DOMAIN.LOCAL #5.1.1>

However, the address does exist!!!
If I use tracking, it says the message has left the organisation.
It is a Windows Server 2003 Std, and Exchange 2003.  Both are fully updated.

The same user can try again in half and hour and all is OK.

Many Thanks
LVL 1
Samantha SmithAsked:
Who is Participating?
 
MesthaConnect With a Mentor Commented:
Considering it is getting in, means the message is being blocked internally. GFI is still the place I would be looking to begin with. Some tools have a copy of the AD users internally and it may not be updating correctly.

Simon.
0
 
daraghmccormackCommented:
Are you sending out of your organisation or sending internally?
0
 
Samantha SmithAuthor Commented:
We can send out emails without problem, and all internal email is fine.  It is just some inbound emails.  The above NDR was sent to me from someone who had tried emailing us unsuccessfully.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
daraghmccormackCommented:
its definately not a mis spelling in the address? or a , instead of a . ?
0
 
Samantha SmithAuthor Commented:
No, it's happend several times from several locations. I have also tested it from Hotmail and received the same once or twice.

Something to add....  The mail server also has GFI Mail Essentials for Anti-Spam running.
0
 
daraghmccormackCommented:
Is the server that is mentioned in the NDR your Exchange server?  
0
 
Samantha SmithAuthor Commented:
Yes.
0
 
daraghmccormackCommented:
Have the users in question recently been moved between Admin groups/ Servers? When the mail fails is the sender typing in the SMTP address or replying to a previously sent email?
0
 
Samantha SmithAuthor Commented:
The users have been the same for 2 years.  Although the problem is quite new (that we know of).  No changes/moves have taken place.  The error so far has only happened when someone types the smtp address.  We have checked the spelling with them and this is OK.
0
 
MesthaCommented:
Are you using recipient filtering on your server? If not, then you should be.
The fact the message was bounced by your server means you could be causing back scatter and also puts your server at risk of an NDR attack.

Furthermore, with recipient filtering enabled that will give you a clear idea where the problem is. For example, a similar error can be generated by an invalid delegate on the user account.

Simon.
0
 
daraghmccormackCommented:
Have you checked your eventlogs to see if there is any additional data.  It may also be an idea to increase logging.
0
 
Samantha SmithAuthor Commented:
Recipient filtering was not enabled.  It is now.  Nothing appears in the event logs, but I will also increase logging.
0
 
MesthaCommented:
Did you also enable the tar pit? If not then you need to do that as well, otherwise your server is at risk of directory harvest attack.

http://www.amset.info/exchange/filter-unknown.asp

Simon.
0
 
Samantha SmithAuthor Commented:
I have added to the registry as per your link.  This clearly gives me a better configuration.
Do you beleive this will also solve my initial problem?
0
 
MesthaCommented:
All it will do is verify whether your server is rejecting the message or something else. It provides you with a known response from the server.

If the error continues identically to the one that has been posted in the original question, then the email is being rejected after delivery.
If it bounces back with a different error then it is something else.

Simon.
0
 
Samantha SmithAuthor Commented:
I had another complaint of the same problem today.  I have used message tracking and the attahed was displayed.
The sender got an NDR from our server that says the User does not exist.

error.JPG
0
 
MesthaCommented:
So the message came in, but was rejected. If you have recipient filtering enabled then it got past that, so the domain recognises the user is valid and allows the message to be delivered.

What else is on the server? Antispam? Does that have any recipient validation functionality?

Simon.
0
 
Samantha SmithAuthor Commented:
Yes recipiant filtering is enabled and working well.  Also installed is GFI Mail Essentials, which we use for Anti-Spam.  It has several checks but no recipient validation.  In fact, any messages that it rejects are delivered to the Administrator mail box.  It may be worth mentioning, I have journaling on.  The message is not in the journal, but the NDR that we sent back is.
0
 
Samantha SmithAuthor Commented:
GFI is now disabled.  We have very little spam, so a few days testing is no major problem.
0
 
Samantha SmithAuthor Commented:
No issues since last comment.  I will continue to monitor for a further week.
0
 
Samantha SmithAuthor Commented:
Thanks.  Since removing the Anti-Spam product, all seems to have been fine.  I can confirm this as the Journal mailbox is recording all outgoing mail, including the NDR's, and no NDR's are appearing.  I will re-address the Spam issue in due course.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.