Solved

Exchange Server says user doesn't exist - But it does!

Posted on 2009-03-31
21
300 Views
Last Modified: 2012-05-06
Hi,
We have an Exchange Server that on occassions (and what appears to be completly random) rejects messages with the following:

did not reach the following recipient(s):USER@DOMAIN,co.uk on Fri Mar 27 05:13:25 2009 The e-mail account does not exist at the organization this messagewas sent to. Check the e-mail address, or contact the recipientdirectly to find out the correct address.<SERVER.DOMAIN.LOCAL #5.1.1>

However, the address does exist!!!
If I use tracking, it says the message has left the organisation.
It is a Windows Server 2003 Std, and Exchange 2003.  Both are fully updated.

The same user can try again in half and hour and all is OK.

Many Thanks
0
Comment
Question by:Samantha Smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 5
  • 5
21 Comments
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24028616
Are you sending out of your organisation or sending internally?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24028767
We can send out emails without problem, and all internal email is fine.  It is just some inbound emails.  The above NDR was sent to me from someone who had tried emailing us unsuccessfully.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24033587
its definately not a mis spelling in the address? or a , instead of a . ?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:Samantha Smith
ID: 24036677
No, it's happend several times from several locations. I have also tested it from Hotmail and received the same once or twice.

Something to add....  The mail server also has GFI Mail Essentials for Anti-Spam running.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24036944
Is the server that is mentioned in the NDR your Exchange server?  
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24036993
Yes.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24037004
Have the users in question recently been moved between Admin groups/ Servers? When the mail fails is the sender typing in the SMTP address or replying to a previously sent email?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24037070
The users have been the same for 2 years.  Although the problem is quite new (that we know of).  No changes/moves have taken place.  The error so far has only happened when someone types the smtp address.  We have checked the spelling with them and this is OK.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24038673
Are you using recipient filtering on your server? If not, then you should be.
The fact the message was bounced by your server means you could be causing back scatter and also puts your server at risk of an NDR attack.

Furthermore, with recipient filtering enabled that will give you a clear idea where the problem is. For example, a similar error can be generated by an invalid delegate on the user account.

Simon.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24038837
Have you checked your eventlogs to see if there is any additional data.  It may also be an idea to increase logging.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24043769
Recipient filtering was not enabled.  It is now.  Nothing appears in the event logs, but I will also increase logging.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24045362
Did you also enable the tar pit? If not then you need to do that as well, otherwise your server is at risk of directory harvest attack.

http://www.amset.info/exchange/filter-unknown.asp

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24047139
I have added to the registry as per your link.  This clearly gives me a better configuration.
Do you beleive this will also solve my initial problem?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24052136
All it will do is verify whether your server is rejecting the message or something else. It provides you with a known response from the server.

If the error continues identically to the one that has been posted in the original question, then the email is being rejected after delivery.
If it bounces back with a different error then it is something else.

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24087608
I had another complaint of the same problem today.  I have used message tracking and the attahed was displayed.
The sender got an NDR from our server that says the User does not exist.

error.JPG
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24087751
So the message came in, but was rejected. If you have recipient filtering enabled then it got past that, so the domain recognises the user is valid and allows the message to be delivered.

What else is on the server? Antispam? Does that have any recipient validation functionality?

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24087972
Yes recipiant filtering is enabled and working well.  Also installed is GFI Mail Essentials, which we use for Anti-Spam.  It has several checks but no recipient validation.  In fact, any messages that it rejects are delivered to the Administrator mail box.  It may be worth mentioning, I have journaling on.  The message is not in the journal, but the NDR that we sent back is.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24088168
Considering it is getting in, means the message is being blocked internally. GFI is still the place I would be looking to begin with. Some tools have a copy of the AD users internally and it may not be updating correctly.

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24101175
GFI is now disabled.  We have very little spam, so a few days testing is no major problem.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24136296
No issues since last comment.  I will continue to monitor for a further week.
0
 
LVL 1

Author Closing Comment

by:Samantha Smith
ID: 31564738
Thanks.  Since removing the Anti-Spam product, all seems to have been fine.  I can confirm this as the Journal mailbox is recording all outgoing mail, including the NDR's, and no NDR's are appearing.  I will re-address the Spam issue in due course.
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question