Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange Server says user doesn't exist - But it does!

Posted on 2009-03-31
21
Medium Priority
?
308 Views
Last Modified: 2012-05-06
Hi,
We have an Exchange Server that on occassions (and what appears to be completly random) rejects messages with the following:

did not reach the following recipient(s):USER@DOMAIN,co.uk on Fri Mar 27 05:13:25 2009 The e-mail account does not exist at the organization this messagewas sent to. Check the e-mail address, or contact the recipientdirectly to find out the correct address.<SERVER.DOMAIN.LOCAL #5.1.1>

However, the address does exist!!!
If I use tracking, it says the message has left the organisation.
It is a Windows Server 2003 Std, and Exchange 2003.  Both are fully updated.

The same user can try again in half and hour and all is OK.

Many Thanks
0
Comment
Question by:Samantha Smith
  • 11
  • 5
  • 5
21 Comments
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24028616
Are you sending out of your organisation or sending internally?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24028767
We can send out emails without problem, and all internal email is fine.  It is just some inbound emails.  The above NDR was sent to me from someone who had tried emailing us unsuccessfully.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24033587
its definately not a mis spelling in the address? or a , instead of a . ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Comment

by:Samantha Smith
ID: 24036677
No, it's happend several times from several locations. I have also tested it from Hotmail and received the same once or twice.

Something to add....  The mail server also has GFI Mail Essentials for Anti-Spam running.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24036944
Is the server that is mentioned in the NDR your Exchange server?  
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24036993
Yes.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24037004
Have the users in question recently been moved between Admin groups/ Servers? When the mail fails is the sender typing in the SMTP address or replying to a previously sent email?
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24037070
The users have been the same for 2 years.  Although the problem is quite new (that we know of).  No changes/moves have taken place.  The error so far has only happened when someone types the smtp address.  We have checked the spelling with them and this is OK.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24038673
Are you using recipient filtering on your server? If not, then you should be.
The fact the message was bounced by your server means you could be causing back scatter and also puts your server at risk of an NDR attack.

Furthermore, with recipient filtering enabled that will give you a clear idea where the problem is. For example, a similar error can be generated by an invalid delegate on the user account.

Simon.
0
 
LVL 1

Expert Comment

by:daraghmccormack
ID: 24038837
Have you checked your eventlogs to see if there is any additional data.  It may also be an idea to increase logging.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24043769
Recipient filtering was not enabled.  It is now.  Nothing appears in the event logs, but I will also increase logging.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24045362
Did you also enable the tar pit? If not then you need to do that as well, otherwise your server is at risk of directory harvest attack.

http://www.amset.info/exchange/filter-unknown.asp

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24047139
I have added to the registry as per your link.  This clearly gives me a better configuration.
Do you beleive this will also solve my initial problem?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24052136
All it will do is verify whether your server is rejecting the message or something else. It provides you with a known response from the server.

If the error continues identically to the one that has been posted in the original question, then the email is being rejected after delivery.
If it bounces back with a different error then it is something else.

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24087608
I had another complaint of the same problem today.  I have used message tracking and the attahed was displayed.
The sender got an NDR from our server that says the User does not exist.

error.JPG
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24087751
So the message came in, but was rejected. If you have recipient filtering enabled then it got past that, so the domain recognises the user is valid and allows the message to be delivered.

What else is on the server? Antispam? Does that have any recipient validation functionality?

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24087972
Yes recipiant filtering is enabled and working well.  Also installed is GFI Mail Essentials, which we use for Anti-Spam.  It has several checks but no recipient validation.  In fact, any messages that it rejects are delivered to the Administrator mail box.  It may be worth mentioning, I have journaling on.  The message is not in the journal, but the NDR that we sent back is.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24088168
Considering it is getting in, means the message is being blocked internally. GFI is still the place I would be looking to begin with. Some tools have a copy of the AD users internally and it may not be updating correctly.

Simon.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24101175
GFI is now disabled.  We have very little spam, so a few days testing is no major problem.
0
 
LVL 1

Author Comment

by:Samantha Smith
ID: 24136296
No issues since last comment.  I will continue to monitor for a further week.
0
 
LVL 1

Author Closing Comment

by:Samantha Smith
ID: 31564738
Thanks.  Since removing the Anti-Spam product, all seems to have been fine.  I can confirm this as the Journal mailbox is recording all outgoing mail, including the NDR's, and no NDR's are appearing.  I will re-address the Spam issue in due course.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question