Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

Exchange Server says user doesn't exist - But it does!

Hi,
We have an Exchange Server that on occassions (and what appears to be completly random) rejects messages with the following:

did not reach the following recipient(s):USER@DOMAIN,co.uk on Fri Mar 27 05:13:25 2009 The e-mail account does not exist at the organization this messagewas sent to. Check the e-mail address, or contact the recipientdirectly to find out the correct address.<SERVER.DOMAIN.LOCAL #5.1.1>

However, the address does exist!!!
If I use tracking, it says the message has left the organisation.
It is a Windows Server 2003 Std, and Exchange 2003.  Both are fully updated.

The same user can try again in half and hour and all is OK.

Many Thanks
0
Samantha Smith
Asked:
Samantha Smith
  • 11
  • 5
  • 5
1 Solution
 
daraghmccormackCommented:
Are you sending out of your organisation or sending internally?
0
 
Samantha SmithAuthor Commented:
We can send out emails without problem, and all internal email is fine.  It is just some inbound emails.  The above NDR was sent to me from someone who had tried emailing us unsuccessfully.
0
 
daraghmccormackCommented:
its definately not a mis spelling in the address? or a , instead of a . ?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Samantha SmithAuthor Commented:
No, it's happend several times from several locations. I have also tested it from Hotmail and received the same once or twice.

Something to add....  The mail server also has GFI Mail Essentials for Anti-Spam running.
0
 
daraghmccormackCommented:
Is the server that is mentioned in the NDR your Exchange server?  
0
 
Samantha SmithAuthor Commented:
Yes.
0
 
daraghmccormackCommented:
Have the users in question recently been moved between Admin groups/ Servers? When the mail fails is the sender typing in the SMTP address or replying to a previously sent email?
0
 
Samantha SmithAuthor Commented:
The users have been the same for 2 years.  Although the problem is quite new (that we know of).  No changes/moves have taken place.  The error so far has only happened when someone types the smtp address.  We have checked the spelling with them and this is OK.
0
 
MesthaCommented:
Are you using recipient filtering on your server? If not, then you should be.
The fact the message was bounced by your server means you could be causing back scatter and also puts your server at risk of an NDR attack.

Furthermore, with recipient filtering enabled that will give you a clear idea where the problem is. For example, a similar error can be generated by an invalid delegate on the user account.

Simon.
0
 
daraghmccormackCommented:
Have you checked your eventlogs to see if there is any additional data.  It may also be an idea to increase logging.
0
 
Samantha SmithAuthor Commented:
Recipient filtering was not enabled.  It is now.  Nothing appears in the event logs, but I will also increase logging.
0
 
MesthaCommented:
Did you also enable the tar pit? If not then you need to do that as well, otherwise your server is at risk of directory harvest attack.

http://www.amset.info/exchange/filter-unknown.asp

Simon.
0
 
Samantha SmithAuthor Commented:
I have added to the registry as per your link.  This clearly gives me a better configuration.
Do you beleive this will also solve my initial problem?
0
 
MesthaCommented:
All it will do is verify whether your server is rejecting the message or something else. It provides you with a known response from the server.

If the error continues identically to the one that has been posted in the original question, then the email is being rejected after delivery.
If it bounces back with a different error then it is something else.

Simon.
0
 
Samantha SmithAuthor Commented:
I had another complaint of the same problem today.  I have used message tracking and the attahed was displayed.
The sender got an NDR from our server that says the User does not exist.

error.JPG
0
 
MesthaCommented:
So the message came in, but was rejected. If you have recipient filtering enabled then it got past that, so the domain recognises the user is valid and allows the message to be delivered.

What else is on the server? Antispam? Does that have any recipient validation functionality?

Simon.
0
 
Samantha SmithAuthor Commented:
Yes recipiant filtering is enabled and working well.  Also installed is GFI Mail Essentials, which we use for Anti-Spam.  It has several checks but no recipient validation.  In fact, any messages that it rejects are delivered to the Administrator mail box.  It may be worth mentioning, I have journaling on.  The message is not in the journal, but the NDR that we sent back is.
0
 
MesthaCommented:
Considering it is getting in, means the message is being blocked internally. GFI is still the place I would be looking to begin with. Some tools have a copy of the AD users internally and it may not be updating correctly.

Simon.
0
 
Samantha SmithAuthor Commented:
GFI is now disabled.  We have very little spam, so a few days testing is no major problem.
0
 
Samantha SmithAuthor Commented:
No issues since last comment.  I will continue to monitor for a further week.
0
 
Samantha SmithAuthor Commented:
Thanks.  Since removing the Anti-Spam product, all seems to have been fine.  I can confirm this as the Journal mailbox is recording all outgoing mail, including the NDR's, and no NDR's are appearing.  I will re-address the Spam issue in due course.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 11
  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now