asked on

Intermittent NDRs

I have been round and round with ATT about this.. I thought it was a routing issue out because I see the email in the queue and it leave the server, but then we get an NDR (examples below). If we do the send again/send from the NDR the email then gets to the recipient. NDR is different most times.. 99% of emails go out fine. Happens to different users on our network, not just one. Below is a summary of NDRs and what I sent to ATT.. they came back saying it was a problem with the server configuration but I didn't change anything, all that changed was our T1.

Thanks for looking into this.. here is another one that we got yesterday.. only the two yesterday. It took 3 times doing the send again/send to get this one to go out, but it finally went on the third try.

Your message did not reach some or all of the intended recipients.

Subject: RE: SCWD Conservation Ordinance/request for your customer allocation plan
Sent: 4/30/2009 2:34 PM

The following recipient(s) cannot be reached:

validemail@domain.com on 4/30/2009 2:34 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server.>

validemail2@domain.comon 4/30/2009 2:34 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server.>

One from yesterday morning- send again/send got it to fly:

Your message did not reach some or all of the intended recipients.

Subject: RE: Total woman Laguna Hills - Water Meter
Sent: 4/30/2009 8:24 AM

The following recipient(s) cannot be reached:

Joan Doe on 4/30/2009 8:24 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;550-mail.etwd.com [12.232.112.30] is currently not permitted to relay through>

Here is a pretty good sample of NDRs.. every one of them went through after doing a send again/send from the NDR itself. It would fail 100/100 if we did another new email to the recipient UNTIL we do a send again/send from the NDR.. after that the email goes through if its a new email or reply or whatever. These came from all different users here on the network, not just one certain person. The machines are members of the domain and are authenticated with AD at login.

Your message did not reach some or all of the intended recipients.

Subject: RE: Water Usage
Sent: 4/27/2009 11:11 AM

The following recipient(s) cannot be reached:

Kevin Doe on 4/27/2009 11:11 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;550 Requested action not taken: mailbox unavailable or not local>

Your message did not reach some or all of the intended recipients.

Subject: May 6th Aliso Viejo City Council Mtg
Sent: 4/27/2009 10:11 AM

The following recipient(s) cannot be reached:

Martin@differentvaliddomain.com on 4/27/2009 10:11 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;550 <martin@differentvaliddomain.com> No such user here>

Your message did not reach some or all of the intended recipients.

Subject: RE: Safety Resources
Sent: 4/27/2009 4:17 PM

The following recipient(s) cannot be reached:

Eric Doe on 4/27/2009 4:18 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;553 sorry, relaying denied from your location [12.232.112.30] (#5.7.1)>

Your message did not reach some or all of the intended recipients.

Subject: RE: FW: Thomas Bros Revised Quote
Sent: 4/23/2009 8:54 AM

The following recipient(s) cannot be reached:

Jim Doe on 4/23/2009 8:54 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.etwd.com #5.5.0 smtp;550 Requested action not taken: mailbox unavailable or not local>

ATT RESPONSE:
I summarized all the NDR errors you are currently receiving but it all points out this problem is an application issue, not of a managed router, T1, or even routing issue. Based from the link below, the Exchange NDR problem or fault lies within the sender, the recipient or the Exchange 2003 server, including the link Tips for troubleshooting Exchange NDR. Also it shows #5.5.0 is a NDR code that means the server tried ehlo or hello but the recipient did not understand and returned a 550 or 500 error so it recommend to set up the SMTP logging this shows we have two-way communication between end to end from layer 1 to 3, but the applications protocol or code being used did not understand by recipient. Investigating further, the errors shows up are: mail server requires authentication, relaying denied, mailbox unavailable or not local or no such user here. First, we do NOT provide authentication between you and your recipients, Secondly, we do NOT deny any traffic from your end going to the internet since all TCP/UDP ports are open for your use. Lastly, if you have your AD configured properly you should have these users, or senders are available in your GAL.

Below are the checking made for us to verify we are good at our end, since you have successfully resolve your MX record and has a successful connection to it. (Click to enlarge or use right-click to view) Furthermore, we are seeing no issue at all on our end. Please advise we are only working with issues from layer 1 to 3 issues, not of layer 7 or application issues.

zelron22

You say your T1 changed. Did anything change with DNS? It seems to me it may be a DNS resolution issue.

Mike Miazga

ASKER

That's what I thought at first too.. spoke with the DNS team they checked everything and all is well. T1 changed so the external dns servers changed, which I made the changes in exchange and DNS forwarding internally. Like I said 99% of email works fine. This issue happens only a couple times a day I have to do a send again/send for someone.

zelron22

Which version of Exchange?
Is your PTR / reverse lookup record for your mailserver correct?

Have you seen this thread and the possible solutions listed about halfway down?

http://forums.techarena.in/small-business-server/866333.htm

Mike Miazga

ASKER

Exchange 2003 Standard.

all DNS records resolve ok.. PTRs/Reverse lookup included.. I had the ATT DNS guys look at it.

The smarthost solution? I asked ATT for a smarthost server to try, we'll see. however in that thread, the email was failing period. Our problem is it fails at first, but ultimately goes through when we do a send again/send.

zelron22

It could also be intermitted problems at the receiving end.

Mike Miazga

ASKER

They don't have a smarthost available.. we'd have to pay for a service so that isn't an option.

Could it be that these certain servers are Exchange 5.5 and don't understand EHLO? If I check the 'use HELO instead of EHLO checkbox is that going to cause other problems?

In the Advanced Tab you can configure the SMTP Connector for the extended SMTP commands (HELO/EHLO). The Default is EHLO. Older e-mail Systems dont understand the EHLO syntax and use HELO instead of EHLO.

zelron22

Here's a thread with info on that. In short, you won't have access to ESMTP commands. You could set up another connector for that domain (or domains) and have that use HELO while your default connector uses EHLO.

https://www.experts-exchange.com/questions/23558322/EHLO-vs-HELO-Is-there-any-reason-NOT-to-default-outbound-mail-to-use-HELO.html

Mike Miazga

ASKER

hm.. I'd rather just use one smtp connector.. I don't know which external domains use old mail servers and which don't. So smarthost is out.. any other ideas why this is happening? I've turned on NDR and SMTP reporting and these events are being logged in the event log:

Event ID: 3022:A non-delivery report with a status code of 5.5.0 was generated for recipient rfc822;recipient@validdomain.com(Message-ID <D36CF97016EEC747810A0D912D914F1B77F54A@mx.etwd.int>).
Cause: This message indicates a generic protocol error (SMTP error). For example, the remote SMTP responds to an issued EHLO with a 500 level error and the sending system will QUIT the connection and report this with NDR indicating the remote SMTP server canÆt handle the protocol.
Solution: View the SMTP log or run a netmon trace to see why the remote SMTP server rejects the protocol request.

Event ID: 7004:This is an SMTP protocol error log for virtual server ID 1, connection #70. The remote host "66.96.130.116", responded to the SMTP command "mail" with "550 bosauthsmtp10: Host 12.232.112.30: No unauthenticated relaying permitted ". The full command sent was "MAIL FROM:<sender@validdomain.com> SIZE=139928 ". This will probably cause the connection to fail.

Event ID: 7002:This is an SMTP protocol warning log for virtual server ID 1, connection #67. The remote host "216.115.236.97", responded to the SMTP command "rcpt" with "451 Greylisted, please try again in 59 seconds ". The full command sent was "RCPT TO:<recipient@validdomain.com> ". This may cause the connection to fail.

Event ID: 3027:A non-delivery report with a status code of 5.7.1 was generated for recipient rfc822;recipient@validdomain.com (Message-ID <D36CF97016EEC747810A0D912D914F1B77F4F8@mx.etwd.int>).
Causes: This message indicates that the sender was denied access or general access was denied.
Solution: Check system privileges and attributes for the contact and retry sending the message.

zelron22

Sounds like you have to use HELO to send mail to that server. Change it to HELO, test it and see if it works. Then it's up to you whether or not you can live with EHLO, live without sending mail to that site, or two SMTP connectors.

Mike Miazga

ASKER

I didn't have to use HELO.. it failed twice, then it went through on the third time with no configuration change.

zelron22

But if you use HELO, it may work every time.

Mike Miazga

ASKER

Reading that thread you sent, it says it should be able to tell whether it requires HELO instead of EHLO and switch to that automatically, so it doesn't seem necessary to force it to always use HELO. But I'll make the change for a day and see if we still have problems.. at least I can then rule this out.

Mike Miazga

ASKER

That didn't fix it.. got another couple NDRs this morning. These events again in the event log.

Event ID: 3022:A non-delivery report with a status code of 5.5.0 was generated for recipient rfc822;recipient@validdomain.com (Message-ID <D36CF97016EEC747810A0D912D914F1B77F5E3@mx.etwd.int>).
Cause: This message indicates a generic protocol error (SMTP error). For example, the remote SMTP responds to an issued EHLO with a 500 level error and the sending system will QUIT the connection and report this with NDR indicating the remote SMTP server canÆt handle the protocol.
Solution: View the SMTP log or run a netmon trace to see why the remote SMTP server rejects the protocol request.

Event ID: 7004:This is an SMTP protocol error log for virtual server ID 1, connection #77. The remote host "65.254.250.101", responded to the SMTP command "mail" with "550 authsmtp10: Host 12.232.112.30: No unauthenticated relaying permitted ". The full command sent was "MAIL FROM:<sender@validdomain.com> ". This will probably cause the connection to fail.

Event ID: 7002: This is an SMTP protocol warning log for virtual server ID 1, connection #78. The remote host "65.254.254.52", responded to the SMTP command "rcpt" with "452 4.1.1 <recipient@validdomain.com> requested action aborted: try again later - GL/GL ". The full command sent was "RCPT TO:<recipient@validdomain.com> ". This may cause the connection to fail.

zelron22

Have you seen this thread?

https://www.experts-exchange.com/questions/22851301/Need-Resolution-for-SMTP-Error-452-4-1-1.html

Mike Miazga

ASKER

Differences in that situation-

1- it's one specific domain, this happens to multiple miscellaneous domains.
2- The email fails forever.. we can get it to go if we do the send again, send utility in the NDR. It fails once or maybe twice, but ultimately it goes through ok.

They can point at the other mail server because it's the one specific domain that fails.. I don't know.... I'm pulling my hair out with this one! It's about time to call Microsoft I guess.. when I can find the time for a long support call.

SOLUTION

zelron22

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER CERTIFIED SOLUTION

Mike Miazga

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mike Miazga

ASKER

The problem was that the barracuda was between the exchange server and the cloud. I configured the barracuda to relay for my exchange server and configured the exchange server to relay through the barracuda and the problem is fixed. No (invalid) NDRs since. Thanks for helping me troubleshoot.