NDR in the queue with 451 4.4.0

Posted on 2012-08-16
Last Modified: 2012-08-17
I have Exchange 2010 with lots of messages stuck in the queue with the message:

451 4.4.0 Primary target IP address responded with: “421 4.2.1 Unable to connect.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

all of those messages look to me like NDR for spam emails - here is and example:

Identity: OURMAIL\188851\640670
Subject: Undeliverable: Your Whos Who Entry
Internet Message ID: <>
From Address: <>
Status: Ready
Size (KB): 7
Message Source Name: DSN
Source IP:
SCL: -1
Date Received: 8/16/2012 12:01:58 PM
Expiration Time: 8/18/2012 12:01:58 PM
Last Error:
Queue ID: OURMAIL\188851

Should I be concerned about those? or just ignore them. Other email seems to be delivered fine.
Is there a way to disable NDR on the Exchange 2010 and is it a problem if I disable it?
Question by:pyotrek
    LVL 52

    Expert Comment

    by:Manpreet SIngh Khatra
    I guess they can be ignored .... but why are they on your server is something that should surely be checked.

    - Rancy
    LVL 7

    Expert Comment

    by:Jarred Power
    Looks like spam bots trying to hit your domain and getting NDR's bouncing back to non existent/spoofed domains.  That would be my guess, wouldn't hurt to sign up for a 3rd party spam filter service.  Only becomes a problem when users complain about amount of spam.
    LVL 15

    Accepted Solution

    You should disable NDRs to internet this will prevent your server from ovarloading and will protect your users as flooding your server with all possible email addresses is one of the method used by spammers to get valid email addresses from your system.
    LVL 1

    Author Closing Comment

    This is exactly what I did while awaiting answer :)
    LVL 52

    Expert Comment

    by:Manpreet SIngh Khatra
    You should do this ... reason is what if genuine users send email and due to some reason it wanst delivered to your recipient it wouldnt send NDR .... is that good ??

    LVL 15

    Expert Comment

    Rancy is correct it will also not send NDRs when it should be and also required check section 3.7 relaying of the RFC
    Generally Edge server or spam filters takes care of this automatically by sending unknown user respose for invalid recipient in  RCPT TO command and drops the connection but if you don't have spam filters or edge servers configured you should enable recipient filtering on server accepting emails from remote domains. Once the filters are configured you can enable the NDRs. More on recipient filters can be found here.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Suggested Solutions

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now