Solved

Exchange 2010 - NDRs not sending externally

Posted on 2013-06-24
9
932 Views
Last Modified: 2013-07-03
First time poster - so hopefully I have provided enough information etc.

I have an Exchange 2010 server which isnt sending NDRs externally even though it has been configured to send them.

We have an SMTP Smarthost Connector setup for forward mail to our via our Local Authority.

They use and ISA box and all mail is routed through MessageLabs. (As far as I am aware and asked NDRs are not blocked)

When I use the exchange tracking tool, it shows our NDRs as STMP Fail and Badmail DSN which I am assuming means they are not leaving our Exchange server for one reason or another.


Below are details from get-hubtransportconfig and get-remotedomain

Hub Transport Config (snippet)
ClearCategories                     : True
ConvertDisclaimerWrapperToEml       : False
DSNConversionMode                   : UseExchangeDSNs
ExternalDelayDsnEnabled             : True
ExternalDsnDefaultLanguage          :
ExternalDsnLanguageDetectionEnabled : True
ExternalDsnMaxMessageAttachSize     : 10 MB (10,485,760 bytes)
ExternalDsnReportingAuthority       :
ExternalDsnSendHtml                 : True
ExternalPostmasterAddress           : postmaster@*****.uk
GenerateCopyOfDSNFor                : {}
HygieneSuite                        : Standard
InternalDelayDsnEnabled             : True

Remote Domain (snippet)
RunspaceId                           : fd55ede7-eac3-46c6-ac03-e9746862742b
DomainName                           : *
IsInternal                           : False
TargetDeliveryDomain                 : False
ByteEncoderTypeFor7BitCharsets       : Undefined
CharacterSet                         : iso-8859-1
NonMimeCharacterSet                  : iso-8859-1
AllowedOOFType                       : External
AutoReplyEnabled                     : False
AutoForwardEnabled                   : False
DeliveryReportEnabled                : True
NDREnabled                           : True
MeetingForwardNotificationEnabled    : False
ContentType                          : MimeHtmlText
DisplaySenderName                    : True
PreferredInternetCodePageForShiftJis : Undefined
RequiredCharsetCoverage              :
TNEFEnabled                          :
LineWrapSize                         : unlimited
TrustedMailOutboundEnabled           : False
TrustedMailInboundEnabled            : False
IsCoexistenceDomain                  : False
UseSimpleDisplayName                 : False
NDRDiagnosticInfoEnabled             : True
AdminDisplayName                     :
ExchangeVersion                      : 0.1 (8.0.535.0)
Name                                 : Default
0
Comment
Question by:herbie136
  • 5
  • 4
9 Comments
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 39271051
You need to configure the domains as authoritative. But you also need to be aware of "Backscatter" as this can get you on some naughty lists. see http://social.technet.microsoft.com/Forums/exchange/en-US/8839bee6-134c-46fc-ba0a-08926b16eecc/how-to-enable-ndr-for-external-users

And i suggest that you read what Simon Butler (AKA Sembee on EE) has to say, and perhaps have a look at his Blog.

Cheers
Andrew.
0
 

Author Comment

by:herbie136
ID: 39271614
Thanks for reply.

I can confirm the domain is already set to be authoritative.

Not sure if this is related but I have just used telnet test the NDR all went find and submitted the email to the queue and then I got Error 5.3.3 unrecognised command.

I have just gone to look at the smtp logs and there are none!  Does Exchange not log automatically???

Thanks
Mark
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 39271637
No it is disabled by default.
see http://technet.microsoft.com/en-us/library/bb124531.aspx
to turn it on.

Cheers
Andrew
0
 

Author Comment

by:herbie136
ID: 39271872
Right, logging enabled

This the test entry details from the log file.

Mail From: <> Size 11888,
250, <> Size 11888 . . . Sender ok,
RCPT TO: <myhotmail address>
550 Mailbox unavailable. ,
QUIT


I'm puzzled at two things.  
1. should the  Mail From not show  the  postmaster address
2. why the 550 Mailbox unavailable

Thanks
Mark
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 18

Expert Comment

by:Andrew Davis
ID: 39271907
How are you doing this? You mentioned Telnet.

if you are trying to telnet to a connector that doesnt have the ability to relay then it will return an error 550, because that mailbox doesnt exist in that exchange.

to test exchange using telnet see http://exchange.mvps.org/smtp_frames.htm

Cheers
Andrew
0
 

Author Comment

by:herbie136
ID: 39272086
I did try telnet before enabling logging and got the 5.3.3 error.

After I enabled logging I sent a message from my hotmail account for my work account mis-spelling my name to generate a NDR.  The information I posted was taken from the Send Logfile.

Does the postmaster account I have specified have to physically exist on the exchange server? The setting was blank on the Hub transport so I manually entered it.

Thanks
Mark
0
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 500 total points
ID: 39274008
it appears from above log that the hotmail server replied with the mailbox non-existent.

it may help to configure the postmaster address and set it to send a copy see http://msundis.wordpress.com/2010/04/21/configure-postmaster-microsoft-exchange-recipient-and-ndr-forwarding-in-exchange-server-2007-and-2010/

Cheers
Andrew

Sorry for the late reply. Time difference to Australia ;)
0
 

Author Comment

by:herbie136
ID: 39274272
I've gone through the articl, restarted all the services and still no joy :-(

Still getting 550 errors and NDRs are not going into the newly created postmaster mailbox.

This is a real head scratcher!

Thanks
Mark
tracklog.jpg
0
 

Author Comment

by:herbie136
ID: 39297384
After hours of testing and speaking to our Smarthost provider, it turned out to be their firewalls blocking the mails.

This was due to postmaster having no address or return path and the firewall was set to block any mail without a return path.

Since they will not change this setting and allow NDRs, it looks like Im at a stand still.

Many thanks for your help Andrew.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now