Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 810
  • Last Modified:

Exchange 2007 - NDR sending to internal AND external for 1x user

Hi All,

From just one user mailbox so far, whenever an email is sent to either internal or external recipients, I receive a NDR -
Undeliverable: Delivery has failed to these recipients or distro lists:
monitor1@domain.com.au
Generalting server: exch.domain.local
monitor1@domain.com.au
#550 5.1.1 RESOLVER.ADR.RecipNotFound; no found ##

HOWEVER -
1.  The emails are delivered successfully to both internal or external recipients
2.  The email monitor1@domain.local wasn't included as a recipient.  It doesn't exist, and from my historical records, has never been a mailbox in domain in the last 3 months.  This only started happening today.

There is no email forwarding on this mailbox.

The only thing I can think is it is related to the postmaster logging, but then you would think this would happen for other mailboxes.

Any ideas ?
0
moo_c_o_w
Asked:
moo_c_o_w
  • 3
  • 3
  • 2
2 Solutions
 
BembiCEOCommented:
Just a thought....
As the address is monitoring.....
It looks like an application tries to send some monitoring emails?
At least you have a sender address.
As the mail reaches some targets, I would assume, that possibly the application tries to send it to several targets, but at least one fails, or there exist a distribution list, and some of the targets in the distibution list does not exist anymore.

You may have a look at the mail header of a mail, which is delivered, maybe you can isolate this way the sending server and the route, how it flows.
0
 
jrhelgesonCommented:
Enable message tracking to monitor the mail flows. This will help identify exactly where, when and how those NDR's are being created and sent.

Here is a link that covers the subject quite well and should at least get you started:
http://exchangeserverpro.com/exchange-2010-message-tracking/
0
 
moo_c_o_wAuthor Commented:
thanks eenookami.

And thanks jrhelgeson.  I think your answer would have led me to discover the fix.

The issue was quite strange and would like some feed back.  As mentioned, there has been no monitor1@domain mailbox for at least a year.  I noticed an enabled transport rule for the problematic sending mailbox.  When I clicked on it, there was a warning about corruption.  When I edited the transport rule, there was no mailbox selected.

I'm a little concerned, because the monitor mailbox that the transport rule was forwarding outbound email was deleted over a year ago, however, the NDR notifications only started a few days ago ?

I will get the exact corruption warning I got when I am next in the office.

Has anyone else experienced this ?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
BembiCEOCommented:
Have you cahnged something in the settings? Or applied an update?

That the rule produces an error is explainable as the rule stays even an used address or mailbox is deleted.

The question is, why you get an NDR now and not before.
There are settings in the global settings for the server to suppress NDRs send to the outside world, so possible that these settings were changed?
0
 
moo_c_o_wAuthor Commented:
Hi Bembi,

Yeah I read that a roll up caused something similar... but not in this case.  No updates / patches.  Also, no changes to mailboxes either.

What you are saying appears correct Bembi.  The transport rule was still enabled, simply with no forwarding mailbox configured.

We just aren't sure why it appeared all of a sudden.

Can someone explain the best way to confirm when a mailbox was removed ?
0
 
jrhelgesonCommented:
The solution is to install Exchange 2007 SP3 Update Rollup 3, according to Microsoft:

http://support.microsoft.com/kb/2448291
"Object <transport rule name> has been corrupted and it is in an inconsistent state" warning message when you view a transport rule on an Exchange Server 2007 SP3 server
0
 
BembiCEOCommented:
At least from my imagination, if nothing at all changed, even none of the automatic updates,
(have also WSUS in mind) it sounds unusual, but most of the time there is an explanation.  I just woul dtake a look again on the mail headers, from the mail hat reaches the users and the NDR what comes back.

If a mail is sent to an unknown user, Exchange sends an NDR by default. The NDRs are usually in the senders mailbox. If nobody has got an NDR, either the NDR went to nowhereor was never produced due a bug.

But even if obviously nothing is changed, there is something going on in the database, have in mind that a mailbox is not directly deleted when you remove it what may influence the behaviour, if exchange one day really cleans it up. Just one of the possibilities, but I guess you can only really follwow up such behaviours, if you now, when the monitor1 mailbox was deleted, just to get some ideads of time scopes. This is just one example, if there in a kind of error in the functionality, it can even be, that just after a defined time, the functionality changed to to other internal processes.

At least I can imagine something in this direction.

Can you exclude that somebody changed some settings on the sending mailbox?
0
 
moo_c_o_wAuthor Commented:
Thanks jrhelgeson.  Thanks Bembi.

jrhelgeson - we currently have sp3 roll up 11.  Thanks for link - it sound very similar.  My current roll up supersedes the suggested rollup.

Bembi - I know I should probably just call it a day, however, I am VERY sure that nothing changed.  The removal / disconnect policy is like 1 day, so the NDR's should have started as soon as the monitor1 mailbox was removed.  Of course, the reason I'd have liked an explanation is in case the behaviour indicates a bigger problem.

I will be splitting points to you both.  Just final comments.  And thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now