Solved

Exchange 2007 - NDR sending to internal AND external for 1x user

Posted on 2014-04-10
9
763 Views
Last Modified: 2014-04-22
Hi All,

From just one user mailbox so far, whenever an email is sent to either internal or external recipients, I receive a NDR -
Undeliverable: Delivery has failed to these recipients or distro lists:
monitor1@domain.com.au
Generalting server: exch.domain.local
monitor1@domain.com.au
#550 5.1.1 RESOLVER.ADR.RecipNotFound; no found ##

HOWEVER -
1.  The emails are delivered successfully to both internal or external recipients
2.  The email monitor1@domain.local wasn't included as a recipient.  It doesn't exist, and from my historical records, has never been a mailbox in domain in the last 3 months.  This only started happening today.

There is no email forwarding on this mailbox.

The only thing I can think is it is related to the postmaster logging, but then you would think this would happen for other mailboxes.

Any ideas ?
0
Comment
Question by:moo_c_o_w
  • 3
  • 3
  • 2
9 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 39992893
Just a thought....
As the address is monitoring.....
It looks like an application tries to send some monitoring emails?
At least you have a sender address.
As the mail reaches some targets, I would assume, that possibly the application tries to send it to several targets, but at least one fails, or there exist a distribution list, and some of the targets in the distibution list does not exist anymore.

You may have a look at the mail header of a mail, which is delivered, maybe you can isolate this way the sending server and the route, how it flows.
0
 
LVL 15

Expert Comment

by:jrhelgeson
ID: 39994528
Enable message tracking to monitor the mail flows. This will help identify exactly where, when and how those NDR's are being created and sent.

Here is a link that covers the subject quite well and should at least get you started:
http://exchangeserverpro.com/exchange-2010-message-tracking/
0
 

Author Comment

by:moo_c_o_w
ID: 39996021
thanks eenookami.

And thanks jrhelgeson.  I think your answer would have led me to discover the fix.

The issue was quite strange and would like some feed back.  As mentioned, there has been no monitor1@domain mailbox for at least a year.  I noticed an enabled transport rule for the problematic sending mailbox.  When I clicked on it, there was a warning about corruption.  When I edited the transport rule, there was no mailbox selected.

I'm a little concerned, because the monitor mailbox that the transport rule was forwarding outbound email was deleted over a year ago, however, the NDR notifications only started a few days ago ?

I will get the exact corruption warning I got when I am next in the office.

Has anyone else experienced this ?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 35

Expert Comment

by:Bembi
ID: 39997239
Have you cahnged something in the settings? Or applied an update?

That the rule produces an error is explainable as the rule stays even an used address or mailbox is deleted.

The question is, why you get an NDR now and not before.
There are settings in the global settings for the server to suppress NDRs send to the outside world, so possible that these settings were changed?
0
 

Author Comment

by:moo_c_o_w
ID: 39997961
Hi Bembi,

Yeah I read that a roll up caused something similar... but not in this case.  No updates / patches.  Also, no changes to mailboxes either.

What you are saying appears correct Bembi.  The transport rule was still enabled, simply with no forwarding mailbox configured.

We just aren't sure why it appeared all of a sudden.

Can someone explain the best way to confirm when a mailbox was removed ?
0
 
LVL 15

Accepted Solution

by:
jrhelgeson earned 250 total points
ID: 39998896
The solution is to install Exchange 2007 SP3 Update Rollup 3, according to Microsoft:

http://support.microsoft.com/kb/2448291
"Object <transport rule name> has been corrupted and it is in an inconsistent state" warning message when you view a transport rule on an Exchange Server 2007 SP3 server
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 250 total points
ID: 39999860
At least from my imagination, if nothing at all changed, even none of the automatic updates,
(have also WSUS in mind) it sounds unusual, but most of the time there is an explanation.  I just woul dtake a look again on the mail headers, from the mail hat reaches the users and the NDR what comes back.

If a mail is sent to an unknown user, Exchange sends an NDR by default. The NDRs are usually in the senders mailbox. If nobody has got an NDR, either the NDR went to nowhereor was never produced due a bug.

But even if obviously nothing is changed, there is something going on in the database, have in mind that a mailbox is not directly deleted when you remove it what may influence the behaviour, if exchange one day really cleans it up. Just one of the possibilities, but I guess you can only really follwow up such behaviours, if you now, when the monitor1 mailbox was deleted, just to get some ideads of time scopes. This is just one example, if there in a kind of error in the functionality, it can even be, that just after a defined time, the functionality changed to to other internal processes.

At least I can imagine something in this direction.

Can you exclude that somebody changed some settings on the sending mailbox?
0
 

Author Comment

by:moo_c_o_w
ID: 40000691
Thanks jrhelgeson.  Thanks Bembi.

jrhelgeson - we currently have sp3 roll up 11.  Thanks for link - it sound very similar.  My current roll up supersedes the suggested rollup.

Bembi - I know I should probably just call it a day, however, I am VERY sure that nothing changed.  The removal / disconnect policy is like 1 day, so the NDR's should have started as soon as the monitor1 mailbox was removed.  Of course, the reason I'd have liked an explanation is in case the behaviour indicates a bigger problem.

I will be splitting points to you both.  Just final comments.  And thanks again.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question