Exchange 2007 - NDR sending to internal AND external for 1x user
Hi All,
From just one user mailbox so far, whenever an email is sent to either internal or external recipients, I receive a NDR -
Undeliverable: Delivery has failed to these recipients or distro lists:
monitor1@domain.com.au
Generalting server: exch.domain.local
monitor1@domain.com.au
#550 5.1.1 RESOLVER.ADR.RecipNotFound
HOWEVER -
1. The emails are delivered successfully to both internal or external recipients
2. The email monitor1@domain.local wasn't included as a recipient. It doesn't exist, and from my historical records, has never been a mailbox in domain in the last 3 months. This only started happening today.
There is no email forwarding on this mailbox.
The only thing I can think is it is related to the postmaster logging, but then you would think this would happen for other mailboxes.
Any ideas ?
From just one user mailbox so far, whenever an email is sent to either internal or external recipients, I receive a NDR -
Undeliverable: Delivery has failed to these recipients or distro lists:
monitor1@domain.com.au
Generalting server: exch.domain.local
monitor1@domain.com.au
#550 5.1.1 RESOLVER.ADR.RecipNotFound
HOWEVER -
1. The emails are delivered successfully to both internal or external recipients
2. The email monitor1@domain.local wasn't included as a recipient. It doesn't exist, and from my historical records, has never been a mailbox in domain in the last 3 months. This only started happening today.
There is no email forwarding on this mailbox.
The only thing I can think is it is related to the postmaster logging, but then you would think this would happen for other mailboxes.
Any ideas ?
Enable message tracking to monitor the mail flows. This will help identify exactly where, when and how those NDR's are being created and sent.
Here is a link that covers the subject quite well and should at least get you started:
http://exchangeserverpro.com/exchange-2010-message-tracking/
Here is a link that covers the subject quite well and should at least get you started:
http://exchangeserverpro.com/exchange-2010-message-tracking/
ASKER
thanks eenookami.
And thanks jrhelgeson. I think your answer would have led me to discover the fix.
The issue was quite strange and would like some feed back. As mentioned, there has been no monitor1@domain mailbox for at least a year. I noticed an enabled transport rule for the problematic sending mailbox. When I clicked on it, there was a warning about corruption. When I edited the transport rule, there was no mailbox selected.
I'm a little concerned, because the monitor mailbox that the transport rule was forwarding outbound email was deleted over a year ago, however, the NDR notifications only started a few days ago ?
I will get the exact corruption warning I got when I am next in the office.
Has anyone else experienced this ?
And thanks jrhelgeson. I think your answer would have led me to discover the fix.
The issue was quite strange and would like some feed back. As mentioned, there has been no monitor1@domain mailbox for at least a year. I noticed an enabled transport rule for the problematic sending mailbox. When I clicked on it, there was a warning about corruption. When I edited the transport rule, there was no mailbox selected.
I'm a little concerned, because the monitor mailbox that the transport rule was forwarding outbound email was deleted over a year ago, however, the NDR notifications only started a few days ago ?
I will get the exact corruption warning I got when I am next in the office.
Has anyone else experienced this ?
Have you cahnged something in the settings? Or applied an update?
That the rule produces an error is explainable as the rule stays even an used address or mailbox is deleted.
The question is, why you get an NDR now and not before.
There are settings in the global settings for the server to suppress NDRs send to the outside world, so possible that these settings were changed?
That the rule produces an error is explainable as the rule stays even an used address or mailbox is deleted.
The question is, why you get an NDR now and not before.
There are settings in the global settings for the server to suppress NDRs send to the outside world, so possible that these settings were changed?
ASKER
Hi Bembi,
Yeah I read that a roll up caused something similar... but not in this case. No updates / patches. Also, no changes to mailboxes either.
What you are saying appears correct Bembi. The transport rule was still enabled, simply with no forwarding mailbox configured.
We just aren't sure why it appeared all of a sudden.
Can someone explain the best way to confirm when a mailbox was removed ?
Yeah I read that a roll up caused something similar... but not in this case. No updates / patches. Also, no changes to mailboxes either.
What you are saying appears correct Bembi. The transport rule was still enabled, simply with no forwarding mailbox configured.
We just aren't sure why it appeared all of a sudden.
Can someone explain the best way to confirm when a mailbox was removed ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks jrhelgeson. Thanks Bembi.
jrhelgeson - we currently have sp3 roll up 11. Thanks for link - it sound very similar. My current roll up supersedes the suggested rollup.
Bembi - I know I should probably just call it a day, however, I am VERY sure that nothing changed. The removal / disconnect policy is like 1 day, so the NDR's should have started as soon as the monitor1 mailbox was removed. Of course, the reason I'd have liked an explanation is in case the behaviour indicates a bigger problem.
I will be splitting points to you both. Just final comments. And thanks again.
jrhelgeson - we currently have sp3 roll up 11. Thanks for link - it sound very similar. My current roll up supersedes the suggested rollup.
Bembi - I know I should probably just call it a day, however, I am VERY sure that nothing changed. The removal / disconnect policy is like 1 day, so the NDR's should have started as soon as the monitor1 mailbox was removed. Of course, the reason I'd have liked an explanation is in case the behaviour indicates a bigger problem.
I will be splitting points to you both. Just final comments. And thanks again.
As the address is monitoring.....
It looks like an application tries to send some monitoring emails?
At least you have a sender address.
As the mail reaches some targets, I would assume, that possibly the application tries to send it to several targets, but at least one fails, or there exist a distribution list, and some of the targets in the distibution list does not exist anymore.
You may have a look at the mail header of a mail, which is delivered, maybe you can isolate this way the sending server and the route, how it flows.