Incoming emails with wrong recipient not bouncing

Hi experts,

We have an Exchange 2013 server.
I dont know when this has started, but when someone from outside my organization sends us an email with an unknown recipient, they will never know that this address doesn't exist.
I've tried from my gmail, hotmail and yahoo account to send an email to ssssss@transdev.ca, it never bounced

I can see the email not being blocked by our junk filter.

I also see the email reached our Exchange server, as per the log:

2015-10-22T13:18:29.724Z,Inbound Proxy Internal Send Connector,08D2D52D25676A4F,111,>,MAIL FROM:<mart.gauvreau@gmail.com> SIZE=0 AUTH=<>,
2015-10-22T13:18:29.724Z,Inbound Proxy Internal Send Connector,08D2D52D25676A4F,112,>,RCPT TO:<ssssss@transdev.ca> ORCPT=rfc822;ssssss@transdev.ca,
2015-10-22T13:18:29.739Z,Inbound Proxy Internal Send Connector,08D2D52D25676A4F,113,<,250 2.1.0 Sender OK,
2015-10-22T13:18:29.739Z,Inbound Proxy Internal Send Connector,08D2D52D25676A4F,114,<,550 5.1.1 User unknown,

So I guess my Exchange server 'knows' the recipient is unknown, it's just not telling the other server.

Thanks in advance
deewaveAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Looks like someone disabled NDR report. Which is good, as it will avoid hackers to get your domain information. However you can enable it via PS command Set-RemoteDomain and enable  NDRDiagnosticInfoEnabled parameter. Read more here:

https://technet.microsoft.com/en-us/library/aa996309(v=exchg.150).aspx#BKMK_ControllingNDRInfo
deewaveAuthor Commented:
Hi
Thanks for the reply.

The parameters NDREnabled and NDRDiagnosticInfoEnabled are both True.

I think I will bypass my junk filter for 2 minutes and send all mails directly to the Exchange Server. I just want to make sure it's not the mailscanner machine.
AmitIT ArchitectCommented:
Let me know the result. So we can troubleshoot further.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

deewaveAuthor Commented:
If I send all mails directly to my Exchange server, the NDR works fine.
I'll google some documentation on our junk filter system, as I'm really not an expert.

Meanwhile, if someone has a clue on how Exchange 2013 CU8 and Mailscanner could deal with NDR correctly, let me know!

Martin
AmitIT ArchitectCommented:
Looks like this Mailscanner is a open source. I assume this is also install on unix based machine. You might need to check Mailscanner configuration or logs. why it  is blocking.
deewaveAuthor Commented:
Hmm that's strange.

If I telnet to my server on port 2525, it RCPT TO with "550 5.1.1 User unknown".

For the same address, if I telnet on port 25 it says "250 2.1.5 Recipient OK". Only at the end, when I try to send the email, it shows "User unknown"

250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
blablabla
.
550 5.1.1 User unknown
deewaveAuthor Commented:
Finally resolved this by forwarding mails from my mailscanner machine port 25 to my Exchange server port 2525.
AmitIT ArchitectCommented:
Any reason to change Exchange port to 2525.
deewaveAuthor Commented:
I'm not changing my Exchange port. The ports on my Exchange server stays the same. I'm just forwarding emails to a different port.

After some reading, it seems Microsoft changed something between Exchange 2010 and 2013. Now Exchange returns the 550 code only AFTER the mail is sent to the Exchange server. Briefly,
1. my junk filter receives the mail
2. do the RCPT TO with my Exchange server
3. Exchange responds 250
4. the junk filter send it to my Exchange server

A solution would be to add an Edge Transport server between my junk filter and my exchange server. (Edge wasn't in first releases of Exchange 2013. MS added it in service pack 1).

This is not a solution for us. Instead, we chose to redirect mail to port 2525 instead of 25.
25 is responding 250 to every recipient. 2525 does the correct job. I know it has something to do with my connectors, but we prefer the easy way than messing with connectors and risking to break something else.

Thanks for your help Amit

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
deewaveAuthor Commented:
found the solution myslef
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.