Garry Shape
asked on
NDR issue - getting non-deliverable of random e-mail to my inbox after smarthost changeover
I cut over to a different smarthost (went from Symantec to Proofpoint) and noticed that I'm getting a non-delivery report e-mail in my Outlook inbox about every 20 mins. Most of them are regarding the same exact e-mail.
I've no idea how to track this down far as why it's being triggered and why I am receiving it.
Can anyone assist? I'm trying to search via the proofpoint appliance search, as well as Exchange, and while I can see the messages there, it doesn't give me any insight as to why I'm getting a non-deliverable -- i'm not even a recipient.
At best I'm guessing I'm just being forwarded the e-mail via the smarthost appliance, but it doesn't help me much...
E-mail is:
From: Mail Delivery Subsystem [MAILER-DAEMON@ProofPointS erver.loca ldomain.co m]
Sent: Monday, November 02, 2015 3:05 PM
To: AWatch@server01.localdomai n.com
Subject: Undeliverable: AMICAS Watch red alert for AMICAS Server #1873 (server02).
Delivery has failed to these recipients or groups:
AWatch@server01.localdomai n.com
The recipient's e-mail address isn't correct. Please check the e-mail address and try to resend the message. If the problem continues, contact your helpdesk.
The following organization rejected your message: server01.localdomain.com.
Diagnostic information for administrators:
Generating server: ProofPointServer.localdoma in.com
AWatch@server01.localdomai n.com
server01.localdomain.com #<server01.localdomain.com #5.1.2 SMTP; 550 Host unknown> #SMTP#
Original message headers:
Return-Path: <>
Received: from pps.filterd (ProofPointServer.localdom ain.com [127.0.0.1])
by
ProofPointServer.localdoma in.com (8.15.0.59/8.15.0.59) with SMTP id tA2Kw6sL042234
for
<AWatch@server01.localdoma in.com>; Mon, 2 Nov 2015 15:01:59 -0600
Received: from mail9.localdomain.com (mail9.localdomain.com [10.13.70.59])
by
ProofPointServer.localdoma in.com with ESMTP id 1xvts2gcwq-1
(version=TLSv1/SSLv3
cipher=AES128-SHA bits=128 verify=NOT) for <AWatch@server01.localdoma in.com>; Mon,
02 Nov 2015 15:01:59 -0600
MIME-Version: 1.0
From: <postmaster@externaldomain .com>
To: <AWatch@server01.localdoma in.com>
Date: Mon, 2 Nov 2015 15:01:59 -0600
Content-Type: multipart/report; report-type=delivery-statu s;
boundary="8757241e-cd89-49 47-a3ac-26 7b9be17f9d "
Content-Language: en-US
Message-ID: <f64df61d-7e36-4088-9418-1 0c36b0aea2 5@external domain.com >
In-Reply-To: <16471729.1446498118818.Ja vaMail.dic om@server0 2>
References: <16471729.1446498118818.Ja vaMail.dic om@server0 2>
Subject: Undeliverable: AMICAS Watch red alert for AMICAS Server #1873
(server02).
X-Proofpoint-Virus-Version : vendor=fsecure engine=2.50.10432:,, definitions=2015-11-02_12: ,,
signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 kscore.is_bulkscore=0
kscore.compositescore=1 compositescore=0.9 ndrscore=0 suspectscore=3
malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9
spamscore=0 urlsuspectscore=0.9 adjustscore=0 adultscore=0 classifier=spam
adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000
definitions=main-151102036 2
X-Regulatory-Partner: 1
I've no idea how to track this down far as why it's being triggered and why I am receiving it.
Can anyone assist? I'm trying to search via the proofpoint appliance search, as well as Exchange, and while I can see the messages there, it doesn't give me any insight as to why I'm getting a non-deliverable -- i'm not even a recipient.
At best I'm guessing I'm just being forwarded the e-mail via the smarthost appliance, but it doesn't help me much...
E-mail is:
From: Mail Delivery Subsystem [MAILER-DAEMON@ProofPointS
Sent: Monday, November 02, 2015 3:05 PM
To: AWatch@server01.localdomai
Subject: Undeliverable: AMICAS Watch red alert for AMICAS Server #1873 (server02).
Delivery has failed to these recipients or groups:
AWatch@server01.localdomai
The recipient's e-mail address isn't correct. Please check the e-mail address and try to resend the message. If the problem continues, contact your helpdesk.
The following organization rejected your message: server01.localdomain.com.
Diagnostic information for administrators:
Generating server: ProofPointServer.localdoma
AWatch@server01.localdomai
server01.localdomain.com #<server01.localdomain.com
Original message headers:
Return-Path: <>
Received: from pps.filterd (ProofPointServer.localdom
by
ProofPointServer.localdoma
for
<AWatch@server01.localdoma
Received: from mail9.localdomain.com (mail9.localdomain.com [10.13.70.59])
by
ProofPointServer.localdoma
(version=TLSv1/SSLv3
cipher=AES128-SHA bits=128 verify=NOT) for <AWatch@server01.localdoma
02 Nov 2015 15:01:59 -0600
MIME-Version: 1.0
From: <postmaster@externaldomain
To: <AWatch@server01.localdoma
Date: Mon, 2 Nov 2015 15:01:59 -0600
Content-Type: multipart/report; report-type=delivery-statu
boundary="8757241e-cd89-49
Content-Language: en-US
Message-ID: <f64df61d-7e36-4088-9418-1
In-Reply-To: <16471729.1446498118818.Ja
References: <16471729.1446498118818.Ja
Subject: Undeliverable: AMICAS Watch red alert for AMICAS Server #1873
(server02).
X-Proofpoint-Virus-Version
signatures=0
X-Proofpoint-Spam-Details:
kscore.compositescore=1 compositescore=0.9 ndrscore=0 suspectscore=3
malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9
spamscore=0 urlsuspectscore=0.9 adjustscore=0 adultscore=0 classifier=spam
adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000
definitions=main-151102036
X-Regulatory-Partner: 1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's a server that exists and I can RDP into it. I think there may be some software configured within it that is triggering some smtp e-mails. Still digging around at this point
ASKER
Thanks this got me through to finding and tracking the MessageId's to figure out what was causing the issue
ASKER