NDR issue - getting non-deliverable of random e-mail to my inbox after smarthost changeover

I cut over to a different smarthost (went from Symantec to Proofpoint) and noticed that I'm getting a non-delivery report e-mail in my Outlook inbox about every 20 mins. Most of them are regarding the same exact e-mail.

I've no idea how to track this down  far as why it's being triggered and why I am receiving it.

Can anyone assist? I'm trying to search via the proofpoint appliance search, as well as Exchange, and while I can see the messages there, it doesn't give me any insight as to why I'm getting a non-deliverable -- i'm not even a recipient.
At best I'm guessing I'm just being forwarded the e-mail via the smarthost appliance, but it doesn't help me much...

E-mail is:

From: Mail Delivery Subsystem [MAILER-DAEMON@ProofPointServer.localdomain.com]
Sent: Monday, November 02, 2015 3:05 PM
To: AWatch@server01.localdomain.com
Subject: Undeliverable: AMICAS Watch red alert for AMICAS Server #1873 (server02).

Delivery has failed to these recipients or groups:
The recipient's e-mail address isn't correct. Please check the e-mail address and try to resend the message. If the problem continues, contact your helpdesk.
The following organization rejected your message: server01.localdomain.com.

Diagnostic information for administrators:
Generating server: ProofPointServer.localdomain.com
server01.localdomain.com #<server01.localdomain.com #5.1.2 SMTP; 550 Host unknown> #SMTP#
Original message headers:
Return-Path: <>
Received: from pps.filterd (ProofPointServer.localdomain.com [])
 ProofPointServer.localdomain.com ( with SMTP id tA2Kw6sL042234
 <AWatch@server01.localdomain.com>; Mon, 2 Nov 2015 15:01:59 -0600
Received: from mail9.localdomain.com (mail9.localdomain.com [])
 ProofPointServer.localdomain.com with ESMTP id 1xvts2gcwq-1
 cipher=AES128-SHA bits=128 verify=NOT)  for <AWatch@server01.localdomain.com>; Mon,
 02 Nov 2015 15:01:59 -0600
MIME-Version: 1.0
From: <postmaster@externaldomain.com>
To: <AWatch@server01.localdomain.com>
Date: Mon, 2 Nov 2015 15:01:59 -0600
Content-Type: multipart/report; report-type=delivery-status;
Content-Language: en-US
Message-ID: <f64df61d-7e36-4088-9418-10c36b0aea25@externaldomain.com>
In-Reply-To: <16471729.1446498118818.JavaMail.dicom@server02>
References: <16471729.1446498118818.JavaMail.dicom@server02>
Subject: Undeliverable: AMICAS Watch red alert for AMICAS Server #1873
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2015-11-02_12:,,
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 kscore.is_bulkscore=0
 kscore.compositescore=1 compositescore=0.9 ndrscore=0 suspectscore=3
 malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9
 spamscore=0 urlsuspectscore=0.9 adjustscore=0 adultscore=0 classifier=spam
 adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000
X-Regulatory-Partner: 1
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kash2nd Line EngineerCommented:
have you checked on RBL for your server being listed. First thing I would do.
is it just one particular box you are having issues with or multiple?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Not sure if  it's RBL because the e-mail address is local, and the server is a local server in our network. I don't think the e-mail is truly something coming from the internet. I'm wondering if it's using the appliance as a relay server but I'm still not sure how to track internally. lol
Does the mailbox for this AWatch@server01.localdomain.com exist? or it is just a dummy address?
garryshapeAuthor Commented:
It's a server that exists and I can RDP into it. I think there may be some software configured within it that is triggering some smtp e-mails. Still digging around at this point
garryshapeAuthor Commented:
Thanks this got me through to finding and tracking the MessageId's to figure out what was causing the issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.