jconklin-ansinc-net
asked on
Office 365 NDR regarding an invalid recipient
Here's a weird one. We have a domain in Office 365. There are a few issues but in particular we have 1 user who gets repeated NDR's on sent emails, that get received by the intended recipient, regarding an unrelated recipient who is unknown to the user, and who is not anywhere in the email or the headers. The error is this:
550 5.0.350 Remote server returned an error -> 554 delivery error: dd This account has been temporarily suspended. Please try again later. - mta4145.mail.gq1.yahoo.com
Whether the user exists or not is beside the point, no one is trying to send to them. I'm not sure what information I need to provide to enable troubleshooting and still be able to mask identifying information.
550 5.0.350 Remote server returned an error -> 554 delivery error: dd This account has been temporarily suspended. Please try again later. - mta4145.mail.gq1.yahoo.com
Whether the user exists or not is beside the point, no one is trying to send to them. I'm not sure what information I need to provide to enable troubleshooting and still be able to mask identifying information.
ASKER
Sean: You are correct in how you understood the problem. The NDR user is the same (that I am aware of). The user is sending from a PC. I checked Exchange and there are no rules for this. I will check her Outlook rules tomorrow. And will run a virus scan, too. Thanks for the tips, I will update.
I agree with JConklin; viruses / malware or an automatic rule.
However, if nothing is apparent on the client, is it possible to look in any of the Exchange logs and see where Exchange is actually thinking it needs to send each email being sent? It should show up in the recipients somewhere within Exchange when it actually sends it.
However, if nothing is apparent on the client, is it possible to look in any of the Exchange logs and see where Exchange is actually thinking it needs to send each email being sent? It should show up in the recipients somewhere within Exchange when it actually sends it.
You mentioned that the NDR user is the same, but what if your sender sends to someone else, do he still get he same NDR with the same information or is it different, or does he even get an NDR?
ASKER
I checked the end user's Outlook rules this morning and they are unrelated. There are no Exchange rules. Today she received an email from an outside sender, and that same yahoo user is listed. I don't see any harm sharing the yahoo email. The accompanying headers show no mention of yahoo as sender or recipient or anywhere:
mta4296.mail.ne1.yahoo.com
suttiratrattanachot1@yahoo
Your message wasn't delivered because the recipient's mailbox is quarantined. If the problem continues, please contact your email admin.
mta4296.mail.ne1.yahoo.com
Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html
Diagnostic information for administrators:
Generating server: DM5PR11MB2041.namprd11.pro
Total retry attempts: 1
suttiratrattanachot1@yahoo
mta4296.mail.ne1.yahoo.com
Remote Server returned '554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html'
mta4296.mail.ne1.yahoo.com
suttiratrattanachot1@yahoo
Your message wasn't delivered because the recipient's mailbox is quarantined. If the problem continues, please contact your email admin.
mta4296.mail.ne1.yahoo.com
Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html
Diagnostic information for administrators:
Generating server: DM5PR11MB2041.namprd11.pro
Total retry attempts: 1
suttiratrattanachot1@yahoo
mta4296.mail.ne1.yahoo.com
Remote Server returned '554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html'
I'm assuming your sender is using outlook to send the emails, so please have the user access his/her mailbox on a different computer via OWA. Since the user will access OWA from a different computer there is no need for the user to log into the other computer nor create a profile. Just access OWA on a different computer via the browser and send the email and see if the same thing happens or not.
ASKER
timgreen7077: It happens inbound only. From different domains.
I thought the internal sender from your domain sends an email to an external recipient, and the external recipient receives the email successfully, but then your internal sender also gets an NDR back with an error.
If that is the correct process, then try what i mentioned above in regards to OWA and let me know.
If that is the correct process, then try what i mentioned above in regards to OWA and let me know.
ASKER
timgreen7077: You are correct that that is what I stated. I was speaking with my end user today, though, and she stated it is inbound emails generating the NDR- she will get the original and the error. Sorry, I know that confused things.
Ok, so this happens on inbound emails from external senders, sending an email to your user. Do it happen with all external domains or just a specific one? Also does this only happen to your 1 user only?
ASKER
timgreen7077: It appears to be multiple external domains and only 1 user having this specific issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There was a forwarder on that email account. That is bizarre because she claimed she never heard of that user. Sometimes the answer is obvious even if it's not. Thanks!
Good deal.
User A in your domain sends an email to say b@b.com
User A receives an NDR saying that user c@c.com is suspended?
if that is correct a few questions.
Is it always the same NDR user...c@c.com or different every time?
Is user A sending from the PC or web portal?
A few things to check. Viruses (this seems the most likely) Some kind of automatic rule to send out an email on that account or maybe some rule in exchange to forward an email.