Office 365 NDR regarding an invalid recipient

Here's a weird one. We have a domain in Office 365. There are a few issues but in particular we have 1 user who gets repeated NDR's on sent emails, that get received by the intended recipient, regarding an unrelated recipient who is unknown to the user, and who is not anywhere in the email or the headers. The error is this:

550 5.0.350 Remote server returned an error -> 554 delivery error: dd This account has been temporarily suspended. Please try again later. - mta4145.mail.gq1.yahoo.com

Whether the user exists or not is beside the point, no one is trying to send to them. I'm not sure what information I need to provide to enable troubleshooting and still be able to mask identifying information.
jconklin-ansinc-netAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SeanSystem EngineerCommented:
So just to make sure I understand what is happening.

User A in your domain sends an email to say b@b.com

User A receives an NDR saying that user c@c.com is suspended?

if that is correct a few questions.

Is it always the same NDR user...c@c.com or different every time?

Is user A sending from the PC or web portal?

A few things to check. Viruses (this seems the most likely) Some kind of automatic rule to send out an email on that account or maybe some rule in exchange to forward an email.
0
jconklin-ansinc-netAuthor Commented:
Sean: You are correct in how you understood the problem. The NDR user is the same (that I am aware of). The user is sending from a PC. I checked Exchange and there are no rules for this. I will check her Outlook rules tomorrow. And will run a virus scan, too. Thanks for the tips, I will update.
1
N8iveITCommented:
I agree with JConklin; viruses / malware or an automatic rule.

However, if nothing is apparent on the client, is it possible to look in any of the Exchange logs and see where Exchange is actually thinking it needs to send each email being sent? It should show up in the recipients somewhere within Exchange when it actually sends it.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

timgreen7077Exchange EngineerCommented:
You mentioned that the NDR user is the same, but what if your sender sends to someone else, do he still get he same NDR with the same information or is it different, or does he even get an NDR?
0
jconklin-ansinc-netAuthor Commented:
I checked the end user's Outlook rules this morning and they are unrelated. There are no Exchange rules. Today she received an email from an outside sender, and that same yahoo user is listed. I don't see any harm sharing the yahoo email. The accompanying headers show no mention of yahoo as sender or recipient or anywhere:

mta4296.mail.ne1.yahoo.com rejected your message to the following email addresses:
suttiratrattanachot1@yahoo.com
Your message wasn't delivered because the recipient's mailbox is quarantined. If the problem continues, please contact your email admin.
mta4296.mail.ne1.yahoo.com gave this error:
Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html 
Diagnostic information for administrators:
Generating server: DM5PR11MB2041.namprd11.prod.outlook.com
Total retry attempts: 1
suttiratrattanachot1@yahoo.com
mta4296.mail.ne1.yahoo.com
Remote Server returned '554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html'
0
timgreen7077Exchange EngineerCommented:
I'm assuming your sender is using outlook to send the emails, so please have the user access his/her mailbox on a different computer via OWA. Since the user will access OWA from a different computer there is no need for the user to log into the other computer nor create a profile. Just access OWA on a different computer via the browser and send the email and see if the same thing happens or not.
0
jconklin-ansinc-netAuthor Commented:
timgreen7077: It happens inbound only. From different domains.
0
timgreen7077Exchange EngineerCommented:
I thought the internal sender from your domain sends an email to an external recipient, and the external recipient receives the email successfully, but then your internal sender also gets an NDR back with an error.

If that is the correct process, then try what i mentioned above in regards to OWA and let me know.
0
jconklin-ansinc-netAuthor Commented:
timgreen7077: You are correct that that is what I stated. I was speaking with my end user today, though, and she stated it is inbound emails generating the NDR- she will get the original and the error. Sorry, I know that confused things.
0
timgreen7077Exchange EngineerCommented:
Ok, so this happens on inbound emails from external senders, sending an email to your user. Do it happen with all external domains or just a specific one? Also does this only happen to your 1 user only?
0
jconklin-ansinc-netAuthor Commented:
timgreen7077: It appears to be multiple external domains and only 1 user having this specific issue.
0
timgreen7077Exchange EngineerCommented:
Make sure that their is no forward on the user's mailbox attempting to forward emails to a yahoo.com address also. Check the mailbox via Exchange console or shell and confirm that no forwards are set on the user mailbox.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jconklin-ansinc-netAuthor Commented:
There was a forwarder on that email account. That is bizarre because she claimed she never heard of that user. Sometimes the answer is obvious even if it's not. Thanks!
0
timgreen7077Exchange EngineerCommented:
Good deal.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.