Office 365 NDR regarding an invalid recipient

Here's a weird one. We have a domain in Office 365. There are a few issues but in particular we have 1 user who gets repeated NDR's on sent emails, that get received by the intended recipient, regarding an unrelated recipient who is unknown to the user, and who is not anywhere in the email or the headers. The error is this:

550 5.0.350 Remote server returned an error -> 554 delivery error: dd This account has been temporarily suspended. Please try again later. - mta4145.mail.gq1.yahoo.com

Whether the user exists or not is beside the point, no one is trying to send to them. I'm not sure what information I need to provide to enable troubleshooting and still be able to mask identifying information.
jconklin-ansinc-netAsked:
Who is Participating?
 
timgreen7077Exchange EngineerCommented:
Make sure that their is no forward on the user's mailbox attempting to forward emails to a yahoo.com address also. Check the mailbox via Exchange console or shell and confirm that no forwards are set on the user mailbox.
0
 
SeanSystem EngineerCommented:
So just to make sure I understand what is happening.

User A in your domain sends an email to say b@b.com

User A receives an NDR saying that user c@c.com is suspended?

if that is correct a few questions.

Is it always the same NDR user...c@c.com or different every time?

Is user A sending from the PC or web portal?

A few things to check. Viruses (this seems the most likely) Some kind of automatic rule to send out an email on that account or maybe some rule in exchange to forward an email.
0
 
jconklin-ansinc-netAuthor Commented:
Sean: You are correct in how you understood the problem. The NDR user is the same (that I am aware of). The user is sending from a PC. I checked Exchange and there are no rules for this. I will check her Outlook rules tomorrow. And will run a virus scan, too. Thanks for the tips, I will update.
1
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
David GipeCommented:
I agree with JConklin; viruses / malware or an automatic rule.

However, if nothing is apparent on the client, is it possible to look in any of the Exchange logs and see where Exchange is actually thinking it needs to send each email being sent? It should show up in the recipients somewhere within Exchange when it actually sends it.
0
 
timgreen7077Exchange EngineerCommented:
You mentioned that the NDR user is the same, but what if your sender sends to someone else, do he still get he same NDR with the same information or is it different, or does he even get an NDR?
0
 
jconklin-ansinc-netAuthor Commented:
I checked the end user's Outlook rules this morning and they are unrelated. There are no Exchange rules. Today she received an email from an outside sender, and that same yahoo user is listed. I don't see any harm sharing the yahoo email. The accompanying headers show no mention of yahoo as sender or recipient or anywhere:

mta4296.mail.ne1.yahoo.com rejected your message to the following email addresses:
suttiratrattanachot1@yahoo.com
Your message wasn't delivered because the recipient's mailbox is quarantined. If the problem continues, please contact your email admin.
mta4296.mail.ne1.yahoo.com gave this error:
Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html 
Diagnostic information for administrators:
Generating server: DM5PR11MB2041.namprd11.prod.outlook.com
Total retry attempts: 1
suttiratrattanachot1@yahoo.com
mta4296.mail.ne1.yahoo.com
Remote Server returned '554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html'
0
 
timgreen7077Exchange EngineerCommented:
I'm assuming your sender is using outlook to send the emails, so please have the user access his/her mailbox on a different computer via OWA. Since the user will access OWA from a different computer there is no need for the user to log into the other computer nor create a profile. Just access OWA on a different computer via the browser and send the email and see if the same thing happens or not.
0
 
jconklin-ansinc-netAuthor Commented:
timgreen7077: It happens inbound only. From different domains.
0
 
timgreen7077Exchange EngineerCommented:
I thought the internal sender from your domain sends an email to an external recipient, and the external recipient receives the email successfully, but then your internal sender also gets an NDR back with an error.

If that is the correct process, then try what i mentioned above in regards to OWA and let me know.
0
 
jconklin-ansinc-netAuthor Commented:
timgreen7077: You are correct that that is what I stated. I was speaking with my end user today, though, and she stated it is inbound emails generating the NDR- she will get the original and the error. Sorry, I know that confused things.
0
 
timgreen7077Exchange EngineerCommented:
Ok, so this happens on inbound emails from external senders, sending an email to your user. Do it happen with all external domains or just a specific one? Also does this only happen to your 1 user only?
0
 
jconklin-ansinc-netAuthor Commented:
timgreen7077: It appears to be multiple external domains and only 1 user having this specific issue.
0
 
jconklin-ansinc-netAuthor Commented:
There was a forwarder on that email account. That is bizarre because she claimed she never heard of that user. Sometimes the answer is obvious even if it's not. Thanks!
0
 
timgreen7077Exchange EngineerCommented:
Good deal.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.