We help IT Professionals succeed at work.

Help with accepted domains and emails to nonexistent accounts

king daddy
king daddy asked
on
We have 6 authoritative domains and 8 internal relay domains in a hybrid exchange environment (one 2013 server on prem and office 365 hosted email server). Out default domain is internal relay (fyi). The issue is that we are seeing emails coming in to non-existent email addresses being bounced back between our server and a barracuda spam appliance. This is filling up the queue. While it is causing a negligible delay, I have been tasked with figuring out what if any impact we would see by changing our internal relay domains to authoritative and if it would prevent the bouncing of emails between the server and the barracuda. We are looking to just dropping emails coming in to nonexistent email accounts.

Thanks for any assistance as I have not had to previously deal with this. Other methods of stopping the emails from bouncing between the server and barracuda and just being dropped are welcomed.
Comment
Watch Question

Exchange Engineer
Distinguished Expert 2018
Commented:
If the emails are coming into through the barracuda, check if the barracuda has recipient filtering capability, and if it does, you can setup recipient filtering that will allow the barracuda to drop the emails if the email doesn't exist in your org.

You could also turn off NDRs so that it will stop delivering them, see link for disabling NDRs:

https://www.authsmtp.com/exchange-2013/exchange2013-disable-non-delivery-report-ndr-dsn.html

Recipient filtering is the better option in my opinion, if your device supports it.
David FavorFractional CTO
Distinguished Expert 2019
Commented:
Seems like a misconfiguration.

Bounces, should be returned to the originating sender + also should have loop prevention.

Like some random header X-Already-Seen: yourdomain.tld so if this header is seen email is dropped. This prevents looping of bogus addresses being bounced back with no actual address for bounce delivery.

Also, if you're actually testing SPF + DKIM records at your incoming (what I think you're calling authoritative servers) then these messages will immediately have an X-Already-Seen header + bounce back, then if the bounce... bounces... it should be dropped.

Author

Commented:
Thank you both, timgreen7077 and David, for the quick replies.

I would like to verify whether we are experiencing NDRs bouncing between the barracuda and the server or the actual email sent to a nonexistent email address being "bounced" between them. I suspect the latter. My language may have been misleading regarding what we are experiencing. If indeed the latter, I will check the barracuda's recipient filtering capabilities as suggested.
Hani M .S. Al-habshiContributor as IT Expert

Commented:
1-check barracuda's SSL Certifications
2-Add SPF records to all of your sender domains
3- check Send / receive connector authentication s
4-check domains & public IP's if got blacklist

Author

Commented:
Just wanted to update this. Someone else is working on it now as there are other, more pressing issues.
I did find out that recipient filtering on the barracuda messes with some sort of SMS messages that go through the barracuda for another domain we process.
Thanks for the info.