Undeliverable mail message

[Jaz]

What does it mean when you get a message from the system administrator
stating that your mail is undeliverable BUT the message it tried to sent is
not your message.

Is this message really coming from our exchange server saying that somebody
is trying to send a message using our exchange server?

Or is this message not really generated by our exchange server?

Any ideas?

Thanks,
Jasper

 

[Joe Grover]

This typically means that:

- Someone sent a message (typically spam, or could have been a virus) using
your email address in the From: field.
- The server the message was supposed to be delivered to accepted the
message, then decided it could not deliver it and generated a NDR "back" to
your address.

These types of messages are known by several names, such as "unsolicited
bounces". You're receiving them because the destination mail server is not
configured in an ideal fashion (servers should reject a message using a
protocol error, relying on the sending server to generate the NDR to the
sender, not accept the message and then generate its own NDR).
Unfortunately there isn't much you can do. If you continue to receive them
and it's getting to be a huge hassle, the best bet is to change your email
address (though I have seen some folks report these messages to Spamcop.net
as unsolicited bounces; this could prompt the receiving server to configure
their servers properly if folks start blacklisting their server because of
it).

Joe

 

[Jaz]

Joe,

How would I check to see if OUR exchange server is setup properly?

Thanks,
Jasper

 

[Joe Grover]

If you're running Exchange 2000, then the only option you have
out-of-the-box is to disable NDRs entirely, which may not be a desirable
alternative.

In Exchange 2003 (starting with SP1 I believe) you can do the following:

- Launch Exchange System Manager.
- Drill down to Global Settings.
- Right-click on Message Delivery and select Properties.
- Click on the Recipient Filtering tab.
- At the bottom of the page, check the "Filter recipients who are not in the
Directory" box and click OK.

Now you need to apply this filter to any relevant SMTP virtual servers:

- Drill down to Servers -> Server Name -> Protocols -> SMTP
- Right-click on Default SMTP Virtual Server and select Properties.
- Click on the Advanced button next to the IP Address field on the General
tab.
- Does "Filter Enabled" say "Yes" underneath it? If not (or to check what
filtering is being applied) select the IP Address in the list and click
Edit.
- Check the "Apply Recipient Filter" box.
- Keep clicking OK until you're backed out of any configuration windows.
- Restart the SMTP service.

Basically you're creating a recipient filter, then you need to apply that
filter to any SMTP virtual servers or interfaces.

In Exchange 2007 I don't know--it requires 64-bit hardware and we haven't
had the need to buy a new server yet.

One thing to keep in mind is that spammers will sometimes perform "directory
harvest" attacks on mail servers, essentially flooding the server with RCPT
TO commands to determine which addresses exist and which don't. Because of
this it is recommended to enable "tarpitting" of SMTP connections if you
enable this recipient filter. Henrik Walther has a great article about
tarpitting here:

http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

Joe

 

[Jaz]

THANKS!!

If you're running Exchange 2000, then the only option you have
out-of-the-box is to disable NDRs entirely, which may not be a desirable
alternative.

In Exchange 2003 (starting with SP1 I believe) you can do the following:

- Launch Exchange System Manager.
- Drill down to Global Settings.
- Right-click on Message Delivery and select Properties.
- Click on the Recipient Filtering tab.
- At the bottom of the page, check the "Filter recipients who are not in the
Directory" box and click OK.

Now you need to apply this filter to any relevant SMTP virtual servers:

- Drill down to Servers -> Server Name -> Protocols -> SMTP
- Right-click on Default SMTP Virtual Server and select Properties.
- Click on the Advanced button next to the IP Address field on the General
tab.
- Does "Filter Enabled" say "Yes" underneath it? If not (or to check what
filtering is being applied) select the IP Address in the list and click
Edit.
- Check the "Apply Recipient Filter" box.
- Keep clicking OK until you're backed out of any configuration windows.
- Restart the SMTP service.

Basically you're creating a recipient filter, then you need to apply that
filter to any SMTP virtual servers or interfaces.

In Exchange 2007 I don't know--it requires 64-bit hardware and we haven't
had the need to buy a new server yet.

One thing to keep in mind is that spammers will sometimes perform "directory
harvest" attacks on mail servers, essentially flooding the server with RCPT
TO commands to determine which addresses exist and which don't. Because of
this it is recommended to enable "tarpitting" of SMTP connections if you
enable this recipient filter. Henrik Walther has a great article about
tarpitting here:

http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

Joe

 

[Guest]

I have encountered another Undeliverable: Queries from System Administrator
and it states that it was unable to send the message to the following address:
"(e-mail address removed)"
571 You may be marked as SPAMMER. Sorry we do not relay.

I have also checked the email account settings and all of them are correctly
configured. This problem arise since the other day everytime I send a message
through reply or reply to all. But sending a message through creating a NEW
message does not send me undeliverable message.

Please help me regarding with this problem. Thanks

//Sorry to reply in this topic because I didn't know how to start a topic in
this site.

 

[Brian Tillman]

I have encountered another Undeliverable: Queries from System
Administrator and it states that it was unable to send the message to
the following address: "(e-mail address removed)"
571 You may be marked as SPAMMER. Sorry we do not relay.

Are you authenticating properly to the outgoing server?

 

[Guest]

Are you authenticating properly to the outgoing server?

Thanks for the reply.
I haven't changed any default configuration in the account settings and it
works since I started using Outlook, and just it was on Wednesday this week
that this Undeliverable: Queries started to appear.
I can send a messages to others by creating a new message but in the case of
reply or reply to all method, it doesn't work and this Undeliverable message
began to arrive.
Regarding with authentication with the outgoing server, it doesn't require
authentication and it works well before.
Is there any reasons why this problem occur? Does the ISP have a part of it?
Thanks.

 

[Brian Tillman]

Regarding with authentication with the outgoing server, it doesn't
require authentication and it works well before.
Is there any reasons why this problem occur? Does the ISP have a part
of it?

The ISP has much to do with it. For all you know, they've changed their
requirements. It's a rare (major) ISP that doesn't require authentication
these days.