Question on NDR's
Hello
We are running Exchange 2007 with the below topology:
Internet > SMTP Trend Micro Gateway (smtp1.domain.com) > Exchange 2007 Hubs (hub1.domain.com) > Exchange 2007 Mailbox servers (mbx1.domain.com)
A user (user1@external.com) sent a message to one of my internal users that bounced
"This message is larger than the current system limit or the recipient's mailbox is full"
The NDR seems to be generated from smtp1.external.com.
Am I correct that this implies the message never reached us, as otherwise it would be smtp1.domain.com that sent the NDR?
Also, if the user's Exchange mailbox was full and Exchange Hubs rejected the message, is there any way that the smtp1.external.com server could have rejected the message?
July 20th, 2011 3:08pm
Hi,
If the message was rejected by the SMTP scanner it would be the foreign host that would announce that the message was rejected.
I am pretty sure that the message is generated when the SMTP server is trying to deliver the e-mail to the HUB server.
Do you now how big the message was and it is correct that it was over the limit?
Leif
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2011 4:11pm
Hi Leif
Thanks for answering.
"If the message was rejected by the SMTP scanner it would be the foreign host that would announce that the message was rejected." > good point
"I am pretty sure that the message is generated when the SMTP server is trying to deliver the e-mail to the HUB server." > so you're saying that you think the message is generated when our Trend server tries to deliver the message to our Hub server? In
which case, wouldn't the message be from either smtp1.domain.com or Hub1.domain.com? It wouldn't be from smtp1.external.com, since that server has succesfully transferred the message to smtp1.domain.com
Secondly, IF the message was oversize for Exchange (i.e. this limit was at the Exchange level), would it be the Hub Transport that sends the NDR back or SMTP1.domain.com?
July 20th, 2011 4:25pm
If you can get the NDR then it may help to identify a little more. What is "smtp1.external.com". On the NDR, does it tell you the generating server? Do you have message limits on "Trend Micro Gateway ", are they the same on Exch, if yes, it could be Trend Micro Gateway rejected the mail but the response was given to smtp1.external.com when it tried to deliver the mail, which then returned the NDR back
to the user. If the NDR got to the Exch server, then either the Exch server or the Trend Micro Gateway would be on the NDR.
Sukh
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2011 6:14pm
Hi Leif
Thanks for answering.
"If the message was rejected by the SMTP scanner it would be the foreign host that would announce that the message was rejected." > good point
"I am pretty sure that the message is generated when the SMTP server is trying to deliver the e-mail to the HUB server." > so you're saying that you think the message is generated when our Trend server tries to deliver the message to our Hub server? In
which case, wouldn't the message be from either smtp1.domain.com or Hub1.domain.com? It wouldn't be from smtp1.external.com, since that server has succesfully transferred the message to smtp1.domain.com
Secondly, IF the message was oversize for Exchange (i.e. this limit was at the Exchange level), would it be the Hub Transport that sends the NDR back or SMTP1.domain.com?
"This message is larger than the current system limit or the recipient's mailbox is full" is an Exchange NDR
Typically followed by Create a shorter message body or remove attachments and try sending it again.
July 20th, 2011 6:43pm
To confirm, the NDR is :
"This message is larger than the current system limit or the recipient's mailbox is full"
<smtp1.external.com #5.2.3>
smtp1.external.com is an external server.
Our topology is: Internet > Trend Micro SMTP Gateway (smtp1.domain.com) > Exchange Hub Transport (hub1.domain.com) > Exchange Mailbox server (mail1.domain.com)
So the generating server for the NDR is the External server, not one of ours.
I understand that if smtp1.external.com can't make a connection with our gateway (smtp1.domain.com), then smtp1.external.com would be the generating server, but is the case for policy related stuff such as message size limits etc? Because the initial connection
can be made, but the recv'ing server is saying that it breaks the policy.
Likewise, if the issue was that the message size limit was too big for Exchange, would the NDR generating server be Hub1.domain.com or smtp1.domain.com? Because, again, our Trend gateway does make the connection with Exchange, but then Exchange refuses to accept
the message.
So I guess I am asking, when an NDR is generated under what circumstances does the sending SMTP server generate the NDR and under what circumstances does the recv'ing server generate it?
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2011 6:47pm
To confirm, the NDR is :
"This message is larger than the current system limit or the recipient's mailbox is full"
<smtp1.external.com #5.2.3>
smtp1.external.com is an external server.
Our topology is: Internet > Trend Micro SMTP Gateway (smtp1.domain.com) > Exchange Hub Transport (hub1.domain.com) > Exchange Mailbox server (mail1.domain.com)
So the generating server for the NDR is the External server, not one of ours.
I understand that if smtp1.external.com can't make a connection with our gateway (smtp1.domain.com), then smtp1.external.com would be the generating server, but is the case for policy related stuff such as message size limits etc? Because the initial connection
can be made, but the recv'ing server is saying that it breaks the policy.
Likewise, if the issue was that the message size limit was too big for Exchange, would the NDR generating server be Hub1.domain.com or smtp1.domain.com? Because, again, our Trend gateway does make the connection with Exchange, but then Exchange refuses to accept
the message.
So I guess I am asking, when an NDR is generated under what circumstances does the sending SMTP server generate the NDR and under what circumstances does the recv'ing server generate it?
It all depends if the server accepts the message or not. Accept the message = Server accepting the message is responsible for handling and generating the NDR if required. Do not accept the message = Server that attempted to send the message then
has to handle the error condition and generate the NDR.
Typically, oversized messages are not accepted so the sending MTA generates the NDR.
July 20th, 2011 6:58pm
If the external SMTP is making a connection to Exch, then Exch would generate the NDR to the external SMTP which would then send to the sender.
Think we know the NDR is generated by the external SMTP and passed down to the client, it could be a meesage restriction here on the external SMTP.
Sukh
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2011 7:09pm
To confirm, the NDR is :
"This message is larger than the current system limit or the recipient's mailbox is full"
<smtp1.external.com #5.2.3>
smtp1.external.com is an external server.
Our topology is: Internet > Trend Micro SMTP Gateway (smtp1.domain.com) > Exchange Hub Transport (hub1.domain.com) > Exchange Mailbox server (mail1.domain.com)
So the generating server for the NDR is the External server, not one of ours.
I understand that if smtp1.external.com can't make a connection with our gateway (smtp1.domain.com), then smtp1.external.com would be the generating server, but is the case for policy related stuff such as message size limits etc? Because the initial connection
can be made, but the recv'ing server is saying that it breaks the policy.
Likewise, if the issue was that the message size limit was too big for Exchange, would the NDR generating server be Hub1.domain.com or smtp1.domain.com? Because, again, our Trend gateway does make the connection with Exchange, but then Exchange refuses to accept
the message.
So I guess I am asking, when an NDR is generated under what circumstances does the sending SMTP server generate the NDR and under what circumstances does the recv'ing server generate it?
If smtp1.external.com is generating the message, then that means smtp1.domain.com never accepted the message and told smtp1.external.com that the message was too big in the SMTP conversation. smtp1.external.com then sent the NDR back to the sender.
The Exchange hub was never invoved.
July 20th, 2011 7:50pm