Email Security: How to troubleshoot NDR's.
Description
I do not receive NDR's, How can I see what message was rejected?
Resolution
In Email Security go to the Manage | Server | Advanced | Download System/Log Files | pmta:mta-log and download the MTA hourly log for the time the original message was sent.
Keep in mind that these are logged in GMT so you will need to add hours according to the time zone you are in.
Listed below is the general ESMTP response codes you may see listed in an SMTP conversation.
| ESMTP STATUS CODE | DESCRIPTION |
| 211 | System status, or system help reply |
| 214 | Help message |
| 220 | Service ready |
| 221 | Service closing transmission channel |
| 250 | Requested mail action okay, completed |
| 251 | User not local; will forward to |
| 354 | Start mail input; end with "." |
| 421 | Service not available, closing transmission channel |
| 450 | Requested mail action not taken: mailbox unavailable |
| 451 | Requested action aborted: local error in processing |
| 452 | Requested action not taken: insufficient system storage |
| 500 | Syntax error, command unrecognized |
| 501 | Syntax error in parameters or arguments |
| 502 | Command not implemented |
| 503 | Bad sequence of commands |
| 504 | Command parameter not implemented |
| 550 | Requested action not taken: mailbox unavailable |
| 551 | User not local; please try <....> |
| 552 | Requested mail action aborted: exceeded storage allocation |
| 553 | Requested action not taken: mailbox name not allowed |
| 554 | Transaction failed |
For specific codes for Microsoft Exchange please see their KB: http://support.microsoft.com/kb/284204
There are also many other documents in the Microsoft KB depending on the NDR you are seeing.
- Depending on the type of Email Server you use and the type of server your sending to , you may see different messages.
- However the numbered code will always be the same on an NDR.
- BATV (Bounce Address Tag Validation) can also cause issue with not recieving an NDR and Out of Office replies
- BATV will drop an NDR or Out of Office reply if the mail from address is a NULL value.
NOTE: Exchange settings prevent an NDR or a Out of Office reply from using the original recipients email address in the mail from field and will alter to a NULL value if it is destined for outside of the local network. - The only fix for this and to be able to get NDR's or Out of Office replies would be to either alter the default behavior of the Email Server or to turn off BATV.
- If BATV is turned off and you still do not get any NDR's or Out of office replies then it may be possible that an internal MX and A record does not exist on your internal DNS server for your own domain.
- The MTA does MX record routing, so when an NDR is generated by the local outbound MTA to the original sender the MX lookup returns the public IP address to route to.
- Depending on firewall settings these will not be returned to the internal email server unless a local record exists to point to the internal email server or a look back policy is set in the firewall to direct the SMTP traffic destined for the public IP of the MX record back to the internal mail server private IP address.