I know it may sound strange, Chinese signs in non-delivery reports. After some investigation I discovered something which made the problem stranger then I first thought. When the message was printed the text was displayed in Dutch.
When the same mail was sent from an Outlook 2003/2007 client the problem was not there. So I decided to start searching on the internet and after a while I found something on the Technet forum which looked pretty much on the problem I had.
The problem is caused by a bug in Outlook XP which will not be fixed anymore. To make the problem clear I summarized some details below:
- mail-client is Outlook XP
- happens only when a NDR is delivered in HTML format
- when the mail is printed everything look OK
To fix this issue you will need to tell your Hub server that every NDR needs to be sent as a plain-text NDR, this can be done by executing the following Powershell command:
Get-TransportServer | Set-TransportServer –InternalDsnSendHtml $False
Another solution is upgrading your Outlook client to 2003 or higher.
I think everybody has seen them, Non Delivery Reports, a familier example is 5.7.1 which gives the user a message back that relaying is not permitted. All errorcodes are based on several RFC’s one of them is RFC3461. On Technet you can find an article with the most common NDR’s.
Maybe you have seen a mail queue with a lot of mails to strange domains. After further investigation most times you will find out that it will be NDR’s. When you zoom in to the messages you can recognize them because they have the following properties:
- Sender address is empty, this will be displayed as <> in the Exchange Queue Viewer
- Source IP is an invalid ip-address: 255.255.255.255
- Subject contains the text Undeliverable
But what can you do about this? Turn on Recipient filtering on the Edge Transport or Hub Transport server. With this option you can check the AD if the user really exists before accepting the message. This will prevent a lot of “garbage” and prevents a lot of NDR’s in your mail queue who can’t be delivered.
Possibly you had this issue also the last couple of weeks, NDR’s for messages you don’t have send yourself. Together with one of my collegues we did some further research on it. This type of SPAM is called a Backscatter, at this moment there is not really a solution for it. BUt what is a backscatter exactly:
A spammer abuses an e-mail address, for example email@example.com and sends a lot of messages with firstname.lastname@example.org as sender to different domains, the change is really big that the recipient does not exist in the domain.
When a mailserver if configurered correctly it will check if the recipient adres does exist before accepting the message, the following shout happen:
MAIL FROM: email@example.com
RCPT TO: firstname.lastname@example.org
550 User unknown
But when the server is not configurered to check if the recipient exists it will accept the mail and the mailserve will try to deliver it. The mailserver will find out that the recipient does not exist and a NDR will be generated and will be sended to the sender address, in this case email@example.com
When this happens to thousands of people there will be generated thousands of NDR which will be send back to the abused address.
At this time there is not a really good solution for it. It is advisable to activtae recipient filtering and when you run Exchange activate SMTP Tarpiting . Backscatter.org has developed a list of addresses from mailservers that are not configured OK accordin to them. The following text can be found on their website:
Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only.
Unacceptable email from anywhere else should be rejected.
In other words you shouldn’t permit NDR’s being send outside your company. Personaly I don’t think many companies will implement this. NDR’s are really usefull when someone receives a message from your mailserver that he has sended an e-mail to a non existing address and not waits for an answer that he will never receive.