Monday, 13 April 2015

NDR Storms in Exchange 2013

I came across a NDR storm in Exchange 2013 the other day (yes - Exchange 2013 is not immune from them!)

I noticed 1000's of DSN Failures in the message tracking logs. Exchange was sending NDR's due to a recipient lookup failure, althoguh the sender address was also no longer exisited and hence an NDR storm was created.

In order to remedy the situation I attempted to re-create the sending account so the NDR would be delivered and the loop would end - although when attemping to create the alias address I recieved the following message:

The proxy address "" is already being used by the proxy addresses or LegacyExchangeDN of "nonexistentuser". Please choose another proxy address.

To verify that it doesn't already exist we can run the following to output a list of all addresses assosiated with users:

Get-Mailbox | Select Name -ExpandProperty EmailAddresses

Although strangely it wasn't listed, I did notice it was in a similar format to that of arbitration inboxes - such as the ones used for health reporting although that didn't shed much light still!

In the end I decided to turn of NDR's temporarily to halt the infinate loop:

Unknown to me at the time loop detection in Exchange 2013 is NOT enabled by default - so after enabling it:

Set-TransportConfig -AgentGeneratedMessageLoopDetectionInSmtpEnabled $true
Set-TransportConfig -AgentGeneratedMessageLoopDetectionInSubmissionEnabled $true

And then finally restart the MS Exchange Transport service for changes to be picked up immideately.

Although to no avail! So finally I stumbled accorss a transport rule that helps mitigate NDR storms!:

New-TransportRule "Prevent NDRs Storm - MichaelG" -Comments "Prevent NDRs Storm" -From "" -SentToScope "NotInOrganization" -SubjectContainsWords "FW: There was an error sending your mail", "FW: Mail delivery failed", "FW: failure notice", "Undeliverable:" -RedirectMessageTo "" -Enabled $True


Post a Comment