I came across a NDR storm in Exchange 2013 the other day (yes - Exchange 2013 is not immune from them!)
I noticed 1000's of DSN Failures in the message tracking logs. Exchange was sending NDR's due to a recipient lookup failure, althoguh the sender address was also no longer exisited and hence an NDR storm was created.
In order to remedy the situation I attempted to re-create the sending account so the NDR would be delivered and the loop would end - although when attemping to create the alias address I recieved the following message:
The proxy address "smtp:[email protected]" is already being used by the proxy addresses or LegacyExchangeDN of "nonexistentuser". Please choose another proxy address.
To verify that it doesn't already exist we can run the following to output a list of all addresses assosiated with users:
Get-Mailbox | Select Name -ExpandProperty EmailAddresses
Although strangely it wasn't listed, I did notice it was in a similar format to that of arbitration inboxes - such as the ones used for health reporting although that didn't shed much light still!
In the end I decided to turn of NDR's temporarily to halt the infinate loop:
Unknown to me at the time loop detection in Exchange 2013 is NOT enabled by default - so after enabling it:
Set-TransportConfig -AgentGeneratedMessageLoopDetectionInSmtpEnabled $true
Set-TransportConfig -AgentGeneratedMessageLoopDetectionInSubmissionEnabled $true
And then finally restart the MS Exchange Transport service for changes to be picked up immideately.
Although to no avail! So finally I stumbled accorss a transport rule that helps mitigate NDR storms!:
New-TransportRule "Prevent NDRs Storm - MichaelG" -Comments "Prevent NDRs Storm" -From "[email protected]" -SentToScope "NotInOrganization" -SubjectContainsWords "FW: There was an error sending your mail", "FW: Mail delivery failed", "FW: failure notice", "Undeliverable:" -RedirectMessageTo "[email protected]" -Enabled $True
No comments:
Post a Comment