Video Screencast Help

Message Could Not be Delivered

Created: 25 May 2010 • Updated: 01 Jul 2010 | 11 comments
This issue has been solved. See solution.

I have a strange situation with a user who has sent a message with an incorrectly formatted email address.

Perhaps a paste of the DSN the user received is the easiest way to explain it:

####################################################################
# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. # ####################################################################
Your message could not be delivered for 13 days, 4 hours, 0 minutes.
It will be retried until it is 5 days, 0 hours, 0 minutes old.
For further assistance, please send mail to <support@domain.com>
If you do so, please include this problem report. You can delete your own text from the attached returned message.
kim@wrong: Unknown reason
-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@server.domain.com]
Sent: May 25, 2010 1:40 PM
To: First Last
Subject: Delayed Mail (still being retried)

I have confirmed that the retry period is in fact 5 days in the delivery MTA configuration.

It's no problem to delete the message manually from the queue, but I wanted to see if anyone had any insight on this possible bug.

It might be worth noting that I'm running version 9.0.0, but have not performed the 9.0.1 upgrade yet.

Thanks!
 

Discussion Filed Under:

Comments 11 CommentsJump to latest comment

KevK76's picture

I think what you are looking for is covered in this KB:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2010052013293554

Cheers,

Kevin

SOLUTION
prasad.ganta's picture

As message is delayed in message queue,it gives a message that mail has been not delivered.Can we stop these messages from coming.

prasad.ganta's picture
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
name@example.com  exceeded max time without deliveryI'm sorry to have to inform you that your message could not
be delivered to one or more recipients.

Can any one explain why this message is generated.

KevK76's picture

Hi Prashad,

In future if you've got a new question it's best to open a new thread and put in your product version and build number.  I'm assuming you are running the Brightmail Gateway V9.

The settings you are referring to are configurable by editing your Scanner(s) from the Administration -> Hosts -> Configuration page, click the SMTP Tab, then click the Advanced Settings button at the bottom of the page.  Click the Delivery Tab, then check out the SMTP Delivery Configuration Settings.  The Help gives some good details on these settings, if sounds like you are interested in 'Message delay time in queue before notification' setting.  I probably wouldn't turn it off, but you can set it to be a longer period of time.

Cheers,

Kevin

prasad.ganta's picture

thanks for replying...

Can u please explain me in detail  what can be the reason why  these messages are generated?

whether its problem with the smtp settings or the mail id to be sent is not available or any ohter reason.We are getting many number of these mails and the customer is saying why these mails r coming in that huge number daily.
 

Cricket17's picture

the first message you posted - the WARNING, message was to make sure your sender of the e-mail understood that Brightmail was trying to send the e-mail, but was having problems.  This ensures that the user does not assume the mail was delivered.

The second message "exceeded max time without delivery" is telling your sender that Brightmail has given up.  The e-mail was NOT delivered and the sender needs to know this.

This is normal for an e-mail system.  You should NOT try to prevent these messages. They are intended to inform senders that there is something wrong with the e-mail address they used for a recipient, or, if the address is correct, that the recipients e-mail system is broken in some way.

If your sender thinks the e-mail address is correct, you should test the domain by doing an MX lookup (admin / utilities / nslookup, provide domain name and select record type = MX.  This should return a list of host names or IP addresses.  If it doesn't, the e-mail address is, in fact incorrect.

If you get a list of host/IP's, then the domain is valid, but perhaps the recipient name is invalid.

Look at your Brightmail scanner Delivery queues - are there any messages queued for "wrong domain"? Are there any e-mail in your message audit logs to the "wrong" domain?  If not, then  the original e-mail may NOT be being sent from your users, but by a spammer, using your user's
e-mail address on the spam's From:/Reply To: line. 

If you see queued messages, or message audit logs outbound show activity for this domain, then your users are the source and need to fix who they are sending e-mails to.

prasad.ganta's picture

I have checked with the things you have said ....

in the message audit logs i have this kind of mesage..

Message Data 
ID: c0a80103-b7c4eae0000039d3-fc-4bfaa7c0dd0e
  Message-ID:  
  Accepted From: x.x.x.x
  Scanners: Local Host 
  Time accepted: XXXXXX, May XX, 2010 09:52:24 PM IST
  Direction: Outbound
  Sender: (none)
  Authenticated username: (none)
  Original recipients: xxxxxxxxxxx@gmail.com
  Original Subject: undelivered mail returned to sender
  Full attachment list: None
  Suspect attachments: None

 

Verdict:
Verdict Filter Policy Policy Group Details
None  default  default  None 
   
  Tracker: AAAAAA==
   
  Actions taken: Deliver message normally

In the sender ,its showing none.. what does this mean.  Is it a spam?
 Please figure this out.

Cricket17's picture

This looks like an outbound bounce - an e-mail was sent to a non-existent user inside your network, your internal mail server is saying the user is not here sending it back to the original sender.

Accepted from: x.x.x.x is probably your internal mail server, yes?

If you check your scanner logs you should see a message coming from xxxxxxxxxxx@gmail.com.  On that message log, will show who the message was orginally sent to.  Check if the IP address resolves to a server at Google?  If not, the original message was spam, and the "undelivered mail returned to sender" you show is simply the spam bounce.

prasad.ganta's picture

Soory for the delay in replying....

As u said i have resolved the IP address at google.It is resolved to hostname.The x.x.x.x
is ip my internal mail server.As in my previous attachment it is showing none in the sender option.What does None relate?

Eventhough its spam brightmail should prevent it from entering.. is it right? 

if it s an outbound bounce is there anthing to do with brightmail?

KevK76's picture

Hi Prasad,

'None' relates to a null sender(<>) sending the message, the null sender address is used to send delivery notification failures etc.  I'm guessing you aren't doing any kind of recipient validation on the Brightmail Gateway and In this case it sounds like a mail came from gmail(it could be spam, the SBG is never going to catch them all) destined for an invalid recipient in your environment, it passes through the Brightmail Gateway into your Exchange server(or whatever the downstream mail server is), this server determines the recipient doesn't exist in the environment and sends a delivery failure to the SBG who in turn tries to deliver it back to gmail, which is where the original sender resides or at least it appears the original sender came from gmail(this could be spoofed).

If this is your problem you might want to look into integrating with LDAP to take advantage of the Recipient Validation functionality(which can be set up so the SBG will reject messages to all invalid recipients) and Directory Harvest Attack functionality.  This means the messages will never get to your downstream mail server, therefore the internal mail server won't be trying to bounce these messages back.  You can read about these features in the product manual.

Cheers,

Kevin

prasad.ganta's picture

Thanks for your response..

As u said we r not performing any kind of recipient validation as we did not integrate with LDAP.
If that is the reason, we will take ur suggestion and integrate LDAP and also perform directory harvest attack functionality....