Friday, January 20, 2006
I see requests for help on NDR's all the time on the newsgroups.
What many people don't understand is that when you get an NDR, there is a difference between the server that issued the error, and the server that generated the NDR.
Often, your server will be the one that generated the NDR. By that, it simply means that your server was the one that ultimately delivered the NDR to you. It doesn't mean it was the one that issued the error, though your server certainly can do both.
Understanding NDR's fully means that one needs to have an understanding of how SMTP works. Per the RFC's, a 500-level error is a permanent fatal error message.
Often, when you receive an NDR back, it's because the remote server issued a 500-level response at some point during the SMTP conversation itself.
When will the remote server generate the NDR? When the message has been accepted by that server (indicated by 250 Message Queued for Delivery, or similar message). This is a problem that Exchange has when dealing with Spam, that to my knowledge is still a problem (although not a vulnerability for relaying mail).
Back on topic. Once a server has accepted a message, it then becomes responsible for delivering it, and if it can't, it is then responsible for generating and delivering the NDR. When might you see a remote server issue an NDR (not just the error message)?
1. Mailbox over the limit.
2. Invalid address where the server isn't checking the address against a directory during the conversation.
How about from your server?
1. Above example where you ARE doing address checking (filter recipients not in the directory, for Exchange)
2. Attempting to relay a message to a non-local domain.
3. Message size too large (if enhanced SMTP commands are enabled).
Obviously, this doesn't cover every reason that can cause NDR's or who generates them - they are just a few examples.
I'll try to post some real NDR's and decipher them in the coming days. If you've got any samples you'd like posted (you can take out any sensitive info), feel free to send them to me, otherwise I'll probably use some generic ones on the internet.