Home » Exchange Server 2010 » Mailflow » Exchange Server – Mail flow Troubleshooting with List of Exchange 2010 NDR Codes



Exchange Server – Mail flow Troubleshooting with List of Exchange 2010 NDR Codes

MailFlow Troubleshooting :

Here we talk about talk about mail flow basics and how to troubleshoot and resolve issues involving improper reception of incoming mails.

Sometimes for a working mail flow structure with a valid SMTP domain which is in the list of accepted domain, internal mail may not reach the recipient properly. This may be due to a several reasons. To resolve this issue, we first check if a Non Delivery Report has been received by the sender.

In the absence of Non delivery report being received by the sender, we can check for any of the following options so as to resolve the issue there are couple of ways like

1: MX Record


3: Blacklist check

4: Submit email using Telnet


1: MX Record

An MX record or a Mail Exchange Record is basically a record which redirects an email which is being sent to a user to that particular user’s computer. So it instructs the mail deliver agent the system to which the email is to be routed. If the MX record does not specify the correct IP address of the recipient, incoming mail will not be received by them. To check if the MX Record is pointing to the correct IP, we use the NSLOOKUP.


The NSLookup tool is used to check the configuration of the mail exchange records.

Performing the NSLookup

Go to Command Prompt

Key in NSLOOKUP and Press Enter

Enter server {required IP of DNS server}

Press Enter

Enter the following

Set q=MX

Now if you enter the domain name required and press enter, its particular MX record will be shown. This ensures that MX record has been properly configured.



Default Server: ns1.domain.com

Address: 10.x.x.x

> set q=mx

> domain.com

Server: MailflowTest.domain.com

Address: 10.x.x.x

mailhost.domain.com MX preference = 0, mail exchanger = mailhost.domain.com

3: Blacklist check

If the MX Record is properly configured, then we need to check for any blacklisting issues. Usually blacklisting is checked for when there are multiple domains from which mail is not incoming. To run a blacklist check, we need a black list tool for the outbound IP address and the domain name of the remote server, which can be obtained from http://www.mxtoolbox.com

Once we obtain the tool, we check for any blacklists marked against the different domains IP addresses which are having inbound mail flow issues. If there is a blacklisting, we need to contact the providers of Blacklist so that we can resolve the issue by removing the domain from the blacklist. This will obviously require some time as per the blacklist server. If the issue needs to be resolved urgently, we can always try to change the outbound IP address and take a look into the reason behind blacklisting.

4: Submit email using Telnet ( Network Test)

Next test is to use Telnet to submit an email. For this, we first go for a network which is also an exchange/HUB server that can have proper inbound mail reception and use telnet to resubmit the email. By doing this, we can ensure that the port 25 traffic is properly received by the server. After this test is passed, we check for the MX record of port 25 to obtain its IP address.

Check the port 25 listening accessibilities and find out if exchange is listening on port 25 or is it some other hosts.

If the host is not exchange, then the issue might be in the configurations of the smart host. If there are no issues in the configuration of the smart host, the SMTP logs may be checked for errors against submission of inbound mail to exchange.


Next, we check the SMTP verbs are returned by the tool



List of Exchange 2010 NDR Codes and their Meanings
NDR Explanation of Enhanced Status Codes in Exchange 2010 NDRs
4.2.2 The recipient has exceeded their mailbox limit.
Alternatively it could mean that the delivery directory on the Virtual server has exceeded its limit.
4.3.1 Insufficient system resources.  This normally translates to not enough disk space on the delivery server.
4.3.2 A classic temporary problem.  Most probably, the Exchange Administrator has frozen the queue.
4.4.1 Intermittent network connection.  The server has not yet responded.  A classic time-out problem.  If it persists, you will also get a 5.4.x status code error.
4.4.2 The server started to deliver the message but then the connection was dropped.  The sending server will retry automatically.
4.4.6 Too many hops.  Most likely, the message is looping.
4.4.7 Problem with a protocol timeout, for example a message header limit.  Check your receiving server connectors.
4.4.9 A DNS problem.  Check your smart host setting on the SMTP connector.  For example, check correct SMTP format. Also, use square brackets in the IP address [10.x.x.x]  You can get this non-delivery error if you have been deleting routing groups.
4.6.5 Multi-language situation.  Your server does not have the correct language code page installed.
5.0.0 SMTP 500 reply code means an unrecognized address.  You get this NDR when you make a typing mistake, such as trying to send email via telnet.
The most likely cause is a routing error.  Another solution maybe to add an * in the address space.
A separate cause for NDR 5.0.0 is a DNS problem.
5.1.x Exchange 2010 NDR problems with email address.
5.1.0 Sender denied.  NDR often seen with contacts. Verify the recipient address.
Also Mismatched Network Card duplex setting.
5.1.1 Bad destination mailbox address.  5.1.1 is the most common Exchange 2010 NDR; there is a problem with the recipient address.
Perhaps the recipient does not exist.
Possibly the user was moved to another server in Active Directory.
Check for mailbox delegation.
Maybe an Outlook client replied to a message while offline.
Check the Exchange connector configuration.
5.1.2 SMTP; 550 Host unknown.  An error is triggered when the host name can’t be found.  For example, when trying to send an email to peppi@netsaintsdomain.com.
5.1.3 Invalid recipient address.  Another problem often seen with contacts.  Address field may be empty.  Check the address information.  Or there could be a syntax error.
5.1.4 Destination mailbox address ambiguous.  Two objects have the same address, which confuses the Exchange 2010 Categorizer.
5.1.5 Destination mailbox address invalid.
5.1.6 Problem with homeMDB or msExchHomeServerName – check how many users are affected.  Sometimes running RUS (Recipient Update Service) cures this problem.  Mailbox may have moved.
5.1.7 Invalid address.  Problem with senders mail attribute, check properties sheet in ADUC.
5.1.8 Something the matter with sender’s address
5.2.x NDR caused by the size of the email.
5.2.1 Mailbox cannot be accessed.  Perhaps the message is too large.  Alternatively, the mailbox has been disabled, or is offline. Check the recipient’s mailbox.
Else it could be a permissions problem, particularly on a Public Folder.  If so, try this PowerShell Command:
get-PublicFolderClientPermission “ProblemFolder”
5.2.2 The recipient has exceeded their mailbox storage quota.
5.2.3 Recipient cannot receive messages this big.  The server or connector limit exceeded.  Try resending the message without the attachment.
5.2.4 Most likely, a distribution list or group is trying to send an email.  Check where the expansion server is situated.  The application event log may have an Event ID 6025 or 6026, which has more detailed information.
5.3.0 Problem with MTA, maybe someone has been editing the registry to disable the MTA / Store driver.
5.3.1 Mail system full.  Disk full problem on the mailbox server?
5.3.2 System not accepting network messages.  Look outside Exchange for a connectivity problem.
5.3.3 Remote server has insufficient disk space to hold email.  Check SMTP log.  This error often happens when the sending server is using an ESMTP BDAT command.
5.3.4 Message too big.  Check the limits on both the sender and receiver side.  There may be a policy in operation.
5.3.5 System incorrectly configured.  Multiple Virtual Servers are using the same IP address and port. See Microsoft TechNet article: 321721 Sharing SMTP.  Email probably looping.
5.4.0 DNS Problem.  Check the Smart host, or check your DNS. It means that there is no DNS server that can resolve this email address.  Could be Virtual Server SMTP address.
5.4.1 No answer from host.  Not Exchange’s fault check connections.
5.4.2 Bad connection.
5.4.3 Routing server failure.  No available route.
5.4.4 Cannot find the next hop, check the Routing Group Connector.  Perhaps you have Exchange servers in different Routing Groups, but no connector.  Configuring an MX record may help.
5.4.6 Tricky looping problem, a contact has the same email address as an Active Directory user.
One user is probably using an Alternate Recipient with the same email address as a contact.
Check recipient policy.
5.4.7 Delivery time-out.  Message is taking too long to be delivered.
5.4.8 Microsoft advise, check your recipient policy. SMTP address should be yourdom.com.
NOT server.yourdom.com.
5.5.0 Underlying SMTP 500 error.  Our server tried ehlo, the recipient’s server did not understand and returned a 550 or 500 error.  Set up SMTP logging.
5.5.1 Invalid command.  (Rare Exchange NDR)
5.5.2 Possibly the disk holding the operating system is full.  Alternatively, it could be a syntax error if you are executing SMTP from telnet.
5.5.3 Too many recipients.  More than 5,000 recipients.  Check the Global Settings, Message Delivery properties.  Try resending the same message to fewer recipients.
5.5.4 Invalid domain name.  The true cause may be an invalid character.
5.5.5 Wrong protocol version.
5.5.6 Invalid message content.  This is a protocol error, thus you should get more information by looking in the application log.
5.6.0 Corrupt message content.  Try sending without attachment.
5.6.1 Media not supported.
5.6.3 More than 250 attachments.
5.7.1 A very common Exchange 2010 NDR, the cause is a permissions problem.  For some reason the sender is not allowed to email this account.
Perhaps an anonymous user is trying to send mail to a distribution list.
Alternatively, a user may have a manually created email address that does not match a System Policy.
Check SMTP Virtual Server Access Tab.  Try checking this box: Allow computers which successfully authenticate to relay.
Check the outgoing SMTP logs.
Check: Mailbox – <Mailboxname> – Properties – Mail Flow Settings – Message delivery restrictions.
Try disabling Windows-Integrated-Security.  Instead allow only standard authorization on the SMTP receiver on the Exchange 2010 server.
Check Attachment filtering on the Edge server.
5.7.2 Distribution list cannot expand and so is unable to deliver its messages.
5.7.3 Not Authorized, security problem.  It could be that the sender cannot send to the alternative address.
On another tack, check external IP address of ISA server. Make sure it matches the SMTP publishing rule.
5.7.4 Extra security features not supported.  Check delivery server settings
5.7.5 Cryptographic failure.  Try a plain message with encryption.
5.7.6 Certificate problem, encryption level may be to high.
5.7.7 Message integrity problem.


Additional Information with KB Articles :

Using NSlookup:


Using Telnet:


EHLO Verbs between two Exchange servers:


List of SMTP Verbs:


Enabling Protocol Logging on the Receive/Send Connector


Definition of Queue : Queue Viewer


Error Codes for NDR: Please refer to the KB 2297581

More Information : http://technet.microsoft.com/en-us/library/aa998825(v=exchg.141).aspx

Happy Learning !!



MCTS | Exchange Server


Leave a comment

Translate »