Problem solve Get help with specific problems with your technologies, process and projects.

Troubleshooting Non-Delivery Reports -- part two

Not all NDRs should be ignored. Which ones should you pay attention to?

Part 2 of 2 parts

Yesterday we discussed those commonplace Non-Delivery Reports (NDRs) and when you should pay attention to them. One tip-off that you may have a problem is in the wording of an NDR explanation.

If the explanation says, "you do not have permission to send to this recipient" or "the recipient could not be processed because it would violate the security policy in force," then you might have a problem. Typically, errors such as these would be accompanied by event IDs 1709 and 1710 in the mail server's Application log.

Part 1 explained two of the four possible culprits for these messages: your mail server is configured to prevent relaying or a change in IP address.

Today I will discuss the other two possible causes: recipient policies.

If a user's e-mail address was created manually but there is no corresponding recipient policy, then any time that user tries to send a message, they will receive a NDR similar to those described earlier.

The other potential cause of the problem is that the organization's DNS server does not have a mail exchanger record (MX record) pointed to the correct SMTP virtual server. Even if the MX record is in place and is correctly configured, though, mail delivery will fail if there are no recipient policies in place since the recipient policies help to control the way that SMTP behaves.

If you need to verify a recipient policy, open the Exchange System Manager and navigate through the console tree to Recipients | Recipient Policies. At this point, you should see one or more recipient policies listed in the pane to the right. If no policies exist, then you will have to create a new one. (I explain how in this article.)

In the mean time, right click on a recipient policy and select the Properties command from the resulting shortcut menu. When you do, you will see the recipient policy's properties sheet. Select the properties sheet's e-mail address (Policy) tab and verify that the SMTP policy is selected and that the correct mail extension has been entered.

If you have to create a new recipient policy, then right click on the Recipient Policies container and select the New | Recipient Policy commands from the resulting shortcut menus. You will see the New Policy dialog box. Select the e-mail address check box and click OK. You will now see a properties sheet for the new policy. Enter a name for the new policy on the properties sheet's General tab. Now, select the e-mail address (Policy) tab. Verify that the SMTP address is selected and is correct. You can use the Edit button to make any necessary corrections. Finally, select the SMTP address, and click the Set as Primary button followed by OK.

These solutions should help you solve any NDR message issues that need attention.

Click here to read Part 1.

Brien M. Posey, MCSE, has been designated as a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, Tech Target, MSD2D, Relevant Technologies, and numerous other technology companies. You can visit Brien's personal Web sites at and

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.