Exchange 2003 – Greylisting and Delayed NDR’s

Recently I’ve heard from various different clients having problems when sending emails to the NHS

The error message usually reads

<****.com #4.0.0 smtp;451 ******@****.nhs.uk>… Requested mail action not taken: mailbox unavailable

Due to the message specifically saying “mailbox unavailable” and it’s several different clients all sending to the same organisation I’ve been placing the blame with the NHS

This morning I found out that assumption was wrong

I was doing some work on one of our clients servers and needed to restart the SMTP service

About two minutes later I got a call from the client in question to say they had all suddenly started get a glut of NDR’s

Initially it looked like they were all for messages sent to the NHS but we found one or two that were to different domains and also spotted that some of these messages were originally sent last week

It was one of the other emails that made me look into this further. The error in this case was

<****.com #4.0.0 smtp;450 <****@******.com>: Recipient address rejected: Greylisted for 5 minutes>

Greylisting!

This is where a mail server temporarily rejects a message when it is first sent. When the mail server retries it will be accepted on the second attempt. The theory is that spammers get so many rejections they don’t try again (more info available at http://www.greylisting.org/ and http://en.wikipedia.org/wiki/Greylisting)

While looking into this previously I’d been told that the NHS were using greylisting as part of their spam prevention measures

Looking at the two error messages that both use the same SMTP failure code (4.0.0) which indicates a temporarily failure (i.e please try again!)

The NHS description is less helpful than the other one

So i still had to figure out what had caused all the NDR’s to suddenly appear

On the greylisting.org site there is a page called “Problem MTA’s”. This a single page with one entry

Microsoft Exchange 2003 and greylisting

There is a bug in MS Exchange 2003 when sending to greylisting servers. Sometimes the server will fail to re-queue messages sent to some servers that implement greylisting. More information:

groups.google.com/group/mi…64d5749ee7cb

groups.google.com/group/mi…07ac14b116db

According to ozinm on our forums there is a possible hotfix available from Microsoft now: www.greylisting.org/forums/showthread.php?tid=18

The threads there talked about the exact same problem I had. It also looks like the problem has been around October 2005. It has various workarounds including using a batch file to restart the SMTP service every day!

Eventually a hotfix mentioned is here: 934709 

HOWEVER! This is for servers that are running Windows 2003 with the SMTP service. It doesn’t apply if your using Exchange 2000 / 2003

After a bit more searching I finally found this

Article ID: 950757 – E-mail senders do not receive an indication that some messages have been held by Exchange Server 2003 until the SMTP service, the Microsoft Exchange Information Store service, or the Exchange server is restarted

This fits the problem exactly. I’ve applied to the server I’ve been dealing with today so I’ll keep an eye on it and apply to the other servers that have noticed similar issues

Another solution would be to use a smart host to deliver your messages for you

One thing i have learnt here is that I probably should have double checked the SMTP code instead of relying on the error description. I generally only get to the SMTP code if I can’t find a problem using other troubleshooting methods (Exchange messages tracking, telnet tests, etc)