Spamwall + Exchange 2010 - NDRs

A customer has an Exchange Server (2010) and setup a new mailbox. When we sent an email to this particular mailbox we received a 5.7.1 NDR (No Permission) - which was odd, because it was just that single mailbox. I finally found out that they created the user in the wrong OU so it had an email address as primary which wasn't used before - hence it was the first time we received an NDR.

Anyway, long story short - What puzzled our guys first was that the NDR was generated by the Exchange Server. I found then that the MX record is actually a Spamwall appliance. A quick check and yes, that domain was not allowed just yet so I got it working after allowing the "new" domain.

However, here is why I am puzzled.

Why does the NDR appear to be coming from the Exchange Server, if in fact Spamwall didn't allow the domain in the first place?

Is it becuase Spamwall wouldn't be able to send NDRs and therefore kicks them off the Exchange Server in question (maybe to make it also easier to see from which Exchange server it is coming from / which domain is not allowed) ?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

jibbajabba

Actually that might explain it

All SpamWall systems with the exception of the base SpamWall Lite edition are able to be configured with two main "recipient verification" methods which will allow the system to reject messages for unknown, invalid or unspecified recipient addresses at the initial MTA (mail transfer agent) connection level.

SpamWall Operations Manual - Recipient Verification