DMN: Recipient unknown:

  • 3307093
  • 03-Mar-2008
  • 26-Apr-2012


Novell GroupWise Internet Agent (GWIA) 7
Novell GroupWise 7



1. DMN: Recipient unknown: on GWIA
2. Some recipients are valid and read 'Queuing to MTA' in the GWIA log.
3. Most recipients are not valid, but have what look to be valid types of ID's.
4. Mail may or may not be flowing in and out through the GWIA.
5. Senders may or may not be receiving 550 errors after send failure.


1. Check mail flow.
a. If the messages are not even making it into the GWIA, check the firewall or spam filter.
b. If the messages are reaching the GWIA, and reading as queued to the MTA, look in the MSHOLD directory underneath the MTA and/or search for large groups of messages in the MTA and GWIA subdirectories.
Always search for groups of messages from the date of the failure point.
c. Wherever the messages are found, stop the corresponding agent and rename the appropriate queues.
In the GWIA, the queues are SEND, RECEIVE, RESULT, DEFER.
In the MTA, the queues are MSLOCAL, WPCSIN, WPCSOUT
NOTE: A WPCSIN/WPCSOUT directory structure exists under the GWIA. Sweep this, but don't rename these queues as they sometimes will not recreate on agent restart.
d. Once agents are restarted, check to see if mail is correctly flowing again. If so, piecemeal the 'old' messages back into the queue from whence they came. Watch them disappear as they are transferred appropriately.
2. If inbound and outbound are functioning, but the GWIA still receives many 'Recipient unknown' messages, the GWIA may be experiencing a 'Dictionary Attack'. See 'Notes' section for more information.

Additional Information

Dictionary Attack - If a spammer discovers the allowed address formats for a gateway and/or they discover the actual email address of someone in a company they wish to spam, they may use a Dictionary Attack to push information toward the gateway. That is, they will use a list of hundreds of thousands of logical addresses addressed to the domain using the discovered address format. Spammer gateways will note the successfully delivered mails versus the mail that is refused, as the recipient gateway (via RFC) will show the sender what users are 'known' and which are'unknown'. Spam filters can counteract this by accepting all mail and then discarding those that are false and that trigger the spam signature on the filter. These mails will be shown as'accepted' by the spam gateway and the spammer will end up not getting a good recipient list because of this. The spam filter usually does a good job of noticing which email is'legitimate' and thus can send, in the case of a problem, a legitimate undeliverable to a sender. Unprotected gateways, however, are vulnerable to these types of attacks and spammers may be able to get a list of 30% or more of the populace from this type of attack. This list is then sold or used for later spamming. The Novell GWIA is not set up to deal with this type of occurrence. See for more details on what to do.