NDR messages from Sigsync Email Signatures for Office 365

Resolution:

Sigsync generates a Non-Delivery Report (NDR) if at least one of your recipients was not able to receive your message. When the Exchange Online Protection (EOP) server rejects further processing of messages with signatures, this error occurs.

On the surface, the Sigsync email signature service seems to be the cause of your delivery error, but messages are often rejected because the recipient mailbox does not exist, or because you violated your recipient's security policy. Whenever an NDR message appears, it always mentions what caused the problem. A NDR code or ATTR number can give you information about the issue which is causing the difficulty.

How to troubleshoot the issue?

You might be able to resolve the issue when you encounter an NDR message while using Sigsync Email Signatures for Office 365. To learn how to do the following, read the complete article:

• Troubleshoot error ATTR35 / ATTR36
• Troubleshoot error ATTR41

Troubleshooting error ATTR35 / ATTR36

Here's what you get as a delivery error message:

451 4.4.62 Mail sent to the wrong Office 365 region. ATTR35550 5.7.64 Relay Access Denied ATTR36

It's often best to re-configure the connectors (as long as your subscription is active), as it can be caused by a variety of factors.

Ensure that your Sigsync subscription or trial version hasn't expired. If the trial period has expired, you will need to renew your subscription or contact Sigsync Customer Service to learn if your trial period can be extended.

The following instructions will help you re-configure Office 365 connectors:

1. Make sure your tenant is properly provisioned.
2. Delete the existing configuration.
3. Configure your connectors.

Reconfiguring Sigsync connectors will only be available if you have a valid subscription or a trial version. Using this method, you will be able to restore normal mail flow. Also, make sure the following is true before moving forward:

1. You have global admin account credentials to access it.
2. You have access to the Sigsync account to manage your tenant.

Make sure your tenant is properly provisioned

Provisioning is required for your Office 365 tenant so that it can use Sigsync Email Signatures.

In this process, you will need to register an additional accepted domain. During the initial configuration phase, provisioning usually happens automatically. The accepted domain that Sigsync Email Signatures for Office 365 needs to work may have been accidentally deleted.

The following steps should be taken to ensure your tenant is correctly provisioned:

1. Open Office 365 admin center and go to Exchange to open Exchange Admin Center.
2. Click on Mail Flow -> Accepted domains and check if Sigsync domain is displayed on the list of accepted domains.

   

Delete the existing configuration

You can remove the Sigsync connector and its associated transport rule once your tenant has been properly provisioned. Use the following procedure to achieve this:

1. Open Office 365 admin center and click on Exchange to access Exchange Admin Center.
2. Go to Mail flow and select Rules.

   

3. Remove the Sigsync Exchange Transport rule. To do this, select the existing rule and click on delete () icon.

   

4. Then go to Mail flow and select Connectors, remove the Sigsync Inbound Connector and Sigsync Outbound Connector.

   

5. Wait for the changes to propagate.

Configure your connectors

Once you have waited for at least two hours, you can reconfigure the Sigsync connectors as described here. For best results, take advantage of the automatic connector configuration. Log in using a global admin account to access the wizard. You can still configure the connectors manually if you do not have access to such an account; however, this is not recommended.

Note: It's a good idea to create a test group before applying the new settings to all users. Using this method, you can safely check the configuration and verify if your mail flow has been restored.

Sigsync Email Signatures for Office 365 should be back to normal operation after you complete the aforementioned steps.

Troubleshooting error ATTR41

Below are the delivery errors you have received:

454 4.7.0 Failed to establish appropriate TLS channel ATTR41: CertificateExpired: Access Denied

The reason for the error is the expiration of a TLS certificate required to secure the connector used to communicate between the Sigsync Email Azure Service and Office 365. By registering the trial version of the software with Sigsync, Sigsync automatically purchases this certificate for you. It is valid for 30 days. A certificate will be automatically extended for one more year if:

1. You have subscribed to Sigsync Email Signatures for Office 365 (this applies to both monthly and yearly subscriptions).
2. Sigsync Customer Support has extended your trial period.

Likewise, if you don't renew your subscription, the certificate used to authenticate the communication will also be ineligible for renewal and will eventually expire. As a result, the connectors will stop working and the NDR messages will be returned.

Whenever you stop using Sigsync Email Signatures for Office 365, you should remove the connectors that transport your emails to the Sigsync Email Azure Service as outlined previously in this article.

Please remember that you can only remove the connectors by yourself, so until you do so any emails you send through Sigsync will go through the Sigsync Email Azure Service, as shown below:

• The connectors remain in place even after the trial period ends, but no signatures are added to emails.
• When you purchase a subscription, but it expires for some reason, you get an additional few days of signatures (to deal with payment issues for example). If you do not renew your subscription, the signatures are no longer added, but the connectors remain.

Note: The connectors can only be removed by an Exchange admin (or a global admin). Sigsync system cannot do this for you, because we don't store any tenant login credentials.