It's often presumed that the server where the bounce originates from is the server that had the issue. Although this is possible if it's a local error, most often it is the NEXT server in the route that caused the problem.
You can find out what server is sending the message by looking in a few common places:
Since the sending server is often not the server that encountered the error, it's important to know where to find the logs of why the message was not delivered. Generally (when faced with a SMTP 5.x.x error) this is on the receiving server.
A few common places to find this server are:
Usually the bounce contains more information than the Reporting-MTA's logs, but less than the Remote-MTA's logs. Nonetheless, it's usually enough to determine where to look next.
Sometimes the error is a local error. In this event there is no Remote-MTA and the error that is defined in the bounce is from the Reporting-MTA. This should be indicated by a reference to "localhost", "YourDomain.local" or a private IP, coupled with the absence of a Remote-MTA or it's equivalents.
There's often other information included in bounces including the headers of the message (please read our FAQ "How do I see the route of an email in the headers?" for more information) and the server that sent the original message (or the "Received-From-MTA"), but that information is beyond the scope of this FAQ. The goal of this FAQ is user-friendliness, but for in depth information you can read RFC 2821 section 3.7 "Relaying" for information on how email is relayed, and RFC 3464 for information about Delivery Status Notifications (DSNs).