Hi everyone,

Got an interesting issue with one of the hosted exchange platforms that we currently manage. We have a spamfilter (SpamTitan) that filters the messages, then forwards them on to the Exchange mailboxes, and I'm seeing a particular message from a specific sender being sent through the filter, whitelisted, and then sent on to Exchange.

In Exchange message tracking, I can see the message being RECEIVE SMTP delivered, but the message is not found in the user's OWA/mailbox anywhere.

The only thing that's different is the sender is coming from a postmaster@internal.local address from the 3rd party engine that's sending the emails to our hosted exchange system.

The messages are Delivery Failure Notices with bouncebacks (the user actually wants them to know who's Invoices sent out are bouncing etc)

Under our Exchange 2013 content filter config I've allowed this postmaster@internal.local address to bypassed senders, but still the message is not delivered even though all our message tracking says it is.

Here is a copy of the SpamTitan message log:

SpamTitan ID: wnt42jLvqRVg

Message Received: September 1, 2015, 10:52:51

Envelope From Address: MAILER-DAEMON

From Address: postmaster@internal.local

Recipient: destination@mailbox.com

Subject: Delivery Status Notification (Failure)

Client Address: [external smtp server]

Country of Origin: AU

Message Size: 268953

Content Classification: Whitelisted

Virus Infected: No

Score: 0

Quarantined: No

Message ID: ZS2TRqf690000003a@internal.local

SMTP Response: 250 2.6.0 [InternalId=75020193760376, Hostname=our.hosted.exchange.fqdn] Queued mail for delivery

Delivery Status: Sent

Blacklisted Sender: N

Whitelisted Sender: Y

Mail flow direction: Inbound

Encryption: None

And here is a copy of the Exchange message tracking delivery:

RunspaceId : 9a660b50-f4fb-4f3a-84a3-e2ef42cbfbe0

Timestamp : 1/09/2015 10:52:59 AM

ClientIp : exchange.IP

ClientHostname : our.hosted.exchange.fqdn

ServerIp : exchange.IP

ServerHostname : exchange

SourceContext : 08D10381D3F1D083;2015-09-01T02:52:50.305Z;0

ConnectorId : PER-EX1\Default PER-EX1

Source : SMTP

EventId : RECEIVE

InternalMessageId : 75020193760376

MessageId : ZS2TRqf690000003a@internal.local

Recipients : {destination@mailbox.com}

RecipientStatus : {}

TotalBytes : 270928

RecipientCount : 1

RelatedRecipientAddress :

Reference :

MessageSubject : Delivery Status Notification (Failure)

Sender : postmaster@internal.local

ReturnPath : <>

Directionality : Incoming

TenantId :

OriginalClientIp : 127.0.0.1

MessageInfo : 0cA:

MessageLatency :

MessageLatencyType : None

EventData : {[FirstForestHop, our.hosted.exchange.fqdn], [ProxiedClientIPAddress, exchange.IP], [ProxiedClientHostname, antispam.fqdn], [ProxyHop1, our.hosted.exchange.fqdn(exchange.IP)], [DeliveryPriority, Normal]}

I've checked junk mail, spam filter, mailbox folder rules, but cannot find these messages anywhere.

I have also added this email address - postmaster@internal.local to the BypassedSenders on our Exchange 2013 Content filter config. No change.

Anyone got any suggestions?

Cheers

Hi all,

Is there a way to limit users to use secondary SMTP addresses to mail external?

For example:

John Smith has manager@contoso.com as his primary SMTP and j.smith@contoso.com as secondary SMTP.

John may only mail external with his primary SMTP manager@contoso.com

I can only block users currently, cause if I add secondary SMTP tobe blocked, it will recognize the User like it does with the Check names button...

thanks in advance

Dear All,

I have exchange server 2013 running with windows server 2012.

My email server have been send and receive email with internal and external as normal.

Today, i got the problem the email cannot send out to external and get the error below:

Please comment.

BR,

Khemarin

Khemarin333@hotmail.com

We have two domains with AD two-way trust and Exchange GAL synchronization done via Forefront identity Manager 2010. We have a problem with meeting room reservation, user from domain A is trying to book meeting room from domain B (there is a contact object in domain A for this meeting room from domain B). The problem is that such room is not sending response confirmation email to user and meeting room is visible as tentative. I already found https://social.technet.microsoft.com/Forums/exchange/en-US/298ee741-3293-438c-bd2d-edc33d1aa408/unable-to-book-meeting-rooms-from-trusted-forest-rooms-are-tentative?forum=exchange2010

and set "externally secured" option on receive connector in domain B (exchange 2010 server). This didn't resolve our issue. How to troubleshoot it? 

Domain A: one exchange 2013 server

Domain B: one exchange 2010 server (meeting rooms hosted in db on this server) and 3 exchange 2013 servers in DAG, prepared to migrate mailbox db from 2010 server

Here is a message header from normal email sent from domainA to domainB - I am wondering what IP scope (private IP address of exchange server from domainA: 192.168.128.235 or public IP address of ironport from domainA 62.xxx.xx.10) should be set for receiver connector in domainB

Received: from 312EX.domainB.com (172.16.64.143) by
 316EX.domainB.com (172.16.64.231) with Microsoft SMTP Server (TLS)
 id 15.0.995.29 via Mailbox Transport; Mon, 7 Sep 2015 09:32:17 +0200
Received: from 317EX.domainB.com (172.16.64.232) by
 312EX.domainB.com (172.16.64.143) with Microsoft SMTP Server (TLS)
 id 15.0.995.29; Mon, 7 Sep 2015 09:32:16 +0200
Received: from 231EX.domainB.com (172.16.64.60) by
 317EX.domainB.com (172.16.64.232) with Microsoft SMTP Server (TLS)
 id 15.0.995.29; Mon, 7 Sep 2015 09:32:16 +0200
Received: from ironport.domainB.com (172.16.65.16) by
 231EX.domainB.com (172.16.64.60) with Microsoft SMTP Server id
 14.3.158.1; Mon, 7 Sep 2015 09:32:15 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BCBQCdPO1V/wpblD5IFhkBgjwhLAEiMWkGrV2JWod4GgUBBYcjPBABAQEBAQEBgQqEKgwhHEIBDyRsBwEEG4gnAwGkbKQPhUJwiV2DIAxBgTEFlVWORoQziFCIPINsJoFKAQsBgilxh0SBBQEBAQ
X-IPAS-Result: A0BCBQCdPO1V/wpblD5IFhkBgjwhLAEiMWkGrV2JWod4GgUBBYcjPBABAQEBAQEBgQqEKgwhHEIBDyRsBwEEG4gnAwGkbKQPhUJwiV2DIAxBgTEFlVWORoQziFCIPINsJoFKAQsBgilxh0SBBQEBAQ
X-IronPort-AV: E=Sophos;i="5.17,484,1437429600";
   d="scan'208,217";a="10003978"
Received: from eta.domainA.com ([62.xxx.xx.10])  by ironport.domainA.com
 with ESMTP; 07 Sep 2015 09:32:15 +0200
Received: from ETA.domainA.com (192.168.128.235) by ETA.domainA.com
 (192.168.128.235) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Mon, 7 Sep
 2015 09:34:20 +0200
Received: from ETA.domainA.com ([::1]) by ETA.domainA.com ([::1]) with
 mapi id 15.00.1076.000; Mon, 7 Sep 2015 09:34:20 +0200
From: =?iso-8859-2?Q?Be=B3ko_Bart=B3omiej?= <Bartlomiej.Belko@domainA.com>
To: "'bart.test@domainB.com'" <bart.test@domainB.com>
Subject: zaproszenie
Thread-Topic: zaproszenie
Thread-Index: AdDpP5kMyMCMbPmnRx2vAgAzt6KVkQ==
Date: Mon, 7 Sep 2015 07:34:19 +0000
Message-ID: <2331fe7580224c0b861e4209065012d0@ETA.domainA.com>
Accept-Language: en-US, pl-PL
Content-Language: pl-PL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.128.194]
Content-Type: multipart/alternative;
	boundary="_000_2331fe7580224c0b861e4209065012d0ETAdomainAcom_"
MIME-Version: 1.0
Return-Path: Bartlomiej.Belko@domainA.com
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Organization-Network-Message-Id: 89c905ae-9f54-4c63-2553-08d2b7567491
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: 231EX.domainB.com
X-MS-Exchange-Organization-AuthAs: Anonymous

I'm trying to create a mail flow rule which will delete emails whose subject header is utf-8 encoded. What this means is that the email subject would start with =?utf-8?

However, I can't seem to create a rule that does this.  I Tried:

Subject matches these text patterns ... '=\?utf-8\?'

also tried

A message header matches ...  'Subject' header matches '=\?utf-8\?'

However, both doesn't work.  Any ideas or help would be much appreciated. 

Thanks!

HI, fiends.

Non Domainadmin account cannot relay via Exchange 2013 SMTP, any domain user account added to Domain admin security group can relay via SMTP Server.

Error message is as follows

Delivery to the following recipient failed permanently:      noufal@web.net.xx Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the relay  mail. web.net.xx by mail.web.net.xx. [213.130.xxx.xxx] the other server returned was: 550 5.7.1 Client does not have permissions to send as this sender.

Settings are attached

Please help 

Noufal 

Hi;

I am using Exchange 2013 Standard, is there anyway that I can do on Exchange to send a warning email back to sender if who try to send email out of the organization email domain?

Can I turn on something on Exchange Shell?

KW - CNE,MCSE,VCP5

We have two domains with AD two-way trust and Exchange GAL synchronization done via Forefront identity Manager 2010. We have a problem with meeting room reservation, user from domain A is trying to book meeting room from domain B (there is a contact object in domain A for this meeting room from domain B). The problem is that such room is not sending response confirmation email to user and meeting room is visible as tentative. I alreadyset "externally secured" option on receive connectors in domain B:

exchange 2010 server - receive connector role:HubTransport, scoping exchange server in domainA IP port 25, security: tls and externally secured

3x exchange 2013 servers - receive connector role:FrontendTransport, scoping exchange server in domainA IP port 25, security: tls and externally secured

I am not sure whether this is enough configuration for receive connectors, what about receive connector  for hubtransportrole on 2013 exchange servers? Should I also configure them, what ports?

Domain A: one exchange 2013 server

Domain B: one exchange 2010 server (meeting rooms hosted in db on this server) and 3 exchange 2013 servers in DAG, prepared to migrate mailbox db from 2010 server

Hi,

we are using Exchange 2013 CU9 Build 15.00.1104.005 on a Windows Server 2012R2 (onPremise, one server)

In the ECP, in the Menu Mail-Flow\Rules, when creating a new Transport-Rule, there is no option to choose "do the following:Notify the recipient with a message".

I am referring to the feature which is described in the following Microsoft Technet "Common attachment blocking scenarios" whichApplies to: Exchange Online, Exchange Online Protection, Exchange Server 2013

*See Example 2: Notify intended recipients when an inbound message is blocked - If you want to reject a message but let the intended recipient know what happened, you can use the Notify the recipient

Link: https://technet.microsoft.com/en-us/library/dn950026%28v=exchg.150%29.aspx 

I have tried this also on other Exchange Server 2013 installation with the same results. :(

I am wondering why this feature is not available, could you please provide more details, is this a Bug?

Thank you.

Regards,
SimonEUR

Hi;

I am using Exchange 2013 Standard in DAG configuration.  I want to know, if I configured a MailFlow rule on EX01, would this mailflow rule will be replicated to the EX02?  or any changes on EX01 will be replicated or copied to EX02?  I am wondering if my DAG working properly?

what Exchange Shell command can be used to detect the DAG replication issue of two servers?

I know one of the command is "Test-ReplicationHealth -Identity <server name>"

KW - CNE,MCSE,VCP5

I have a user that can send and receive mail internally and externally successfully, except for two external addresses (both in the same domain.) ***NOTE: I have successfully sent mail to these addresses from my account. I have tried to run a delivery report via EAC, but no matter what parameters I select I always get no results. I also tried to run a "report" via powershell using the Get-MessageTrackingLog cmdlet, but I never get results there either. 

Hi Server Expert,

We are currently using Exchange Server 2010 mail server running on Windows Server 2008 R2 Enterprise. Currently, we have 2 Transport Server and 2 Mailbox Servers for redundancy.

We are planning to find a software that able to send the mass email to our customers. the mass email could be send to more than 1000 customers at one time.

My query is: will sending mass email causing our domain blacklisted as spam? what kind of issue that we can foresee from sending of mass email?

Thanks.

Regards,

I am running Exchange 2013 with 2 send connectors.  This server hosts about 30 domains.  I have a primary send connector that routes all domain emails to a smart host.  I added a second send connector to route all email for 1 particular domain to another smart host.

When I send an email from a user in the domain that I want going through the second send connector, it does not.  Instead, it continues to go through the mail send connector.  What am I missing.

I specified the domain as such in the second send connector: companyxyz.com

Should I use @companyxyz.com or *@companyxyz.com

TIA, Larry

Larry D.

Hello,

we are using "Spamhaus ZEN" RBL for our Exchange.
There are a few IP-Adresses that I want to whitelist, this should work with "Add-IPAllowListEntry -IPAddress x.x.x.x"
The Command works successfully and returns the results with "Get-IPAllowListEntry"
Settings for IPAllowListConfig are "-Enabled True" and "-ExternalMail Enabled True"

My problem is that mails are being blocked even if they are on the whitelist.
Can someone tell me why that is happening?
I tried to restart TransportService and even whole Exchange server without success.

Regards

gugaua

Thanks In Advance...

Need help to identify a Critical Issue in Live Environment. 

We have Setup a Email server for out organization domain.com which is working properlly and the mail flow is also works fine with other domain. Since last week we observe that one of our client company based in UK complain that they are unable to send mails to our domain. 

We start investigating and found that some mails are coming properly and some are don't even hit out Trend Micro Mail Gateway server. After 6 Hrs client get the NDR over return receipt. 

Our Enviorment :-

Domain :- Domain.com

MX:- 11.12.124.15 & 200.225.112.23 (mail.domain.com) Preference 10

11.12.1247.16 & 200.225.112.24 (Gateway.domain.com) Preference 20

11.12.124.17 & 200.225.112.25 (relay.apeejaygroup.com) Preference 30

Mail Gateway Appliance :- Trend Micro InterScan Messaging Security Gateway 9.0

Client Environment:-

Domain :- clientdomain.com

MX :- brightmail by Symantec Messagelabs Cloud. 

=========================================

When Client sent a mail it don't even hit any of our mail gateway server. But the user gets the Non Delivery Message. In from Brightmail NDR following error message is showing.

Delivery attempt failure - transient Attempted delivery 71/31-01753-DD55DE55 to11.12.124.15 on Mon Sep 7 09:36:23 2015Error Message: "451 4.4.2 [internal] send HELO/EHLO failed" Providing this log to the recipient, hopefully they would be able to explain this answer when we try to connect to their Server11.12.124.15

=======================

Need help to identify that where is the issue and how to fix this so that we can start communication between our client over mail smoothly. 

Regards, Koustov Choudhury

Hi,

Having attempted to resolve this issue in the Office 365 Forums (https://community.office365.com/en-us/f/156/t/407619), as it was after partially setting up an ADFS server (configured the Wizard to create the ADFS entry in AD, using my Exchange OWA Certificate - eg owa.domain.co.uk, rather than the desired STS.domain.co.uk) and then attempting to activate AD Synchronisation in the Office365 Portal, I noticed that my Outlook clients were prompting for AD credentials (which are no longer recognised). Also. I applied SP1 to my windows 2008 R2 DC's at the same time but I'm pretty sure this not related.

Anyway, the intersting thing is Outlook Anywhere works externally (if I connect a laptop via a 3G dongle) but not the LAN, although I did notice that Outllok 2013 did intermittently work on an internally connected laptop.

I have tried to retrace my steps (remove ADFS and then re-install with correct SSL cert - STS.domain.co.uk) and removed the old ADFS entries using ADSIEDIT (CN=<GUID>,CN=ADFS,CN=Microsoft,CN=Program Data,DC=<Domain>,DC=<COM>) but the Office 365team have suggested that I raise this with the Exchange experts.

Note, I did start to configure SSO 

• Connect to Microsoft Online Services with the credential variable set previously
  • Connect-MsolService –Credential $cred
    

 Set the MSOL ADFS Context server, to the ADFS server

• • Set-MsolADFSContext –Computer adfs_servername.domain_name.com
    

 BUT DID NOT RUN

• Convert the domain to a federated domain
  • Convert-MsolDomainToFederated –DomainName domain_name.comand even tried to disbale ADS

And even tried to disable the Federation

Set-MSOLDomainAuthentication-Authentication Managed -DomainName

John Philipson

Hi.

I've created a rule that delays delivery of an email by two minutes if the recipient has an @ symbol in their address. I created it because, at my company, we are delaying sent emails to all external (non-domain) recipients. It works like a charm in all aspects, but I don't understand exactly how it works.

It was my understanding that it was looking at the header information for an @ symbol in the To: and CC: fields, but when I tested this, it delayed the external email and sent the internal email right away. This is exactly what it's supposed to do, but I don't understand exactly what it's doing in order to actually delay externally and allow internally right away.

Sorry if this is confusing. I can't really explain what I'm asking. Basically, I just want to know if maybe it's something to do with how it's looking up the contact in Exchange before it sends.

Any help is appreciated.