Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 4249 articles
Browse latest View live

Massive SPAM and Virus Sending

February 25, 2016, 5:36 am
$
0
0

Dear NC,
i have lots of SPAM which is relayed through one of my Exchange 2013 Servers. Sending Mails via SMTP is allowed for Exchange Users to let them send with Clients like Thunderbird. I have allready enabled verbose logging but i am not able to identify from which IP or even better Useraccount the SPAM is send. For me it looks like (not for sure of course), that someone uses one of the AD Accounts to send SPAM because of a weak Username/Password combination directly via SMTP through the Exchange Server.

How can i identify the Sending Useraccount. I cannot find anyting about that in the Frontend SMTP Receive Logs or Event Logs? The OriginalClientIp ist allways empty.
Does anybody have a good howto for me....this would be very kind.

Thanks a lot, Bernd

Search

Originating IP Address Question POP vs. Exchange

February 25, 2016, 7:04 am
$
0
0
Hello, got emails bounced back from a receivers domain because of a "lockout policy" from domain or IP address...here is the question:  If the sender connects to Exchange to send POP mail then their original public IP is in the email header, is this also true if they connect via Exchange/Activesync?  I am hoping that the originating IP will be that of Exchange Public IP and not the senders current public IP (if they are at home or traveling) -- I am also finding that with our spam filter it catches emails from internal users who are on a IP that is listed with SORBS and junks them.  In the scenario I am describing with POP mail it seems that Exchange is relaying the mail (because it is noting a different IP).

DNS conditional forwarder messed up mail flow between forest domains - Split DNS in use

February 12, 2016, 12:54 pm
$
0
0

I have what might be a simple problem but i'm not sure.  We have two AD domains in separate forests. Both have separate Exchange 2013 deployments.

One is for a company we are taking over and I eventually need to set up a one way Trust from their domain to mine, both AD 2012. A prerequisite for setting up a trust is that you set up DNS conditional forwarders on both sides for each others domains.

At their domain, they only use AD DNS.  On our domain we use SPLIT DNS.  That is, we have an external provider that announces authoritative DNS for use publicly so that for our externally facing websites and services, they get a lookup or a routable IP that hits our Firewall and is translated to a NAT IP internally.

For internal DNS though, we make similar records, but not to the routable IP but rather the internal unroutable IP, like 192.168.*.*

So for mail routing on the internet, we use external DNS MX record that routes to our virus/spam firewall external IP.  This other company sends us mail and gets it to us just like any other external entity.

We set up a site to site VPN so we can route to each others unroutable space.  Ours is 192.168.25.* theirs is 10.0.0.*

When I set up the conditional forwarder for our domain, that forces their DNS queries to go directly to our AD DNS server at the 192.168.25.2 address and not the external DNS provider.  This setup worked, and I could ping internal non-externally advertised internal host names after I set it up.

However, email flow broke. They started getting the following bounce message.

Delivery is delayed to these recipients or groups: 

Generating server: EMAIL2.NTDOMAIN.local
Receiving server: mydomain.com (192.168.25.2)<o:p></o:p>

Remote Server at mydomain.com (192.168.25.2) returned '400 4.4.7 Message delayed'
2/12/2016 2:54:49 AM - Remote Server at mydomain.com (192.168.25.2) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10061, Win32 error code: 10061." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.25.2:25'<o:p></o:p>

So basically delivery is attempted to my domain controller and not my exchange server.  I assume that when I set up the forwarder it would use my MX records in my domain.  I checked and I do have several MX records, some for Sharepoint servers, but the one with the lowest priority (10) was my Exchange 2013 MB server.  So i'm not sure why mail delivery was attempted to my domain controller.

Any help is greatly appreciated.

Distribution Group Sender Restrictions Not Working

February 1, 2016, 11:22 am
$
0
0
I've created a new distribution list via the ECP and added myself to it.  In the list's details, under delivery management, I have 'Only senders inside my organization' ticked. However, when I send an email from an external gmail address, it goes through.  What am I doing wrong?

migration Lotus Notes to Exchange, how to migrate confidential emails (in LN encrypted)

December 5, 2014, 1:50 am
$
0
0

Hi,

we're investigating a migration of Lotus Notes to Exchange. One issue is the migration of encrypted mail. How to keep them confidential in Exchange?

We have users like a secretary that has read/write access to a mailbox of a manager. If another user mails the manager with confidential information, he encrypts it in LN before sending it, so only the mailbox owner can open the message. Is this possible in Exchange 2013 and in Exchange online? Heard that you can set things via IRM, but that with Outlook web access the secretary can set the manager's mailbox as primary and than will be able to open the confidential email....

best regards,

Hans

Unable to receive mail in Exchange 2013/OWA

February 28, 2016, 5:11 am
$
0
0

Hi all.

I'm fairly new to Exchange Server, so do forgive me if this is an extremely stupid/simple question.

I've set up a copy of Exchange 2013 on Windows Server 2012 R2 Datacenter (a clean install, may I add) I am able to send messages externally from OWA, but am unable to receive any responses.

I have run the Connectivity Tester in the Exchange Toolbox, which reports the following error on Inbound SMTP

The server returned status code 451 - Error in processing. The server response was: 4.7.0 Temporary server error. Please try again later. PRX2
Exception details:
Message: Error in processing. The server response was: 4.7.0 Temporary server error. Please try again later. PRX2
Type: System.Net.Mail.SmtpException
Stack trace:
 at System.Net.Mail.DataStopCommand.CheckResponse(SmtpStatusCode statusCode, String serverResponse)
 at System.Net.Mail.DataStopCommand.Send(SmtpConnection conn)
 at System.Net.Mail.SmtpClient.Send(MailMessage message)
 at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()


Elapsed Time: 2164 ms.

The other issue I'm having with Exchange is that outgoing email is VERY slow to leave the drafts folder (can take upwards of 10 minutes sometimes for a simple "test" email).

What am I doing wrong? Do I need to open up any ports in the firewall? I've tried opening the standard mail ports before now, but nothing changed.

Thanks in advance;

Toby

Change catch all e-mail

February 28, 2016, 1:55 am
$
0
0

Hello,

I think i have a catch all account on my profile.

I have installed the spam filter, but i got a lot of junk. I use echange 2013.

I see now that there are people sending me to adres: dgfhfjjf@ and its reaching in my mailbox.

So there i can see thats a catch all account. How can i change this?

Greetings,

Albert

Direct all messages to a separate third-party SMTP server?

February 19, 2016, 2:14 am
$
0
0

Hi All

I plan to use a SMTP Arciving feature in my archiving solution (non Microsoft). I wish to send a BCC copy of every message to a particular SMTP server (installen on archiving software). In Exchange 2003 there was a BCC journaling feature that could be enabled in a registry. Is  there any way to direct all messages, external and internal, to a third-party SMTP server on Exchange 2013/2016? On that separate SMTP server I have an archiving software that can capture and archive incomming messages. I'm not able to use standard Exchange Journaling, since I have no licenses to integrate my currect archiving solution (non Microsoft) with a Journal Mailbox.

Any ideas?

-- Konrad Puchala

Search

Exchange 2013 and 2010 co-existence, The mailbox of user that is located on a server that is running version 14 can't be opened on a server that is running version 15.

February 28, 2016, 9:07 pm
$
0
0

Dear Team,

I am facing a strange issue we are running exchange 2013 with 2010 in co-existence mode,we are in the process of migration mostly all the mailbox are migrated to exchange 2013.

when one of the exchange 2013 user is trying to send an email to another user whose mailbox also exists in exchange 2013 he is getting the below bounce back message.


HAMM.abc.com Remote Server returned '554 5.2.0 STOREDRV.Deliver.Exception:NotSupportedWithServerVersionException; Failed to process message due to a permanent exception with message The mailbox of user mkh@abc.com that is located on a server that is running version 14 can't be opened on a server that is running version 15. NotSupportedWithServerVersionException: The mailbox of usermkh@abc.com that is located on a server that is running version 14 can't be opened on a server that is running version 15. [Stage: CreateSession]'

Thanks.

TechGUy,System Administrator.

zen.spamhaus.org not rejectin' mail on exchange 2013 edge

February 29, 2016, 7:06 am
$
0
0

Hi guys.

Need some help with investigation why RBL list on exchange 2013 (zen) did not reject SPAM.

Spam was sent to a user in our organization although that IP is blacklisted by zen spamhaus:https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a104.243.72.35&run=toolpage

and if we run on exchange 2013 edge server:

Test-IpBlockListProvider
zen.spamhaus.org
104.243.72.35

We see that output is: TRUE

Can someone please explain it to me why this SPAM wasn't rejected and got delivered to our user in organization?

With best regards

bostjanc


Too many Undelivered Messages

February 29, 2016, 10:13 pm
$
0
0

Dear All.

I am getting too many undelivered emails to my account. It shows as if i am sending the emails. I dont know what might have went wrong. 

Delivery has failed to these recipients or groups:

xyz@abc.com This message is larger than the size limit for messages. Please make it smaller and try sending it again.

The following organization rejected your message: 

Diagnostic information for administrators:

Generating server:

Remote Server returned '554 5.3.4 Content conversion limit(s) exceeded; STOREDRV.Deliver.Exception:ConversionFailedException; Failed to process message due to a permanent exception with message The content conversion limit has been exceeded. ConversionFailedException: The content conversion limit has been exceeded. [Stage: CreateReplay]'

Original message headers:

Received: from srv-abc.com (192.168.2.100) by
 srv-abc.com (192.168.2.100) with Microsoft SMTP Server (TLS)
 id 15.0.847.32; Tue, 1 Mar 2016 09:56:30 +0400
Received: from srv (192.168.2.100) by exmail.adremtek.com
 (192.168.2.100) with Microsoft SMTP Server id 15.0.847.32 via Frontend
 Transport; Tue, 1 Mar 2016 09:56:30 +0400
To: <MAILER-DAEMON@mail.hostingplatform.com>
From: <xyz@abc.com
Subject: Message Not Delivered
Date: Tue, 1 Mar 2016 09:56:25 +0400
Message-ID: <000493A4-1D058049@adremtek.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="===========================_ _= 8219604(4361)1044643698"
Return-Path: xyz@abc.com

headers --------------------------

Received: from srv.abc.com (192.168.2.100) by
 srv.abc.com (192.168.2.100) with Microsoft SMTP Server (TLS)
 id 15.0.847.32 via Mailbox Transport; Tue, 1 Mar 2016 09:56:45 +0400
MIME-Version: 1.0
From: Microsoft Outlook
<MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@abc.com>
To: <xyz@abc.com>
Date: Tue, 1 Mar 2016 09:56:42 +0400
Content-Type: multipart/report; report-type=delivery-status;
boundary="878bb435-aa0b-41af-a542-f2d063639409"
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Message-Is-Ndr:
Content-Language: en-US
Message-ID: <bea975c0-772c-4552-bb90-d85a4fd59ac6@srv.abc.com>
In-Reply-To: <000493A4-1D058049@abc.com>
References: <000493A4-1D058049@abc.com>
Subject: Undeliverable: Message Not Delivered
Auto-Submitted: auto-replied
X-MS-Exchange-Organization-AuthSource: srv.abc.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 05
X-MS-Exchange-Organization-Network-Message-Id: 79778e24-a3e7-434a-345b-08d34196439c
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
Return-Path: <>

How can i fix it. 

how to trace messages caught by malware filter

March 1, 2016, 9:49 am
$
0
0

I edited the default malware filter to notify me when a message is caught. Today I have been bombarded with these messages.  I assume they are originating internally since we use a cloud based anti-virus filter which I assume would catch these messages before it is delivered to us.  Can I trace these messages to see if they are originating internally?

thanks

Exchange Online mail forwarding to other users

March 1, 2016, 7:12 am
$
0
0
I want to forward mail to a lot of user. I have done with rules but mail forward to all users with subject "fw: mail subject". I do not wanna this style. Mail forward to all users with orjinal subject not fw

Content filter - Exchange Edge 2013 a few questions

March 2, 2016, 1:08 am
$
0
0

Hi there!

Is it possible to configure exchange:

Instead of SCL Qurantine Mailbox that every user would get mail to their mailbox, and added ****SPAM**** to subject line to those emails?

With best regards

bostjanc

Stop Outbound Phishing

March 2, 2016, 2:40 am
$
0
0

Hi everyone,

we detected phishing spam mails are being sent at high rate from our single Exchange Server

Messages are sent by: "******@*******citibank.com", with this subject: "Your Credit Card Has Been Limited" from various External IPs.

We now deployed some network security filters, but I have one concern:

How do spammers use our Exchange connector to send mail as an external unmanaged domain ?
Why is it possible by default ? How to avoid it and allow messages sent by internal domain only ?

Thanks for helping !

Search

Cannot Send/Receive email externally.

March 2, 2016, 11:14 am
$
0
0

Setup two AD Controllers and so far one EX10 SP3. All running on top of Hyper-V 2012 r2. Routing email internally is fine, but cannot get email to send or receive from external sources.

Doubled check and checked again the connectors. Published the MX and SPF records at Go Daddy. 

First Question, is anything special to know about hosting EX on a VM when it comes to mail routing?

What is the proper format for the MX and SPF record? Ran the Microsoft Connectivity Analyzer, the MX and SPF return healthy.

PS, I know this forum is for EX 2013, but wasn't able to find a sub-category for EX 2010.



XML in body converted to Attachment in Exchange 2013

March 2, 2016, 3:42 pm
$
0
0
We are receiving emails from a 3rd party that are supposed to come with XML in the body of the email. When we receive them Exchange seems to be taking the XML from the body of the email and making it an attachment to the email. I'm wondering if there is a Mail Flow Rule that could be created to leave the email message as it came from the sender. I verified that the XML is in the message body on a different email platform so looks to be an Exchange issue. Thanks.

Maximum Attachment Size In Microsoft Exchange Server 2013

March 2, 2016, 9:11 pm
$
0
0

Hi

Please share how much file size in MB (attachment) we can send on email in Microsoft Exchange Server 2013 platform.

Thanks

Can't receive email from certain domains with Exchange 2010

November 3, 2015, 3:20 am
$
0
0

Hello,

I have recently ran into a problem with my Exchange 2010 server. I can not receive emails from certain domains. There is only 2 domain names in particular (only one user from each domain has tried sending emails to our domain).

thanks in advance

Receiving email issue

March 3, 2016, 3:25 am
$
0
0

Hello,

i have problem cannot receive emails from some domains i don't know how many domain , but daily receiving complain from users cannot able to receive email from domain. today i check the smtpreceive logs i found some issue below please check it and advise me to avoid this problem:

2016-03-01T21:27:05.942Z,mailserver\Client,08D2F809801F858F,33,173.16.100.200:25,74.125.82.46:37288,<,MAIL FROM:<smshareef@innpartner.net> SIZE=426374,
2016-03-01T21:27:05.942Z,mailserver\Client,08D2F809801F858F,34,173.16.100.200:25,74.125.82.46:37288,*,08D2F809801F858F;2016-03-01T21:27:04.710Z;1,receiving message
2016-03-01T21:27:05.942Z,mailserver\Client,08D2F809801F858F,35,173.16.100.200:25,74.125.82.46:37288,>,250 2.1.0 Sender OK,
2016-03-01T21:27:05.973Z,mailserver\Client,08D2F809801F8590,33,173.16.100.200:25,74.125.82.48:38757,<,MAIL FROM:<smshareef@innpartner.net> SIZE=426369,
2016-03-01T21:27:05.973Z,mailserver\Client,08D2F809801F8590,34,173.16.100.200:25,74.125.82.48:38757,*,08D2F809801F8590;2016-03-01T21:27:04.710Z;1,receiving message
2016-03-01T21:27:05.973Z,mailserver\Client,08D2F809801F8590,35,173.16.100.200:25,74.125.82.48:38757,>,250 2.1.0 Sender OK,
2016-03-01T21:27:06.161Z,mailserver\Client,08D2F809801F858F,36,173.16.100.200:25,74.125.82.46:37288,<,RCPT TO:<m.amit@mydomain.com>,
2016-03-01T21:27:06.161Z,mailserver\Client,08D2F809801F858F,37,173.16.100.200:25,74.125.82.46:37288,>,250 2.1.5 Recipient OK,
2016-03-01T21:27:06.192Z,mailserver\Client,08D2F809801F8590,36,173.16.100.200:25,74.125.82.48:38757,<,RCPT TO:<t.orouk@mydomain.com>,
2016-03-01T21:27:06.192Z,mailserver\Client,08D2F809801F8590,37,173.16.100.200:25,74.125.82.48:38757,>,250 2.1.5 Recipient OK,
2016-03-01T21:27:06.379Z,mailserver\Client,08D2F809801F858F,38,173.16.100.200:25,74.125.82.46:37288,<,DATA,
2016-03-01T21:27:06.379Z,mailserver\Client,08D2F809801F858F,39,173.16.100.200:25,74.125.82.46:37288,>,354 Start mail input; end with <CRLF>.<CRLF>,
2016-03-01T21:27:06.410Z,mailserver\Client,08D2F809801F8590,38,173.16.100.200:25,74.125.82.48:38757,<,DATA,
2016-03-01T21:27:06.410Z,mailserver\Client,08D2F809801F8590,39,173.16.100.200:25,74.125.82.48:38757,>,354 Start mail input; end with <CRLF>.<CRLF>,
2016-03-01T21:27:08.657Z,mailserver\Client,08D2F809801F858F,40,173.16.100.200:25,74.125.82.46:37288,*,Tarpit for '0.00:00:01.185' due to 'DelayedAck',Delivered
2016-03-01T21:27:08.657Z,mailserver\Client,08D2F809801F858F,41,173.16.100.200:25,74.125.82.46:37288,>,250 2.6.0 <007e01d17400$6663e5e0$332bb1a0$@net> [InternalId=85985] Queued mail for delivery,
2016-03-01T21:27:09.000Z,mailserver\Client,08D2F809801F858F,42,173.16.100.200:25,74.125.82.46:37288,<,QUIT,
2016-03-01T21:27:09.000Z,mailserver\Client,08D2F809801F858F,43,173.16.100.200:25,74.125.82.46:37288,>,221 2.0.0 Service closing transmission channel,
2016-03-01T21:27:09.000Z,mailserver\Client,08D2F809801F858F,44,173.16.100.200:25,74.125.82.46:37288,-,,Local
2016-03-01T21:27:11.153Z,mailserver\Client,08D2F809801F8590,40,173.16.100.200:25,74.125.82.48:38757,*,Tarpit for '0.00:00:03.681' due to 'DelayedAck',Delivered
2016-03-01T21:27:11.153Z,mailserver\Client,08D2F809801F8590,41,173.16.100.200:25,74.125.82.48:38757,>,250 2.6.0 <007e01d17400$6663e5e0$332bb1a0$@net> [InternalId=85984] Queued mail for delivery,
2016-03-01T21:27:11.465Z,mailserver\Client,08D2F809801F8590,42,173.16.100.200:25,74.125.82.48:38757,<,QUIT,
2016-03-01T21:27:11.465Z,mailserver\Client,08D2F809801F8590,43,173.16.100.200:25,74.125.82.48:38757,>,221 2.0.0 Service closing transmission channel,
2016-03-01T21:27:11.465Z,mailserver\Client,08D2F809801F8590,44,173.16.100.200:25,74.125.82.48:38757,-,,Local
2016-03-01T21:29:28.963Z,mailserver\Client,08D2F809801F8593,0,173.16.100.200:25,66.231.86.109:59552,+,,
2016-03-01T21:29:28.963Z,mailserver\Client,08D2F809801F8593,1,173.16.100.200:25,66.231.86.109:59552,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2016-03-01T21:29:28.963Z,mailserver\Client,08D2F809801F8593,2,173.16.100.200:25,66.231.86.109:59552,>,"220 mailserver.mydomain.com Microsoft ESMTP MAIL Service ready at Wed, 2 Mar 2016 00:29:28 +0300",
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,3,173.16.100.200:25,66.231.86.109:59552,<,EHLO mta.reedexpo-email.com,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,4,173.16.100.200:25,66.231.86.109:59552,>,250-mailserver.mydomain.com Hello [xx.xx.86.109],
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,5,173.16.100.200:25,66.231.86.109:59552,>,250-SIZE,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,6,173.16.100.200:25,66.231.86.109:59552,>,250-PIPELINING,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,7,173.16.100.200:25,66.231.86.109:59552,>,250-DSN,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,8,173.16.100.200:25,66.231.86.109:59552,>,250-ENHANCEDSTATUSCODES,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,9,173.16.100.200:25,66.231.86.109:59552,>,250-STARTTLS,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,10,173.16.100.200:25,66.231.86.109:59552,>,250-AUTH NTLM,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,11,173.16.100.200:25,66.231.86.109:59552,>,250-8BITMIME,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,12,173.16.100.200:25,66.231.86.109:59552,>,250-BINARYMIME,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,13,173.16.100.200:25,66.231.86.109:59552,>,250 CHUNKING,

thanks in advance

Viewing all 4249 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>