Team,

help me out please. I need to change the existing authoritative domain from something.com to *.something.com - this is to block spam messages sent to us using @w.<random-entry>.something.com. Normally we blocked sending emails with 'from' value pointing to any of our authoritative domains, but since wildcard is not there then above messages get thru. As the domains are random I cannot really block them by listing all of them, so editing the default authoritative domain to *.something would rule them all out. But there is no such option with Exchange :( What am I missing?

Thanks, Marcin

Marcin Dobija | MCSE:Security | MCITP:DBA,EA,EMA,SA | MCDBA | MCTS:W2k8,E2k7,SQL2005,OCS,ISA,Vista | MCITP Dynamics:CRM4 | MS ITAC Member | VCP4

Hello all,

i have a setup with exchange edge 2013 and an internal exchange 2013 with all roles(cas-mailbox).

I receive a lot of spam per day.I have enable the senderid,ipblocklist and content filters but no fix.

Here is a header of a spam

Received: from MAILSRV.xxx.xxx.xxx (192.168.168.xx) by MAILSRV.xxx.xxx.xxx

(192.168.168.xx) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Mailbox

Transport; Thu, 17 Mar 2016 04:51:55 +0200

Received: from MAILSRV.xxx.xxx.xxx (192.168.168.xx) by MAILSRV.xxx.xxx.xxx

(192.168.168.xx) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 17 Mar

2016 04:51:55 +0200

Received: from EDGESRV.xxx.xxx.xxx (172.16.0.xx) by MAILSRV.xxx.xxx.xxx

(192.168.168.xx) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend

Transport; Thu, 17 Mar 2016 04:51:55 +0200

Received: from mynation.xyz (14.1.28.210) by EDGESRV.xxx.xxx.xxx (172.16.0.xx)

with Microsoft SMTP Server id 15.0.1130.7; Thu, 17 Mar 2016 04:51:53 +0200

From: Tomiko <joss@mynation.xyz>

Date: Wed, 16 Mar 2016 21:45:26 -0500

MIME-Version: 1.0

Subject: 1 Easy Trick To Last Longer in Bed

To: <xxx@xxx.xxx.xxx>

Message-ID: <UOqkfpDWGao_OUfQNR3H74i0PF8CLesePEJa0Jt3LYQ.VOHLYJyD3Nkow1b0URJSroQbTdsmfutWssWLwQy88-0@mynation.xyz>

Content-Type: multipart/alternative;

                boundary="------------33476897231990047821913"

Return-Path: joss@mynation.xyz

X-MS-Exchange-Organization-PRD: mynation.xyz

X-MS-Exchange-Organization-SenderIdResult: None

Received-SPF: None (EDGESRV.xxx.xxx.xxx: joss@mynation.xyz does not designate

permitted sender hosts)

X-MS-Exchange-Organization-Network-Message-Id: a5a0e6c6-caef-4cd5-4e09-08d34e0f197f

X-MS-Exchange-Organization-SCL: 0

X-MS-Exchange-Organization-PCL: 2

X-MS-Exchange-Organization-Antispam-Report: DV:3.3.15608.880;SID:SenderIDStatus None;OrigIP:14.1.28.210

X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0

X-MS-Exchange-Organization-AuthSource: EDGESRV.xxx.xxx.xxx
X-MS-Exchange-Organization-AuthAs: Anonymous

Any proposals will be appreciated.

Thank you

Anytime we have a name change, new employee or employee termination, the GAL doesn't update right away.  The changes are made in EAC.  Any suggestions? 

Please keep in mind, I am not "Exchange savvy", so please keep your suggestions as simple as possible.  Thanks :)

Hi,

maybe someone there can help me with this.

I need to schedule incoming mail delivery to a specific distribution group.

I need all mail sent to that group be delivered to group members at same time, all mails at the same time.

Transport rules won't help because I can't specify delivery time as an action.

Anyone know if this can be done?

Thanks in advance

I have installed Exchange 2016 on a virtual 2012R2 machine. Exchange is working locally but will not work remotely with sync on cell phones. I have run the Microsoft Connectivity Analyzer to test Exchange ActiveSync. I get one error with folder sync listed below. I need help to get this resolved.

Attempting the FolderSync command on the Exchange ActiveSync session.

  The test of the FolderSync command failed.

Richard Richter

Hello,

i have problem cannot receive emails from some domains i don't know how many domain , but daily receiving complain from users cannot able to receive email from domain. today i check the smtpreceive logs i found some issue below please check it and advise me to avoid this problem:

2016-03-01T21:27:05.942Z,mailserver\Client,08D2F809801F858F,33,173.16.100.200:25,74.125.82.46:37288,<,MAIL FROM:<smshareef@innpartner.net> SIZE=426374,
2016-03-01T21:27:05.942Z,mailserver\Client,08D2F809801F858F,34,173.16.100.200:25,74.125.82.46:37288,*,08D2F809801F858F;2016-03-01T21:27:04.710Z;1,receiving message
2016-03-01T21:27:05.942Z,mailserver\Client,08D2F809801F858F,35,173.16.100.200:25,74.125.82.46:37288,>,250 2.1.0 Sender OK,
2016-03-01T21:27:05.973Z,mailserver\Client,08D2F809801F8590,33,173.16.100.200:25,74.125.82.48:38757,<,MAIL FROM:<smshareef@innpartner.net> SIZE=426369,
2016-03-01T21:27:05.973Z,mailserver\Client,08D2F809801F8590,34,173.16.100.200:25,74.125.82.48:38757,*,08D2F809801F8590;2016-03-01T21:27:04.710Z;1,receiving message
2016-03-01T21:27:05.973Z,mailserver\Client,08D2F809801F8590,35,173.16.100.200:25,74.125.82.48:38757,>,250 2.1.0 Sender OK,
2016-03-01T21:27:06.161Z,mailserver\Client,08D2F809801F858F,36,173.16.100.200:25,74.125.82.46:37288,<,RCPT TO:<m.amit@mydomain.com>,
2016-03-01T21:27:06.161Z,mailserver\Client,08D2F809801F858F,37,173.16.100.200:25,74.125.82.46:37288,>,250 2.1.5 Recipient OK,
2016-03-01T21:27:06.192Z,mailserver\Client,08D2F809801F8590,36,173.16.100.200:25,74.125.82.48:38757,<,RCPT TO:<t.orouk@mydomain.com>,
2016-03-01T21:27:06.192Z,mailserver\Client,08D2F809801F8590,37,173.16.100.200:25,74.125.82.48:38757,>,250 2.1.5 Recipient OK,
2016-03-01T21:27:06.379Z,mailserver\Client,08D2F809801F858F,38,173.16.100.200:25,74.125.82.46:37288,<,DATA,
2016-03-01T21:27:06.379Z,mailserver\Client,08D2F809801F858F,39,173.16.100.200:25,74.125.82.46:37288,>,354 Start mail input; end with <CRLF>.<CRLF>,
2016-03-01T21:27:06.410Z,mailserver\Client,08D2F809801F8590,38,173.16.100.200:25,74.125.82.48:38757,<,DATA,
2016-03-01T21:27:06.410Z,mailserver\Client,08D2F809801F8590,39,173.16.100.200:25,74.125.82.48:38757,>,354 Start mail input; end with <CRLF>.<CRLF>,
2016-03-01T21:27:08.657Z,mailserver\Client,08D2F809801F858F,40,173.16.100.200:25,74.125.82.46:37288,*,Tarpit for '0.00:00:01.185' due to 'DelayedAck',Delivered
2016-03-01T21:27:08.657Z,mailserver\Client,08D2F809801F858F,41,173.16.100.200:25,74.125.82.46:37288,>,250 2.6.0 <007e01d17400$6663e5e0$332bb1a0$@net> [InternalId=85985] Queued mail for delivery,
2016-03-01T21:27:09.000Z,mailserver\Client,08D2F809801F858F,42,173.16.100.200:25,74.125.82.46:37288,<,QUIT,
2016-03-01T21:27:09.000Z,mailserver\Client,08D2F809801F858F,43,173.16.100.200:25,74.125.82.46:37288,>,221 2.0.0 Service closing transmission channel,
2016-03-01T21:27:09.000Z,mailserver\Client,08D2F809801F858F,44,173.16.100.200:25,74.125.82.46:37288,-,,Local
2016-03-01T21:27:11.153Z,mailserver\Client,08D2F809801F8590,40,173.16.100.200:25,74.125.82.48:38757,*,Tarpit for '0.00:00:03.681' due to 'DelayedAck',Delivered
2016-03-01T21:27:11.153Z,mailserver\Client,08D2F809801F8590,41,173.16.100.200:25,74.125.82.48:38757,>,250 2.6.0 <007e01d17400$6663e5e0$332bb1a0$@net> [InternalId=85984] Queued mail for delivery,
2016-03-01T21:27:11.465Z,mailserver\Client,08D2F809801F8590,42,173.16.100.200:25,74.125.82.48:38757,<,QUIT,
2016-03-01T21:27:11.465Z,mailserver\Client,08D2F809801F8590,43,173.16.100.200:25,74.125.82.48:38757,>,221 2.0.0 Service closing transmission channel,
2016-03-01T21:27:11.465Z,mailserver\Client,08D2F809801F8590,44,173.16.100.200:25,74.125.82.48:38757,-,,Local
2016-03-01T21:29:28.963Z,mailserver\Client,08D2F809801F8593,0,173.16.100.200:25,66.231.86.109:59552,+,,
2016-03-01T21:29:28.963Z,mailserver\Client,08D2F809801F8593,1,173.16.100.200:25,66.231.86.109:59552,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2016-03-01T21:29:28.963Z,mailserver\Client,08D2F809801F8593,2,173.16.100.200:25,66.231.86.109:59552,>,"220 mailserver.mydomain.com Microsoft ESMTP MAIL Service ready at Wed, 2 Mar 2016 00:29:28 +0300",
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,3,173.16.100.200:25,66.231.86.109:59552,<,EHLO mta.reedexpo-email.com,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,4,173.16.100.200:25,66.231.86.109:59552,>,250-mailserver.mydomain.com Hello [xx.xx.86.109],
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,5,173.16.100.200:25,66.231.86.109:59552,>,250-SIZE,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,6,173.16.100.200:25,66.231.86.109:59552,>,250-PIPELINING,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,7,173.16.100.200:25,66.231.86.109:59552,>,250-DSN,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,8,173.16.100.200:25,66.231.86.109:59552,>,250-ENHANCEDSTATUSCODES,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,9,173.16.100.200:25,66.231.86.109:59552,>,250-STARTTLS,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,10,173.16.100.200:25,66.231.86.109:59552,>,250-AUTH NTLM,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,11,173.16.100.200:25,66.231.86.109:59552,>,250-8BITMIME,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,12,173.16.100.200:25,66.231.86.109:59552,>,250-BINARYMIME,
2016-03-01T21:29:29.431Z,mailserver\Client,08D2F809801F8593,13,173.16.100.200:25,66.231.86.109:59552,>,250 CHUNKING,

thanks in advance

Hi Everyone,

I want to install anti-spam software for e-mail server, what is the best program you recommend , and what  the best place to install it, Is it the same with the server or on different place.

we have exchange server 2010 , we dont have edge.

Thanks

I have a single multi-role Exchange 2013 server and it would appear that it's not properly maintaining the temp files for the transport service.  I still have all those folder locations at their default and the problem folder is c:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp

I never had a problem with this in Exchange 2007 but I am used to running a PowerShell script nightly to clean up the IIS log files.  Do I need to do something similar for this temp folder?  Is there a setting I can adjust so that Exchange will limit the size of this folder itself?  If I stop the transport service and delete the files here will I lose anything?

Any suggestions or insight would be greatly appreciated.

Hello,

We have Exchange 2013. One user send a mail to a particular group, the  mail appears in the sent items folder in outlook (visible in OWA as well). The issue is that the mail is not delivered to recipients and there is no information for this message in the tracking logs. Does it mean message goes to sent items before it is picked up by  the server for delivery? How this can be troubleshooted? 

Thank you.

Small network. One Exchange 2010 server. I just added Exchange 2013 on another VM with the intent of migrating everyone from 2010 to 2013 (was on 2003 as of about six weeks ago, so this is real progress, believe it or not!)

Mail sent from outside does not get to the test mailbox on the 2013 server. Eventually, that 2013 server will be setting behind a NAT to port 25 on the router, but in the interim, I need mail to flow through Exchange 2010 and be delivered to 2013.

I am sure, or at least highly suspect, that there is something simple and obvious that I missed in Mail Flow that will allow messages hitting the Exchange 2010 server to be moved over to the user's mailbox that is in a DB on the Exchange 2013 server.

For what it is worth, I have mail delivery configured on one mailbox that forwards mail sent to the domain admin account out to my external e-mail address (in addition to, not instead of, putting a copy in the admin mailbox). This works, even when the message never actually shows up in that admin mailbox. I am sure that is significant and probably a big hint also, but just cannot see it at almost 3:00 am in the middle of this migration.

I will need 2010 & 2013 to coexist for maybe only three days while I get everything moved over.

Dear Support,

I have created the transport rule in exchange 2013 i.e. when one external user (abc@gmail.com) send email to one internal user i.e. (Support@contoso.com) then that email get blocked with explaination but issue is external user not able to receive any notification email regarding blocked email.

If I created the same rule with internal user then they are getting the notification, please let me know what could be the issue why external user failed to trigger the notification.

Exchannge Version: Exchange 2013 15.0.847.32

Appreciate your quick response regarding the same.

Regards,

Hakim. B

Hakim.B Sr.System Administrator

Very simple network: single server with one VM that is a DC, one that is Exchange 2010 and one that is Exchange 2013. Just moved from SBS 2003 to Exchange 2010 last month, and then only as the required step on the way to 2013.

I have now implemented Exchange 2013. All mailboxes have been migrated to the DB on 2013, Outlook connected to the 2013 server, and inbound SMTP is directed to the 2013 server. This was a very straightforward 2013 installation with pretty much all default settings and with no plan to have the two servers co-exist longer than necessary. But I am sure there was a lot more going on behind the scenes regarding failover and server-to-server communications, and I suspect that I could leave a lot of stuff orphaned if I just uninstall Exchange 2010, then shut down the VM and remove that server from the domain.

Does anyone have a good step-by-step process for now removing Exchange 2010 without breaking anything or leaving obsolete objects in AD? Is it just as simple as uninstalling Exchange 2010 from that server, or are there specific steps to tell AD (and/or the Exchange 2013 server) that some Exchange-related roles have now moved to the 2013 server, etc?

Our company has been infected with locky ransomware and what they are seeing is email coming from random Internal valid addresses via exchange which has got different attachments which contain malware. They have ran anti malware on client machines and have cleared malwares and also from servers. However they dont have any sort of security solution on exchange server apart from AV. 

Now i wants to know what is the best way to stop this Internal spam and delete these email. Few things to mention :

- Emails come from valid email addresses

- They have different malware attachments + Subjects 

Appreciate your inputs

When we send emails over about 15 MB in size to other Exchange servers in our system, or to an external email provider, we sometimes see this error---

----

==

We have checked many network settings (based on information in various forum items about this error), and we think that is not the problem.

This only happens at one of our Exchange locations.     
The other locations can send emails of 25 MB and they are delivered correctly / no errors.
The ping time from the  location sending emails,  to the Exchange location receiving emails,  is 430 ms.
That connection is over the Internet with a VPN.

It seems like Exchange thinks this is taking too long, or too many attempts, or something like that.
   (Since somewhat smaller emails are delivered OK.)

Is there an Exchange configuration parameter in Transport service or similar, that we can change, to tell Exchange to "wait a little longer",   before issuing that error ?

Thanks

Exchange 2013 CU10,  Windows server 2012 Standard, Outlook 2013, 
SMTP,

=======

Hello,

I've noticed not all of my mail from certain recipients not always being delivered. When looking in the tracking logs I notice the following error when I search for the sender mail adress:

No suitable shadow servers,,SMTP,HAREDIRECTFAIL

Googling this does not come up with much, does anyone have a clue what this could mean?

Using Server 2012 Std. and Exchange 2013 Version 15.0 ‎(Build 620.29)‎

Hi ,

In exchange 2013 sp1 SUBMITFAIL event id is happening for some messages .But at the second time that the same message is delivered perfectly to the end users.

My question is simple ,is this an bug in exchange 2013 sp1 if so on which CU it will be corrected ?We have to update to our customers so all of us please provide your suggestions as soon as possible.

Thanks & Regards S.Nithyanandham

Hey Guys,

In a hybrid deployment with O365 and exchange 2013. Does a third party smart host like MXlogic or Zerospam work with EOP or does it cause problems? I am told that using a third party smart host with EOP will not work but it seems it does.

Is it better to use on premises Edge server for smart hosting? Just unsure from Microsoft documentation and my 70-342 is in a few weeks. Any help would be great! smile emoticon

Hi everyone,

I have distributive group on my Exchange 2013 server some.name@myorganisation.com and it is used for communication between members of that group. There are 15 members of that group. Now we need to include external member (external.member@partner.com) to that group.

I allowed mails to be sent to my group from outside organization and set transport rule to reject mail sent from outside organization except mail sent fromexternal.member@partner.com. It all works fine but I have some issues. When mail is rejected because it is not permitted sender I get NDR with reason why email is rejected (Sender is not permitted) and below list of all emails members of that group to which email is not delivered. I find that pretty much excessive as it reveals all members of my group. Also all of members get undelivered report  which is not needed at all and is confusing for all users. It is pretty messy to look at those messages and is also somewhat security issue since spammer can get confirmation of existence of each emails in that group which makes them easy targets for future spam. 

My question is if is there any way for these messages to be rejected silently without any NDR and undelivered report to each member of that group?

We just migrated to exchange 2010 and now I am having the most difficult time doing what used to be simple and quick in 2003.

I need to export to a spreadsheet the people who are in "Only Senders in the following list:" in the message delivery restrictions.

Does someone have the powershell code?

On a side note, the accounts are all truncated despite there being plenty of "white space" making the view useless.