Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 4249 articles
Browse latest View live

Internal Mail Routing Between HUB servers Is Not Working Correctly

$
0
0

Howdy, Been scratching my head on this one for a while. 

First off, running Exchange 2010 Sp3 RU5 across the board. 

I have attached a diagram of our environment for visual aid. Please take a look as it makes more sense. 

I have drawn the correct mail flow in black and what is happening in red.

Forest A Site A, has a dedicated edge, dedicated Hub and dedicated CAS 

Forest A Site A child domain 1, has a multi-roled MBX,HUB,CAS

Forest A Site B child domain 2, has a multi-roled MBX,HUB,CAS

Forest B Site C, has a multi-roled MBX,HUB,CAS

Mail flows TO child domain 2 just fine, but outgoing mail from that same domain keeps routing through HUB in child domain 1 instead of HUB in forest root domain. 

The send connector for the organization in Forest A is configured to only send through the dedicated HUB server in Forest A. The Receive connector in Forest A's HUB is also configured correctly. But no matter what i do, mail outgoing from child domain 2 continues to flow to child domain 1 instead of through the dedicated HUB server. 

Mail needs to flow so for now i added the HUB in child domain 1 as a source server in the organization's send connector and set up the receive connector in child domain 1 to allow a work around for now. 

I think this is an issue in the routing group connector but its just a guess. Any ideas? 




Hide recipient address

$
0
0

We want to create an anonymous mailbox, which could only receive mail. And whenever it receives mail, it is unable to see FROM address.

So, what we want is to create mailbox, let's say anonymous@company.com. Each mail sent to this email would be redirected/forwarded to some marketing staff. And these marketing staff people should NOT see the mail senders' addresses.

For example,

  • katya@gmail.com sends compliance email to anonymous@company.com.
  • This mail redirects to marketing@company.com.
  • And people in marketing distribution group are unable to see "katya@gmail.com" in FROM field.

How we could accomplish it?

Attachment Filtering

$
0
0
Its my understanding that attachment filtering was deprecated in Exchange 2013? We were using forefront protection 2010 to strip zip attachments from the e-mails. After migration to Exchange 2013 this functionality doesn't work since you can't install the Attachment Filter Transport Agents. I'd like to stay away from installing Exchange 2010 edge transport role to remove zip's. Is anyone aware of any third party transport agents to strip attachments? preferably free... 

Unable to send via SMTP when mailbox is not on a client access server

$
0
0

I have an issue with sending mail via authenticated SMTP in a multi-server environment. My environment is as follows:

  • 1x multi role server (hostname EX1)
  • 2x mailbox server (hostnames MB1 and MB2)

All are running Exchange 2013. Now to begin, all three are very much in a default configuration, and all core functionality is working perfectly. I have no mailflow issues in or out from the client access server, and as long as one is only using typical exchange connections, every mailbox on every server works fine. Activesync accounts on phones etc. work fine, RPC over HTTPS connections in Outlook work fine. My only issues is a recently discovered one.

For the first time, one of our users has a need to be able to set up their accounts using IMAP and SMTP rather than as an Exchange account. Let's just take this as a given rather than preaching around alternates as I've been left with no option but to get this working.

One sets up an IMAP account in the typical way just fine. A single external DNS FQDN has been set up for our server which is used as both the IMAP server and the outgoing SMTP Server. The issue I experience is that when the mailbox that's being used to authenticate exists on EX1, the client access server, it can send fine. When that mailbox is moved to MB1 or MB2 or indeed if any other mailbox on MB1 or MB2 is used it can no longer send. In both instances the IMAP portion continues to function without issue and the account can receive mail, but cannot send.

When sending I have tried two alternatives:

  • If I attempt to send with no authentication then, as I would expect, I receive an NDR stating that I am not allowed to relay.
  • If I attempt to send with authentication on I receive password prompts and the sending account refuses to authenticate, even though I'm using known-good credentials, as all I have done is ticket the "use the same details for outgoing as for incoming" box with a working incoming connection as mentioned above

Now whilst my experience here is limited, for me the crux of this comes down to being able to authenticate for outgoing SMTP when the mailbox is on EX1, but NOT being able to authenticate for outgoing SMTP when the same mailbox is moved to MB1.

I'm guessing this is going to turn out to be something obvious, as it feels in my gut like it SHOULD be obvious, but I've been looking at it so long now that I just can't see it. I'm fairly certain from the above that the crux of the issue lies in authentication when the mailbox is on a mailbox server rather than a client access server, but any thoughts on a specific possible cause would be great!

Many thanks in advance.


Exchange 2013 Catchall rules for specific domain

$
0
0

Hello - I have a secondary domain that I want to forward all emails from into a specific address.  So I wrote a rule that I think should cover it:

Apply rule if: The recipient address includes "@domain.com".

Do the following: Redirect the message to: "mailbox that I know works in my primary domain"

When I send a test email to a non-existing mailbox, I get a response back RESOLVER.ADR.RecipNotFound which tells me it's trying to find the mailbox before it fires the rule.  This rule is the first rule to fire.

Any ideas?


~David

Default Frontend Receive Connector - Why is the "ExchangeServer" Auth Mechanism enabled by default?

$
0
0

I'm looking for clarification of the default mail flow behaviour of Exchange Server 2013 please. Basically, I'm having a hard time trying to understand why the "ExchangeServer" Auth Mechanism is enabled by default on the Default Frontend Receive Connector of the CAS Frontend Transport Service.

The only situation that I believe this would be necessary for this receive connector is when the respective (multi-roled) CAS box is in the subscribed site of an Edge Transport Server (2013), as it would be required to accept mail from the 2013 Edge Transport server using this secure server authentication method.

Am I correct in my assumption that this is the only scenario where the ExchangeServer Auth mechanism would be used on this receive connector? I would like to be certain, as my environment does not contain an Edge Transport server and I would like to change the HELO/EHLO request hostname to something that can be resolved publicly (and because this would differ from the FQDN of the server, this would require me to uncheck the ExchangeServer Auth mechanism for this receive connector).

Thank you in advance.
Barry

Slow mail flow?

$
0
0

Hi all!

I installed Exchange 2013 CU1 on Server 2012. I have 2 2012 one for AD and one for Exchange. This is small enviroment, EX2013 has 8GB of RAM and 10 users on it. We recive around 150 mails per day and send about 100 mails per day so this is very low resource usage...

When we were on exchange 2010 SP3, when I sent mail to gmail account which is configured to send mail back to me it all took around 10 seconds tops!

Now it takes waaay more, see attached image....

Any idea why it is so slow?

Regards,

Greg

How to Filter outgoing mails according to certain words

$
0
0

Hello everybody! forgive me for my ignorance in my next question: I am asked to set my exchange server mail to filter mails depending on the content the user is sending:

If a user sends a mail my server should be capable to filter those mails that contain words like anal impaler, Arsehole, ass hole, and so on...

So it depends on what the content of the mail has it that is going to be filtered. IF the mail was not sent will appear as Undelivered message.

Of course first we need to create some polices to determine when a message must be filtered as the one i gave as an example and other terms....

Is this possible? if so, how could i do it? Best regards!! 


send connector and mail flow

$
0
0

I am co-existing between 2010 and 2013

server 1 at Datacenter1

server 2 at Datacenter2

server 3 at Remote Site

In my existing send connector I only have server 1 and server 2 however I just sent and email from a mailbox at server 3 externally and it did not route through any of the servers in the send connector. How do I stop this ad force it to use only what's in the send connector?

co-existence

$
0
0

I created my first test mailbox on exchange 2013, when I mail a user still on 2010 in our org it just goes to queue, in fact there is a bunch of stuff in there.

The test account can however receive email from 2010 just fine.

And whats really strange is that it works perfectly with external accounts both outbound and inbound so its some sort of internal routing from 2013 to 2010.

All I see is 400.4.4.7 Message delayed in the queue

Ideas?




451 4.7.0 Temporary server error. Please try again later. PRX2

$
0
0
I'm getting the dreaded "

451 4.7.0 Temporary server error. Please try again later. PRX2

" error when receiving SMTP mail.

does anyone know exactly what causes this error? there are many references to it on the web, but nobody seems to know exactly what causes it. maybe it's something to do with DNS?

can someone please ask someone on the exchange team to help document this?


How to know if somebody else accessed my account

$
0
0

Holle everybody, 

I have a problem and your help is appreciated, I think my account is accessed by somebody else. 

Can anybody tell me the steps how to identify them? 

I will be thankful. 

Symantec Mail security & Forefront protection for Exchage on same environment

$
0
0

We are Running Symantec Mail security on Edge transport with all strict antispam policies but still some users once in a while recieve a spam here or there ,so we are planning to install Forefront Protection for exchange on hub transport , so both products are running , is this a do able scnerio , will we face any issues....please suggest from Microsoft point of view,

Set Default receive connector exchange 2010

$
0
0

Hi All

We have three exchange servers setup presently, one mailbox and two CAS/Hub transport.

Each hub transport server has a receive connector setup.  How do I change the defaut server for the receive connector for mails sent internally to each other?  Presently it is using the EXCH.client.local but I would like to change it to the other server CAS01.client.local

Running Exchange 2010.

Received: from mailboxserver.client.local ([fe80::cca6:bba4:8cd8:d08e]) by

 EXCH.client.local ([::1]) with mapi id 

[PS] C:\Windows\system32>Get-ReceiveConnector

Identity                                Bindings                                Enabled
--------                                --------                                -------
EXCH\Client EXCH           {:::587, 0.0.0.0:587}                   True
EXCH \Default EXCH           {:::25, 0.0.0.0:25}                     True
EXCH \Printer Connection           {172.16.1.10:25}                        True
CAS01\Default CAS01           {:::25, 0.0.0.0:25}                     True
CAS01\Client CAS01            {:::587, 0.0.0.0:587}                   True
CAS01\Printer Connection           {192.168.1.14:25}                       True

Thanks

Brian


Exchange 2010 - The certificate status could not be determined because the revocation check failed.

$
0
0

I have tried everything I have found online to get my DigiCert to work.

I have exported the cert and imported it into my child domains and they look perfect.

It is just my parent domain having issues.

netsh winhttp show proxy

does show my correct proxy server for http and https and port 8080

I have tried name, FQDN and IP address.

In the Bypass-list I have tried none, *.domain.com, and a list of all domains and child domains in my forest.

I have flushed the cache

certutil -urlcache crl delete
certutil -urlcache ocsp delete

and rebooted the Exchange 2010 (Windows 2008 R2) server

No matter what, I still see in my Server Configuration for the parent domain's DigiCert cert the message

The certificate status could not be determined because the revocation check failed.

with a red X on the left hand icon.  Again, Child domains all say "The certificate is valid for Exchange Server usage."

Note: In spite of having the red X, I was able to assign via EMS the services.

Webmail works fine.  Outlook Anywhere fails... I suspect it is due to my red X problem.

Suggestions?

Thanks in Advance

Jim.


Jim.


Transport Rule - Mail Tip Per Domain

$
0
0

I need to setup a transport rule to do the following:

If mail sent from a group of users, lets call it Group1

Apply a policy tip that blocks the message and allows override

Except if the message is sent to a member of Group1.

Sounds simple, right? But, I can't find a rule setup that gives me what I need.

Any help would be appreciated!!

550 5.7.1 RESOLVER.RST.AuthRequired; authentication required

$
0
0

Following error i get  when sending mail to SharePoint mail enabled library. It create contac  with  non ruted domain. Domain is not public. Let say that ending of domain is LOC. So it is not registered public domain…

 And it is A  contact, not Distribution group. Let put it , that that name  of the contact is : libaray@sharpoint.noreg.loc

I have setup Hybrid. All Exchange server s  are Exchange 2013 CU5.

To make it work, I have tried to send mail, to that library through share mailbox or transport rule…. Every time I send mail from outside organization or from mailbox, that is hosted in O365 I get following error :

libaray@sharpoint.noreg.loc<- I did use   email of shared mailbox , but that is returned

Your message can't be delivered because delivery to this address is restricted.

Diagnostic information for administrators:

Generating server: MBX01. noreg.loc

libaray@sharpoint.noreg.loc

Remote Server returned '550 5.7.1 RESOLVER.RST.AuthRequired; authentication required'

 

Massage tracking loge, gives me following error :

RunspaceId              : 9fd72017-0941-42f0-8625-b58b1c79b367

Timestamp               : 6/12/2014 3:30:03 PM

ClientIp                :

ClientHostname          :  MBX01

ServerIp                :

ServerHostname          :

SourceContext           :

ConnectorId             :

Source                  : ROUTING

EventId                 : FAIL

InternalMessageId       : 20190641259111

MessageId               : <0a5303866c7d4ceca0accfa7b78bf053@DB4PR01MB317.eurprd01.prod.exchangelabs.com>

Recipients              : {libaray@sharpoint.noreg.loc}

RecipientStatus         : {[{LRT=};{LED=550 5.7.1 RESOLVER.RST.AuthRequired; authentication required};{FQDN=};{IP=}]}

TotalBytes              : 10261

RecipientCount          : 1

RelatedRecipientAddress :

Reference               : {<91a7f625-60e6-4070-a834-b120d77d4c41@ MBX01.noreg.loc>}

MessageSubject          : test 1111

Sender                  : TestUser@publicdomain.com

ReturnPath              : TestUser@publicdomain.com

Directionality          : Incoming

TenantId                :

OriginalClientIp        :

MessageInfo             :

MessageLatency          :

MessageLatencyType      : None

EventData               : {[DeliveryPriority, Normal], [ExternalOrgIdNotSetReason, ]}

Additional Info   : 

Customer has internal domain whom  FQDN is noreg.loc. They have SharePoint  farm.  Farm has several  mail enabled document libraries.   Email enabled libraries has  FQDN  of sharepoint.noreg.loc.  They have  about 100 of those mail enabled libraries.  When library is crated it create contact, that islibrary1@sharepoint.noreg.loc,library2@sharepoint.noreg.loc , and so on...

Internal users can send  mail to that SharePoint library, works.  It has stopped working for those  whose  mailbox »user« is moved to  Office 365.

Now i have a problem. Because domain noreg.loc and sharepoint.noreg.loc is publically non-rutable domain, i do not wont to change  all emails addresses of library, I will  or I`m trying to do workaround.

First detailed  of contact : library1@sharepoint.noreg.loc

-         External SMTP : library1@sharepoint.noreg.loc

-         Alternate email : library1@customer.mail.onmicrosoft.com, library1@publicdomin.com

I can not use distribution group, and sync it to office 365. Because expansion of members in that distribution group, will happened  in Office 365 Exchange server. That will end up with error non existing domain forlsharepoint.noreg.loc.

 So I have tried with shared mailbox, that has setup forward to contact library1@sharepoint.noreg.loc.  I know that shared mailbox, has pickup mail, because, I have forget to set it, that every one can send to these recipient.  When that is setup,  mail is received, and transferred to  library1@sharepoint.noreg.loc , where it failed with error  authentication required.  Server that   send  error is Mailbox server “Exchange 2013”.

I will try to setup classical mailbox, with forward to contact, but that would use local licences, that I do not wont.

I need to setup  default receive connector on MBX server to allow  no-authenticated “server”  to relay, which I thing is security problem.

I do not understand why would sending mail to contact, required  authentication 

HealthMailbox....... thousands of tranfers appearing in SPAM quarantine

$
0
0

I've asked this question on another forum without an answer so I thought I would try here.

This relates to Exchange 2013.  During Friday through to Monday I am picking up thousands of spam items sent frominboundproxy@inboundproxy.com and up to five HealthMailboxes are involved.  The healthmailboxes have accounts in AD and appeared during the Exchange installation.

Here is and example -

Diagnostic information for administrators:

Generating server: EXCHANGE2.xxxxx.yyyyyyyy.yy.yy

HealthMailbox168a97e4814144848b101e39c3482fca@xxxxx.yyyyyyyy.yy.yy
#550 5.2.1 Content Filter agent quarantined this message ##

Original message headers:

Received: from EXCHANGE2.xxxxx.yyyyyyyy.yy.yy (192.168.0.72) by
 EXCHANGE2.xxxxx.yyyyyyyy.yy.yy (192.168.0.72) with Microsoft SMTP Server
 (TLS) id 15.0.516.32; Mon, 19 Nov 2012 19:20:48 +0000
Received: from InboundProxyProbe (::1) by EXCHANGE2.xxxxx.yyyyyyyy.yy.yy
 (::1) with Microsoft SMTP Server id 15.0.516.32 via Frontend Transport; Mon,
 19 Nov 2012 19:20:48 +0000
Subject: Inbound proxy probe
Message-ID: <2e1d9dd2-d71e-4c23-9b5a-b8e12c109e57@EXCHANGE2.xxxxx.yyyyyyyy.yy.yy>
From: <inboundproxy@inboundproxy.com>
To: Undisclosed recipients:;
Return-Path: inboundproxy@inboundproxy.com
Date: Mon, 19 Nov 2012 19:20:48 +0000
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: Fail (EXCHANGE2.xxxxx.yyyyyyyy.yy.yy: domain of
 inboundproxy@inboundproxy.com does not designate ::1 as permitted sender)
 receiver=EXCHANGE2.xxxxx.yyyyyyyy.yy.yy; client-ip=::1;
 helo=InboundProxyProbe;

 
Can anyone spread light on this, is it normal behaviour and if not how can I stop it?  The exchange installation is on a green field domain.  The exchange server is an OOTB installation on a single VM.






How to get pst from Exchange 2007 server

$
0
0

Hi,

How to get pst from exchange server 2007 & 2010.

Regards

Anil

Default Exchange Server deleted

$
0
0

I deleted the default Exchange certificate and assigned a internet CA certificate to all services. Since then below error is constant,


Shahid Roofi

Viewing all 4249 articles
Browse latest View live


Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>