I have a user who cannot receive a message from a particular external sender. That senders assistant (same domain and server as the external sender with the issue) is able to forward the exact same message to my user and it arrives as it should. In message tracking, I can see the message came in through my smart host, through my front end and to the users mailbox server, where an NDR was generated.  We had the assistant forward us the NDR and it says:

There's a problem with the recipient's mailbox. Please try resending this message. If the problem continues, please contact your helpdesk.

From my 3rd party smart host/spam filter, I have a copy of the message in audit and when I forward it to myself, the same thing happens - it generates an NDR when it arrives at my Exchange mailbox server.  This makes me conclude that my end users mailbox isn't corrupt, rather it's something in the message header that our server doesn't like (I've seen this happen with other senders as well, but it is extremely rare and random).

Details/facts of my environment:
-Current production messaging system is Exchange 2003.
-Working on Exchange 2010 co-existence.
-This problem between this sender and us has been an issue before the introduction of Exchange 2010.
-I'm hoping to begin end user mailbox migrations to 2010 and will have the sender try again at that time, but I still have testing to do with our voice messaging system before I can begin moving end user mailboxes.

....Begin redacted NDR detail....
Remote Server returned '< #5.2.1>'
Original message headers:
Received: from fe.mydomain.com ([192.168.1.10]) by
 mailboxsrv.mydomain.com with Microsoft SMTPSVC(6.0.3790.4675);      Thu, 4 Sep
 2014 12:49:48 -0700
Received: from exc2010.mydomain.com ([192.168.1.50]) by
 fe.mydomain.com with Microsoft SMTPSVC(6.0.3790.4675);        Thu, 4 Sep
 2014 12:49:47 -0700
Received: from smtp.mydomain.com (192.168.1.49) by exch2010.mydomain.com
 (192.168.1.50) with Microsoft SMTP Server (TLS) id 14.3.210.2; Thu, 4 Sep 2014
 12:49:47 -0700
Received: from pps.filterd (PPMail.mydomain.com [127.0.0.1])   by
 PPMail.gsblaw.com (8.14.5/8.14.5) with SMTP id s84Jkb0n023682       for
 <myuser@mydomain.com>; Thu, 4 Sep 2014 12:49:47 -0700
Received: from na01-by2-obe.outbound.protection.outlook.com
 (mail-by2on0098.outbound.protection.outlook.com [TheirIP])    by
 PPMail.gsblaw.com with ESMTP id 1p6da7h0jw-1 (version=TLSv1/SSLv3
 cipher=AES256-SHA bits=256 verify=NOT)       for <Myuser@mydomain.com>; Thu, 04 Sep
 2014 12:49:42 -0700
Received: from Theirexchange.theirdomain.com (TheirinternalIP) by
 Theirexchange.theirdomain.com (TheirinternalIP) with Microsoft SMTP
 Server (TLS) id 15.0.1019.16; Thu, 4 Sep 2014 19:49:38 +0000
Received: from Theirexchange.theirdomain.com ([10.141.86.14]) by
 Theirexchange.theirdomain.com ([TheirinternalIP]) with mapi id
 15.00.1019.015; Thu, 4 Sep 2014 19:49:38 +0000
Content-Type: multipart/mixed;
        boundary="_000_9a166afd24964edda2d5439ba3dbe712DM2PR08MB445namprd08pro_"
From: Mr Sender <sender@theirdomain.com>
To: My User <myuser@mydomain.com>, "Another external recipient (someoneelse@anotherdomain.us)"
        <mike@vinco.us>
Subject: FW: A Subject
Thread-Topic: A Subject
Thread-Index: Ac/C2zn97ruwXQpoQtGNrjKOr1NckgFmNoeAAAEpQ2A=
Date: Thu, 4 Sep 2014 19:49:37 +0000
Message-ID: <9a166afd24964edda2d5439ba3dbe712@DM2PR08MB445.theirexchange.theirdomain.com>
References: <3340b0a848f04e3bbb488b4eda93d54e@DM2PR08MB445.theirexchange.theirdomain.com>
 <83FC8FC0E8B91C4594608EA214C0BBAD54BBB844@S1P5DAG8C.EXCHPROD.USA.NET>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: <9a166afd24964edda2d5439ba3dbe712@DM2PR08MB445.theirexchange.theirdomain.com>
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [internetIP]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 0324C2C0E2
x-forefront-antispam-report: SFV:NSPM;SFS:(10009015)(6009001)(189002)(199003)(377454003)(164054003)(64706001)(66066001)(19609705001)(15202345003)(50986999)(19300405004)(19625215002)(90102001)(80022001)(20776003)(83322001)(101416001)(99936001)(76176999)(54356999)(81542001)(21056001)(19580395003)(86362001)(4396001)(92566001)(16236675004)(85852003)(551944002)(74502001)(83072002)(87936001)(74662001)(31966008)(107886001)(81342001)(76482001)(46102001)(85306004)(105586002)(33646002)(15975445006)(99396002)(76576001)(74316001)(77982001)(79102001)(95666004)(108616004)(2656002)(106356001)(99286002)(24736002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR08MB446;H:DM2PR08MB445.namprd08.prod.outlook.com;FPR:;MLV:sfv;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.27,0.0.0000
 definitions=2014-09-04_03:2014-09-04,2014-09-04,1970-01-01 signatures=0
X-Proofpoint-Spam-Reason: safe
Return-Path: sender@theirdomain.com
X-OriginalArrivalTime: 04 Sep 2014 19:49:47.0046 (UTC) FILETIME=[61900460:01CFC879]

MX>

1, cotonso-c0mi.mail.protection.outlook.com > 213.199.154.87, 213.199.154.23

100, mail.messaging.microsoft.com >207.46.163.247,207.46.163.215,207.46.163.138

Hi,

I would like find out some information and clarification with above MX record setup

1) Do EOP setup always can add mail.messaging.microsoft.com as secondary MX record?

2) What if on premise Exchange not available, do the EOP retry send for 48 hrs?

3) Are the 2 MX record work the same on resending and retry in the event on premise Exchange not available?

4) Is this a recommended way or best practice?

Dear Team,

we are using Microsoft Exchange 2003 & 2010 Server for Emails, now we have both servers are connected, we want to raise new Single incident request for doing this activity, we want disconnect 2003 server from 2010 server so accordingly need support, we are ready to pay for this incident, 

pls do the needful,

Thanks & regards

Anteshwar Bhosale

I have a client who has multiple sites. Their exchange server receives "scan to email" emails from a Canon C2020 Digital Multifunction on a different site. To stop the Exchange 2013 Spam filter blocking the emails, I set up a Transport Rule.

The rule has the following properties

1. If the Sender Address matches canon.device@gmail.com
2. Set the SCL to 3
3. Generate an incident report and email to the system admin, and inlcude the original email
4. Is the 3rd of 3 rules (the prior 2 add Disclaimers to outgoing emails depending on who the sender is)

Simple enough right.

Wrong - some staff scan to email repeatedly and the scan arrives ok in their inbox.  Others, it simply will not let the email thru, and instead places the email into the Spam Mailbox.  I open the blocked email, click on Send Again and it arrives for the user.

Is the Transport Rule functionality buggy or prone to odd behaviour.  I have sat and read through the Rule so many times it is tattooed onto my retina.

The Email addresses for all users are created by an Email address policy so all are a consistent format = Firstname + Surname 1st Initial@contoso .com.

There have been times where I have wondered if the rules are case sensitive when assessing the email addresses.

Any thoughts to put me out of my misery, please show me where I have done wrong....

Get-TransportRule returns

[PS] C:\Windows\system32>Get-TransportRule "[Cust-sos-IN] Reset SCL on Scanner emails" | Format-List

RunspaceId                                   : 7f9c4f6e-7d35-409e-acf9-cbb272720b8c
Priority                                     : 2
DlpPolicy                                    :
DlpPolicyId                                  : 00000000-0000-0000-0000-000000000000
Comments                                     :
ManuallyModified                             : False
ActivationDate                               :
ExpiryDate                                   :
Description                                  : If the message:
                                                   Is sent to 'Accounts@contoso.com' or
                                              'Administration@contoso.com' or'Allan@contoso.com' or
                                              'FredaM@contoso.com' or 'Client.Services.Manager@contoso.com' or
                                              'DonnyY@contoso.com' or 'ElenB@contoso.com'or...
                                                   and Includes these patterns in the From address:
                                              'canon.device@gmail.com'
                                               Take the following actions:
                                                   Set the spam confidence level (SCL) to '3'
                                                   and Send the incident report to SharonK@contoso.com, Include
                                               original mail

RuleVersion                                  : 15.0.2.0
Conditions                                   : {SentTo, FromAddressMatches}
Exceptions                                   :
Actions                                      : {SetSCL, GenerateIncidentReport}
State                                        : Enabled
Mode                                         : Enforce
RuleSubType                                  : None
UseLegacyRegex                               : False
From                                         :
FromMemberOf                                 :
FromScope                                    :
SentTo                                       :{Accounts@contoso.com, Administration@contoso.com,
                                              AmandaC@contoso.com, AshleyM@contoso.com,
                                              Client.Services.Manager@contoso.com,DonnaY@contoso.com,
                                              EbonieB@contoso.com, FranR@contoso.com, Intake@contoso.com,
                                              JoP@contoso.com, LenoreL@contoso.com, MarinaL@contoso.com,
                                              NatashaS@contoso.com, NiamhS@contoso.com, UnaG@contoso.com,
                                              Helpdesk@Acontoso.com...}
SentToMemberOf                               :
SentToScope                                  :
BetweenMemberOf1                             :
BetweenMemberOf2                             :
ManagerAddresses                             :
ManagerForEvaluatedUser                      :
SenderManagementRelationship                 :
ADComparisonAttribute                        :
ADComparisonOperator                         :
SenderADAttributeContainsWords               :
SenderADAttributeMatchesPatterns             :
RecipientADAttributeContainsWords            :
RecipientADAttributeMatchesPatterns          :
AnyOfToHeader                                :
AnyOfToHeaderMemberOf                        :
AnyOfCcHeader                                :
AnyOfCcHeaderMemberOf                        :
AnyOfToCcHeader                              :
AnyOfToCcHeaderMemberOf                      :
HasClassification                            :
HasNoClassification                          : False
SubjectContainsWords                         :
SubjectOrBodyContainsWords                   :
HeaderContainsMessageHeader                  :
HeaderContainsWords                          :
FromAddressContainsWords                     :
SubjectMatchesPatterns                       :
SubjectOrBodyMatchesPatterns                 :
HeaderMatchesMessageHeader                   :
HeaderMatchesPatterns                        :
FromAddressMatchesPatterns                   :{canon.sos@gmail.com}
AttachmentNameMatchesPatterns                :
AttachmentExtensionMatchesWords              :
HasSenderOverride                            : False
MessageContainsDataClassifications           :
SenderIpRanges                               :
SCLOver                                      :
AttachmentSizeOver                           :
MessageSizeOver                              :
WithImportance                               :
MessageTypeMatches                           :
RecipientAddressContainsWords                :
RecipientAddressMatchesPatterns              :
SenderInRecipientList                        :
RecipientInSenderList                        :
AttachmentContainsWords                      :
AttachmentMatchesPatterns                    :
AttachmentIsUnsupported                      : False
AttachmentProcessingLimitExceeded            : False
AttachmentHasExecutableContent               : False
AnyOfRecipientAddressContainsWords           :
AnyOfRecipientAddressMatchesPatterns         :
ExceptIfFrom                                 :
ExceptIfFromMemberOf                         :
ExceptIfFromScope                            :
ExceptIfSentTo                               :
ExceptIfSentToMemberOf                       :
ExceptIfSentToScope                          :
ExceptIfBetweenMemberOf1                     :
ExceptIfBetweenMemberOf2                     :
ExceptIfManagerAddresses                     :
ExceptIfManagerForEvaluatedUser              :
ExceptIfSenderManagementRelationship         :
ExceptIfADComparisonAttribute                :
ExceptIfADComparisonOperator                 :
ExceptIfSenderADAttributeContainsWords       :
ExceptIfSenderADAttributeMatchesPatterns     :
ExceptIfRecipientADAttributeContainsWords    :
ExceptIfRecipientADAttributeMatchesPatterns  :
ExceptIfAnyOfToHeader                        :
ExceptIfAnyOfToHeaderMemberOf                :
ExceptIfAnyOfCcHeader                        :
ExceptIfAnyOfCcHeaderMemberOf                :
ExceptIfAnyOfToCcHeader                      :
ExceptIfAnyOfToCcHeaderMemberOf              :
ExceptIfHasClassification                    :
ExceptIfHasNoClassification                  : False
ExceptIfSubjectContainsWords                 :
ExceptIfSubjectOrBodyContainsWords           :
ExceptIfHeaderContainsMessageHeader          :
ExceptIfHeaderContainsWords                  :
ExceptIfFromAddressContainsWords             :
ExceptIfSubjectMatchesPatterns               :
ExceptIfSubjectOrBodyMatchesPatterns         :
ExceptIfHeaderMatchesMessageHeader           :
ExceptIfHeaderMatchesPatterns                :
ExceptIfFromAddressMatchesPatterns           :
ExceptIfAttachmentNameMatchesPatterns        :
ExceptIfAttachmentExtensionMatchesWords      :
ExceptIfSCLOver                              :
ExceptIfAttachmentSizeOver                   :
ExceptIfMessageSizeOver                      :
ExceptIfWithImportance                       :
ExceptIfMessageTypeMatches                   :
ExceptIfRecipientAddressContainsWords        :
ExceptIfRecipientAddressMatchesPatterns      :
ExceptIfSenderInRecipientList                :
ExceptIfRecipientInSenderList                :
ExceptIfAttachmentContainsWords              :
ExceptIfAttachmentMatchesPatterns            :
ExceptIfAttachmentIsUnsupported              : False
ExceptIfAttachmentProcessingLimitExceeded    : False
ExceptIfAttachmentHasExecutableContent       : False
ExceptIfAnyOfRecipientAddressContainsWords   :
ExceptIfAnyOfRecipientAddressMatchesPatterns :
ExceptIfHasSenderOverride                    : False
ExceptIfMessageContainsDataClassifications   :
ExceptIfSenderIpRanges                       :
PrependSubject                               :
SetAuditSeverity                             :
ApplyClassification                          :
ApplyHtmlDisclaimerLocation                  :
ApplyHtmlDisclaimerText                      :
ApplyHtmlDisclaimerFallbackAction            :
ApplyRightsProtectionTemplate                :
SetSCL                                       : 3
SetHeaderName                                :
SetHeaderValue                               :
RemoveHeader                                 :
AddToRecipients                              :
CopyTo                                       :
BlindCopyTo                                  :
AddManagerAsRecipientType                    :
ModerateMessageByUser                        :
ModerateMessageByManager                     : False
RedirectMessageTo                            :
RejectMessageEnhancedStatusCode              :
RejectMessageReasonText                      :
DeleteMessage                                : False
Disconnect                                   : False
Quarantine                                   : False
SmtpRejectMessageRejectText                  :
SmtpRejectMessageRejectStatusCode            :
LogEventText                                 :
StopRuleProcessing                           : False
SenderNotificationType                       :
GenerateIncidentReport                       :SharonK@contoso.com
IncidentReportOriginalMail                   : IncludeOriginalMail
RouteMessageOutboundConnector                :
RouteMessageOutboundRequireTls               : False
Identity                                     : [Cust-sos-IN] Reset SCL on Scanner emails
DistinguishedName                            : CN=[Cust-sos-IN] Reset SCL on Scanner
                                               emails,CN=TransportVersioned,CN=Rules,CN=Transport
                                               Settings,CN=Contoso,CN=Microsoft
                                               Exchange,CN=Services,CN=Configuration,DC=CONTOSO,DC=LOCAL
Guid                                         : 5d1dbc9b-3718-4874-9552-296e8b98d874
ImmutableId                                  : 5d1dbc9b-3718-4874-9552-296e8b98d874
OrganizationId                               :
Name                                         : [Cust-sos-IN] Reset SCL on Scanner emails
IsValid                                      : True
WhenChanged                                  : 17/03/2015 2:37:06 PM
ExchangeVersion                              : 0.1 (8.0.535.0)
ObjectState                                  : Unchanged

Hi,

I was wonder if anyone has any advice or solution for the below:

I have a situation where we want a single email address in our dns namespace e.g. user@abc.com to be routed to a secondary mail server on our network. The @abc.com portion must be maintained.

I have read a number of article on setting up exchange and other mail server sharing the same namespace,  however I only want a specific email address to be routed, not all addresses not found sent to secondary server.

Thanks in advance.

Peter

Office Server Addict

I'm trying combat a "grey-list" issue by changing the Message Retry Interval to 15 min from 1 min. I did this change about 12 hours ago and I my test messages are still sitting in queue. I suspect a service restart is needed. Any ideas?

Set-TransportServer SAC79906MAILP01 -MessageRetryInterval 00:15:00

Thanks much! :-)

I have a user who cannot receive a message from a particular external sender. That senders assistant (same domain and server as the external sender with the issue) is able to forward the exact same message to my user and it arrives as it should. In message tracking, I can see the message came in through my smart host, through my front end and to the users mailbox server, where an NDR was generated.  We had the assistant forward us the NDR and it says:

There's a problem with the recipient's mailbox. Please try resending this message. If the problem continues, please contact your helpdesk.

From my 3rd party smart host/spam filter, I have a copy of the message in audit and when I forward it to myself, the same thing happens - it generates an NDR when it arrives at my Exchange mailbox server.  This makes me conclude that my end users mailbox isn't corrupt, rather it's something in the message header that our server doesn't like (I've seen this happen with other senders as well, but it is extremely rare and random).

Details/facts of my environment:
-Current production messaging system is Exchange 2003.
-Working on Exchange 2010 co-existence.
-This problem between this sender and us has been an issue before the introduction of Exchange 2010.
-I'm hoping to begin end user mailbox migrations to 2010 and will have the sender try again at that time, but I still have testing to do with our voice messaging system before I can begin moving end user mailboxes.

....Begin redacted NDR detail....
Remote Server returned '< #5.2.1>'
Original message headers:
Received: from fe.mydomain.com ([192.168.1.10]) by
 mailboxsrv.mydomain.com with Microsoft SMTPSVC(6.0.3790.4675);      Thu, 4 Sep
 2014 12:49:48 -0700
Received: from exc2010.mydomain.com ([192.168.1.50]) by
 fe.mydomain.com with Microsoft SMTPSVC(6.0.3790.4675);        Thu, 4 Sep
 2014 12:49:47 -0700
Received: from smtp.mydomain.com (192.168.1.49) by exch2010.mydomain.com
 (192.168.1.50) with Microsoft SMTP Server (TLS) id 14.3.210.2; Thu, 4 Sep 2014
 12:49:47 -0700
Received: from pps.filterd (PPMail.mydomain.com [127.0.0.1])   by
 PPMail.gsblaw.com (8.14.5/8.14.5) with SMTP id s84Jkb0n023682       for
 <myuser@mydomain.com>; Thu, 4 Sep 2014 12:49:47 -0700
Received: from na01-by2-obe.outbound.protection.outlook.com
 (mail-by2on0098.outbound.protection.outlook.com [TheirIP])    by
 PPMail.gsblaw.com with ESMTP id 1p6da7h0jw-1 (version=TLSv1/SSLv3
 cipher=AES256-SHA bits=256 verify=NOT)       for <Myuser@mydomain.com>; Thu, 04 Sep
 2014 12:49:42 -0700
Received: from Theirexchange.theirdomain.com (TheirinternalIP) by
 Theirexchange.theirdomain.com (TheirinternalIP) with Microsoft SMTP
 Server (TLS) id 15.0.1019.16; Thu, 4 Sep 2014 19:49:38 +0000
Received: from Theirexchange.theirdomain.com ([10.141.86.14]) by
 Theirexchange.theirdomain.com ([TheirinternalIP]) with mapi id
 15.00.1019.015; Thu, 4 Sep 2014 19:49:38 +0000
Content-Type: multipart/mixed;
        boundary="_000_9a166afd24964edda2d5439ba3dbe712DM2PR08MB445namprd08pro_"
From: Mr Sender <sender@theirdomain.com>
To: My User <myuser@mydomain.com>, "Another external recipient (someoneelse@anotherdomain.us)"
        <mike@vinco.us>
Subject: FW: A Subject
Thread-Topic: A Subject
Thread-Index: Ac/C2zn97ruwXQpoQtGNrjKOr1NckgFmNoeAAAEpQ2A=
Date: Thu, 4 Sep 2014 19:49:37 +0000
Message-ID: <9a166afd24964edda2d5439ba3dbe712@DM2PR08MB445.theirexchange.theirdomain.com>
References: <3340b0a848f04e3bbb488b4eda93d54e@DM2PR08MB445.theirexchange.theirdomain.com>
 <83FC8FC0E8B91C4594608EA214C0BBAD54BBB844@S1P5DAG8C.EXCHPROD.USA.NET>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: <9a166afd24964edda2d5439ba3dbe712@DM2PR08MB445.theirexchange.theirdomain.com>
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [internetIP]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 0324C2C0E2
x-forefront-antispam-report: SFV:NSPM;SFS:(10009015)(6009001)(189002)(199003)(377454003)(164054003)(64706001)(66066001)(19609705001)(15202345003)(50986999)(19300405004)(19625215002)(90102001)(80022001)(20776003)(83322001)(101416001)(99936001)(76176999)(54356999)(81542001)(21056001)(19580395003)(86362001)(4396001)(92566001)(16236675004)(85852003)(551944002)(74502001)(83072002)(87936001)(74662001)(31966008)(107886001)(81342001)(76482001)(46102001)(85306004)(105586002)(33646002)(15975445006)(99396002)(76576001)(74316001)(77982001)(79102001)(95666004)(108616004)(2656002)(106356001)(99286002)(24736002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR08MB446;H:DM2PR08MB445.namprd08.prod.outlook.com;FPR:;MLV:sfv;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.27,0.0.0000
 definitions=2014-09-04_03:2014-09-04,2014-09-04,1970-01-01 signatures=0
X-Proofpoint-Spam-Reason: safe
Return-Path: sender@theirdomain.com
X-OriginalArrivalTime: 04 Sep 2014 19:49:47.0046 (UTC) FILETIME=[61900460:01CFC879]

Hi,

A user has just realised that only some of our emails from any user in our domain have been delivered to an external domain for the last month and a half.

We haven't had any reports from any other domains regarding the same issue. Just this one.

There doesn't seem to be any pattern to the emails that deliver and those that don't at the moment.

I have been shown an email that we know was not delivered to the external address in question.

I have checked the transport logs and it shows; EventId: HARedirectFail Source: SMTP

In the event viewer at the same time I have an information message with; Event ID: 103Source: ESENT

Running on MS Windows Server 2012, Exchange 2013, sophos pure message 4.0.

I would very much appreciate any input or help on this matter big or small.

Thanks

JCronies

Some mail that has SCL: 9 are not all going to 'Junk Email' folder. Most are, but some slip through. There are several organizations on this exchange system, and this is happening to all users.

Get-OrganizationConfig for SCLJunkThreshold is '4'

SCLJunkEnabled for users is 'Yes'

Here is the header of a message that was marked as spam but went to the Inbox:

Received: from MBX1.domain.com (192.168.2.5) by MBX2.domain.com
 (10.1.1.7) with Microsoft SMTP Server (TLS) id 15.0.775.38 via Mailbox
 Transport; Mon, 9 Jun 2014 09:02:44 -0700
Received: from CAS2.domain.com (10.1.1.2) by MBX1.domain.com
 (192.168.2.5) with Microsoft SMTP Server (TLS) id 15.0.775.38; Mon, 9 Jun
 2014 09:01:20 -0700
Received: from smtp1.domain.com (10.1.1.3) by CAS2.domain.com
 (10.1.1.2) with Microsoft SMTP Server id 15.0.775.38 via Frontend Transport;
 Mon, 9 Jun 2014 09:02:43 -0700
Received: by smtp1.domain.com (Postfix, from userid 501)    id 2293BC033F;
 Mon,  9 Jun 2014 08:19:13 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    smtp1.domain.com
X-Spam-Level:
X-Spam-Status: No, score=1.0 required=3.0 tests=BAYES_00,DATE_IN_PAST_06_12,
    HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET shortcircuit=no autolearn=no version=3.3.1
Received: from web2.domain.com (web2.domain.com [1.2.3.4])    by
 smtp1.domain.com (Postfix) with ESMTP id 6D6D8C02E2;    Mon,  9 Jun 2014
 08:19:07 -0700 (PDT)
Received: from [198.0.89.233] (port=22316 helo=easthou-dc1.ehosm.com)    by
 web2.domain.com with esmtp (Exim 4.80.1)    (envelope-from
 <infiltratora2@raywhite.com>)    id 1Wu1wH-0006gx-GG; Mon, 09 Jun 2014 08:56:50
 -0700
Message-ID: <7J2N7PLH.6428091@raywhite.com>
Date: Mon, 9 Jun 2014 07:33:39 +0000
From: American Express Customer Service <AmericanExpress@welcome.aexp.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <user@domain.com>
Content-Type: multipart/alternative;
    boundary="------------000101080607090805060900"
Subject: ***SPAM*** American Express - Safe Key
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web2.domain.com
X-AntiAbuse: Original Domain - domain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - raywhite.com
X-Get-Message-Sender-Via: web2.domain.com: mailgid no entry from get_relayhosts_entry
Return-Path: infiltratora2@raywhite.com
X-MS-Exchange-Organization-Network-Message-Id: 45f62fb3-2fdb-4efa-5a86-08d152133032
X-MS-Exchange-Organization-SCL: 9
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;TIME:TimeBasedFeatures;OrigIP:unavailable
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: CAS2.domain.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 37303A291EC25A6B637562

Hello Guys,

I need some help as I have already tried the procedure to block zipped files in exchange online (Office 365).

I assume the content filtering policy or malware policy is overtaking in someway, but I cannot get the outcome as mentioned in the above scenario.

My goal is to trap all the emails with attachments containing .zip, .exe, .bat and .rar extensions to be moved to the quarantine mailbox. 

Hello everyone,

I recovered the exchange 2013 C7 and now I'm receiving a message error when I try to open the admin ECP page, Mail flow, Rules.I get the message error: "Your request couldn't be completed. Please try again in a few minutes." If I try to create a new rule, I get an error message "access denied". However, I'm able to created a new transportule through powershell.

I'm accessing ECP from IE. All services are started and running.Im also accessing Exchange server with Domain\Administrator account and the administrator have the following group membership:

Domain Admins

Schema Admins

Enterprise Admins

Organization Management

below is what I get on the file log:

Current user: 'mydomain.local/MyBusiness/Users/Admin'

Web service call 'https://exchangeserver.mydomain.local:444/ecp/RulesEditor/TransportRules.svc/GetList?msExchEcpCanary=p2Zp1y_1kESsrueBkDB6T1r0z46NLdII4Q_D6294gRCkKBixfp0OnWr9OfSQ9SO205BuS7NQnns.(https://remote.mydomain.com/ecp/RulesEditor/TransportRules.svc/GetList?msExchEcpCanary=p2Zp1y_1kESsrueBkDB6T1r0z46NLdII4Q_D6294gRCkKBixfp0OnWr9OfSQ9SO205BuS7NQnns.)' failed with the following error:

System.Security.SecurityException: Request for principal permission failed.

at System.Security.Permissions.PrincipalPermission.ThrowSecurityException()

at System.Security.Permissions.PrincipalPermission.Demand()

at Microsoft.Exchange.Management.ControlPanel.WebServiceParameters.set_Item(String cmdletParameterName, Object value)

at Microsoft.Exchange.Management.ControlPanel.ResultSizeFilter.set_ResultSize(Int32 value)

at ReadTransportRuleFilterFromJson(XmlReaderDelegator , XmlObjectSerializerReadContextComplexJson , XmlDictionaryString , XmlDictionaryString[] )

at System.Runtime.Serialization.Json.JsonClassDataContract.ReadJsonValueCore(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)

at System.Runtime.Serialization.Json.JsonDataContract.ReadJsonValue(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)

at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, Type declaredType, DataContract& dataContract)

at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)

at System.Runtime.Serialization.Json.DataContractJsonSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName)

at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)

at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader, Boolean verifyObjectName)

at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.PartInfo.ReadObject(XmlDictionaryReader reader, XmlObjectSerializer serializer)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeParameterPart(XmlDictionaryReader reader, PartInfo part)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeParameters(XmlDictionaryReader reader, PartInfo[] parts, Object[] parameters, PartInfo returnInfo, Object& returnValue)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeBodyCore(XmlDictionaryReader reader, Object[] parameters, Boolean isRequest)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeBody(XmlDictionaryReader reader, MessageVersion version, String action, MessageDescription messageDescription, Object[] parameters, Boolean isRequest)

at System.ServiceModel.Dispatcher.OperationFormatter.DeserializeBodyContents(Message message, Object[] parameters, Boolean isRequest)

at System.ServiceModel.Dispatcher.OperationFormatter.DeserializeRequest(Message message, Object[] parameters)

at System.ServiceModel.Dispatcher.DemultiplexingDispatchMessageFormatter.DeserializeRequest(Message message, Object[] parameters)

at System.ServiceModel.Dispatcher.UriTemplateDispatchFormatter.DeserializeRequest(Message message, Object[] parameters)

at Microsoft.Exchange.Management.ControlPanel.DiagnosticsBehavior.SerializationPerformanceTracker.DeserializeRequest(Message message, Object[] parameters)

at System.ServiceModel.Dispatcher.DispatchOperationRuntime.DeserializeInputs(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

The action that failed was:

Demand

The type of the first permission that failed was:

System.Security.Permissions.PrincipalPermission

The first permission that failed was:

<IPermission mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"

version="1">

<Identity Authenticated="true"

Role="Get-TransportRule?ResultSize@R:Organization"/>

</IPermission>

The demand was for:

<IPermission mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"

version="1">

<Identity Authenticated="true"

Role="Get-TransportRule?ResultSize@R:Organization"/>

</IPermission>

The assembly or AppDomain that failed was:

mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

at System.Security.Permissions.PrincipalPermission.ThrowSecurityException()

at System.Security.Permissions.PrincipalPermission.Demand()

at Microsoft.Exchange.Management.ControlPanel.WebServiceParameters.set_Item(String cmdletParameterName, Object value)

at Microsoft.Exchange.Management.ControlPanel.ResultSizeFilter.set_ResultSize(Int32 value)

at ReadTransportRuleFilterFromJson(XmlReaderDelegator , XmlObjectSerializerReadContextComplexJson , XmlDictionaryString , XmlDictionaryString[] )

at System.Runtime.Serialization.Json.JsonClassDataContract.ReadJsonValueCore(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)

at System.Runtime.Serialization.Json.JsonDataContract.ReadJsonValue(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)

at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, Type declaredType, DataContract& dataContract)

at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)

at System.Runtime.Serialization.Json.DataContractJsonSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName)

at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)

at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader, Boolean verifyObjectName)

at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.PartInfo.ReadObject(XmlDictionaryReader reader, XmlObjectSerializer serializer)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeParameterPart(XmlDictionaryReader reader, PartInfo part)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeParameters(XmlDictionaryReader reader, PartInfo[] parts, Object[] parameters, PartInfo returnInfo, Object& returnValue)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeBodyCore(XmlDictionaryReader reader, Object[] parameters, Boolean isRequest)

at System.ServiceModel.Dispatcher.DataContractJsonSerializerOperationFormatter.DeserializeBody(XmlDictionaryReader reader, MessageVersion version, String action, MessageDescription messageDescription, Object[] parameters, Boolean isRequest)

at System.ServiceModel.Dispatcher.OperationFormatter.DeserializeBodyContents(Message message, Object[] parameters, Boolean isRequest)

at System.ServiceModel.Dispatcher.OperationFormatter.DeserializeRequest(Message message, Object[] parameters)

at System.ServiceModel.Dispatcher.DemultiplexingDispatchMessageFormatter.DeserializeRequest(Message message, Object[] parameters)

at System.ServiceModel.Dispatcher.UriTemplateDispatchFormatter.DeserializeRequest(Message message, Object[] parameters)

at Microsoft.Exchange.Management.ControlPanel.DiagnosticsBehavior.SerializationPerformanceTracker.DeserializeRequest(Message message, Object[] parameters)

at System.ServiceModel.Dispatcher.DispatchOperationRuntime.DeserializeInputs(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)

at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

Demand: <IPermission mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"

version="1">

<Identity Authenticated="true"

Role="Get-TransportRule?ResultSize@R:Organization"/>

</IPermission>

First Failed Demand: <IPermission mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"

version="1">

<Identity Authenticated="true"

Role="Get-TransportRule?ResultSize@R:Organization"/>

</IPermission>

Url: https://exchangeserver.mydomain.local:444/ecp/RulesEditor/TransportRules.svc/GetList?msExchEcpCanary=p2Zp1y_1kESsrueBkDB6T1r0z46NLdII4Q_D6294gRCkKBixfp0OnWr9OfSQ9SO205BuS7NQnns.(https://remote.mydomain.com/ecp/RulesEditor/TransportRules.svc/GetList?msExchEcpCanary=p2Zp1y_1kESsrueBkDB6T1r0z46NLdII4Q_D6294gRCkKBixfp0OnWr9OfSQ9SO205BuS7NQnns.)

Flight info: Features:[[Global.DistributedKeyManagement, False],[Global.GlobalCriminalCompliance, False],[Global.MultiTenancy, False],[Global.WindowsLiveID, False],[Eac.AllowMailboxArchiveOnlyMigration, True],[Eac.AllowRemoteOnboardingMovesOnly, False],[Eac.BulkPermissionAddRemove, True],[Eac.CmdletLogging, True],[Eac.CrossPremiseMigration, False],[Eac.DevicePolicyMgmtUI, False],[Eac.DiscoveryDocIdHint, False],[Eac.DiscoveryPFSearch, False],[Eac.DiscoverySearchStats, False],[Eac.DlpFingerprint, False],[Eac.EACClientAccessRulesEnabled, False],[Eac.GeminiShell, False],[Eac.ManageMailboxAuditing, False],[Eac.ModernGroups, False],[Eac.Office365DIcon, False],[Eac.OrgIdADSeverSettings, False],[Eac.RemoteDomain, False],[Eac.UCCAuditReports, False],[Eac.UCCPermissions, False],[Eac.UnifiedAuditPolicy, False],[Eac.UnifiedComplianceCenter, False],[Eac.UnifiedPolicy, False],[Eac.UnlistedServices, False],], Flights:[], Constraints:[[LOC, EN-US],[MACHINE, EXCHANGESERVER],[MODE, ENTERPRISE],[PROCESS, W3WP],[USER, TECHSUPPORT@],[USERTYPE, BUSINESS],], IsGlobalSnapshot: False

flavio

Hello all,

I have Edge transport server 2013

Also there are 3 Exchange servers installed

Ex01(Exchange 2010)

Ex02(Exchange 2013)

Ex03(Exchange 2013)

In the near future I will migrate all Databases from Ex01(Exchange 2010) and dismout the server and there will be Ex02(Exchange 2013) and Ex03(Exchange 2013) servers only

For now everything is working well, incoming/outgoing e-mails etc. but when I disable Ex01(Exchange 2010) I cannot send any external e-mails from mailboxes which located in Exchange 2013 servers(no problems with receiving e-mails appear)

When look in the queue of Exchange 2013 servers I can see all e-mails which got stuck in the queue.

What might that be? Please, help to resolve the issue.

Hi all,

 As of my organization requirement, for the internal message flow, I have created a distribution group. This distribution group will send message to it's member for alert. But when ever the member of distribution group send an email to their member, it also send back to it's sender. Is there any way to configure distribution group in such a way that it will not send back message to the sender?

Good Day all 

A user in our domain is currently experiencing issues in receiving spam mails with Chinese Character it is surely bypassing the Spam filter. Is there a way I can can block mails on exchange Server Transport rule with Chinese Character that are coming in. I have checked the transport rule configuration and I don't see a valid condition for this issue. 

Hello,

As per the title, I have an issue whereby internal email from a reporting server is being classed as Junk in Outlook 2010 and 2013 for all recipients.

 -The Junk-email filtering level for all users in Outlook is set to "Low" and is applied via group policy.

 -I have anti-spam agents installed on all Exchange mailbox servers, but the "InternalMailEnabled" parameter is set to "false" for all agents.

 -The receive connector used to receive internal email has the "Externally secured" flag set, which allows spam-filtering to be bypassed.

 -The "InternalSMTPServers" parameter of the transport config contains the IP of the sending server.

- The email address has been added to several users "Safe Senders" list in Outlook.

 -I have a transport rule set up to bypass spam filtering for the sending address of the SQLReportingServices@domain.com, yet the email header on any of these messages does not contain the "SCL -1" stamp as per the below:

#↓    Header    Value
1    MIME-Version    1.0
2    From    <SQLReportingServices@domain.com>
3    To    <User1@domain.com>, <user2@domain.com>
4    Date    Tue, 10 Mar 2015 07:35:32 +0000
5    Subject    Report was executed at 10/03/2015 07:35:08
6    Content-Type    multipart/mixed; boundary="--boundary_90_638c99de-c35d-4d06-b992-536e14201c6d"
7    Message-ID    <dacbc167cba2410aa0a0c2088bdff95c@SERVER01.domain.localnet>
8    Return-Path    SQLReportingServices@domain.com
9    X-MS-Exchange-Organization-AuthSource    SERVER01.domain.localnet
10    X-MS-Exchange-Organization-AuthAs    Internal
11    X-MS-Exchange-Organization-AuthMechanism    10
12    X-MS-Exchange-Organization-Network-Message-Id    8d357628-f2e9-48d5-77e2-08d2291beca4
13    X-MS-Exchange-Organization-AVStamp-Enterprise    1.0

Can anyone assist in explaining why these emails are being continually marked as Junk in Outlook, and any further troubleshooting steps.

Thanks

Matt

Hi , Friends
I would like to exclude any email with Sender Policy Framework (SPF) record passed from content filtering.
Any email with SPF record "Received-SPF: Pass" should be excluded. Please help   

Noufal Qatar

Dears

Recently I have deployed 4 node exchange environment and the details as below;

Exchange 2013 CU7 on Windows 2012 R2

2 CAS Role Servers with NLB

2 Mailbox Role Server with DAG.

No Smart Host used on the Send Connector

No Edge Server deployed.

In order to simplify the firewall rules and force the outbound e-mail flow through the CAS server I have enabled the "Proxy through Client Access Server" . on the send connector.

But when I test it the mail flow it shows the mailbox IP.

Can anybody help me on this?

Best regards

Muralee

Hello everyone,

I was wondering how to "Forward the message for approval" for the domain ended with .co ?

For example, email@domain.co , email2@xxx.domain.co

flavio

we are using exchange 2010 for our messaging solutions. we also have once of our web server,  for some our requirements our web application server need to send  mails  through our exchange server.  to do that we had enabled the smtp virtual server in IIS 6.0 , created the receive connector in exchange, I am trying from the website and all the mails  which I am sending  was stored in iis mail root queue folder.  if any body help me to send that mails to that recipients.

Best Regards

Jaga

Jags

I need to know if the mail sent between mailboxes on the same MBX server goes through CAS (outlook or OWA or activesync) or just in the MBX

Also if the mailboxes are in the same org but different MBX servers

Thanks