Mailflow works every 2 hours, for 10 minutes and stops again

January 17, 2014, 12:36 am

≫ Next: Single Server SPAM filtering

≪ Previous: Unable to receive external emails to my Exchange 2013

$

0

0

Hello guys,

we have been facing some issues for 3 days with Microsoft Exchange 2013 CU3,

As we have noticed after troubleshooting that Mail submission service is crashing (event 9036)

Service Microsoft Exchange Mailbox Transport Submission.  29 starts were made since the last clean stop. Startup will be delayed until 1/17/2014 11:26:35 AM.

For example at 11:26 email flow works normally for few minutes, then i get another event id 9036 with + 2 hours (so i should wait 2 more hours before mailflow works again)

What i mean by Mailflow is Outbound email (Inbound works normally) even if i send email to myself, i don't get it unless i reach this 2 hours time.

I am also having event ID (6535)

The description for Event ID 65535 from source Application cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing an exception.</Description><AppDomain>MSExchangeFrontendTransport.exe</AppDomain><Exception><ExceptionType>System.ServiceModel.CommunicationException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:01:00'.</Message><StackTrace>  at System.ServiceModel.Channels.StreamConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)
   at System.ServiceModel.Channels.FramingDuplexSessionChannel.CloseOutputSessionCore(TimeSpan timeout)
   at System.ServiceModel.Channels.TransportDuplexSessionChannel.CloseOutputSession(TimeSpan timeout)
   at System.ServiceModel.Channels.TransportDuplexSessionChannel.OnClose(TimeSpan timeout)

and eventID 4999

Watson report about to be sent for process id: 17352, with parameters: E12, c-RTL-AMD64, 15.00.0775.038, MSExchangeSubmission, unknown, M.E.D.I.T.VirtualBuffer.Read, System.ArgumentOutOfRangeException, cf47, unknown.
ErrorReportingEnabled: True

Any help?

Thanks

---

Single Server SPAM filtering

March 7, 2014, 9:54 am

≫ Next: Restrict Allow Acces to Distribution List

≪ Previous: Mailflow works every 2 hours, for 10 minutes and stops again

$

0

0

We recently upgraded to Exchange 2013.  We have a single server setup with transport and mailbox roles on the same machine.  We have noticed a dramatic increase in SPAM and I have started to notice our IPBlockListProviders don't seem to be blocking. I've run Test-IPBlockListProviders and it responds as I would expect with a known blocked IP.  However email still continues coming into mailboxes from that IP.  I've noticed some people stating that Microsoft removed connection level filtering. Is this true? If so how do I use DNSBL to stem the flow of SPAM?

---

Todd Schoenfeld 1 Computer Consultant Little Elm, TX 75068

Restrict Allow Acces to Distribution List

March 10, 2014, 5:04 am

≫ Next: Data Loss Protection Rules - Canada SIN number and Drivers License Number

≪ Previous: Single Server SPAM filtering

$

0

0

Dear All

My boss asked me a unique query in managing DL and I am not able to find the answer anywhere on net.

Scenario

Suppose there are 5 DL's in our organization for eg

TestGroup1

TestGroup2

TestGroup3

TestGroup4

TestGroupALL

Requirement

My boss ask me following

1) Allow TestGroup1 members to only send mail to TestGroup1 and TestGroupALL, sending mail to all other DL's are restricted

2) Same for all 2, 3 4 group members who can only send to their respective DL's and TestGroupALL

3) TestGroupAll Contains all above 1 to 4 DL's so any member can send mail to TestGroupAll and it should be received by all users in organization.

I hope there will be some solution to this, kindly suggest one..

Regards

Sandesh

Data Loss Protection Rules - Canada SIN number and Drivers License Number

March 5, 2014, 6:18 pm

≫ Next: Can't realize how to configure Receive connectors

≪ Previous: Restrict Allow Acces to Distribution List

$

0

0

I am attempting to implement Data Protection rules in Exchange 2013.

My first attempt was trying to implement the Canada Financial Data policy.  I used the test sin number 046 454 286

as given in a wikipedia article http://en.wikipedia.org/wiki/Social_Insurance_Number

When the rule did not trigger, I tried deleting the old rule and having only one rule

Sent anywhere

If the message...

The message contains these sensitive information types: 'Canada Bank Account Number' or 'Canada Driver's License Number' or 'Canada Health Service Number' or 'Canada Passport Number' or 'Canada Personal Health Identification Number (PHIN)' or 'Canada Social Insurance Number'or...

Do the following...

Send the incident report to lester@mydomain.com, include these message properties in the report: sender, recipients, subject, cc'd recipients, bcc'd recipients, severity, sender override information, matching rules, false positive reports, detected data classifications, matching content, original mail

Except if...

recipients's address domain portion belongs to any of these domains: <deletedexternal partner domain>

Policy group membership

Canada Financial Data

Rule comments

Rule mode

Enforce

Additional properties

Sender address matches: Header

Version: 15.0.5.3

Test emails still didn't work.  I tried sending a test internal email with a credit card number - that triggered the rule.  I tried again with my own SIN and the rule failed to trigger.  I tried adding text "My SIN number is".  I tried adding my name.  I cannot get this rule to fire.

I drilled into the sensitive information types for the SIN and adjusted the confidence levels.  They are currently set as so:

Name: Canada Social Insurance Number

Minimum Count: 1
Maximum Count: 100
Minimum Confidence: 1
Maximum Confidence: 100

Still nothing.  I am having similar problems with my Drivers License number.  Do you have any suggestions as to where I go from here?

Can't realize how to configure Receive connectors

May 15, 2014, 1:42 am

≫ Next: How to remove the GenerateIncidentReport action from a transportation rule

≪ Previous: Data Loss Protection Rules - Canada SIN number and Drivers License Number

$

0

0

There is a number of servers:

All of them Exchange Server 2010 SP3 RU5

EDGE Server - EDGE role

Exchange10 - Roles: Hub Transport, CAs, Mailbox, UM

Exchange10s - Roles: Hub Transport, CAs, Mailbox, UM 

Now I installed Exchange 2013 with roles CAS, Mailbox. Firewall disabled.

There are 5 default receive connectors on it. How can i configure them for mail flowing between each other and to the internet throw the EDGE?

I tried to send messages from all servers and from internet. Default connectors don't work because messages stuck into the queues of EDGE and Hub transport Exchange10

I tried to disable default connectors and make my own (with restart services), but result is the same.

My own receive connector were with these parameters:

AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : All permission groups

Bindings : {[::]:25, 0.0.0.0:25}

How to remove the GenerateIncidentReport action from a transportation rule

May 31, 2014, 1:23 pm

≫ Next: Best Practice on Not Exposing your internal FQDN to the outside world

≪ Previous: Can't realize how to configure Receive connectors

$

0

0

In Office 365 how do you remove the Generate Incident Report action from a rule? We enabled the reports during troubleshooting and now I would like to remove it from some of the rules. If I click the X to remove it in the EAC, I receive the fallowing error"You can't specify the IncidentReportContent parameter because the rule doesn't contain the GenerateIncidentReport action. You need to always provide GenerateIncidentReport when setting IncidentReportContent." I've also gone through the PS commands and I see how to set the values but no way to clear them via the command line. It sounds like it is a dependency issueto me and I very easily could be skimming over something simple. Right now the only solution I can piece together is to rebuild the rules which sounds less than appealing. 

Best Practice on Not Exposing your internal FQDN to the outside world

May 27, 2014, 8:43 am

≫ Next: Drop messages in queue that have a blank sender

≪ Previous: How to remove the GenerateIncidentReport action from a transportation rule

$

0

0

Exchange server 2010, sits in DMZ, internet facing. The server is currently using the Default Receive Connector. This exposes the internal fqdn to the outside world (ehlo). Since you should not (can't) change the FQDN on your Default Receive connector, what is the best practice here?

The only solution I can see is the following:

1. Change the Network on the Default Receive Connector to only internal IP addresses.

2. Create a new Internet Receive Connector port 25 for external IP addresses (not sure what to put in Network tab?) and use my external FQDN for ehlo responses (e.g. mail.domain.com)

3. What do I pick for Auth and Permissions, TLS and Annoymous only?

---

Michael Maxwell

Drop messages in queue that have a blank sender

May 28, 2014, 3:06 pm

≫ Next: Can't send mail to AOL!

≪ Previous: Best Practice on Not Exposing your internal FQDN to the outside world

$

0

0

I'm getting hundreds of messages in the Queue where the From Address is < >. 

Do I just let these build up or is there a setting somewhere that would just drop the message if it has a blank sender?

Here is an example of one that I've received;

Identity: Pebbles\512\21474838371
Subject: Undeliverable: MUST READ: Vehicle's Below Kelly-Blue-Book*
Internet Message ID: <1ca164f3-6423-4aa3-9574-a5124e61d827@mydomain.com>
From Address: <>
Status: Ready
Size (KB): 10
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 5/27/2014 11:51:09 AM
Expiration Time: 5/29/2014 11:51:09 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: Pebbles\512
Recipients:  Notification9334@carforcheap0821.us;2;2;[{LRT=};{LED=400 4.4.7 Message delayed};{FQDN=};{IP=}];0;CN=outbound,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT)....

1 email server in domain; Exchange 2013 sp1/Win2012 Standard

---

PennyM

---

Can't send mail to AOL!

May 29, 2014, 11:50 am

≫ Next: Exchange 2013 - DWG attachement (421 4.7.11 Message deferred )

≪ Previous: Drop messages in queue that have a blank sender

$

0

0

I have been trying to get mail flowing to AOL for months now.... I finally managed to figure out how to get an SMTP log from my send connector. The log contained the following:

attempting to connect
,+,,<,220-mtaig-mbc05.mx.aol.com ESMTP Internet Inbound,<,220-AOL and its affiliated companies do not,<,220-authorize the use of its proprietary computers and computer,<,"220-networks to accept, transmit, or distribute unsolicited bulk",<,220-e-mail sent from the internet.,<,220-Effective immediately:,<,220-AOL may no longer accept connections from IP addresses,<,220 which no do not have reverse-DNS (PTR records) assigned.,>,EHLO mail.<REMOVED>.net,<,250-mtaig-mbc05.mx.aol.com,<,250-STARTTLS,<,250 DSN,>,STARTTLS,<,220 2.0.0 Ready to start TLS,
*,,Received certificate
*,1F75F1B43AEDCCA6B206A8D8CA35D87FC37F7A95,Certificate thumbprint>,EHLO mail.<REMOVED>.net,<,554 The security certificate was issued by a company you have not chosen to trust.,>,HELO mail.<REMOVED>.net,
-,,Remote

It seems to not like the certificate on the AOL server.... How in the world do I fix this?

Thank You

Exchange 2013 - DWG attachement (421 4.7.11 Message deferred )

June 2, 2014, 3:26 am

≫ Next: certain extensions blocked

≪ Previous: Can't send mail to AOL!

$

0

0

We use MSExchange Server 2013 standard

and we have problem with recieving e-mails with .dwg attachment from everywhere. This messages are in theQueue

of Exchange server and always gives the error below:

We tried make ZIP files from DWG, but it is the same problem

Identity: CALLISTO\Submission\17763984736359
Subject: FW: Odesílání e-mailu: b.dwg, c.dwg, d.dwg, a.dwg
Internet Message ID: <4B6E309ADA622C43BD2121BC5010A40850F1F64E@SBS2011.jaz.local>
From Address: petrjedlicka@jaz.cz
Status: Opakovat
Size (KB): 7520
Message Source Name: SMTP:Default CALLISTO
Source IP: 81.201.49.168
SCL: -1
Date Received: 2. 6. 2014 11:59:24
Expiration Time: 4. 6. 2014 11:59:24
Last Error: 421 4.7.11 Message deferred. The attempt to extract text timed out., tenant -
Queue ID: CALLISTO\Submission
Recipients:  servis@uniservis-hasek.cz;3;0;421 4.7.11 Message deferred. The attempt to extract text timed out., tenant - ;0; it@jaz.cz;3;0;421 4.7.11 Message deferred. The attempt to extract text timed out., tenant - ;0;

Any IDEAS? Thanks

certain extensions blocked

May 30, 2014, 9:18 am

≫ Next: Emails stuck on Exchange 2010 sent from Exchange 2013 mailbox

≪ Previous: Exchange 2013 - DWG attachement (421 4.7.11 Message deferred )

$

0

0

The users regularly need to browse sites in the .uk   Also they email to the .uk extension.

I cannot figure out how to permanently allow such access and email usage.

I have added .uk to allow list but at first it worked and now it does not.

We are using Exchange 2010

Thanks,

Jay

---

Jay Doyle

Emails stuck on Exchange 2010 sent from Exchange 2013 mailbox

November 2, 2013, 5:58 am

≫ Next: SSL certificate Installtion procedure

≪ Previous: certain extensions blocked

$

0

0

Hi, I need some help about coexistence of Exchange 201 and Exchange 2013.

I have an environment with 2 Exchange Server 2010 (One HUB/CAS another MBX/HUB/CAS and Forefront for Exchange 2010) and now I have configured an Exchange Server 2013 (MBX and CAS).

For now, I have moved 3 mailboxes from Exchange 2010 to Exchange 2013 but the mailboxes cannot receive or send emails, the emails are stuck on Exchange 2010 Queue (Hub 15) with the message:

" 451 4.4.0 Primary target IP address responded with:"421 4.4.2 Connection dropped due to SocketError."  Attempted failover to alternat host, but did not succeed. Either there are no alternate hosts, or delivery failed to all alternate host.

I can telnet from Exchange 2013 to Exchange 2010.

I have enabled the Verbose log on Exchange 2010 Receive Connectors from both servers but in the logs there is no entry from Exchange 2013 IP.

If anyone can help me I appreciate.

Best Regards.

SSL certificate Installtion procedure

June 8, 2014, 12:20 am

≫ Next: Add information to a Transport rule from CSV

≪ Previous: Emails stuck on Exchange 2010 sent from Exchange 2013 mailbox

$

0

0

I want install the ssl certificate on ms exchange server 2013

how?

Please guide me and explain the procedure how can create ssl certificate and configure the our local exchange server 2013

Thanks

Ram

Add information to a Transport rule from CSV

June 4, 2014, 3:15 pm

≫ Next: HI ALL, Exchange Administrators I have small discussion with you regarding Exchange 2010 Transport Rule?

≪ Previous: SSL certificate Installtion procedure

$

0

0

I have a transport rule that will block internal employees from emailing certain external email address' and send a notification that the message was blocked from going out. That's working fine but I will need to add the external email address' from an ever growing list that will be automatically generated on a day to day basis. I am looking for a way to automate the addition of the email address' to the transport rule. I tried using  the following but it applied the change to all outgoing email, internal and external so all email sent was being blocked.

$address = import-csv C:\address.txt

Set-TransportRule "CASL Test" -SentTo $address

The address.txt file mentioned above only had 2 email address' in it but the production list will have hundreds or even thousands of address to prevent mail flow to.  

This is in preparation of a new Canadian law coming up on July 1st regarding spam and opting in and out of receiving commercial email for products and/or services (basically anything sales related).

Any assistance in this is highly appreciated. 

HI ALL, Exchange Administrators I have small discussion with you regarding Exchange 2010 Transport Rule?

June 6, 2014, 9:40 am

≫ Next: How to know if somebody else accessed my account

≪ Previous: Add information to a Transport rule from CSV

$

0

0

Q: How to forward the message from specific sender mail to another Email id?

---

N.p.Balakrishnan

---

How to know if somebody else accessed my account

June 11, 2014, 7:32 pm

≫ Next: How to Filter outgoing mails according to certain words

≪ Previous: HI ALL, Exchange Administrators I have small discussion with you regarding Exchange 2010 Transport Rule?

$

0

0

Holle everybody, 

I have a problem and your help is appreciated, I think my account is accessed by somebody else. 

Can anybody tell me the steps how to identify them? 

I will be thankful. 

How to Filter outgoing mails according to certain words

June 10, 2014, 4:36 pm

≫ Next: SCL: 9 - Not all going to 'Junk Email' folder for all users

≪ Previous: How to know if somebody else accessed my account

$

0

0

Hello everybody! forgive me for my ignorance in my next question: I am asked to set my exchange server mail to filter mails depending on the content the user is sending:

If a user sends a mail my server should be capable to filter those mails that contain words like anal impaler, Arsehole, ass hole, and so on...

So it depends on what the content of the mail has it that is going to be filtered. IF the mail was not sent will appear as Undelivered message.

Of course first we need to create some polices to determine when a message must be filtered as the one i gave as an example and other terms....

Is this possible? if so, how could i do it? Best regards!! 

SCL: 9 - Not all going to 'Junk Email' folder for all users

June 9, 2014, 10:04 am

≫ Next: Exchange 2010 Default Receive Connectors

≪ Previous: How to Filter outgoing mails according to certain words

$

0

0

Some mail that has SCL: 9 are not all going to 'Junk Email' folder. Most are, but some slip through. There are several organizations on this exchange system, and this is happening to all users.

Get-OrganizationConfig for SCLJunkThreshold is '4'

SCLJunkEnabled for users is 'Yes'

Here is the header of a message that was marked as spam but went to the Inbox:

Received: from MBX1.domain.com (192.168.2.5) by MBX2.domain.com
 (10.1.1.7) with Microsoft SMTP Server (TLS) id 15.0.775.38 via Mailbox
 Transport; Mon, 9 Jun 2014 09:02:44 -0700
Received: from CAS2.domain.com (10.1.1.2) by MBX1.domain.com
 (192.168.2.5) with Microsoft SMTP Server (TLS) id 15.0.775.38; Mon, 9 Jun
 2014 09:01:20 -0700
Received: from smtp1.domain.com (10.1.1.3) by CAS2.domain.com
 (10.1.1.2) with Microsoft SMTP Server id 15.0.775.38 via Frontend Transport;
 Mon, 9 Jun 2014 09:02:43 -0700
Received: by smtp1.domain.com (Postfix, from userid 501)    id 2293BC033F;
 Mon,  9 Jun 2014 08:19:13 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    smtp1.domain.com
X-Spam-Level:
X-Spam-Status: No, score=1.0 required=3.0 tests=BAYES_00,DATE_IN_PAST_06_12,
    HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET shortcircuit=no autolearn=no version=3.3.1
Received: from web2.domain.com (web2.domain.com [1.2.3.4])    by
 smtp1.domain.com (Postfix) with ESMTP id 6D6D8C02E2;    Mon,  9 Jun 2014
 08:19:07 -0700 (PDT)
Received: from [198.0.89.233] (port=22316 helo=easthou-dc1.ehosm.com)    by
 web2.domain.com with esmtp (Exim 4.80.1)    (envelope-from
 <infiltratora2@raywhite.com>)    id 1Wu1wH-0006gx-GG; Mon, 09 Jun 2014 08:56:50
 -0700
Message-ID: <7J2N7PLH.6428091@raywhite.com>
Date: Mon, 9 Jun 2014 07:33:39 +0000
From: American Express Customer Service <AmericanExpress@welcome.aexp.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <user@domain.com>
Content-Type: multipart/alternative;
    boundary="------------000101080607090805060900"
Subject: ***SPAM*** American Express - Safe Key
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web2.domain.com
X-AntiAbuse: Original Domain - domain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - raywhite.com
X-Get-Message-Sender-Via: web2.domain.com: mailgid no entry from get_relayhosts_entry
Return-Path: infiltratora2@raywhite.com
X-MS-Exchange-Organization-Network-Message-Id: 45f62fb3-2fdb-4efa-5a86-08d152133032
X-MS-Exchange-Organization-SCL: 9
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;TIME:TimeBasedFeatures;OrigIP:unavailable
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: CAS2.domain.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 37303A291EC25A6B637562

Exchange 2010 Default Receive Connectors

September 27, 2013, 11:10 am

≫ Next: Emails stuck on Exchange 2010 sent from Exchange 2013 mailbox

≪ Previous: SCL: 9 - Not all going to 'Junk Email' folder for all users

$

0

0

Hi,

I want to understand the default receive connectors that are created in Exchange when you install the hub transport role. I read that the Defaultserver_name is used to receive mail from other hub transport servers. We have 3 CAS servers in our environment, two out of the three are mailbox servers. Would it be wise to remove 0.0.0.0-255.255.255.255 from the accepted IPs and add just the IPs of the 3 CAS servers?

The Client server_name is used for non-MAPI clients. That's not Outlook, correct? If not, can I remove this connector?

Thanks

Emails stuck on Exchange 2010 sent from Exchange 2013 mailbox

November 2, 2013, 5:58 am

≫ Next: How can I enable message classification in exc 2013

≪ Previous: Exchange 2010 Default Receive Connectors

$

0

0

Hi, I need some help about coexistence of Exchange 201 and Exchange 2013.

I have an environment with 2 Exchange Server 2010 (One HUB/CAS another MBX/HUB/CAS and Forefront for Exchange 2010) and now I have configured an Exchange Server 2013 (MBX and CAS).

For now, I have moved 3 mailboxes from Exchange 2010 to Exchange 2013 but the mailboxes cannot receive or send emails, the emails are stuck on Exchange 2010 Queue (Hub 15) with the message:

" 451 4.4.0 Primary target IP address responded with:"421 4.4.2 Connection dropped due to SocketError."  Attempted failover to alternat host, but did not succeed. Either there are no alternate hosts, or delivery failed to all alternate host.

I can telnet from Exchange 2013 to Exchange 2010.

I have enabled the Verbose log on Exchange 2010 Receive Connectors from both servers but in the logs there is no entry from Exchange 2013 IP.

If anyone can help me I appreciate.

Best Regards.