Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 2249 articles
Browse latest View live

SMTP Relay with basic authentication resulting in smtp;550 5.7.1

March 20, 2018, 8:24 am
$
0
0

Background-I want Sharepoint (on-prem) to send emails through our Exchange (on-prem) receive connector using basic authentication.

Setup

- On the SP server, I installed/created an IIS SMTP Virtual Server that relays to our Exchange server using basic authentication.  The 'user' is a newly created service account for this very purpose (we called it abc\exchangerelay).

- On Exchange, we created a receive connector that receives mail from the IP of the SP server with 'Basic Authentication' enabled.

At this point... I initiate an email and it just sits in the queue of the IIS SMTP VS.

As a test, I throw my service account (exchangerelay) into the 'Organization management' (OM) role group (on Exchange).  And taa daa.... it works.

I proceed to remove 'exchangerelay' from the OM Role group and copy the OM group and rename it to 'Relay Group'....so it has all the same roles as the OM group.  I put the 'exchangerelay' service account in the newly created Relay Group.  And an email test results in a error.

smtp;550 5.7.1 Client does not have permissions to send as this sender

I've seen some posts about enabling the send-as permission on this account....but it appears as though it needs to be applied to the users' mailbox.  But this is a service account and doesn't have a mailbox...but perhaps I'm interpreting it wrong.

That said.... the newly created Relay Group has all the same roles as the Organization Management group... so why is it not working?

Any help is appreciated.

Search

421 4.7.1 Recipient quota exceeded

February 26, 2020, 11:03 pm
$
0
0

Good Day

I'm currently struggling to clear out the mail queue with the emails from one source sent to many (internal to internal) showing up with error "421 4.7.1 Recipient quota exceeded"

I've also changed the maximum number of recipients to unlimited under "organization transport settings" to see if it would clear out the emails but no luck

Any help would be appreciated

Thank you

Jabu




Event 12017: An internal transport certificate will expire soon.

September 10, 2018, 8:16 am
$
0
0

Hello support team,

I'm seeing this Error in the Application log on an Exchange 2016 server. I am aware of an upcoming renewal for our SSL certificate for mail.domain.com. However, I'm not sure if this is related to the same expiration.

How can I check and verify?

Thanks in advance,

Regards,

Rudy

error: 550 5.6.0 CAT.InvalidContent.Exception: TextConvertersException

February 19, 2020, 1:41 am
$
0
0

Although not that many but enough to cause a buzz for people complaining as our users are getting this error message when sending an email. Sometimes changing some of the content in the email fixes it or changing the format from HTML to rtf and vice versa works too. But i want to know if this is something that can have a permanent fix. 

Our Exchange server version i s15.0 (Build 1367.3)

Remote Server returned '550 5.6.0 CAT.InvalidContent.Exception: TextConvertersException, Agent 'Transport Rule Agent' encountered an unexpected error while handling event 'OnResolvedMessage'.; cannot handle content of message with InternalId 86371792333226, InternetMessageId 

Any idea whats causing this?

PoSH newbie, BaSH Oldie

Mails from OWA and Outlook are getting stuck in Draft folder, Exchange server 2013.

July 14, 2015, 11:56 pm
$
0
0

Hi,

I have recently installed Exchange server 2013 for the communication of Internal users, It was working fine for two days and mails were flowing In and Out with out any issues. Suddenly all mails sending are getting stuck in Draft folder... tried resolution steps like editing DNS lookup from ECP and others steps related to DNS, but nothing is working, Still the mails are stuck in draft folder.. Please help to resolve this issue..

Note: Exchange server 2013 was installed after removing Exchange server 2003 from the domain.

Thanks,

Sadesh Kumar P S

Welcome message for newly created user in exchange

February 16, 2020, 7:32 am
$
0
0
How to setup/create welcome message for newly created user in exchange server 2013/2016.User will get a message after login their exchange maibox

store driver failed to submit event

December 18, 2014, 6:00 pm
$
0
0

Since upgrading from Exchange 2010 to Exchange 2013, users who are close to their mailbox limit do not get warning messages, because delivery of the warning message fails, with the following error in the event log: 

The store driver failed to submit event <event number> mailbox <mailbox guid> MDB <database guid> and couldn't generate an NDR due to exception Microsoft.Exchange.MailboxTransport.StoreDriverCommon.InvalidSenderException

   at Microsoft.Exchange.MailboxTransport.Shared.SubmissionItem.SubmissionItemUtils.CopySenderTo(SubmissionItemBase submissionItem, TransportMailItem message)

   at Microsoft.Exchange.MailboxTransport.Submission.StoreDriverSubmission.MailItemSubmitter.GenerateNdrMailItem()

   at Microsoft.Exchange.MailboxTransport.Submission.StoreDriverSubmission.MailItemSubmitter.<>c__DisplayClass1.<FailedSubmissionNdrWorker>b__0()

   at Microsoft.Exchange.MailboxTransport.StoreDriverCommon.StorageExceptionHandler.RunUnderTableBasedExceptionHandler(IMessageConverter converter, StoreDriverDelegate workerFunction).

Is anyone able to suggest what the problem may be?

Exchange 2013 On Prem - OOTO / NDR Replies Fail DMARC Authenication Outbound

June 8, 2018, 10:51 am
$
0
0

Overview - 3 On Prem Installations of Exchange 2013 on Server 2012 R2 in a DAG configuration. All exchange boxes are running build 1367.3.

Issue - Automatic Replies (Out of the Office) and NDR responses from users are failing DMARC checks on the receiving end / being bounced. This is because the Return-Path header value and Mailfrom header values of both NDR and Automatic replies are set to null or <>. This results in the DMARC not having a domain to query against, so the DMARC fails all checks and the recipient domain bounces the email. 

The reason why the headers are set to null is because of RFC 2298 - this makes sure that the automatic replies / NDRs do not keep going back and forth, creating an email loop that could potentially bring the servers down. However, RFC 2298 forces RFC 5321 MailFrom header as <> or null, which doesn't give a DMARC policy anything to pull its query from, thus the DMARC fails and the email is bounced. To visualize this -

NDR/OOTO Response:

MailFrom: <>

From:Email@domain.com

HELO/EHLO: mail.outboundsmtp.com

DMARC Fails

Normal Email:

MailFrom: Email@domain.com

From: Email@domain.com

HELO/EHLO: mail.outboundsmtp.com

DMARC - Passes - the policy has a RFC 5321 header to pull its information to query DNS and passes. 

The reason the DMARC policy is pulling from the 5321 header is to help prevent spoofed emails, where the envelope header may possibly be spoofed, which would then pass the DMARC check, allowing a spoofed email into the domain. 

My question is for anyone that has a strict reject 100% or quarantine 100% DMARC policy, how did you overcome this? Are you just allowing your NDR/OOTO replies to be bounced / rejected?

I've tried 2 solutions. Main idea behind my solution was to remove the null value or <> and replace it with a donotreply@domain.com address so that the DMARC has a RFC 5321 header to run against, thus both RFC 5321 and 5322 domains would technically align and pass the DMARC query.

1. We use mimecast as our email gateway / filter. I've tried to create an address alteration policy going outbound looking for <> as the header value to then input donotreply@domain.com into the header, but mimecast cannot detect the <> value in the header because it is technically null or blank. Using a "null" value doesn't work either. You cannot leave the value blank because some type of syntax is needed for the policy. Opening a ticket with mimecast, L2 engineers confirm that it is working as expected and this is a Microsoft / on prem deployment issue. 

2. Attempting to use a transport level policy to insert a donotreply@domain.com address into the header doesn't work either. I believe something in exchange is preventing the transport policy from executing. The policy I configured was anything with subject"Automatic Reply" or "Undeliverable" change header property of "Return-Path" to "Donotreply@domain.com" and "MailFrom" to "donotreply@domain.com. Doesn't work and tests to google / gmail do not pass dmarc still and show null values. 

For reference, I found 2 other issues on technet with the same issue. One solution proposed was to use an outside tool to manipulate the emails going outbound to rewrite the headers so that the DMARC has something to run against. Link here: https://social.technet.microsoft.com/Forums/en-US/9d17cd55-36b0-4d00-8114-d7f1e54fc725/dmarc-test-fails-on-out-of-office-replies-but-not-on-regular-emails?forum=Exch2016MFSM. Another extremely well explained post is here: https://social.technet.microsoft.com/Forums/en-US/51519377-48f5-4833-ac0d-4128eaf9c25e/how-do-you-setup-dmarc-to-allow-null-returnpath-rfc5321mailfrom-messages-out-of-officendr?forum=onlineservicesexchange

I cannot imagine this being intended nor do I think that a transport policy or using a third party tool to correct this is a real fix, but a work around for the issue. 

Any help is appreciated. 

Cheers,

Jason

Search

migration Lotus Notes to Exchange, how to migrate confidential emails (in LN encrypted)

December 5, 2014, 1:50 am
$
0
0

Hi,

we're investigating a migration of Lotus Notes to Exchange. One issue is the migration of encrypted mail. How to keep them confidential in Exchange?

We have users like a secretary that has read/write access to a mailbox of a manager. If another user mails the manager with confidential information, he encrypts it in LN before sending it, so only the mailbox owner can open the message. Is this possible in Exchange 2013 and in Exchange online? Heard that you can set things via IRM, but that with Outlook web access the secretary can set the manager's mailbox as primary and than will be able to open the confidential email....

best regards,

Hans

How to Track the Original Location of an Email via its IP Address

September 15, 2015, 4:47 am
$
0
0

Hi 

I have Exchange 2013 

I want to track one message was send from one user to another one  in the same domain and organization 

 I want to get the sender destination IP address(internal IP) and make sure that the user is using his private PC 

BR

Mahmoud

Outlook Connections to Exchange Server 2013

April 15, 2020, 4:36 pm
$
0
0

I have built a terminal Server for staff working from home and they all use Office 2016 and connect to the internal Exchange Server 2013 (Same internal network)

I have noticed that we are having a lot of connection issues (slowness, prompting for passwords, ect)

When i do an Outlook Connection status all connections are via RPC/HTTP to our OWA address, outlook.domainname.com for both internal and external

Is this correct ?????

C.D.I.T

How to configure SMTP on Exchange Server.

April 25, 2020, 9:01 pm
$
0
0

I hvae an Exchange environment that only support internal network.


The account login owa and check "Setting > Options > Mail > Accounts > POP and IMAP".

The SMTP setting is not available.

I have configure send connectors on Exchange Server, but the SMTP setting is not available.

But, I can send email to other account.

internal mail not delivered to recepient

April 24, 2020, 1:32 pm
$
0
0

I have exchange 2019 and I have an sql server. The sql server uses dbmail to send emails to a public folder. The email are sent from the sql server, that is confirmed in the msdb sysmail_allitems log. The emails are received by the exchange server that is confirmed in the frontend agent log, the problem is that the emails never reaches the public folder which is mail enabled.

I as a user have no problem sending an email to that public folder.
I have tried changing the email address the sql server sends to, to be a distributiongroup. The emails sent to that group is also not delivered. And I as a user have no problem sending to that group.
If I change the email address to a user mailbox the sql server sends to the emails are delivered.

How do I investigate this issue?


Need help to create Transport Rule

April 16, 2020, 5:53 am
$
0
0

Hello Guys, 

I have Exchange 2010 SP3. 

I have request to redirect email to external recipient which is sent from specific Email ID to DL. 

E.g. 

Sender@sender.com sending email to DL@abc.com should be redirected to external@external.com 

I created rule but it is not working. Actually I didn't not find Condition "Sent to DL"  so I used condition "sent to member of DL" and defined action.

I checked tracking logs and found that event ID "Fail" source "Agent" source context "Transport Rule Agent" 

Can you please help me here to achieve above requirement?   

  

Thanks, Chinmay.

Three server relay

July 2, 2019, 9:09 am
$
0
0

Let me explain the issue because there are two of them (we think).

We have three exchange servers.

A. Exchange 2007 (in a WS2008 AD)

B. Exchange 2013 (in a WS2012 AD)

C. Exchange 2019 (in a WS2019 AD)

There are several domain names on server B, but only one domain that is shared between all three servers.

For over a year, A and B shared a domain, then C was installed this year (two weeks ago).

None of the servers are in the same AD.

External mail for the sharedomain.com comes to B.

If it gets mail for users that aren't on B it relays to A.

When someone on A sends e-mail to a user not on A it gets relayed to B.

Once C was introduced, C was told to forward to B, B still to A, and A changed to forward to C.

It was working for a couple of days then stopped.

Also, server C will not send any e-mail at all, even though the logs say e-mail is being handed off.

Even Hotmail is not receiving e-mail from server C.

Also we're assuming that B stopped receiving from C but can't show it.

Any help is appreciated.

Alert from Microsoft Forum

Search

Add new port 587 binding to IIS on exchange DAG servers..

May 13, 2020, 5:38 am
$
0
0

Hi all,

I have a request from the APPs team, they want to implement a new application and the vendor requires a new binding in IIS for https:587 and for it to use my signed exchange server certificate.

I've added the new binding to the default website, restarted the default website and restarted the exchange services on all 3 DAG member servers.

After this all inbound mail from my "smarthost" service stops coming in and just queues up in the cloud service.

Also my MFD devices which use an internal SMTP Relay connector on port 25 stop working?

Removing the binding and restarting the exchange services brings mailflow back to life.

What am I missing? Do I need to reboot the mailbox servers after applying the new binding?

Does mail flow work for disconnected mailbox?

May 28, 2020, 7:32 am
$
0
0

Hello,

Disconnecting Mailbox will put it in disabled state and exchange retains the mailbox in mailbox database. My questions are:

Q1) After disconnecting the mailbox, if someone send emails to that disconnected mailbox then will those emails be delivered to Inbox of disconnected mailbox?

Q2) Will those emails be visible in Inbox after reconnecting the mailbox to same user as well as different user?

Q3) Does mail flow work for disconnected mailboxes?

Please explain and reply specific to all questions.

Kindly share official Microsoft support link or article that explains this scenario.

Edge Server in Hybrid

June 4, 2020, 5:30 pm
$
0
0

Hello everyone,

I have an Hybrid Exchange 2013 environment with Edge Server and an Antispam.

I will change my Antispam and I change the smarthost in Edge pointing to the new antispam´s IP I notice the following error on emails stuck on queue:

The error was: 421 4.4.2 Connection dropped due to SocketError." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 104.47.59.138:25};{FQDN=mydomain.mail.protection.outlook.com};{IP=104.47.59.138}]”.

I need a help for this question:

since I have an Edge Server, I have to change the smarthost pointing to the new Antispam´s IP, remove the subscription, create a new subscription, then run the HCW (Hybrid Configuration Wizard)? Do I have not to change the Receive Connector, only the Send Connector, is that right?

As per I know, we cannot use a public certificate in Edge server so I do not change the self-signed certificate used in connector, right?

If anyone can help me, I appreciate.

Thank you.

Best Regards.

Size limit just for a specific domain

June 24, 2020, 5:11 am
$
0
0
Hi guys,

Please, can I limit the sending of email only to a specific domain?

In my organization today I have a general sending limit of 30MB, but I would like to create a rule to limit the 20MG to just one organization.

Is there a possibility?

Thank you

seeing the logging from a receive connector

June 24, 2020, 9:08 am
$
0
0

We have this situation.

A program on a server in the lan uses the internal Exchange Server 2013 (same lan) via a receive connector.

That program sends a mail to the user who is logged on in that program and to an external email address. It does this via a receive connector we created.

We have now set the logging to -verbose on that receive connector which let the program use the mail server.

When we go searching via the EMC in mail flow and then delivery reports (+ the correct mailbox) we don't see the mail send to the user although the user has received the mail. And the sending to the external mail address is also not noticable.

But when we do a search via the powershell with the command we see the message, indeed. So there must be a difference.

That is my first question.

My second question is:

What is the correct way to see if a message has been delivered to an external mail address? I know we only can see "delivered" but were can we see that? And can we see that through the specific receive connector or through the send connector? Because when a program is using a receive connector do we have to use the logging of the receive connector or do we have to use the send connector logging? The send connector logging is not configured with -verbose, so none.

And third question and last is:

What does that error means? Was the message send or not?

Kind regards

Kurt

Viewing all 2249 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>