Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 2249 articles
Browse latest View live

CAS -> Edge Transport Failure

October 29, 2014, 8:05 am
$
0
0

All,

So I'm trying to send mail from inside -> Internet, and my messages are getting stuck in the queue saying "451 5.7.3 Cannot achieve Exchange Server Authentication."

This is a brand new Exchange setup, brand new receive connector created by default.

All of my edgesync stuff works fine. I can start-edgesync, works great. No errors. No failures.

I thought it may have been the TLS certificate (I initially had the original self-signed cert).

The only thing I'm wondering is if it's failing because I applied my single unified cert to this server (the same cert I'm using for OWA/Autodiscover/etc). I put the 'smtp.contoso.com' in the SAN field.

I can SEND mail from the outside just fine. It shows up in my internal mailbox. So Edge -> CAS/Hub is working great.

Pretty standard setup.

2x Dual Role CAS/MBX boxes in a DAG

1x Edge Transport in DMZ

No firewall between CAS/MBX servers

Firewall between CAS/Edge

Ports open between CAS/Edge:

2525 (bidirectional)

25 ( bidirectional)

50389 (CAS -> Edge)

50636 ( CAS -> Edge)

Search

Exchange 2010 External Message SLA

October 27, 2014, 8:42 am
$
0
0

Hi Team,

I have a question. I have 4 mailbox and 2 CASHT exchange 2010 in HQ site. all Mailbox active at HQ

I have +- 5000 Mailbox and have 150 send/receive message per mailbox average. I also configured alerting tools that count outgoing mail from internal to external roundtrip

my alerting tools send alert with details internal to external message more than 2 sec consume time.

when I check in tracking log. its true, the message need 2 sec to deliver message to external smtp gateway

so my question is. is this appropriate condition, the message send more than 2 sec?

is this condition still meet exchange SLA? if yes I will adjust my alerting tools to extend more second

im sure there are no performance issue in my HT server. I already trace

please help :)

thanks

event 9217 source MSEXchange Tansport

October 21, 2014, 6:48 am
$
0
0

 I have exchange 2010 and I got error with event number 9217 source MS Exchange Transport 

More than one Active Directory object is configured with the recipient addressIMCEAEX-ADCDisabledMail@mydomain. Messages to this recipient will be deferred until the configuration is corrected in Active Directory

how can fix the problem ?

Issue with send on behalf of

October 23, 2014, 7:17 am
$
0
0

New poster here so I'm not sure that I'm posting in the correct forum...

I have an issue I've been wrestling with but I've not had any success trying to resolve it. I have one user who is trying to forward a contact to someone. When he right clicks and selects "Forward Contact as Outlook Contact" he gets a bounce back message immediately saying "He doesn't have permission to send on behalf of this user". The kicker here is the person that it says he doesn't have permission to send on behalf of is WHOEVER is in the to field when he sends it. This is true for any email address I've tried. If you forward as a buisness card instead of outlook contact, it works fine. I have exposed the from field and he is listed as the from address. This is Outlook 2010 on Exchange 2010.

I'm scratching my head here. He has no access to send on behalf of anyone. I've even went as far as to re profile his Outlook with a new profile and allowed it to re download.

Any ideas on where to start with this?

EDIT: Same as the issue described here: http://community.spiceworks.com/topic/211697-can-t-forward-contacts-in-outlook-2010-in-an-exchange-2010-environment

It was unresolved in this post.

Can I create a Transport rule with condition of "If recipient address (support@contoso.com) is bcc, then silently discard" ?

October 22, 2014, 2:44 pm
$
0
0

I need to create a rule that will take any email that was sent to recipient support@contoso.com as a Blind Carbon Copy recipient, and silently discard it.  We should never receive mail from the outside from senders that bcc our support email address. It is always spam and can easily be filtered, but from what I read, Exchange 2013 doesn't come with the ability to use bcc recipient to create a condition with.  I read there may be some 3rd party solutions, but I can't find any.  Please suggest the best solution to this trivial non-feature of Exchange 2013 that should come included out of the box.

Thanks,

Keith

DNS SPF Bounce Back Issue

October 24, 2014, 9:51 am
$
0
0
Hello,

I am trying to send an email from IP: 64.32.183.2 to email: megan.faillace@corepoweryoga.com and get this bounce back email.

Do any of you know what I need to create on the TXT record for the DNS? I've created an SPF record but still get an error message.

See the testconnectivity results below. Any help would be appreciated!


Performing Outbound SMTP Test
  The outbound SMTP test failed.

Additional Details

Elapsed Time: 24104 ms.

Test Steps

Attempting reverse DNS lookup for IP address 64.32.183.2.
  The Microsoft Connectivity Analyzer successfully resolved IP address 64.32.183.2 via reverse DNS lookup.

Additional Details

The Microsoft Connectivity Analyzer resolved IP address 64.32.183.2 to host smtp.wemanageproperties.com.
Elapsed Time: 86 ms.
Performing Real-Time Black Hole List (RBL) Test
  Your IP address wasn't found on any of the block lists selected.

Additional Details

Elapsed Time: 23609 ms.

Test Steps

Checking Block List "SpamHaus Block List (SBL)"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 901 ms.
Checking Block List "SpamHaus Exploits Block List (XBL)"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 872 ms.
Checking Block List "SpamHaus Policy Block List (PBL)"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 1045 ms.
Checking Block List "SpamCop Block List"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 91 ms.
Checking Block List "NJABL.ORG Block List"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 8349 ms.
Checking Block List "SORBS Block List"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 3773 ms.
Checking Block List "MSRBL Combined Block List"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 241 ms.
Checking Block List "UCEPROTECT Level 1 Block List"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 71 ms.
Checking Block List "AHBL Block List"
  The address isn't on the block list.

Additional Details

IP address 64.32.183.2 wasn't found on RBL.
Elapsed Time: 8262 ms.
Performing Sender ID validation.
  Sender ID validation failed.

Additional Details

Elapsed Time: 407 ms.

Test Steps

Attempting to find the SPF record using a DNS TEXT record query.
  The SPF record was found.

Additional Details

SPF record found: "v=spf1 a mxv=spf1 a mx a:corepoweryoga.com mx:exchange.corepoweryoga.com ip4:173.239.121.125 a mx ~all"
Elapsed Time: 87 ms.
Parsing the SPF record and evaluating mechanisms and modifiers.
  SPF record evaluation resulted in a Sender ID failure.

Additional Details

Elapsed Time: 320 ms.

Test Steps

Evaluating A Record lookup mechanism: "+a"

Additional Details

The DNS A Record lookup for IP address 64.32.183.2 found no match for domain 'corepoweryoga.com'.
Elapsed Time: 2 ms.
Evaluating A Record lookup mechanism: "+a"

Additional Details

The DNS A Record lookup for IP address 64.32.183.2 found no match for domain 'corepoweryoga.com'.
Elapsed Time: 0 ms.
Evaluating MX mechanism: "+mx"

Additional Details

No MX records for domain corepoweryoga.com matched the specified IP address.
Elapsed Time: 123 ms.
Evaluating A Record lookup mechanism: "+a:corepoweryoga.com"

Additional Details

The DNS A Record lookup for IP address 64.32.183.2 found no match for domain 'corepoweryoga.com'.
Elapsed Time: 0 ms.
Evaluating MX mechanism: "+mx:exchange.corepoweryoga.com"

Additional Details

No MX records exist for exchange.corepoweryoga.com.
Elapsed Time: 84 ms.
Evaluating IP address mechanism: "+ip4:173.239.121.125"

Additional Details

IP address 64.32.183.2 didn't match entry 173.239.121.125.
Elapsed Time: 0 ms.
Evaluating A Record lookup mechanism: "+a"

Additional Details

The DNS A Record lookup for IP address 64.32.183.2 found no match for domain 'corepoweryoga.com'.
Elapsed Time: 0 ms.
Evaluating MX mechanism: "+mx"

Additional Details

No MX records for domain corepoweryoga.com matched the specified IP address.
Elapsed Time: 108 ms.
Evaluating All mechanism: "~all"
  All mechanisms indicated a negative status.

Additional Details

Status: SoftFail
Elapsed Time: 0 ms.               

FIXED - Exchange 2013 - Can I Recreate Default Frontend Receive Connector SAFELY?

November 2, 2014, 1:40 am
$
0
0

Hi

I'm need of some urgent assistance please.

I had a fully functional Exchange 2013 server and decided to create a receive connector for a photocopier/scanner to included its static IP  port number 25.

I accidentally chose Hub Transport role and not FrontEndTransport role which appears to have messed up port 25 connectivity on mail coming in from the internet. When I stopped and restarted the Transport Service within services.msc I then got this error.

Source: MSExchangeTransport
Event ID: 1036
Task Category: SmtpReceive
Level: Error

Description: Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running properly.

I proceeded to delete the offending Receive connector for the scanner/photocopier and restart the server,  the transport service started ok this time but still I cant receive mail from the outside world.

My question: Can I delete the automatically created default Frontend "servername" connector which contains the proper settings then recreate it again with the same settings and NOT harm/delete all the users emails or the mailstore or anything bad for that matter?

I have the details on how to create the connector but just wanted to check that's its ok to remove it and re-add it again now that everything was setup and running fine. I'm hoping the recreated Connector will fix what I broke.

Appears what I have done has broken my connectivity to telnet to port 25 to the exchange server from the outside world although oddly I can telnet to the server from a command prompt on the exchange server (telnet "servername" 25) and getpresented with the exchange server responding. The tickbox for anonymous is ticked already. Port 25 already is forwarded from the firewall to the exchange server and was working fine till I made the error.

Any help is greatly appreciated. Thankyou.




Exch 2013- Spam -where does mail go?

November 3, 2014, 4:25 am
$
0
0
If Antispam is enabled in Exchange 2013, where does the Spam go?
Search

Secheduling/delaying delivery of messages of the type newsletter / informaiton mail

October 24, 2014, 6:27 am
$
0
0

Hi Everyone,

I would like to set a rule (on the transport servie maybe) to schedule the dilivery of messages sent to a big number of recipients.

I have checked around on TN regarding Throttling Policy and Transport Rules and I find a little difficult to pinpoint the right parameter to get the correct effect.

Here what I intend to do:

  • Max allowed reciepients per message, I think I found the setting  (I belive it is "Set-TransportConfig -MaxRecipientEnvelopeLimit")
  • Max number of messages sent per minute (for the whole Exchange organisation) (I think it isSet-TransportService -MaxConnectionRatePerMinute)
  • Messages that exceeds the "MaxRecipientEnvelopeLimit" are scheduled to be delivered between 2-4 am and sent in bulks for examole if a message sent to 5000 recipients, it sent only to 500 at a time. (I am aware that one could achieve this by using Outlook rules but it's not an option. This has to be achieved by the Exchange organisation)

And this is of course in Exchange 2013 env. I would very much appreciate any help!

Take care!


Getting Messge Undeliverable errors on email account that is active

October 24, 2014, 1:56 am
$
0
0

Hi All,

We are experiencing the same problem below but I don't know how to solve it in Exchange 2013.

We have an employee that is restarting his position with our company. His account was removed when he left years ago but had a contact with the email address first.last@company.us . I deleted that contact and set him up a new AD and email account. I have his account setup as the first.last@company.us, but I keep getting

"The e-mail address you entered couldn't be found. Please check the recipient's e-mail address and try to resend the message. If the problem continues, please contact your helpdesk."

I checked and the email address is listed in email addresses. One of the Alias email addresses work fine, but the one that is on his cards (the one above) does not. Any ideas?

Exchange 2013 - Anti-Spam Agents, Malware Agents

November 2, 2014, 5:19 pm
$
0
0

Hey Guys

quick question when installing the Anti-Spam agents and the Malware Agent, do I need to do the install for each mailbox sever? or just one mailbox server? I don't remember having to run the install-antispamagents.ps1 on each server for Exchange 2010.

3x Mailbox, CAS servers for Exchange 2013.

Thanks,

Robert

Robert


Exchange 2013 Receive Connectors

October 30, 2014, 7:31 am
$
0
0

Hi all, 

All of our receive connectors only have their respective local server name. Are you supposed to have your FQDN on your receive connectors in Exchange 2013? I've seen that some people say that you don't need it versus some people say that you should set it.

Thanks!

Recipient verification / matching for email contacts

November 5, 2014, 10:44 am
$
0
0

Hi everyone!

I'm facing a small annoying issue with Exchange that I'm hoping someone could have experience with... been looking all over for any hints with no luck so far.

We have a simple, single server Exchange 2010 deployment. Some time ago we federated with a partner company that has their own Exchange 2010 deployment for calendar sharing. To be able to have all our contacts on both ends, we are also using a small script that will queries for mailbox enabled users on both domains and creates corresponding email contact objects on the other side copying their name/email/etc. attributes. This is all working perfectly so far, we can see each others calendar and our address lists have our local users + contacts for the users on the remote domain.

Now, I noticed a small problem on Outlook 2013: when you send an email to a mail contact corresponding to a user on the remote domain, it will be detected correctly on the client and contact card will show you all attributes on that contact (Outlook shows display name underlined, same as it does with local users). BUT whenever those users reply or send new emails to you, they will show as pure external addresses (Outlook shows "display name <full email address>"). Contact card in that case doesn't show the corresponding additional attributes for the contact that exists with that email address assigned.

It seems as if Exchange is not matching the email address to the contact. Or it might be an Outlook thing too... not 100% sure. I read something about recipient verification that sounds related, but not exactly.

This article is the closets that I found: http://exchangeserverpro.com/resolving-anonymous-mail-gal-exchange-server-2010/, but this refers to using a separate receive conector for a particular device/IP, and what I need is really something that needs to be domain name based. Plus, although we have all their mailbox users created as contacts, there are other systems we share that generate emails coming from their domain that we will not have created as contacts on our AD...

So ideally I'm looking for a way to have inbound email from external domains go through recipient verification/detection to be matched with an AD contact that has that email address assigned, if present.

Any help is much appreciated!

Thanks,


Automatic rules to Internal distribution group failing when authentication is enabled

October 17, 2014, 2:23 am
$
0
0

Hi Forum,

I have set up a rule on a user's PC whereby when he (user@internal.com) receives an external email (from sender@external.com), it should be automatically forwarded to a distribution group (group@internal.com) with cc touser1@internal.com and user2@internal.com .

This worked well for some time until recently when it started failing. The only way we can get this working again is when we disable authentication to the distribution group (group@internal.com ). We do not want this disabled as we don't want the outside world to Spam this distribution group. No changes has been made to the system which could have caused this issue. 

Is there a way to get this rule working without disabling the authentication?

Cheers

Arvind

Personal e-mails being delivered to public folders

October 31, 2014, 7:51 am
$
0
0

We have had several instances of personal emails that have been exchanged between users showing up inside of our public folder structure. One of the emails was between administrators so it was fairly personal. Is there anything that I can look at for mail flow into public folders?

Search

Create Transport rule for restrict message size and send a rejected message CC: to Administrator

November 1, 2014, 10:28 pm
$
0
0

I want to create a Exchange Transport rule for message size restriction (10 MB) when message size is exceed to 10 MB it rejected by the Exchange server and also rejected message CC: to Administrator. I also create it but unable to configure rejected message CC: to Administrator. Thanks.

Babu

Public Folder Assistant Forwarding

October 31, 2014, 10:38 pm
$
0
0
We recently migrated from Exchange 2007 to Exchange 2013. Since migrating the forwarding rule created using the Folder Assistant are not working. The issue only seems to be with the Leave Message Intact option. The other two options forward messages just fine. I'm at CU6.  Does anyone have a solution for this issue?

Pulling email addresses from a mailbox

November 3, 2014, 1:04 pm
$
0
0
I have a request from a client to extract email addresses only from all senders to a marketing mailbox. the purpose is to use just the addresses and create a marketing distribution list. The mailbox has been in use for over a year and has thousands of emails from different sender's. Would anyone have a trick to query the box and get a list of just sender's addresses from the inbox?

Exchange 2013 - Mail left at ISP-how to retrieve

November 2, 2014, 3:48 pm
$
0
0

Using Exchange Server 2013 for about 2 months with both roles on one server.  Anti-spam is disabled and we have no other spam filters presently. We have the default connectors for Sending and Receiving via MX records. Our ISP (Time Warner) host our email. We began to notice some emails had not been received for a couple of our 10 users, so we logged into the web interface for the mail box of just one of our users to check if anything was in the Inbox. Sure enough, there were actually several emails over that 2-month period that the user never received. We have not checked other users yet but suspect that they have emails left there too.

1. It seems that if our Exchange Server doe snot Receive the emails, they remain at the ISP. How to we determine why this happened? What should we check in our configuration, etc. 

2. How do we retrieve the mail now setting at the ISP in the user's Inbox? We use Outlook 2013/2010 as email client for users.

Thanks!


SMTP Open Relay on Exchange 2013

November 11, 2014, 9:31 am
$
0
0

Hi,

I'm getting exhausted with my new Exchange 2013, I Installed it as CAS and Mailbox role on a new server, everything is fine, it was integrated well with my DC, publish it on Internet (MX pointing), people also can send/receive email, but the problem is the SPAM, i checked my server at mxtoolbox.com and I found the the SMTP Open Relay - May be an open relay.  I test telnet from outside to my exchange server using port 25, and I found this message:

220 xxxxxxxxxxxxx.com Microsoft ESMTP MAIL Service ready at Wed,  12 Nov 2014 00:22:13 +0700

then I try to configure POP configuration in outlook client and SMTP server using the Port 25, and it can send email, and now google start blocking our domain, I tried to find any article regarding this issue, but couldn't find the solution

fyi, the receive connector is still default and only add the send connector using the microsoft reference.

anyone can help me? pls.  can I block the Port 25? tried it already, the email from other external domain is stop coming.

thx

Viewing all 2249 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>