Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 4172 articles
Browse latest View live

Domains

July 19, 2018, 4:09 am
$
0
0

I have a new client running exchange 2013, with one IP address

so far it has been set up to send and receive emails for over 70 domains and is still increasing

his office has about 100 users in it some send/receive only for 1 domain while others are on multiple domains a few are on all domains.

1. is there a maximum amount of domains that can be added

2. is this really a sensible idea to do it this way or can anyone suggest a better way

3. can I create PTR records for reverse DNS for all domains

Search

Exchange 2013 - SMTP service hangs and stops receiving emails when using all IP ranges

July 20, 2018, 10:16 am
$
0
0

Hello Everyone..

I'm new to the exchange world and was given a project to upgrade our exchange 2007 server to 2013 then eventually to 2016, but I've run into some issues. 

I'm currently running Exch13 (CU20) in coexistence with 2007 on a windows server 2008 r2 (hyper-v), and both the CAS and MBX roles are on one server.  

My issue is that when I try to receive mail on the new server using the default receive connectors with all IP ranges, the SMTP service on port 25 will hang.  I can telnet to it for maybe a minute and still get the 220 banner, but then after a short time it stops receiving the banner.  When I run a netstat on the server, I can see the connection is established but not dice on the banner, and the emails stop coming in.  Also when I run netstat I only see the frontend transport service connecting to port 25. 

The only way I can receive mail right now is to have a dedicated frontend connector to the 2007 server which is currently receiving all the mail and sending to mailboxes on 2013. Once I switch to the default frontend connector with all IP ranges, everything just stops. So it doesn't make sense that 1 IP address will keep the service up, but all of them suddenly brings things to a halt. 

Any help would be appreciated, and apologies if I'm not making sense on my question.

REPORT ON UNDELIVERED EMAIL

July 11, 2018, 2:15 am
$
0
0

Good day Sir/Madam

The Supplier that send us email and get the below undelivered message can I be assisted in this regard:



Email stuck in inbound Queue Exchange 2013

April 11, 2013, 12:36 pm
$
0
0

I am so close I can taste it! Argh.

I just built a new 2013 server, I can send outbound to domains fine, but when I try and reply I'm seeing the email stuck in the queue.  I'm running this on a server 2012 box.  all the BPA's seem to be checking out fine.

I'm new at this, sorry and thank you for those who assist!

Jeff

Exchange 2013 can't send email to external users such as xxx@outlook.com

July 12, 2018, 9:18 pm
$
0
0

Hi Experts,

I have configured an Exchange server 2013 in an Azure virtual machine for test purpose. However, I can't send email to ANY external users such as xxx@outlook.com. I run the powershell  get-queue |fl. Here is the error. Any ideas?


Outlook 365 user didn't receive emails for over 4 hours but was able to send

July 23, 2018, 7:38 am
$
0
0
Hi, I have an O365 user that came in one morning with about 10 new messages from the afternoon before. She had left at 4:30 the day before and didn't have anything in here inbox after 12:02 p.m. but messages after that showed up the next morning. She was able to see emails coming in during that time in her shared mailboxes and was able to Send emails during the afternoon when she didn't receive emails. The emails she didn't receive till the next day were delivered on time according to exchange and in some cases other internal users did get the same emails when they were copied in the emails. We have one 2010 SP2 Exchange server on site, our users are using O365 Business on Windows 10 PCs. I haven't been able to find anything that would explain this does anyone have any ideas?

Exchange 2013 transport service won't start

July 23, 2018, 1:06 pm
$
0
0

Hi,

I have a 2013 cu21 server and after a restart 2 days ago the transport service tries to start and then hangs at stopping. De queue folder was empty and there was a folder messaging.old- folder in it. Probably tried to fix a corrupted database but now it keeps nesting folders with messaging.old even when I delete thos folders it  will not created me a new mail.que.

error message in eventlog :

Faulting application name: edgetransport.exe, version: 15.0.1395.0, time stamp: 0x5ad83f47
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0xe0434352
Fault offset: 0x00000000000095fc
Faulting process id: 0x6f9c
Faulting application start time: 0x01d422b2c787650b
Faulting application path: D:\Program Files\Microsoft\Exchange Server\V15\Bin\edgetransport.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 061d7d10-8ea6-11e8-80e3-00155d4e3104
Faulting package full name:
Faulting package-relative application ID:

tnx in advance

User not able to send from an alias email address

July 23, 2018, 12:19 am
$
0
0

Hi there,

We have an exchange server 2012 fully patched that is rejecting emails that the user sends from an alias that is attached to his mailbox. The error is one that is associated with a mailbox that has been shared, however it is his own mailbox (which is rather strange). He receives emails to the alias without an issue.

The alias has a different domain that his primary email, but there are users that are using that domain as their primary email without an issue. I have even tried to setting permissions to him for his own mailbox, but sill get the following rejection message.

The following recipient(s) cannot be reached:

 

      'Andrew' on 23/07/2018 1:17 PM

            This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified user. Error is [0x80070005-0x0004dc-0x000524].

 

I would really appreciate it if someone could give me some insight.

Thanks

Andrew

Search

Shannel 36887 - Missing Certificates in Trusted Root Certificate Authority Store

July 24, 2018, 9:01 am
$
0
0

Hi All
I recently expanded from a single Exchange 2013 server to a 4-node exchange DAG with Server 2012R2 Exchange 2013. I have a GoDaddy cert installed on all 4 servers for IIS, SMTP etc. 

I have noticed that on the 3 new Exchange servers I am getting:

Shannel 36887 - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48.

This is re-creatable and every time my cloud mail gateway/filtering service attempts to relay inbound emails to the exchange servers using “Certificate Verification”. The cloud service error is “Peer certificate not verified”. With this verification check turned off the Shannel Error doesn’t happen. 

The original server does not have this issue however and I am trying to figure out what the difference is. I have done some research on 36887-48 and can see:

“Received a valid certificate chain or partial chain, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known, trusted CA. This message is always fatal.”

I have compared the Trusted Root Certification Authorities in the mmc console and can see that the working server has 5 GoDaddy CA certs:
GoDaddy Class 2 Certification Authority – Server Authentication
GoDaddy Class 2 Certification Authority - <All>
GoDaddy Root Certificate Authority – G2 – Serve Authentication
GoDaddy Root Certificate Authority – G2 – <All>
GoDaddy Secure Certificate Authority – G2 - <All>

The 3 other servers have just 3, with the below 2 missing:
GoDaddy Class 2 Certification Authority – Server Authentication
GoDaddy Root Certificate Authority – G2 – Serve Authentication

When I imported the certificate into the 3 new exchange servers, I just used the Exchange Admin Centre import GUI – I don’t remember manually installing any intermediate certs. Are those 2 missing CAs what’s causing the issue? What is the best way to import them? Other than this issue, I do not have any other certificate issues that I am aware of

Thanks

Digicert and sent items

July 26, 2018, 7:13 am
$
0
0

I have implemented Digital Signing and I just noticed that in my sent items folder, the e-mails are displaying a yellow lock in the icon column.  All sent items stay with a yellow lock all day.  The next day they will display with the red ribbon.  Does anyone know why? I currently cant send a pic. 

Outbound messages from Exchange show internal mail server FQDN

July 26, 2018, 3:16 pm
$
0
0

Hi

I have noticed that the internal FQDN/computername shows up as the 'received from' server when I check the headers of an email sent from my Exchange servers.The reason I am investigating this is because I am trying to set up some TLS verification rules between Exchange and a cloud based mail gateway/filtering provider (Forcepoint/Websense). One of the checks is that the certificate common name matches the server which the 3rd party is relaying emails to. This is failing and I can see in the headers the internal FQDN which obviously doesn't match the common name in the cert.

Gmail header looks like this:

Received: from internal.FQDN (192.168.1.5) by internal.FQDN (192.168.1.5) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 26 Jul 2018 20:39:46 +0100

Received: from internal.FQDN ([fe80::d52a:de6e:91b0:6504]) by internal.FQDN ([fe80::d52a:de6e:91b0:6504%13]) with mapi id 15.00.1395.000; Thu, 26 Jul 2018 20:39:46 +0100

Is there a way i can change the received from address? I have 4 exchange servers (2013) so would need to do this on all of them.

Thanks


Exchange Server 2010 one O365 user didn't receive emails for over 4 hours

July 27, 2018, 6:06 am
$
0
0
Hi, I have an O365 user that came in one morning with about 10 new messages from the afternoon before. She had left at 4:30 pm the day before and didn't have anything in here inbox after 12:02 p.m. but messages after that showed up the next morning. She was able to see emails coming in during that time in her shared mailboxes and was able to Send emails during the afternoon when she didn't receive emails. The emails she didn't receive till the next day were delivered on time according to exchange and in some cases other internal users did get the same emails when they were copied in the emails. We have one 2010 SP2 Exchange server on site, our users are using O365 Business on Windows 10 PCs. I haven't been able to find anything that would explain this does anyone have any ideas?

Exchange issue with one external domain

July 13, 2018, 8:15 am
$
0
0

I have a strange issue with our 2013 Exchange. All internal users are getting these return errors if they send to one ( and only one) external domain. These emails work from personal email ( yahoo, gmail... etc.. )

The trouble domain email is hosted on googlemail and we are running an exchange server locally for our domain. 

The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message. If the problem continues, please contact your helpdesk

However, if I create a email contact in exchange, it works flawlessly. Far as I can tell, this error is on our exchange server. I can email these users from my personal email so I know they are valid addresses. 

done all exchange server diags I could find after some internet searches telnet email, ( failed ) test-emailconnectivity cmdlet etc.... with no success.

nslookup results:

C:\Windows\System32>nslookup -type=mx xxxxxx.org
Server:  Our Internal DC
Address:  172.x.x.x

Non-authoritative answer:
blacksburgrescue.org    MX preference = 1, mail exchanger = aspmx.l.google.com
blacksburgrescue.org    MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
blacksburgrescue.org    MX preference = 10, mail exchanger = aspmx3.googlemail.com
blacksburgrescue.org    MX preference = 10, mail exchanger = aspmx2.googlemail.com
blacksburgrescue.org    MX preference = 5, mail exchanger = alt1.aspmx.l.google.com

aspmx.l.google.com      internet address = 173.194.X.X
aspmx.l.google.com      AAAA IPv6 address = xxxxx
alt2.aspmx.l.google.com internet address = 209.85.X.X
alt2.aspmx.l.google.com AAAA IPv6 address = xxxxxx
alt1.aspmx.l.google.com internet address = 64.233.X.X
alt1.aspmx.l.google.com AAAA IPv6 address =xxxxxx

not sure where to go from here. I am not creating 200 plus exchange email contacts to make it work.

Can anyone point me where to look to correct this issue?

Thanks,

JD


Error Exchange 2013 + Exchange Online

July 30, 2018, 12:15 pm
$
0
0

I am having a problem where the user who has access to the shared mailbox that is in the microsoft exchange online is trying to send an email with an attachment to the users of the local mailbox, but this one is returning with error.

This message could not be delivered because it is too large. The limit is 800 KB. This message is 11940 KB


Remote Server returned '550 5.2.3 RESOLVER.RST.SendSizeLimit.Sender; message too large for this sender'<o:p></o:p>


Remote Server returned '550 5.2.3 RESOLVER.RST.SendSizeLimit.Sender; message too large for this sender'<o:p></o:p>

Routing Address - Hybrid Scenario

July 30, 2018, 8:55 pm
$
0
0

Hello everyone.

We have a specific user with some SMTP adress problem.

He's a Remote Mailbox user and he only receives emails in his routing address (%@#@domain.mail.onmicrosoft

If I send an email from an external domain in his SMTP primary: user@domain . com, the NDP returns that the outlook didnt find the user.

But, If i send an email from the internal domain in his SMTP Primary, he receives it.

I've been looking ADSI and 365 Exchange options, didnt found anything.

Some ideas?

Remember: only one user has this problem. We have +3000.

Thanks!

Search

Email forwarding from One exchange forest to another results in SPAM

July 31, 2018, 3:27 am
$
0
0

I have set up email forwarding on testmailbox@abc.com (Which is a separate exchange forest) towards testmailbox@xyz.com (O365 hybrid different forest).

Condition-1: - If i send an email from Gmail to testmailbox@abc.com which is then forwarded to testmailbox@xyz.com successfully but is considered as Spam

Condition-2: - If is send an email from any mailbox located in abc.com forest, it gets delivered in inbox

Condition-3: -If i send any email from Gmail to testmailbox@xyz.com, it gets delivered in Inbox

Questions: - What i can do to have emails from gmail routed to abc.com domain later forwarded to xyz.com land in inbox?

Exchange 2013 On Prem - OOTO / NDR Replies Fail DMARC Authenication Outbound

June 8, 2018, 10:51 am
$
0
0

Overview - 3 On Prem Installations of Exchange 2013 on Server 2012 R2 in a DAG configuration. All exchange boxes are running build 1367.3.

Issue - Automatic Replies (Out of the Office) and NDR responses from users are failing DMARC checks on the receiving end / being bounced. This is because the Return-Path header value and Mailfrom header values of both NDR and Automatic replies are set to null or <>. This results in the DMARC not having a domain to query against, so the DMARC fails all checks and the recipient domain bounces the email. 

The reason why the headers are set to null is because of RFC 2298 - this makes sure that the automatic replies / NDRs do not keep going back and forth, creating an email loop that could potentially bring the servers down. However, RFC 2298 forces RFC 5321 MailFrom header as <> or null, which doesn't give a DMARC policy anything to pull its query from, thus the DMARC fails and the email is bounced. To visualize this -

NDR/OOTO Response:

MailFrom: <>

From:Email@domain.com

HELO/EHLO: mail.outboundsmtp.com

DMARC Fails

Normal Email:

MailFrom: Email@domain.com

From: Email@domain.com

HELO/EHLO: mail.outboundsmtp.com

DMARC - Passes - the policy has a RFC 5321 header to pull its information to query DNS and passes. 

The reason the DMARC policy is pulling from the 5321 header is to help prevent spoofed emails, where the envelope header may possibly be spoofed, which would then pass the DMARC check, allowing a spoofed email into the domain. 

My question is for anyone that has a strict reject 100% or quarantine 100% DMARC policy, how did you overcome this? Are you just allowing your NDR/OOTO replies to be bounced / rejected?

I've tried 2 solutions. Main idea behind my solution was to remove the null value or <> and replace it with a donotreply@domain.com address so that the DMARC has a RFC 5321 header to run against, thus both RFC 5321 and 5322 domains would technically align and pass the DMARC query.

1. We use mimecast as our email gateway / filter. I've tried to create an address alteration policy going outbound looking for <> as the header value to then input donotreply@domain.com into the header, but mimecast cannot detect the <> value in the header because it is technically null or blank. Using a "null" value doesn't work either. You cannot leave the value blank because some type of syntax is needed for the policy. Opening a ticket with mimecast, L2 engineers confirm that it is working as expected and this is a Microsoft / on prem deployment issue. 

2. Attempting to use a transport level policy to insert a donotreply@domain.com address into the header doesn't work either. I believe something in exchange is preventing the transport policy from executing. The policy I configured was anything with subject"Automatic Reply" or "Undeliverable" change header property of "Return-Path" to "Donotreply@domain.com" and "MailFrom" to "donotreply@domain.com. Doesn't work and tests to google / gmail do not pass dmarc still and show null values. 

For reference, I found 2 other issues on technet with the same issue. One solution proposed was to use an outside tool to manipulate the emails going outbound to rewrite the headers so that the DMARC has something to run against. Link here: https://social.technet.microsoft.com/Forums/en-US/9d17cd55-36b0-4d00-8114-d7f1e54fc725/dmarc-test-fails-on-out-of-office-replies-but-not-on-regular-emails?forum=Exch2016MFSM. Another extremely well explained post is here: https://social.technet.microsoft.com/Forums/en-US/51519377-48f5-4833-ac0d-4128eaf9c25e/how-do-you-setup-dmarc-to-allow-null-returnpath-rfc5321mailfrom-messages-out-of-officendr?forum=onlineservicesexchange

I cannot imagine this being intended nor do I think that a transport policy or using a third party tool to correct this is a real fix, but a work around for the issue. 

Any help is appreciated. 

Cheers,

Jason

Exchange - blocked SMTP communication to Domain Controller

August 3, 2018, 1:36 am
$
0
0

Hello,

I have a problem with blocked SMTP communications from Exchange Server to domain controllers.Do not you know why Exchange Server wants to communicate using SMTP with a controller? 

Thanks for help

Mail being Queued because server busy for hosted Microsoft Domains

August 3, 2018, 2:09 pm
$
0
0
Today I noticed that mail for dozens of domains that are hosted on microsoft were sitting in the que with 451 4.7.500 Server busy. In checking the mx records they all were company name then mail.protection.outlook.com. Then they would just go out after awhile. Sending emails to any other companies not hosted with microsoft, zero issues. This is 8/3/18, was there corporate issues this day or is it on my end. Never seen this before till today.

Set auto reply for messages, sent to specific accepted domain

August 6, 2018, 12:26 am
$
0
0

Hi,

we have an exchange server 2013, which handles the messages for two accepted domains, let's call them domain1.com and domain2.com. This occurred after the acquisition of another company, which domain is domain2.com. I want to set an auto reply message for all recipients, so that when an external sender sends messages to @domain1.com an auto reply message to inform the sender, that after three months the domain @domain1.com will be no longer available and all the messages, sent after this period must be send only to @domain2.com. I have tried to do this via transport rule, but I did not find where to put the text on "Actions" step. Does anybody know to complete this scenario? Just to mention that setting up an Outlook rule is not an option, because it is mandatory auto reply messages to be sent even if Outlook is not started.

Thanks in advance.

Viewing all 4172 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>