I have seen some threads about exception in transport rules not working. I have Exchange 2010 and now migrating mailboxes to Exchange 2013. I have a rule running with exceptions but the same rule now does not work on the mailboxes I have migrated to Exc 2013. So I decided to create a similar rule in EAC but still the exception does not. Is this kind of bug or what. Actually what I have done is created a rule to append the Disclaimer in the emails sent, but when an internal user receives the email and replies, it should not append the email again, and this has and is working with my users still in Exchange 2010 mailboxes.

Hi All,

We have a few users, where email is being bounced back with a NDR to the senders. Below is what we are receiving.

IMCEAEX-_O=ING+20GROUP_OU=Common+20Administrative+20Group_cn=Recipients_cn=*************

Remote Server returned '550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found'

We've been troubleshooting this and seems like that tehir is a issue with the X.500 address, and found plenty of sites which talk about this.

We've cleared the cache address of users sending emails to user A with the above issue.

We've also followed solutions from the following sites:

https://amagsmb.wordpress.com/2014/03/06/getting-ndr-remote-server-returned-550-5-1-1-resolver-adr-exrecipnotfound-not-found-for-existing-user/

http://mostlyexchange.blogspot.com.au/2007/08/exchange-2007-legacyexchangedn-and-mail.html

http://exchangeitup.blogspot.com.au/2014/07/exchange-2010-bounced-email-error-550.html

and even using this script

cls

Function CleanLegacyExchangeDN ([string]$imceaex) {

    #IMCEAEX Example: IMCEAEX-_O=ING+20GROUP_OU=Common+20Administrative+20Group_cn=Recipients_cn=*************"

    $imceaex = $imceaex.Replace("IMCEAEX-","")
    $imceaex = $imceaex.Replace("_","/")
    $imceaex = $imceaex.Replace("+20"," ")
    $imceaex = $imceaex.Replace("+28","(")
    $imceaex = $imceaex.Replace("+29",")")
    $imceaex = $imceaex.Replace("+2E",".")
    $imceaex = $imceaex.Replace("+21","!")
    $imceaex = $imceaex.Replace("+2B","+")
    $imceaex = $imceaex.Replace("+3D","=")
    $regex = New-Object System.Text.RegularExpressions.Regex('@.*')
    $imceaex = $regex.Replace($imceaex,"")
    $imceaex # return object
}

$ExPowerShellPath = $env:ExchangeInstallPath + "bin\RemoteExchange.ps1"

#region "Check Powershell Version and Load in Exchange 2013 Poweshell Snap-In"

if ((Get-Host).Version.Major -eq 1)
{
    Write-Output "$CurrentDate --> Powershell Version 1 is not supported `n" | Add-Content $LogPath
throw "Powershell Version 1 not supported";
}

if (!(Get-Command Get-ExchangeServer -ErrorAction SilentlyContinue))
{
if (Test-Path $ExPowerShellPath)
{
. $ExPowerShellPath
Connect-ExchangeServer -auto
} elseif (Test-Path "C:\Program Files\Microsoft\Exchange Server\bin\Exchange.ps1") {
Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Admin
.'C:\Program Files\Microsoft\Exchange Server\bin\Exchange.ps1'
} else {
throw "Exchange Management Shell cannot be loaded"
}
}

#endregion


#region "Main"

$CurrentMBXUser = Read-Host "Enter User affected by (UserAccount) "
$IMCEAEXAttrib = Read-Host "Enter the users IMCEAEX, this is found on the NDR "

$userLegacyDNIssue = New-Object PsObject
$userLegacyDNIssue  | add-member MBXAccount $CurrentMBXUser
$userLegacyDNIssue  | add-member IMCEAEX $IMCEAEXAttrib

$exchangeLegDN = CleanLegacyExchangeDN($userLegacyDNIssue.IMCEAEX)
$x500address = "X500:$exchangeLegDN"

    # check what recipient type is
    $recipientType = (Get-Recipient $userLegacyDNIssue.MBXAccount).RecipientType

    # format command appropriately
    switch ($recipientType) {
        "DynamicDistributionGroup" {$command = "Set-DynamicDistributionGroup `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
        "MailUniversalDistributionGroup" {$command = "Set-DistributionGroup `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
        "MailUniversalSecurityGroup" {$command = "Set-DistributionGroup `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
        "UserMailbox" {$command = "Set-Mailbox `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
        "MailUser" {$command = "Set-MailUser `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
        "MailContact" {$command = "Set-MailContact `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
        "PublicFolder" {$command = "Set-MailPublicFolder `"$($userLegacyDNIssue.MBXAccount)`" -EmailAddresses @{Add=`"$x500address`"}"}
    }

    # output command to console
    $command

#endregion

Seems like nothing is working.

Any help on this would be great.

Hi, Guys

For exchange 2013/ exchange online, I know it is easier to have external scanner to scan inbound/outbound email , but i don't know if it is possible to have internal email was scanned by external MTA before deliver to internal recipients. anyone know how to  achieve this and if the MTA can change email content?

please advice urgent from where this can be done , thanks very much!!

Hi Friends,

Here is the scenario.

I want to relay emails from WebServer (Placed on Internet) from Exchange 2013 SP1 CAS Server, but when I am trying to add permissions I am getting following error message, Connector Not Found, CMD looks connector on MB Server (Highlighted in Blue), whereas I have added Connector on CAS Server, please help me to troubleshoot the issue.

Best Regards, Ranjit Singh

Hello, dear Fellows,

We use an Exchange2013serverto relaytwoweb applicationsvia a Front-End Transport Receive Connector, properly configured.
All messages sent by the ASP Web Application, are receivedby all the recipient domains.
But somes messages sent by the PHP Web Application are not receivedby some Domains, remaining within the queue, with error messages:
554 5.4.4 SMTP.SEND.DNS.NonExistentDomain;non existent domain
451 4.4.0 Primary Target IP responded with 421 4.7.0 "ServerName" Too many errors "Cannot achieve “Exchange Server authentication”.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts…"

Do you think this is a PHP problem, or an Exchange problem ?
Thanks for your answers

Djamal Belouizdad
Exchange Administrator

Has someone seen this issue?

I have a mixed environment with Exchange 2010 and 2013. I am currently working on getting Exchange 2013 up and running in the environment. Exchange 2010 is fully functional. Here is the issue I am having. 

Here is how the emails are flowing. I have a primary site and a DR site. 

1) Emails from my SMTP Gateway hit the Exchange 2010 CAS Server (Receive Connector)
2) Email goes to Exchange 2013 CAS Server located at the DR Site (SMTP Relay to Remote AD Site)
3) RecipientStatus         : {452 4.3.1 Insufficient system resources}
ConnectorId             : Intra-Organization SMTP Send Connector
ClientHostname          : Exchange 2010 CAS
ServerIp                : IP
ServerHostname          : Exchange 2013 CAS
SourceContext           :
ConnectorId             : Intra-Organization SMTP Send Connector
Source                  : SMTP
EventId                 : DEFER
InternalMessageId       : 10
MessageId               :
Recipients              :
RecipientStatus         : {452 4.3.1 Insufficient system resources}
TotalBytes              : 3844
RecipientCount          : 1

4) Exchange 2010 (Retry)
5) Email goes to Exchange 2013 CAS Server located at the DR Site (SMTP Relay to Remote AD Site)
6) RecipientStatus         : {452 4.3.1 Insufficient system resources}
ConnectorId             : Intra-Organization SMTP Send Connector
7) Exchange 2010 (Retry)
8) Email sends through Exchange 2010 CAS Server

ServerHostname          : Exchange 2010 CAS Server
SourceContext           :
ConnectorId             : Intra-Organization SMTP Send Connector
Source                  : SMTP
EventId                 : SEND
InternalMessageId       10
MessageId               :
Recipients              :
RecipientStatus         : {250 2.1.5 Recipient OK}

I have engaged Microsoft and there are no indications of Back Pressure and no events in the Event Viewer indication errors. The CAS Server currently has 8 GB of memory which is enough because the CAS server is currently doing nothing because I'm still using Exchange 2010 in the environment. This only happens during (SMTP Relay to Remote AD Site).

Hello all-

I have inherited a hybrid environment with many websites and an onsite centralized (linux) mail server. we have moved our organizational mail to Office365 and I have added all my relevant domains into the Admin console of O365. My goal is to decommission the onsite mail server. I have some onsite LOB devices that have created inbound connectors for, and they work fine.

So then the question is:

If I have an onsite webserver (linux) that is the same domain name as a registered domain in O365 running sendmail or postfix with applications using that for mail, can I just point that at the EOP FQDN and be done with it, or do I have to additionally create an inbound connector to tell EOP it's ok to receive and send email from that server?

Example:

Onsite server hosts www.my-domain.com and runs postfix for mail. I have registered my-domain.com in the Admin console of O365 and made the necessary DNS changes, but there are no email addresses at my-domain.com, it only has applications that send OUTBOUND mail. (Course registrations, payment confirmations) Currently those application use localhost and postfix to send mail. I know how to point postfix at the FQDN of my-domain-com.mail.protection.outlook.com, but is that all that is necesaary, or do I have to also create an inbound connector with the public IP of my-domain.com and add my-domain.com to the allowed domains filter in that connector?

I hope this makes sense and that I am not in the wrong area. I did some research and read up on connectors but they refer to devices and apps, not specifically servers, so I am a little confused.

Thanks for any advice/assistance in advance!

-Sam

Dears

i have problem i just discovered in my test environment any user in domain admin group have the right to send as any email address even the user email doesn't have send as or full control  for any one  in my Exchange Org

Thanks

Hi,

I have created a dynamic distribution group and want to restrict mail delivery to only accept messages from members of a security group.  How do I achieve this?

The idea is the DDG's are set with their criteria and if anyone leaves/joins the relevant SG then they will have permission to send to those DDG's.

Thanks in advance.

I've seen a few older postings about this, but none of them have a solution.  We've upgraded to Exchange 2013 and we're using Public Folder rules to forward messages. When we set the forward type to be "Leave message intact", the message never gets forwarded.  The other two options "Standard" and "Insert message as an attachment" work fine.  In Exchange 2007 the "Leave message intact" option worked also.  I've seen some suggestions to use transport rules, but that won't work for what we're trying to do, so I'm wondering if there's another workaround for this issue.

Thanks,

Richard

Thanks, Rich

Hi All,

i want to ask my problem with my exchange environment, i have exchange 2010 environment with 2 CAS-HT with Windows load balance (WNLB) and 2 Mailbox, and i have DRC with 1 CAS-HT and 2 Mailbox, with ironport for SMTP gateway in every site, for now condition, all mailbox database is mounted in DRC site, but the smtp gateway using in HQ site, if i start the transport service in HQ, i cannot receive message from external domain or public domain, have bouncing with error “Remote Server returned '<[xx.xx.xx.xx] #5.0.0 smtp; 5.1.0 - Unknown address error 530-'5.7.1 Client was not authenticated' (delivery attempts: 0)>'”the message was rejected by HT server in HQ, i was some research in internet, found the article that issue because anonymous user in default receive connector in uncheck position, but in my environment the anonymous user is has been checklist.

Anyone can help my problem?. I just want to know, why if i start transport services the message from external was rejected by IP HT Server.

Additional info :

[xx.xx.xx.xx] = is IP Hub Transport server.

Okay, this is a weird one, but I'll try and explain as best as possible.  We have two Exchange 2013 servers, we'll call them MAIL01 and MAIL02.  The servers are members in a DAG.  Normally, all mail databases are on MAIL01.  This is the issue I'm having: when someone sends email from their mailbox, looking at headers shows that it goes from MAIL01 to MAIL02, then out to the smarthost (and final delivery).  On receiving email, the mail comes into the spam filter (a Barracuda), goes to MAIL01, then to MAIL02, then back to MAIL01 for delivery (again, all mailboxes are on MAIL01).

Now, as a test, I moved a mailbox database to MAIL02 and had an email account from that database send and email.  The headers indicate the email went from MAIL02, to MAIL02 again, then out to the smarthost.  Incoming was similar: mail came in to the spam filter, then went to MAIL02, moved to MAIL02 again, then was delivered.

There seems to be something set somewhere that indicates MAIL02 is the master mail sender, and it is the only one allowed to move mail.  I've spent hours pouring over settings and verifying everything I can.  I found that the receive connectors are identical to eachother, the send connector looks correct, the DAG is functional (I even tested a failover), and both servers have Mailbox and Client Access roles.

Is this anything someone has encountered, and most importantly, knows how to fix?

Hi,

we're investigating a migration of Lotus Notes to Exchange. One issue is the migration of encrypted mail. How to keep them confidential in Exchange?

We have users like a secretary that has read/write access to a mailbox of a manager. If another user mails the manager with confidential information, he encrypts it in LN before sending it, so only the mailbox owner can open the message. Is this possible in Exchange 2013 and in Exchange online? Heard that you can set things via IRM, but that with Outlook web access the secretary can set the manager's mailbox as primary and than will be able to open the confidential email....

best regards,

Hans

Can anyone help how I can instruct Exchange 2013 to include X-Forwarded-For header in mail headers. Usually as per standard, X-Originating-IP is added in mail headers. However, when Exchange 2013 OWA URL is load balanced using F5 (or any other hardware load balancer), X-Originating-IP would point to load balancer self IP. There is a feature in load balancers to add X-Forwarded-For header when HTTP packets are forwarded to CAS servers by F5. Exchange 2013 is able to detect original client IP in IIS logs through X-Forwarded-For header, but this headers is not captured by Exchange.

Regards,

Ramesh

We have a group of users who are not permitted to download/save any emails they receive onto public or personal devices, they are only allowed to log in manually and view their mail through OWA (I realize there are ways to use OWA to download mail, however the users are explicitly forbidden from doing this, and any countermeasures that can be put in place, are/will be).

With our new Exchange 2013 server, it seems it has the built in capability to send TXT(SMS) notifications instantly when a user receives mail.  We would like to allow our users to utilize this feature, however currently, the notification includes not only the sender of the email, but also the subject line and part of the message body.  As it stands, we can't have this as part of the email would then be saved on their device.

I am wondering if there is a way to modify Exchange 2013 to not include the subject or message body, so that our users could at least get an instant notification 1-that they have a new email and 2-who it's from?

Any information would be appreciated, thanks!

Hey Guys,

I have an issue with one of my company user. Whenever he is sending any mail with attachement of 2MB or more he is getting the undelevery message as mentioned above in subject line.

I have checked everything possibly that can cause the delevry failure. E.g.

[PS] H:\>Get-SendConnector|fl *size

MaxMessageSize : unlimited

MaxMessageSize : unlimited

[PS] H:\>Get-ReceiveConnector|fl *size

MaxHeaderSize  : 64KB
MaxMessageSize : 40000KB

MaxHeaderSize  : 64KB
MaxMessageSize : 40000KB

MaxHeaderSize  : 64KB
MaxMessageSize : 150MB

MaxHeaderSize  : 64KB
MaxMessageSize : 40000KB

MaxHeaderSize  : 64KB
MaxMessageSize : 40000KB

[PS] H:\>Get-TransportConfig | fl MaxSendSize

MaxSendSize : 40MB

[PS] H:\>Get-TransportConfig | fl MaxSendSize

MaxSendSize : 40MB

Please help me to resolve this issue...

Thanks,

Hello,

I am on exchange CU7 update and trying to get anti-malware and spam to work.  I am constantly seeing the crashing of the FIP-FS service showing The FIP-FS Scan Process failed initialization. Error: 0x800706BE. Error Details: The remote procedure call failed.  Event ID 1106.  I am also getting constant app crashes of the scanningprocess.exe showing 

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: scanningprocess.exe
P2: 15.0.1044.24
P3: 546fc941
P4: scanningprocess.exe
P5: 15.0.1044.24
P6: 546fc941
P7: c0000005
P8: 000000000005a8f6
P9: 
P10: 

I have confirmed that updates are downloading for the malware database, but the services themselves are crashing for some reason.  I have checked what settings I know about for spam and anti-malware and have run out of options.  My FIP-FS service is terminating about once every 8 min so it's killing me in trying to figure out what is wrong.

Hi,

I want to change the text that a sender receives when a message was rejected by a moderator.

Telling someone that the message was "rejected" sounds harsh in some languages (like in German, what I'm speaking).

My goal is to change the reject text to something like: "Your message was not approved by a moderator..."

Is that possible?

We are running Exchange 2013 CU6 on premises.

Thank you for your help!

M.Neumeister