Quantcast
Channel: Exchange Previous Versions - Mail Flow and Secure Messaging forum
Viewing all 533 articles
Browse latest View live

#5.7.1 smtp;550 5.7.1 Unable to relay

September 8, 2015, 9:40 am
$
0
0

Hi, In my company we are facing lot of problems sending emails to some recipients when their email addresses are surrounded by single quotes, in Outlook. Ex.: 'example@xpto.com'. If we remove the quotes the message relays with no problem.

What should I do in this case? I'll appreciate any help.

We use Oulook 2007 and Exchange Server 2003.

Here is the error:

Your message did not reach some or all of the intended recipients.

Subject: Here is the subject

Sent: 23-07-2014 08:52

The following recipient(s) cannot be reached:

example@xpto.com on 23-07-2014 08:52 You do not have permission to send to this recipient. For assistance, contact your system administrator.

<mail_server #5.7.1="" 5.7.1="" example@xpto.com="" for="" relay="" smtp;550="" to="" unable=""></mail_server>

Search

Edge Server 2007 Subcription issue coexistence with exchange server 2013

September 16, 2015, 10:16 am
$
0
0

Hi Everybody!!!!

Present evironment is in coexistence ( 2007 and and 2013)

exchange 2007 : 1Mailbox and 2 HUB and CAS Server, edge server in perimeter

exchange 2103: 1Mailbox and 1 CAS server.

1) Exchange Thirds party UCC SSl certficate configured for exchange 2013 cas and same certifcate has been exported to

exchange 2007 cas servers and edge server 2007 configured successfully. Coexitence configured

2) All Mailbox MIgrated successfully to exchange 2013 mailbox server

3) I want to shut down both Exchange 2007 cas server and route all mails through exchange 2013CAS and mailbox server to Edge server 2007.

4) disabled receive connectors of Exchange 2007 CAS servers. New  Edge subscription done from edge server 2007 for exchange 2013 mailbox server, but mailbox server not accepting edge subscription giving error as  ssl certificate which has been already used by another hub transport cannot be used. Edge and 2013 mailbox server certificate must be different.

Need your immediate assitance...

Rgds

karhtik

Some users passwords were changed

September 20, 2015, 7:34 am
$
0
0

In the last two weeks the same following case happened three times for three different users :

The user password gets changed and when looking through the logs this is what i found in the CAS server IIS logs :

2015-09-20 09:55:09 192.168.x.x GET /owa/forms/premium/ChangePassword.aspx ae=Options&t=ChangePassword&Initial+Budget>>Conn:1,HangingConn:0,AD:18000/17985/1%,CAS:90000/88368/3%,AB:18000/18000/0%,RPC:90000/88663/3%,FC:1000/0,Policy:DefaultThrottlingPolicy_7278bd57-2633-4181-a271-c21ae9d20cc5,Norm&v=14.3.224.2&mbx=MBX02.domain.local&sessionId=9c407ff6022140dba1164017ff708541&prfltncy=35&prfrpccnt=0&prfrpcltncy=0&prfldpcnt=0&prfldpltncy=0&prfavlcnt=0&prfavlltncy=0&End+Budget>>Conn:1,HangingConn:0,AD:18000/17985/1%,CAS:90000/88368/3%,AB:18000/18000/0%,RPC:90000/88663/3%,FC:1000/0,Policy:DefaultThrottlingPolicy_7278bd57-2633-4181-a271-c21ae9d20cc5,Norm 443 sjohn 166.70.207.2 Mozilla/5.0+(Windows+NT+6.1;+rv:31.0)+Gecko/20100101+Firefox/31.0 200 0 0 234

what I understood from these logs is that sjohn (user ID) password was changed through the owa at 9:55 on 20-september from the ip 166.70.207.2   right?

Just want to make sure that there is nothing wrong with exchange environment especially that this case repeated exactly the same way for three users any ideas!!!!

Getting Delisted - What to do?

October 5, 2015, 3:50 am
$
0
0

Hi,

We have been unable to send emails since we switched to our new Service Provider (and received a new IP). We setup PTR records for the new IP but we have been receiving the standard

5.7.1 smtp;550 5.7.1 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using FBLW15; To request removal from this list please forward this message to delist@messaging.microsoft.com

We have fowarded the messages as requested, along with a 'Please remove our IP request' to the delisting email address, but its not having any effect. We get a standard reply with a ticket number, but thats all. No follow up, no other info.

We have been blocked for 4 days now and its killing our business. How do we get delisted?

Have also spent 3 hours so far on the phone to various people, none of whom were able to help, other than to keep passing the call along.

Exchange 2007 - ContentConversion of the transfer routing phase increase email size drastically.

October 13, 2015, 12:46 pm
$
0
0

Everything I have researched leads me to believe this is normal, however I wanted to see if I could get some feedback that will confirm. What makes me so confused is that I had not ran into this as an issue yet, which completely surprises me.

For what appears to be everyone in the company, when they send an email to an outside domain, it goes through the normal process.  But when it gets to the second step, the size increases fairly drastically.  The bigger the email/attachment, the more it increases.  An example email from earlier today with a sizable attachment:

1.EventId: RECEIVE   |   Source:  STOREDRIVE    |    TotalBytes:  17104978
2.EventId: TRANSFER   |   Source:  ROUTING    |    TotalBytes:  23395934
3.EventId: SEND    |    Source:  SMTP    |    TotalBytes:  23395934

Should I really be seeing a 6MB increase here from the ContentConversion?

The reason I'm baffled is because I work for a MSP and work with dozens of Exchange environments but have not once encountered a problem where this increase in size is making the email get blocked.  In this particular instance, the receiving domains caps at 20MB, so it's rejecting our email.  I would have thought I'd seen this before, but every day is new I guess.

Thanks for helping me learn!

Error when attempting to Create Connectors for 2003 - 2010 Routing Group (Coexistence)

October 14, 2015, 7:19 am
$
0
0

We have installed 2010 exchange with legacy 2003 server and trying to get coexistence but we receive the following error when creating routing group connectors between the two servers.

The error occurs when we run this:

New-RoutingGroupConnector –Name “RGC 2003-2010” –SourceTransportServers “2010server.domain.net” –TargetTransportServers “2003server.domain.net” –Cost 100 –Bidirectional $true

Error:

Home routing group isn't defined for server "2003server".

   + CategoryInfo          : InvalidOperation: (RGC 2003-2010:RoutingGroupConnector) [New-RoutingGroupConnector], Sen

  dConnectorUndefinedServerRgException

   + FullyQualifiedErrorId : B149227,Microsoft.Exchange.Management.SystemConfigurationTasks.NewRoutingGroupConnector

Any thoughts or ideas would be greatly appreciated.

Thanks,

WARNING: This certificate will not be used for external TLS connections

October 7, 2015, 7:48 am
$
0
0

Trying to replace Digicert SSL cert on Exchange 2010 CAS. Needed to reissue a cert without internal names
Followed this procedure per Digicert: https://blog.digicert.com/exchange-replacing-internal-names-certificates-part-2/#exchange_management_shell (Used shell script portion of this procedure).

When trying to enable the new cert, I receive the following error/warning:

WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'mail.domain.com' because the self-signed certificate with
thumbprint xxxxxxxxxxxxxxxxx' takes precedence.

Engaged Digicert support. Support confirmed all steps to replace the old cert were done correctly.
Assign the purchased certificate to SMTP, IMAP, POP and IIS. Outlook users now receive security error.

Get-ExchangeCertificate

                 Services   Subject
                 --------   -------
5E5D0559AE9BAC9  IP.WS.     CN=mail.ldimechanical.com, OU=Corporate, O=LDI Mechanical Inc, ...  <--OLD CERT (Exp 10/31)
E1612480AD167A5  IP..S.     CN=mail.ldimechanical.com, OU=Corporate, O=LDI Mechanical Inc, ...    <--NEW CERT (reissued without internal names).
D0716BAB007B827  ....S.     CN=mail-01

Also created DNS entry for external name to point to internal IP address.

Exported the old cert. Tried removing it from the EMC. Received an error : The internal transport cert cannot be removed because that would cause exchange transport service to stop. To replace the internal transport cert create a new cert. The new cert will automatically becomae the internal transport cert. you can then remove the existing cert.

Please advise.

MikeD

How to set maximum no of email messages is 100 in 30 mins frequency

October 20, 2015, 11:41 am
$
0
0

I have exchange 2013 with both mbx and cas on single server on windows 2012, AD on windows 2012.

We have a requirement that we want user to allow to send maximum 100 messages per 30 minutes. This is to avoid the malware attack. We have allowed only POP3 and Webmail access. 

I thought throttling policy will help, but i dont know how to achieve the same.

Kindly help!

Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

Search

Poison message

October 21, 2015, 5:10 am
$
0
0

Hi,

We are having an issue with our Exchange 2007 system. There are 60 messages stuck in queue as poison messages and unable to resume them as well. The console gives the attached error. Event ID 10001, Category:PosionMessage, also logged in the event viewer. Please help.

Thanks,
Kanishka.

Ckanishka

Sending email to Barracuda

October 22, 2015, 3:34 am
$
0
0

Hello

I am setting up to send my email to the Barracuda Email Security System, form my Exchange 2010. I have followed the instructions from Barracuda as follows:

1. Open the Exchange Management Console

2. Click on Organization Configuration

3. Select Hub Transport

4. Select the Send Connectors tab

5. Right click on the existing Send Connector

6. Select Properties

7. Select the Network tab

8. Select "Route mail through the following smart hosts." and click Add

9. Enter the ESS outbound hostname, similar to dXXXX.o.ess.barracudanetworks.com

Click OK

But when I try to send email to an outside account, nothing goes through.

I have also added to the DNS an SPF TXT record v=spf1 ip4:XXX.XXX.XX.XX include:spf.ess.barracudanetworks.com ~all

Do I need to restart a service after adding to the Send Connector?

I know you do not deal with this, but could I need to put in something to the PIX? If I leave the Send Connector at using MX records, email flows out just fine.

Thank you for your time.

Stephen Keating

TLS Warnings when replacing a CA UCC SAN SSL certificate

October 2, 2015, 9:06 am
$
0
0

Need help resolving TLS warnings when assigning services to a reissue of our UCC SAN SSL certificate. Exchange 2010 SP2 with Hub, CAS, Mailbox roles (server1).

Due to requirement to eliminate internal host names, we obtained a reissued cert (replacement of original minus the host (NetBIOS) names) from our CA (DigiCert). We also obtained a duplicate of the reissued cert for our second E2K10 SP2 HUB, CAS, Mailbox (server2, in different office).

Reissued cert lists same FQDNs as currently installed cert:

mail.company.com
mail2.company.com
server1.addomain.company.com
server2.addomain.company.com
autodiscover.company.com
legacyexchange.company.com

DigiCert said internal FQDNs ending in .com were fine.
The common name is (remains) mail.company.com

Our servers' Exchange virtual directories' internal URLs use either internal or external FQDN. None use host (NetBIOS) name. Our receive and send connectors also use either internal or external FQDN in HELO-EHLO response.

Tonight I imported the reissued cert on server1 and tried to assign services (IMAP,POP3,IIS,SMTP) using EMC. I got the following errors and can't figure out if this is to be expected (did not remove original cert first) or if not, why occurred:

WARNING: This certificate will not be used for external TLS connections with an FQDN of 'server1.addomain.company.com' because the CA-signed certificate with thumbprint '<thumbprint-of-original-CA-cert>' takes precedence. The following receive/send connectors match that FQDN: Default SERVER1, Client SERVER1.

WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail.company.com' because the CA-signed certificate with thumbprint '<thumbprint-of-original-CA-cert>' takes precedence. The following receive/send connectors match that FQDN: Incoming from <internal app server, e.g SharePoint>.
 
When I clicked Finish (did not see how to back out at that point), the reissued cert showed all services (IMAP,POP3,IIS,SMTP) assigned. The original showed IMAP,POP3,SMTP. No error messages in the Application or System Event Logs. In fact, the Transport service event errors about expiring STARTTLS certificate stopped even though I did not restart Transport service.

I searched for answers here and online but our situation does not appear to match others' causes. For example, the FQDNs used in our connectors match those on the reissued cert. The cert taking precedence is the original CA cert not the Exchange self-signed cert. Are we missing a setting(s)? Should we remove SMTP from the original cert and if yes, before or after assigning it to reissued cert? The previous times we replaced the SSL cert (because it was expiring) we did not get the warnings. We installed the replacement, assigned services to it, restarted the Transport Service, waited a few days, then removed the old cert. I don't recall removing SMTP from old cert before removing it.

I was able to reassign services to the original cert (has not yet expired) and remove the reissued cert. The STARTTLS event log errors started up again, of course.

To see if I got the same message on server2, I imported the duplicate of the reissued cert and assigned services. I did not get the TLS warnings. Like server1, the duplicate cert showed all services (IMAP,POP3,IIS,SMTP) assigned. The original cert showed IMAP,POP3,SMTP.

DigiCert tech support could not determine the problem. Troubleshooting, we generated a new CSR for server1, rekeyed the cert on DigiCert site using new CSR, DigiCert reissued cert, I downloaded it, and tried again. Same error. I again reverted to original cert and removed the rekeyed reissue. I tried to remove the duplicate from server2 so that both servers were using the original cert, but I got similar TLS warning when trying to do that and am also clueless as to why. I have not restarted the Transport service yet on server2.

Thanks,
Joan
 

FBLW15 Problem on C Class IP

October 18, 2015, 11:34 pm
$
0
0

Dear all,

I'm having problem with FBLW15 issue to all my new IP, i just migrate to new data centre and the ISP provide the C Class IP, previously i found the IP block having problem with Trend Micro and i already solve with them, seem the IP block have been misused by previous user, now i found many of my IP are blocked by FBLW15, many of my IP user currently having problem to send out email because FBWL15, i inform them to forward the message to delist@messaging.microsoft.com but many of them doesnt receive any reply from Micorsoft. So what should i do ?

TQ

Exchange 2010 - Import external comapny user certificates to GAL

October 21, 2015, 12:19 am
$
0
0

Dear all,

Users from our company can exchange encrypted mails inside organization without the problems cause all certificates are in GAL. When they want to sent a mail to some from outside company firstly they have to exchange public certificates. If they have to do this from time to time with one person this is no problem but now there is a situation that they have to exchange with many external users. I would like to help them but I don't know or if is possibility to import external company users as a contact in exchange and add their certificates to GAL. If it will be possibility it makes that they don't have to exchange certificates cause external user certificates will be get from GAL.

Thank you in advance for all advices,

Best Regards,

Sebastian,

Need to know the command to track the messages on the HUB transport servers that belongs to specific AD site

October 29, 2015, 12:36 am
$
0
0

Hello All ,

I would like to know the exact powershell command to track the messages on the HUB transport servers that belongs to specific AD site and not on all the HUB transport servers in the exchange environment.

Since in my environment i am having around 10 HUB transport servers per site so i could not able to track the servers one by one .

In case if the use the parameter get-transportserver it is picking up all the HUB transport servers in the environment.So i would like to know single command to track the messages that belongs to the HUB transport servers in the specific Active directory site .

Thanks & Regards S.Nithyanandham

Please help - Microsoft delist are not responding to remove our IP for 3 days, massively impacting our business, cant email any 365 users

October 29, 2015, 2:52 am
$
0
0

Guys

Im getting slaughtered at work - nobody can email any office 365 or outlook.com users. 

Microsoft servers bounce all email from our IP address. 

We are greeen on every blacklist on the internet, we are a $1Billion dollar company. Ive sent ten requests in three days to be delisted, no response but an template email saying youll delist or contact us in 24 hours.

This link shows we are not black listed on any other parties at all but Microsoft.

http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3amail.salaminternational.com&run=toolpage

Only Microsoft are bounding our emails. Each time we receive bounces like this:

Reason: Remote SMTP server has rejected address
  Diagnostic code: smtp;550 5.7.1 Service unavailable; Client host [80.76.169.42] blocked using FBLW15; To request removal from this list(TCP|172.18.1.101|46371|213.199.154.87|25)

When I email delist we get a response stating they will be back in touch in 24 hours, but there is never any response, but the below template, no follow up

======

Hello ,

Thank you for your delisting request SRX1310579946ID. Your ticket was received on (Oct 28 2015 12:15 PM UTC) and will be responded to within 24 hours.

Our team will investigate the address that you have requested to be removed from our blocklist. If for any reason we are not able to remove your address, one of our technical support representatives will respond to you with additional information.

Regards,
Technical Support

=====

We are a billion dollar company and cannot email any office 365 users - how do i escalate this ??


Search

Transport Rule - Subject or message body contains bad words goto moderation

November 6, 2015, 5:50 am
$
0
0

Hopefully someone could help me with a scripts I trying to get working.

I need to setup a Transport rule for our students to pick up on any key or bad words and send them for moderation to a member of staff. 
The rule is setup and works perfectly the issue is now getting my 500+ list of words into the rules without dieing of boredom doing it manually!

I found a TechNet guide which looked ideal to start from however I'm having issues even running these commands exactly as documented here. I receive the following error about Cannot convert value to type.

$keywords=import-csv  C:\words.csv -header Keywords
New-TransportRule "Block messages with unacceptable words" -SubjectOrBodyContainsWords $keyword
s -SentToScope "NotInOrganization" -RejectReason "Do not use internal acronyms, product names, or misspellings in extern
al communications."Cannot process argument transformation on parameter 'SubjectOrBodyContainsWords'. Cannot convert value "System.Collecti
ons.ArrayList" to type "Microsoft.Exchange.Data.Word[]". Error: "Cannot convert the "@{Keywords=Word1}" value of type "
Deserialized.System.Management.Automation.PSCustomObject" to type "Microsoft.Exchange.Data.Word"."+ CategoryInfo          : InvalidData: (:) [New-TransportRule], ParameterBindin...mationException+ FullyQualifiedErrorId : ParameterArgumentTransformationError,New-TransportRule

Does anyone have any advice what could be causing this issue, could it be my csv file perhaps I'm not sure.

Much appreciated,
Rob


Email Routing details

November 5, 2015, 2:59 am
$
0
0

Good day, I have received an email , actually it was a virus, have checked with our firewall engineers and they claimed that according to the header of the email , it didn't pass through the firewall spam filter engine , that's why it wasn't dropped .

Is there anyway on Exchange 2010 server to figure out from where this message was received ? i.e from which gateway , to check on this security breach issue.

Regards

Elias Dayeh

Certificate Renewal cannot exceed existing certificate date

November 10, 2015, 9:15 am
$
0
0
I am trying to renew an exchange 2010 certificate with a Server 2008 R2 CA, and the date keeps coming back with the expiration date of the existing expiring certificate... Nov 29th 2015, so all the new and renewed certs have only a 2 week life. The CSR is valid for a year from today until i apply the cert from the server then it bounces down to nov 29 2015. The CA server has not been rebooted in a year, however i changed the lifespan of the issued certs to 3 years from 2 and restarted the CA service, but it still is happening. I have 2 weeks to sort this out. The CA server went into production in 2010 when the exchange came online... is it possible the lifespan of its issuing is 5 years? How do i change this?

Microsoft exchange Transport service not getting started it automatically stops

November 25, 2015, 10:25 pm
$
0
0

Hi ,

Iam having exchange 2007 here. I am getting the below mentioned error in event viewer. Can you please help me

vent Type:    Error
Event Source:    MSExchangeTransport
Event Category:    Storage
Event ID:    17003
Date:        11/26/2015
Time:        11:33:40 AM
User:        N/A
Computer:   
Description:
Transport Mail Database: An operation has encountered a fatal error. The database may be corrupted. The Microsoft Exchange Transport service is shutting down. Manual database recovery or repair may be required. Exception details: Microsoft.Exchange.Isam.IsamDatabaseBufferDependenciesCorruptedException: Buffer dependencies improperly set. Recovery failure (-255)
   at Microsoft.Exchange.Isam.?A0x4b33aab1.HandleError(Int32 err)
   at Microsoft.Exchange.Isam.Interop.MJetInit(MJET_INSTANCE instance)
   at Microsoft.Exchange.Transport.Storage.DataSource.InitInstance()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Number of Users that have sent encrypted messages

December 7, 2015, 7:29 am
$
0
0

Hello,

I have been asked to find the number of users in our Exchange 2010 SP3 environment that have sent at least one encrypted e-mail. So far I haven't even been able to figure out a way to tell if a specific user has sent any encrypted e-mails, let alone get a count for the entire organization. Any suggestions?

Thanks,

Dan

Viewing all 533 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>