I'm using Exchange 2007s send connector with a smart host. Our existing ISP used port 25 with no auhentication but we have now had to move service providers and have been given port 465 and SSL with authentication to use.

I have used set-sendconnector to change the port to 465 and have entered the authentication under the smart host settings however when you send emails they just queue with no obvious error message of why this is occuring.

As a test i have installed Windows Live Mail on the same server and entered the same pop and smtp information which allows this to send and receive ok.

Can anyone offer advise to what i may have missed in the setup? 

Hi

We have 8 servers, 4 Mailbox, 2 Hub and 2 CAS, in the HUB, many emails began to queue, if I check the log, this is the result:

2013-07-03T20:50:19.288Z,Internet Exchange 2k7,08D0463778A04E9F,0,,189.204.46.68:25,*,,attempting to connect
2013-07-03T20:50:19.288Z,Internet Exchange 2k7,08D0463778A04E9F,1,10.237.48.5:55293,189.204.46.68:25,+,,
2013-07-03T20:50:19.491Z,Internet Exchange 2k7,08D0463778A04E9F,2,10.237.48.5:55293,189.204.46.68:25,<,220 webmail.semar.com.mx ESMTP Service ready,
2013-07-03T20:50:19.491Z,Internet Exchange 2k7,08D0463778A04E9F,3,10.237.48.5:55293,189.204.46.68:25,>,EHLO smtp.dom-orig.com.mx,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,4,10.237.48.5:55293,189.204.46.68:25,<,"250-Requested mail action okay, completed",
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,5,10.237.48.5:55293,189.204.46.68:25,<,250-SIZE 20000000,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,6,10.237.48.5:55293,189.204.46.68:25,<,250-AUTH PLAIN LOGIN,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,7,10.237.48.5:55293,189.204.46.68:25,<,250-AUTH PLAIN LOGIN,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,8,10.237.48.5:55293,189.204.46.68:25,<,250-8BITMIME,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,9,10.237.48.5:55293,189.204.46.68:25,<,250 STARTTLS,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,10,10.237.48.5:55293,189.204.46.68:25,>,STARTTLS,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,11,10.237.48.5:55293,189.204.46.68:25,<,220 Start TLS negotiation.,
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,12,10.237.48.5:55293,189.204.46.68:25,*,,Received certificate
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,13,10.237.48.5:55293,189.204.46.68:25,*,658090B65DBC7E794F89ABAACE6DA76646061E8D,Certificate thumbprint
2013-07-03T20:50:19.522Z,Internet Exchange 2k7,08D0463778A04E9F,14,10.237.48.5:55293,189.204.46.68:25,>,EHLO smtp.dom-orig.com.mx,
2013-07-03T20:50:19.538Z,Internet Exchange 2k7,08D0463778A04E9F,15,10.237.48.5:55293,189.204.46.68:25,<,503 Bad sequence of commands,
2013-07-03T20:50:19.538Z,Internet Exchange 2k7,08D0463778A04E9F,16,10.237.48.5:55293,189.204.46.68:25,>,HELO smtp.dom-orig.com.mx,
2013-07-03T20:50:19.553Z,Internet Exchange 2k7,08D0463778A04E9F,17,10.237.48.5:55293,189.204.46.68:25,<,503 Bad sequence of commands,
2013-07-03T20:50:19.553Z,Internet Exchange 2k7,08D0463778A04E9F,18,10.237.48.5:55293,189.204.46.68:25,>,QUIT,
2013-07-03T20:50:19.553Z,Internet Exchange 2k7,08D0463778A04E9F,19,10.237.48.5:55293,189.204.46.68:25,<,221 Closing connection.,
2013-07-03T20:50:19.553Z,Internet Exchange 2k7,08D0463778A04E9F,20,10.237.48.5:55293,189.204.46.68:25,-,,Local

I don't understand why in the sequence, appear some thing about certificates...

If I use the netmon, appear in the SMTP trace : SslOnSmtp: SSLv2RecordLayer, Error (needs reassembly), I found something about the certificate, but I don't have experience in this area..

Thanks

Hi,

We are using exchange 2010 SP2 in our environment and we have Two sites where the exchange is installed, these two site are separate internet connectivity like one is in India and other is in US and i am looking for options/solutions here for email routing part if one of the sites does not have the internet connectivity or the link went down then what we can do to re-route the email as mentioned below

Site 1 - OWA: http://mail.domin.com

Site 2 - OWA: http://mail2.domin.com

1. Email routing from INTERNET to internal if one of the site goes down, means if there is no internet connectivity.How we can route or point the traffic to another site.

2. How user will use OWA/Outlook Anywhere if one of the site does not have the internet connectivity, as i was goggling this so found that there is a new feature in exchange sp2 called CROSS SITE REDIRECTION if i will enable that option then user where the internet connectivity is down they can be rerouted to other site BUT what about Outlook Anywhere will that work for outlook anywhere as well.

What changes i have do with DNS as we have external and internal DNS in place, is change is required on the network side. pls help  thanks 

We are currently using Exchange 2007 sp3 one 64-bit Windows Server 2008 R2 Enterprise. My system consist AD,mailbox,Cashub ( role hub transport and client account install on a server) and Server Edge. This my prolem:

My system receive mail from many domain ( gmail,yahoo....) but some domain not receive . I have log from edge server

 Please help me

Hi

I am using exchange server 2013. I have some domains that I'm unable to receive emails from if the email contains an attachment. Other domains seem to be receiving normally.

One on the NDR is listed below. Please help as this is becoming a large problem for our users.

Delivery has failed to these recipients or groups:

#<
#4.4.2 X-Postfix; conversation with
timed out while sending message body> #SMTP#

#<
#4.4.2 X-Postfix; conversation with
timed out while sending message body> #SMTP#

Original message headers:

X-M-MSG:

Received: from interceptor2.sandia.go(interceptor2.sandia.go [132.175.109.18])

        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))

        (No client certificate requested)

        by sentry-two.sandia.go(Postfix) with ESMTPS id 1FF9FD2C445;

        Tue, 18 Jun 2013 10:44:06 -0600 (MDT)

Received: from sentry.sandia.go (sentry.sandia.go [132.175.109.21]) by interceptor2.sandia.gov (RSA Interceptor); Tue, 18 Jun 2013 10:43:53 -0600

Received: from [132.175.109.1] by sentry.sandia.go with ESMTP (SMTP

 Relay 01 (Email Firewall v6.3.2)); Tue, 18 Jun 2013 10:43:30 -0600

X-Server-Uuid: AF72F651-81B1-4134-BA8C-A8E1A4E620FF

Received: from mail.sandia.go (exch04.sandia.go [134.253.103.4] (may

 be forged)) by mailgate.sandia.go (8.14.4/8.14.4) with ESMTP id

 r5IGhRYi011602; Tue, 18 Jun 2013 10:43:27 -0600

Received: from EXMB02.srn.sandia.go ([169.254.2.199]) by

 EXCH04.srn.sandia.gov ([134.253.103.4]) with mapi id 14.03.0123.003;

 Tue, 18 Jun 2013 10:43:22 -0600

Thread-Topic: email with attachment test

Thread-Index: AQHObELxIyBBYyHRJ0imnZ7S4Kk9qg==

Date: Tue, 18 Jun 2013 16:43:21 +0000

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

user-agent: Microsoft-MacOutlook/14.3.1.130117

x-originating-ip: [134.253.95.179]

MIME-Version: 1.0

X-WSS-ID: 7DDE51B82I4278584-01-01

Content-Type: text/plain

X-RSA-Inspected: yes

X-RSA-Classifications: Healthcare Dictionaries, public

X-RSA-Action: allow

I need to configure automatic printing system like when I send an Email to a particular email ID , the attachment should print. Anyone has any idea on this process by using POP3 or any other service.

Hi

Is there a way to do some transport rules for:

1. Drop and send a NDR to the user when they try to send an email to "@hotmail.com.mx"
2. Drop and does not send a NDR to the user when they try to send an email to "@yahho.com"
3. In some emails, we need to change the "from address", from "user1@domain.local" to "donotrepply@domain.com" (user1 is an example, already are many users that need to send email only in one direction) but it's neccesary that the user name remain in the header  to inform to the receipt the name of who send the original email.
4. In a email send by an user, change the "@local" for "@domainexternal.com"

I hope this can be done

Thanks!!

Doc MX

Hello.

I am using MS Exchange server 2007, I am not able to send mail to yahoo.com, hotmail.com those mail stack in queue.

We have retry to send but not going. This problem accord to above maintion domain.

Kindly help me to resolved this issue.

Below is error massage

Identity: mailsvr\74799\31874
Subject: abcefghijk
Internet Message ID: <A792AEE966F7F44AB74CFD35F6F02B5201489728CA7B@mailsvr.parkstreetpune.local>
From Address: systems@pridepurplegroup.com
Status: Ready
Size (KB): 14
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 16/07/2013 4:37:34 PM
Expiration Time: 18/07/2013 4:37:34 PM
Last Error: 
Queue ID: mailsvr\74799
Recipients:  pritam.joshi@yahoo.com

Waiting for reply please please help me out from this problem.

Thanks 

Pritam Joshi

Current setup:

1x Single Active Directory domain

2x Exchange 2003 SP2 Back-End in a Windows Cluster

1x Exchange 2003 SP2 Front-End (in DMZ)

1x Routing Group Connector with 'SMTP * 1' and Spam filter as smart host

Added the following to the current domain:

2x Exchange 2010 SP3, CAS Array, DAG cluster

2x Citrix Netscaler

With the installation of Exchange 2010 everything went fine, only the Routing Group Connector from 2003 to 2010 wasn't automatically created. Deleted the RGC from 2010 to 2003 and successfully created a new one:

New-RoutingGroupConnector -Name "Interop RGC" -SourceTransportServers "Ex2010HUB1.contoso.com" -TargetTransportServers "Ex2003CLUSTER.contoso.com" -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true

Mail flow:

2010 to 2003: OK

2010 to external: OK

2003 to external: OK

2003 to 2010: NOT WORKING

The messages are tried on the Interop RGC connector, but eventually are stuck in the unreachable destination queue on the 2003 cluster. Also Public Folder replication messages are stuck there. Also the Interop RGC keeps the status 'retry', so isn't able to connect to 2010.

To resolve the problem, tried the following:

- set the Default Receive Connectors on 2010 to anonymous

- create 2 separate RGC's, so no bidirectional with Cost 1

- set the Cost of the external RGC to 10

- rebooted both Exchange 2010 servers

- iisreset on Exchange 2003

- added SuppressStateChanges=1 registery DWORD for the RESvc service on both Exchange 2003 servers

- checked if it's possible to connect to port 25 via telnet from 2003 to 2010 and vice versa, that works

- checked if the Default SMTP Virtual Server on 2003 doesn’t have any smarthosts filled in, this is not the case

The only thing we can try is reboot the Exchange 2003 servers, but since it's a production environment that hasn't been possible yet. Also since 2003 is a Windows Cluster (and is connecting with that name to 2010), I can think that maybe 2010 isn't ok with it the authentication cause this is not the actual server. But a valid computer object exists in AD for the cluster resource and the two actual servers are not known within Exchange, so I cannot check what happens when I set only 1 server als a target in the RGC.

Hello, 

I have exchange 2007 sp2. I have recently installed another Edge Server at remote site B. Site A and site B are connected via site to site vpn. Both sites are able to contact each other's host. MBX, Hub Transport and 1 Edge is in site A, 2nd edge is in Site B now. I have subscribed EDGE as well and emails from internal are delivering outside organization but emails from outside to inbound are not getting delivered and they are stuck in queue. The error in queue while delivering email to internal recipients is:

'451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

Following event are logged in event viewer

Event ID 1022

Anti-spam agents are enabled, but the list of internal SMTP servers is empty. If there are any MTAs between this server and the Internet, populate this list by using the Set-TransportConfig cmdlet in the Exchange Management Shell.

Event ID 1036

Inbound direct trust authentication failed for certificate CN=mail01.abc.com. The source IP address of the server that tried to authenticate to Microsoft Exchange is [10.72.0.95]. Make sure EdgeSync is running properly.

I have installed certificate as well in Trusted Root but still not delivering. I have added new edge in internal SMTP as well but still not result. 

Hasan

Hello,

I am trying to implement a transport rule on Exchange 2010 to stop mails from outside the organization to be sent to a distribution list. I am aware of the option "Authenticated Senders only" for a distribution list. We can not use it due to the nature of our infrastructure.

Our distribution lists start with DBLsomename@domain.com. My first idea was to simply implement a recipient text pattern rule: "^DBL". This failed. I tried the same on individual e-mail addresses with success. I suppose that Exchange is actually matching the pattern with the members of the distribution list, rather than the e-mail address of the distribution list itself. At least this my on logical explanation.

Does this mean that I am forced to use the "sent to a member of distribution list" aka "SentToMemberOf"? Problem with that is that it doesn't seems to accept wildcards. Adding all distribution list is not our preferred option. If new lists are created, they need to be manually added. But also I am wondering on the performance of the rule if I add about 700 to 800 distribution lists that need to be matched for every incoming message.

Any advise or workaround available?

Thank you!

we are using  exchange 2010 server for our mailing solutions (Main domain xyx.com) . we enabled accepted domain (abc.com) in our setup and created the email address policy. both the domain  mx records are set to my primary domain xyz.com.

for some management reason we are planning to move the abc.com mail boxes  to some other share mail hosting services.

so all my abc.com mail boxes resides at shared mail box server. anybody please answer my below queries.

1. Without changing the abc.com MX record, Is it possible to route  the incoming mails  of abc.com to the share hosting server?. if yes, How we can achive that?

2. We are using forefront 2010 server for our email gateway security. Will it possible to use  sharedhosted domain  abc.com to use the same forefront server? If yes, How we can achive that?

Jags

HI all,

Recently, I encountered an error with my scheduled backup shown on the application log of my Passive node. Every night when the program is running, it will show error event id 2038 on all my storage groups. When that happens, the transaction logs are not truncated and it piled up in my active node. Switching over to my active node, I noticed at the application log of my server, it shown error id 915 and 215 for every storage group. 

Both my active and passive node are on W2008 sp2, Exchange 2007 sp2.

For the moment, we have to manually move the logs out to external storage every end of the week.

Any advice on this?

Hi all,

Quick question. We have a situation where we want to forward all unresolved mail to a smart host. We have set this up by setting the domain to an internal relay domain and adding a smart host connector to the send connectors. All good right?

Well, no. Unfortunately it looks as though for some reason, ALL mail coming in to this domain is being routed out through the send connector, even though the recipients DO exist on the internal Exchange server.

I'm not 100% sure why this is happening, but the only thing I can think of is:

2 domains exist:

thisismyfulldomain.com < Primary

timfd.com < Secondary (and the one that is now set as an internal relay domain)

Every user has thisismyfulldomain.com as their PRIMARY SMTP address, and timfd.com is a secondary address. It appears as though ALL mail to timdf.com is being routed through the send connector. Could it be the case that when the internal relay "checking" happens that it only checks against the primary SMTP address and doesn't check all of the users SMTP addresses?

If this is not the case then I have no idea what's going on. Anyone might be able to shed some light?

Cheers,

Rich

I have a customer that is struggling to receive emails from a couple of senders.  It's a bit bizarre because their exchange server is receiving emails for their .co.uk domain and .ae.  Emails to the .co.uk domain are successfully received, but emails to the .ae timeout and the sender gets the following message

#< #4.4.2 X-Postfix; conversation with mail.domain.ae[IP ADDRESS] timed
out while sending message body>

I've noticed a couple of posts regarding this pointing at issues where the sender is a mac, but what's confusing is that the .co.uk emails are received.  If I look in the message tracker, I can see the results for the .co.uk but no attempt at the .ae

I hope this makes sense and someone can possibly shed some light on this issue for me.

Many thanks

Hi,

The exchange server used to be working fine, but recently it has been not able to recieve external emails. Just tested its inbound SMTP email flow by testexchangeconnectivity, got "Connectivity Test Successful with Warnings":

Unabled to determine SMTP capabilities. Reason: Unexpected SMTP server response. Expected: 220, actual: 500, whole response: 500 5.3.3 Unrecognized command

Could any one please help resolve this, if this is the root cause of the recieving issue.

Regards,

Yi

Hiya,I've got Digicert Unified Com CERTIFICATES for my exchange 2007.

Now when my customers receive one email to reset password, browsers say that i've tried to reach www.mydomain.co.uk and the server identify itself as secure.mydomain.co.uk

i don't know what to change wnymore :(

Shall i remove the self issued ones or it overwrite when i've imported the Digicert Ones.

cheers

Rafael
It Network Admin

Microsoft System Engineer Student

Hi,

I have a question what is the meaning of hygiene suite: Standard in Exchange 2010.

When we run Get-TransportConfig we get

hygiene suite: Standard

What is this means i am not able to find any thing on Technet for this.

I have Exchange 2007, I have configured new domain for my company.

olddomani.it  -> newdomain.com

I would like to reply to the sender (who send messages to olddomain.it) that the email are dropped because odsolete and new e-mail address isname.surname@newdomain.com (I won't say the right name and surname to sender just a generic text).

I have tried with a "Hub transport rule" and where the condition is  "message header contain text patterns (to @olddomain.it) and antion are "log an event" and "send bounce message to sender with enhanced status code 5.7.1" I can see the event but the sender doesn't receive the NDR.

I have checked with message tracking but seems Exchange ignore thi transport rule.

quite similar http://exchangeserverpro.com/block-users-sending-to-specific-domains-with-exchange-server-2007/ but in my case the internal users are ccipient and I want to inform external users

How can I soleve this?

I’m deploying an Exchange 2010 environment on our network (to co-exist with 2003 for a few months) for our transition (I know better late than never).  Our 2010 deployment has three MBX servers, two HT/CAS servers (in a NLB CAS array) and two EDGE servers.  I’m trying to consolidate the URL’s as much as possible and I think that I need input on my certificate requirements.  Our internal domain is different than our external name and we’re using split-DNS internally.  I know of the CA changes that are coming November 2015 and we’re trying to plan for it now and incorporate it into the 2010 design.  We currently have no internal PKI but will implement one at a later date (after Exchange 2010 is in production).

As I mentioned, we need certificates for this deployment and were thinking (of course) to get a UCC/SAN cert.  I know I need one for auto-discover, OWA and the rest (which I think I can combine into one URL) along with Outlook Anywhere using redirection.  I also need one name for my legacy OWA (frontend-backend clustered 2003) while 2003 and 2010 coexist.  I thinking that we’ll need one each for the two EDGE servers for TLS (so two total), none for the HT/CAS (also none for the CAS array) and none for the MBX roles either.

As a summary for certificates:
1 (one) for auto-discover, OWA, ActiveSync, etc.
1 (one) for legacy Exchange 2003 OWA
1(one) for EDGE1
1(one) for EDGE2
0 (zero) for CAS/HT servers
0 (zero) for CAS array
0 (zero) for MBX servers

Does this seem correct or have I missed anything?  Thanks in advance for any input (which is greatly appreciated).


UCG