Quantcast
Channel: Exchange Server 2013 - Mail Flow and Secure Messaging forum
Viewing all 3168 articles
Browse latest View live

MAIL FROM: FAKE

May 20, 2016, 10:44 am
$
0
0

Hello everybody, 

*I manage an a exchange cluster 2013 CU7 installed windows server 2012 platform in single role, CAS/MBX separately and I am having trouble with excess of spam out of my maibox servers. There is an output log series of FAKE emails with the FROM field empty this way: "MAIL FROM:< >".

LOGs:

2016-05-19T18:10:35.031Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,10,172.17.0.38:45029,200.155.160.201:25,>,MAIL FROM:<>,
2016-05-19T18:10:35.031Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,11,172.17.0.38:45029,200.155.160.201:25,>,RCPT TO:<milton@guros.com.br>,
2016-05-19T18:10:36.015Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,12,172.17.0.38:45029,200.155.160.201:25,<,250 ok,
2016-05-19T18:10:36.015Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,13,172.17.0.38:45029,200.155.160.201:25,<,"451 O numero maximo de emails enviados por remetente por hora foi atingido. Por favor, entre em contato com o administrador do sistema. (Maximum number of emails per sender per hour reached. Please, contact your sysadmin)",

* I did some adjustments to try to work around the problem without solution, following settings: 

#To see the permission "{ms-Exch-SMTP-Accept-Any-Sender}"
Get-ReceiveConnector | Get-ADPermission | where {$_.user -like "*Authenticated*" -and $_.Identity -like "*Client*"} | sort Identity | ft identity, user, extendedrights

#Deleted the permission of shipment without sender in the MAIL FROM field:<> | "{ms-Exch-SMTP-Accept-Any-Sender}"
Get-ReceiveConnector | Get-ADPermission | where {$_.user -like "*Authenticated*" -and $_.Identity -like "*Client*"} | Remove-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

#Deleted the permission to anonymous relay on a receive connector
Get-ReceiveConnector | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”}

* And I created the ThrottlingPolicy below and have applied for all accounts of the environment:

Get-ThrottlingPolicy *ebtglo* | select *ratelimit*,forw* | ft -AutoSize

MessageRateLimit RecipientRateLimit ForwardeeLimit
---------------- ------------------ --------------
50               5000               100

* In two days were sent 37382 emails:
[PS] C:\>Get-TransportService | Get-MessageTrackingLog -EventId Send `
>> -Start (Get-Date).AddDays(-2) `
>> -End (Get-Date) `
>> -ResultSize Unlimited |
>> Where-Object {$_.ConnectorId -like 'SMTPMBX04'} | Measure-Object
>>


Count    : 37382

Is there any native solution to block it in the exchange itself?

I choose not to use the native exchange spam, I don't gess a effective solution.

Print Screens:






Search

Exchange Server 2013 - Removing part of email subject

May 21, 2016, 9:55 pm
$
0
0

We are running Exchange Server 2013 – Enterprise edition. Currently we have an inbound content filtering rule on our Symantec Messaging Gateway appliances to where when an email arrives from the internet addressed to someone inside our domain a suffix in the message subject is added in the form of {external} for example if I send an email from an internet account to internal user with the messages Subject of “Test 123” the subject to the internal email recipient will arrive as “Test 123 {External}”. The problem we are running in to is that when an email conversation takes places between an internal user and someone on the internet the {External} suffix keeps getting added to each external reply to where after three emails the subject will look like “Test 123 {External} {External} {External}”. I have looked through Exchange 2103 ECP – Mail Flow – Rules to see if there is any way to remove the {External} suffix on the emails leaving our domain to the internet all this while preserving the original subject, but to my understanding it is all or none. I am wondering if anyone else has had any experience with it or has a better suggestion for a workaround.

why Email going to junk folder

May 22, 2016, 10:52 pm
$
0
0

Hi everyone,

i have SharePoint server , i am configure it to send email via exchange . some users complain to me they are receiving emails in junk folder , i want to know the reason and prevent this email to going junk folder for all users how to do this?

Thanks 

TLS Enabling

May 23, 2016, 1:25 am
$
0
0

I have a client who is dealing some business with a bank and bank asked them that they need to have TLS enabled on their exchange server for them to send email to us and vice versa.

We are using Cisco Ironport smart host and exchange 2013 environment.

We have MX records as below
mail1.contoso.in
mail2.contoso.in

We have third party Cerificate as below

Mail.contoso.in
pop.contos.in
autodiscover.contoso.in

Please advise us we need to change certificate any and how to enable the TLS.

Thanks & Regards, Kumar N

the SMTP traffic from specific domain not hitting my server

May 23, 2016, 5:42 am
$
0
0

Hi everyone,

I have issue that i am not able to receive from particular domain, also there is no NDR , and also there no log in my server

i am asked the sender to send me email in my Gmail account and copy my bussiness account.

i have received his test email in my gmail account.



please help to solve this issue.

Thanks

,-,,Remote in SMTP log

May 24, 2016, 7:00 am
$
0
0

Hi,

Can someone please tell me what ",-,,Remote" means in the SMTP send logs,  I would expect to see a -Quit not a -Remote.

I think its related to a resending problem we have but i'm not sure.

Thanks

Lee

Exchange 2013 Send Connector Logging broken

May 25, 2016, 8:53 am
$
0
0

Hi, I have a client that is migrating from Exchange 2007 to Exchange 2013 and after the Exchange 2013 installation, I am not able to see any details of the send connectors in the right side details pane.  Protocol logging is also not working. Viewing the connector properties in PowerShell shows the ProtocolLoggingLevel to be set at Verbose, however no logs are generated.  Mail appears to flow through the connector, however without the logs, I can't tell for sure.

Exchange 2013 S/MIME setup

May 25, 2016, 12:07 pm
$
0
0
I currently have a 2010 exchange setup where we utlize S/MIME for all of our users.  I am in the process of migrating over to Exchange 2013 but I'm hitting a road block with the S/MIME setup in 13.  The one thing I'm not understanding from the instructions that you find is Setup of a Virtual Certificate Collection to validate OWA S/MIME.  I'm supposed to Export a certificate into SST type and then use the set-smimeconfig to save the certificate in the virtual store.  My question is What certificate am I supposed to export?  Should I be exporting my ROOTCA?

----E----

Search

500 5.3.3 unrecognized command issue

May 26, 2016, 10:10 am
$
0
0

Hi all, 

My client has an issue where random senders within, and outside of the organization will receive a "Remote Server returned '500 5.3.3 Unrecognized command' error when sending mail to a certain address. This only happens with one particular user. We checked the firewall and made sure smtp filtering wasnt enabled, made sure AV wasnt filtering as well. Sent test emails from external email and internal, can't replicate this issue. It happens randomly. 

I am running Exchange Server 2010 Standard service pack 1. Does anyone have any suggestions or input on what may be going on?

Update RootCA CRL distribution points

May 26, 2016, 2:00 pm
$
0
0

Is there a way you can update your CRL distribuion points for you RootCA?  

When I go the properties of my 2012R2 CA I can see where I add/change fields to what I want, but after I make the change the CA certificate will not have the updated CRL locations.  Is it possible to update the certificate?

I'm looking to import my RootCA into Exchange for S/MIME certificate verification but the RootCA cert doesn't have the updated CRL locations.

----E----

Send On Behalf of not woking with MRU Listed Items, Have to Select from GAL to work...

May 26, 2016, 3:45 pm
$
0
0

When we try to send a message on belief of another user, we can select the From user from the GAL and it works fine and the from user in the emil says its from that user. 

If we select the from user from the MRU list (the same user that just did work), that message will come back as undeliverable with the Error:

Scott Townsend (the person I was sending to)

You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.


Diagnostic information for administrators:

Generating server: 

/O=EMAILORG/OU=MAILSERVER/cn=Recipients/cn=S_Townsend

#MSEXCH:MSExchangeIS:/DC=com/DC=AD-DOMAIN:SERVER-EXCHANGE[578:0x000004DC:0x0000001D] #EX#

Exchange Server : Exchange 2010 

Client: Outlook 2016

Thank you,

Scott<-

Exchange 2013 Goes To Junk folder Gmail & Live email

May 26, 2016, 9:05 pm
$
0
0

Hi,

I have problem, when I sent email to Gmail & Live.com/outlook.com email always goes to junk.

I have added DNS Record MX & Autodiscover.

My domain manageserverkamu.com.

Thank you in advice.

Regards,

Nugroho Anindyanto


Exchange 2013 -Prevent Spam emails from outside but with my internal domain name

May 26, 2016, 10:53 pm
$
0
0

my apologies if this question was asked and answered previously.

we have Exchange 2013 email server. We have been seeing some of the emails are coming from outside but using our own domain name which should not be. any email coming from outside using our domain name must not get processed and rejected at the first place when arrives in our server. I looked into some of the posts and generally found to remove "ms-exch-smtp-accept-authoritative-domain-sender" property of "NT AUTHORITY\Anonymous Logon" security principal from internet receive connector.

This solution was given to below forum:

http://serverfault.com/questions/741501/how-can-i-prevent-spoofed-emails-from-outside-thats-using-my-internal-accepted-d

My question is:

(1) if I remove that permission, do I need to restart my receive connector?

if the above does not work, there is another solution suggested to block own domain and then remove ms-Exch-SMTP-Accept-Any-Sender for anonymous use and then restart receive connector

Powershell

Set-SenderFilterConfig -BlockedDomains mydomain.com

Set-SenderFilterConfig -InternalMailEnabled $true

Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

(2) my questions is, if I do this, after restart of receive connector, will this affect our internal applications and devices emails sending which are anonymous like copiers/scanners and other internal applications inside our LAN?

(3) if it does affect and within-LAN anonymous internal emails are stopped, do I need to create a separate receive connector for LAN and allow Anonymous log-on? whats the command or procedure to do that?

(4) How can I simulate the issue (receiving email from outside but with our domain address), so I can be sure the solution is actually working?

Thanks for your replies to help resolving my issue.

Exchange 2013 used to send spam

May 27, 2016, 1:56 am
$
0
0

Hi all,

I have an exchange 2013 which looks to be used to send spam, I can see the queue growing up with emails from other domains. Here is my setups for content filtering:

Name                                 : ContentFilterConfig
RejectionResponse                     : Message rejected as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients                    : {}
QuarantineMailbox                     :
SCLRejectThreshold                    : 7
SCLRejectEnabled                      : True
SCLDeleteThreshold                    : 9
SCLDeleteEnabled                      : False
SCLQuarantineThreshold                : 9
SCLQuarantineEnabled                  : False
BypassedSenders                       : {}
BypassedSenderDomains                 : {}
Enabled                               : False
ExternalMailEnabled                   : True
InternalMailEnabled                   : False
AdminDisplayName                      :
ExchangeVersion                       : 0.1 (8.0.535.0)
DistinguishedName                     : CN=ContentFilterConfig,CN=Message Hygiene,CN=Transport
                                       Settings,CN=AX-Properties 01,CN=Microsoft
                                       Exchange,CN=Services,CN=Configuration,DC=**,DC=local
Identity                              : ContentFilterConfig

ObjectCategory                        : **/Configuration/Schema/ms-Exch-Message-Hygiene-Content-Filter
                                       -Config
ObjectClass                           : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged                           : 25.05.2016 09:54:48
WhenCreated                           : 06.01.2015 14:43:56
WhenChangedUTC                        : 25.05.2016 07:54:48
WhenCreatedUTC                        : 06.01.2015 13:43:56
OrganizationId                        :
OriginatingServer                     : **myserver**
IsValid                               : True
ObjectState                           : Unchanged

How can I tell my exchange to only send emails from my domain? Or maybe is there a way to know if someone still some credentials? I mean a way to see which user/credentials are used to send those spam.

With wireshark I can see packets RCPT to: xxx@xxx.com but my exchange is not an open relay..

Thanks.

J.

User unable to Encypt message using OWA 2013

May 27, 2016, 7:58 am
$
0
0

I'm working on migrating my users from Exchange 2010 to Exchange 2013.  Right now I only have my Admin mailbox that I used during the install and then my actual user mailbox on EX13.  I followed the below URL which worked.

https://technet.microsoft.com/en-IN/library/dn626158%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

Problem I'm having is that when I open an encrypted email it asks to install S/MIME.  I download the file but I always get an error messages saying the file is invalid or corrupt.  I'm allowed to install it anyway and I do successfully.  Now within OWA under Options I have S/MIME settings saying I have the most recent version 4.0500.15.0.1178.4 of S/MIME control installed.  

When I create a new email and try to send it encrypted I can't.  If I go into S/MIME settings and select "Encrypt contents and attachments of all messages I send" and hit OK, the emails are not encrypted.  If I open a new email and go to "Show Message Options" the Encrypt this message (S/MIME) & Digitally sign this message (S/MIME) are grayed out so I can't select them.  I have no problem reading encrypted emails when someone sends to me.  I do have a valid domain User certificate that has email encryption enabled.  This did work fine on my previous version of exchange.

The odd thing is my Admin account mailbox which was used during the setup process is able to send encrypted emails to users. The options are available for that account.

Before I start moving everyone over to the new exchange I need to iron out this encryption so any suggestions.  Was there something that I missed in my S/MIME configuration?

----E----

Search

remove notification message

May 30, 2016, 5:09 am
$
0
0

hello

i have setup message approval moderation

if i decline  or if i delete message, a message is sent

but 99% of those message which need approval are fake, virus, so domain email does not exist...

and those expiration message are stucked in smtp

i would like to remove notification

thx

Email is not flowing from one transport server to another

June 1, 2016, 1:03 am
$
0
0

Dear Exchange Expert,

Currently we are running hybrid environment as we are migrating to office 365. There is a hybrid server (called "exchybrid")that being built as a bridge between on premise existing exchange servers and the office 365, which is running Microsoft Exchange 2010 SP3. this server has all the roles including Mailbox and CAS.

We have already 2 transport server that being combined into one cluster called "transarray" and it contains our two transport servers, trans1 and trans2. however, I found one funny issue.

I created one mailbox that reside in this hybrid server. Then I try to do a test to send email from one on premise mailbox that resides on another server (called mb1) to this mailbox that resides in hybrid server. the email won't get flow through. If I am doing tracking via the exchange tracking log explorer, it will only show that the email has been passed from "mb1" to the trans1 and it will be stopping there.

From what my understanding for internal email since it is just passing between one exchange server to the hybrid server, email should be passed from the "trans1" to the transport of exchybrid server right? usually it is called intra organization smtp send connector. but it didn't.

is there something wrong with the configuration and how to let the two transport server to talked to each other?

Thanks

List of who received a message to a dynamic distribution group?

June 1, 2016, 8:48 am
$
0
0

I just created a dynamic distribution group in Exchange 2013.  When I run:

$FTE = Get-DynamicDistributionGroup "groupname"

And then run this:

Get-Recipient -RecipientPreviewFilter $FTE.RecipientFilter | out-file c:\group.txt

It returns the correct mailboxes as members of the group, however at least 1 user did not get the first email that was sent to the group. I have no idea who else did not get it.

How can I figure out who actually got the message?

I have tried get-messagetrackinglog using the messageID, but that did not show the recipients.

I also tried Delivery Reports tab in ECP, it returned nothing at all from the sender.

I ran this:

Get-ExchangeServer | Get-MessageTrackingLog -ResultSize unlimited  -Start “5/31/2016 13:30:00” -End “5/31/2016 14:00:00” -Sender “mysender@mydomain.com” | format-table -wrap -autosize | out-file c:\track.csv

I got some results with that, but it’s a mess to read & still does not give me a simple list of those who actually got the message.

Any other suggestions?

Thx

Setup of OWA S/MIME in Exchange 2013 SP1

June 1, 2016, 9:14 am
$
0
0

I'm in the process of migrated my users from Exchange 2010 SP3 to Exchange 2013 SP1 and have come across a problem with the S/MIME configuration.  I have followed the technet articles regarding S/MIME configuration and have an in house CA, setup the virtual certificates repository and have valid user certificates.  I followed the below articles:

https://technet.microsoft.com/en-us/library/dn554259%28v=exchg.160%29.aspx

https://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx

https://technet.microsoft.com/en-us/library/dn626155(v=exchg.150).aspx

I currently have 2 users mailboxes on this exchange server.  Both have valid "User" certificates but for some reason only 1 is able send encrypted email, but both are able read encrypted email.  I'm not sure if it is a permissions issue or not but my Admin mailbox which was created during installation is the one that is able to both send/receive encrypted emails and my user mailbox can only read encrypted emails.  

Both accounts S/MIME settings shows that I have the latest S/MIME version installed 4.0500.15.0.1178.4

I began looking into Set-SMIMEConfig -OWAEncryptionAlgorithms from the below URL hoping this would help.  Initially the OWAEncryptionAlgorithm is only set to "6610" but I was unsure what encryption algorithm my User certificate uses so I added all the possible encryption algorithms with no luck. 

https://www.granikos.eu/en/justcantgetenough/PostId/178/the-mysterious-exchange-smimeconfig-algorithms

At this point my main "User" account is unable to encrypt or sign emails.  The options to Encrypt or Digitally Sign the emails under Message options are grayed out so I can't even select the options.  If I go to Gear Icon-->S/MIME Settings and check all 3 options and save it my messages still do not go out encrypted.

I'm really stumped on this one right now.  Any ideas?  Everything worked fine on my Exchange 2010 setup.

Below is my Get-SMIMEConfig, anyone see anything wrong with this?

[PS] C:\Windows\system32>get-smimeconfig


RunspaceId                                       : fadaa926-249c-4e89-b6b9-65e6e14119c4
OWACheckCRLOnSend                                : False
OWADLExpansionTimeout                            : 60000
OWAUseSecondaryProxiesWhenFindingCertificates    : True
OWACRLConnectionTimeout                          : 60000
OWACRLRetrievalTimeout                           : 10000
OWADisableCRLCheck                               : False
OWAAlwaysSign                                    : False
OWAAlwaysEncrypt                                 : False
OWAClearSign                                     : True
OWAIncludeCertificateChainWithoutRootCertificate : False
OWAIncludeCertificateChainAndRootCertificate     : False
OWAEncryptTemporaryBuffers                       : True
OWASignedEmailCertificateInclusion               : True
OWABCCEncryptedEmailForking                      : 0
OWAIncludeSMIMECapabilitiesInMessage             : True
OWACopyRecipientHeaders                          : False
OWAOnlyUseSmartCard                              : False
OWATripleWrapSignedEncryptedMail                 : False
OWAUseKeyIdentifier                              : False
OWAEncryptionAlgorithms                          : 6602:40;6602:56;6602:64;6602:128;6601;6603;660E;660F;6610
OWASigningAlgorithms                             : 8804
OWAForceSMIMEClientUpgrade                       : True
OWASenderCertificateAttributesToDisplay          :
OWAAllowUserChoiceOfSigningCertificate           : True
SMIMECertificateIssuingCA                        : {0, 0, 0, 0, 67, 69, 82, 84, 4, 0, 0, 0, 1, 0, 0, 0...}
SMIMECertificatesExpiryDate                      : 11/23/2018 1:24:50 PM
SMIMEExpiredCertificateThumbprint                : THUMBPRINT DATA
AdminDisplayName                                 :
ExchangeVersion                                  : 0.1 (8.0.535.0)
Name                                             : Smime Configuration
DistinguishedName                                : CN=Smime Configuration,CN=Global Settings,CN=DOMAIN,CN=Microsoft
                                                   Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=int
Identity                                         : Smime Configuration
Guid                                             : ff4344dd-148e-4b24-95e0-ee97424245ae
ObjectCategory                                   : DOMAIN.int/Configuration/Schema/ms-Exch-Container
ObjectClass                                      : {top, container, msExchContainer}
WhenChanged                                      : 6/1/2016 11:29:50 AM
WhenCreated                                      : 5/25/2016 10:27:18 AM
WhenChangedUTC                                   : 6/1/2016 3:29:50 PM
WhenCreatedUTC                                   : 5/25/2016 2:27:18 PM
OrganizationId                                   :
Id                                               : Smime Configuration
OriginatingServer                                : DC.DOMAIN.int
IsValid                                          : True
ObjectState                                      : Unchanged

----E----

Exchange 2007 and 2013 configure simultaneously

June 1, 2016, 9:53 am
$
0
0

Hello support,

  • I am using exchange 2007 in production environment and now I want also install exchange 2013. Please confirm both will be work in same domain simultaneously.
  • MX records has been point exchange 2007.
  • Please provide any articles so that understand how it will be work.


 

Viewing all 3168 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>