Hi,

How can I enable recipient validation work in this design:
2 Exchange 2013 servers with CAS and MAILBOX roles both, DAG and Hardware Load balancer for HTTP and SMTP traffic.

From Exchange documentation:
http://technet.microsoft.com/en-us/library/bb125187%28v=exchg.150%29.aspx
Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. If you install the anti-spam agents on a Mailbox server, the Recipient Filter agent is enabled by default. However, it isn't configured to block any recipients. For more information, see Enable Anti-Spam Functionality on Mailbox Servers.

If You have a setup like this:
Install antispam agents:

Identity                                           Enabled         Priority
--------                                           -------         --------
Transport Rule Agent                               True            1
Malware Agent                                      True            2
Text Messaging Routing Agent                       True            3
Text Messaging Delivery Agent                      True            4
Content Filter Agent                               True            5
Sender Id Agent                                    True            6
Sender Filter Agent                                True            7
Recipient Filter Agent                             True            8
Protocol Analysis Agent                            True            9

Have Recipient validation enabled:

Name                  Enabled RecipientValidationEnabled
----                  ------- --------------------------
RecipientFilterConfig    True                      True

Have AcceptedDomain AddressBook enabled:

DomainName     DomainType AddressBookEnabled
----------     ---------- ------------------
contoso.com Authoritative               True

Then You have a situation, where a single invalid recipient on an incoming email message would reject the entire message! I guess this is because the recipient filtering happens on the mailbox server.
So .. HOW? Is it possible without Edge servers? Have I missed something?

I hope this feature isn't "missing by design", because it will be very difficult to explain to the client, that such an expensive product cannot do what any mail server can - reject unknown recipients before taking E-Mail data. There are a lot of issues with this feature missing (possible DDOS with max attachments, or spoofed sender e-mail address that is a spamtrap, so NDR from Exchange would get You to SBL, etc.).

Sincerely,
Vince

I need to find all mailboxes and their aliaes that are setup to be Forwarded to a mail-enabled public folder.  Is there an Exchange Mangement Shell script that I can run that will produce that list for me?  Or some other way of finding those mailboxes/aliases? 

Thanks

Matt

Greetings,

I am trying to setup the demo of Exchange EOP for my exchange 2013 CU3 environment, but every bit of instructions i see on the internet do not reflect what I see on my server.

I don't have inbound and outbound, i have send and receive. Now that is obvious, but it also talks about a type of on-premises and I dont even have that option, I have custom, internal, internet, partner, client

I can pretty much figure out what it should be, but I would really like to see instructions somewhere that reflect my choices?

Any help would be appreciated

Thanks

Jim

I want to create some mailboxes I can use where I will forward all the mail to an individual to monitor the inbox, I like the idea of shared mailbox from a security standpoint because the email address will be used to login to a website outside out domain but I wanted the flexibility to easily manage the mail-flow.   No one will be logging into these accounts on the domain and they will not store any mail so security could be very manageable.  I won't need to give multiple users permissions on these boxes so long as the boxes can still forward incoming email which will end up going to a real person's inbox.  I need to create  6 inboxes / accounts but I don't want them to be able to logon to the domain.  Any ideas?

Thanks

Dana

Dana Bessey IT Manager MCSE, MCPS, MCNPS H.E. Murdock Co. Inc dba Day's Jewelers 88 Main Street Waterville, ME 04901 (207) 873-7036 Be Sure to visit us at www.daysjewelers.com

J.A

Hello,

I try telnet email test but i have this error. How i can fix it?

451 4.7.0 Temporary server error. Please try again later. PRX4

i tried DNS settings , Host file update , ReCreate Receive Connectors but all failed.

Detailed logs ;

D:\Exchange\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive

Message or connection acked with status Retry and
response 451 4.4.0 Primary target IP address responded with: ""501
5.5.4 Required arguments not present."" Attempted failover to
alternate host, but that did not succeed. Either there are no alternate hosts,
or delivery failed to all alternate hosts.

D:\Exchange\TransportRoles\Logs\FrontEnd\Connectivity

2013-11-29T11:04:36.130Z,08D0BB050818EAC4,SMTP,internalproxy,-,Messages: 0 Bytes: 0 (Retry : Required arguments not present)

2013-11-29T11:05:12.724Z,08D0BB050818EAC6,SMTP,internalproxy,+,Undefined 00000000-0000-0000-0000-000000000000;QueueLength=<no priority counts>

Hello;

We have an Exchange environment with multiple servers and multiple mail domains.  One of our overseas domains/servers is down at the moment because of a damaged cable somewhere in the Pacific...  We would like to be able to route email bound for that domain (xyz.cn) from our domain (xyz.com) thru the internet as their server still receives external traffic.  How ever since we are one great big AD/Exchange Forest email automatically gets routed by AD connection.

Is there a way to send this email out thru the Internet?  We are being told that the "SHIP" will not be onsite for the repair for another week and then it will be 4-5 days for the repair.  any help is appreciated.  

We are in the migration process from 2010 to 2013.  We have installed 2013 and have tested moving mailboxes and all is well except for our transport rules.

We have several rules where groups of users have any outgoing email with attachments have to have them approved by managers due to HIPAA compliance. 

After the initial install of 2013 we immediately had issues where managers had to approve the emails two or more times before they would go out.  We read where transport rules didn't translate well in the upgrade so we deleted the rules on the old server and recreated them on the new to no change.  Currently most senders have to have their email approved twice.  My email, since I'm the one guinnea pig that moved my mailbox to the new server, won't go out at all, it is stuck in a loop where it keeps going to my manager seemingly forever. 

I'm hesitating to migrate actual user mailboxes till this is settled, but this might also go away when we retire the 2010 server so I'm torn. 

I find little written about transport rule troubleshooting, but I did run a delivery report on an email I sent and found the message sent to an approver, approved, sent to an approver, approved, sent, etc.  I'll paste it below my signature.

Any assistance or insight is appreciated.

Jim

Delivery Report for  David.Simpson@wiXXXXXX.com‎‎

Submitted
3/26/2014 11:27 AM OPT-EXCH1
The message was submitted to opt-exch1.local.xxx.com.
Pending
3/26/2014 11:27 AM opt-exch1.local.xxx.com
Message was received by opt-exch1.local.giftrapcorp.com from opt-Exch1.local.xxx.com.
Failed
3/26/2014 11:27 AM opt-exch1.local.xxx.com
The message was rejected by a rule set at the organization level. For more information, check your organization's Transport rules.
Pending
3/26/2014 11:27 AM opt-exch1.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was approved by the moderator.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was approved by the moderator.

3/26/2014 11:32 AM mail01.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.

3/26/2014 11:33 AM mail01.local.xxx.com
The message was approved by the moderator.

3/26/2014 11:33 AM mail01.local.xxx.com
The message was sent to a moderator. Messages sent to this address must be approved by a moderator before delivery.
Failed
3/26/2014 11:34 AM mail01.local.xxx.com
The moderator has rejected this message.

Jim Tall

When I move a mailbox from a database on EX13MB1 to a database on EX13MB2 at the remote office email doesn't make it to the mailbox.  Outlook shows that it is connected but no email flows and I end up getting delayed delivery notices.

Here is the setup;

Main Office

• Third Party Email Filter - WebSense
• EX13CAS - Exchange 2013 Client Access Server running on Server 2012
• EX13DB1 - Exchange 2013 Database Server running on Server 2012
• Laptop running Windows 7 and Outlook 2013

Remote Office

• EX13DB2 - Exchange 2013 Database Server running on Server 2012

Everything works fine in the Main Office. 

Here is what I did after the main office was set up;

• Installed an Exchange Database Server (EX13DB2) in the remote office.
• Made sure it showed up in the ECP.
• Created a Database on EX13DB2.
• Moved a mailbox from EX13DB1 to the new database on EX13DB2.  (This works fine)
• Re-started Outlook.
• Outlook connects to the mailbox and doesn't show any errors.

All ports are open between the main office and the remote office.  All of the servers can ping every other server.

My question is;

Why can't email flow between the database servers?  What am I missing here?

Eric

Hello,

Our environment is currently going through a company acquisition.  We are currently migrating Exchange users from the other company's server into our domain.  As a precaution, we disabled Outlook's Auto-Complete feature to avoid NDRs.  I believe this to be related to a mismatched legacyExchangeDN attribute.  

My question is... when an external address e-mails one of these recently migrated mailboxes, do those messages use the above-mentioned attribute for delivery?  Ultimately, I would like to avoid external businesses from receiving NDRs due to these migrations.

Thanks for any info received.

Our organization has recently (beginning in March 2014) started reviving the following NDR error when sending email to various clients who appear to be using Office365 or some other Microsoft hosted mail service:

somebody@microsofthosteddomain.com - Permanent Failure: MX Lookup failed: error looking up IP for host microsofthosteddomain-com.mail.protection.outlook.com

The MX failure is occurring because the MX record returns the domain name with a "-" before the .com which does not exist in the actual domain name.

The error is sporadic in that on some occasion we can do a "forced resend" and it will push through, on other accounts, the error is persistent and we can not send to the account without the NDR being generated.

I can add that these accounts were find until they switched to the Microsoft hosted product for their email.

I have seen posts from a few years back that indicated this was a problem with DNS propagation and would generally resolved once the correct DNS information had propagated to all DNS servers.

Not necessarily looking for a fix as I do not believe the error is on our side, just some information as to how this issue is being handled (I am making the assumption that I am not the only one having this problem and that it is a result of organizations upgrading from Microsoft 2003 servers/Exchange to the Office 365 product).

Hello,

We are going through an acquisition and would like to decommission Org B's Exchange server.  Here is the scenario currently in place:

- Org A has a hidden Org A e-mail account for the user
- Org A also has a contact for the same user's Org B e-mail account
- Org B has the original mailbox for this user

The process performed is this:

- Export Org B mailbox PST
- Import Org B PST into the hidden org A mailbox
- Change the SMTP address for the hidden mailbox to match what was used by the mailbox in Org B
- Delete the contact in Org A for the Org B address
- Copy the Org B mailbox's legacyExchangeDN to the Org A mailbox as an X500 address
- Unhide the mailbox in Org A

What I would expect to happen is that we can e-mail the SMTP address for Org B and it deliver to the now unhidden mailbox with the same SMTP in Org A.

However, this is what happens when e-mailing from outside of Org A or within:

#550 5.2.0 RESOLVER.FWD.NotFound; misconfigured forwarding address ##

Is there a step that I missed?

Friends... I am having delivery delayed isues on DNS .. i have static public IP for my domain and reverse DNS and other records like TXT/SRV is in place. but then since yesterday i am having delivery delayed to some domains and error is " 451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped." so to be true i was not able to understand how to sort this out as this was only happening with few domains and as always when problem comes it bcomes critical for client.. same happened .. the domains which were giving this errors are super critical for client and i dont have much answers to this that where is the problem.. is some one please guide me here...

but then i thought of changing my delivery to SMART HOST and point it via my ISP. but i am not sure if i have done the right thing as i am not able to understand much on this. like pros & cons attached to SmartHost... why people dont use it much ... any chances of my IP getting black listed or SPAMMING ... so please guide if i kep it on smart host or how can i trouble shoot my DNS delivery issue.

We have a strange problem. We've migrated cross forrest from an Exchange 2007 to an Exchange 2013. Everything seems to be ok, except for one issue we have which is that sometimes an email sent to a distribution group is received 15 minutes later by 2 - 3 of the users within the list. 

The list contain 42 members, and I can see that the email is "sitting" on one server for the 15 minutes in question by reading the header of the email. The problem is not consistent. 

Expansionserver is $null on all of my distribution lists, and I can have issues on other lists aswell, although that might just get noticed.

If I try the tracker tool in EMC or through the gui (ecp) I get a "to many items in array" error. So I can't see anything in my exchange shells either. 

All the users in the list are in the same domain, but the users are spread across 2-3 exchange servers. The server that the mail is "sitting" in, oddly has 0 of the members within the distlist. 

any advice as to where to look is appreciated. if it is a problem with the expansionserver I would be greatful for any steps to find out how that can be determined or even better, be resolved. 

Good day , 

We are migrating from Domino to Exchange 2013 ,

The problem is migrated mailbox user (Outlook 2013) sends a meeting request to a non migrated mailbox user (Lotus Notes)

the recipient receives the request as plain text email .

meeting request working perfectly vice versa and between outlook users.

I've created new remote domain for the domino domain and tried all contenttype formats (MimeText , MemiHTMLText and MimiHTML) with no luck.

the problem isnt related to outlook contact because the sender dosnt have any outlook local contact 

the strange thing that when the sender cancels the meeting request the recipient receives the cancellation with correct format not plain text. 

Any suggestions ?

Best Regards Bisher Shbib

Windows Server 2008 R2 Standard
Microsoft Exchange Server 2010
SonicWALL TZ 215 w/Anti-Spam service

Message sent from sender in February 2014 to three recipients within organization fails.
Message sent from same sender in March 2014 succeeds to two, but fails to one.

--------------------------

RECV LOG FROM 2-27-2014:

RECV LOG FROM 3-37-2014:

...as you can see the email to the three recipients on 2/27/2014 never receives a 'DATA' command. The message immediately receives 'RSET' and then the tarpit information. The SonicWALL Anti-Spam service has no indication that the message was identified as Junk or Spam. Users received no indication of the email message in their JUNK EMAIL SUMMARY.

...on 3/27/2014 the message is successful in reaching two of the recipients. Only one of the recipients delivery is given the 'RSET' command.

I am getting ready to contact SonicWALL support to see if they have any indication of a similar issue occurring in configurations similar to ours. I wanted to provide this scenario because I haven't been able to find any information related to the 'RSET' command and associated mail delivery failures. 

We are currently using a wildcard cert in our Exchange 2010 environment, which expires soon. The new cert will not be a wildcard cert and the cert will only have mail.ourdomain.com on it.

What should I do to prevent any issues with clients and Outlook Anywhere? 

Currently, the clients not on the network connect by setting the following to the Microsoft Exchange Proxy Settings:

“Only connect to proxy servers that have this principal in their certificate:”

msstd:*.ourdomain.com

Today I got an email from a user saying she just received an internal email that was sent November 5th 2013. I tried using Exchange Tracking Log Explorer but nothing shows as being received on 11/5/13 and nothing from todays date that matches the Subject. Here are is the msg header which has been modified to hide our domain. This is a small business with 12 users with SBS 2011. This isn't the first time this has happened either. Another user had email delayed for 3 months.

Hi,

I have an Exchange Server 2013 running on one Server. I have set up a receive connector for the internal Scanner (Scan to Email). this works most of the time - but occasionally fails with the following error: "51 4.4.0 Error encountered while communicating with primary target IP address: ""421 4.4.2 Connection dropped" - any help will be appreciated.