We are a school district and need to prevent to our students from being able to receive email from outside our district.

IE, no internet mail.

I am already aware of the "users must be authenticated" trick but I know there is a better way to do it. We set it up for our Exchange 2010 server years ago but I can't remember how. Our students now do not have the "users must be authenticated" checkbox checked, and do not receive external email so I know it can be done another way.

If I remember right we might have done it in Exchange 2010 with the anti-malware somehow?

Hi,

I have been having an issue i just cant figure out.

Users in our exchange 2010 - SBS 2011 domain recieve emails from external senders, and sometimes internal senders addressd to them, but they go to other user's mailboxes that have no connection to the email, and are not mentioned in the address fields in any way.

The original recipient does not receive a copy of the email.

Exchange is updated to SP3, and all latest updates have been installed bar the recent roll up for exchange 2010 sp3

If I telnet to my exchange 2013 server and do an EHLO it returns the local server name and not the external FQDN.

Mxtoolbox.com flags this as a problem as it doesn't match my reverse DNS which is to the external FQDN.

How do I change it to return my external FQDN ?

thanks

Hi,

We experienced queueing of messages and error is saying "message deferred by categorizer".

It resume to normal when we restarted transport service.

Is this related to Anti-Virus or Active Directory.?

Regards,

Jhun

Help !

recently moved to exchnage 2010. Is there a way of stopping an ndr being sent and the mail being accepted to users whos mailbox is full. We have critical staff that are filling their boxes up and not getting critical mail because a ndr is sent out!

any help would be appreciated

thanks

S

My organization is running Exchange Server 2010 SP2. We have Exchange On-Premises and Office 365 in our Exchange environment. Office 365 only has a few accounts in it as we have barely begun the migration process and we don't want to continue until we know on premises is working properly. Right now we are seeing e-mails getting stuck in the queues and the Transport Service keeps stopping.

Has anyone dealt with this and if so, how did they fix it?

Thanks.

Hi 

I've got several moderated distribution lists but none of them are receiving any moderation notifications. The email is making it into the moderation holding box but nothing is happening from then. I'm getting this information from the message queue

Message Source Name: Moderated-Transport
Source IP: 255.255.255.255
SCL: -1
Date Received: 25/06/2013 11:17:30
Expiration Time: 27/06/2013 11:17:30
Last Error: 432 4.2.0 STOREDRV.Deliver; Agent transient failure during message resubmission[Agent: Approval Processing Agent]

Any ideas on what could be causing this to break?

I have a problem getting updates for the anti-malware system in Exchange. The event log reads:

Event ID 6029

MS Filtering Engine Update process was unsuccessful in contacting the Primary Update Path. Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate

The firewall (MS TMG) shows that two request for two .cab files is sent to what I assume are Akamai content servers (it does not reverse) since the IP on this http get request will change based on what forwarder I provide my internal DNS.

I also see a request for two Microsoft CRLs.

Are there any useful logs to look at to determine why this isn't working?

Regards,

Ola Pukstad

Hi all

Its me again.

I am trying to update the inbuilt malware definitions according to the instructions in article.

http://technet.microsoft.com/en-us/library/jj657471.aspx

& $env:ExchangeInstallPath\Scripts\Update-MalwareFilteringServer.ps1 -Identity <FQDN of server>

I am getting the following two events  see below on all the mailbox servers. I obviously cannot go into production Exchange 2013 RTM on Windows 2012 Servers and Domaincontrollers.

Log Name:      Application
Source:        Microsoft-Filtering-FIPFS
Date:          1/29/2013 2:50:45 PM
Event ID:      6027
Task Category: None
Level:         Error
Keywords:     
User:          NETWORK SERVICE
Computer:    Removed To Protect The Innocent 
Description:
MS Filtering Engine Update process was unsuccessful in contacting the Primary Update Path. Update Path:http://forefrontdl.microsoft.com/server/scanengineupdate
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
    <EventID>6027</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-29T12:50:45.262896300Z" />
    <EventRecordID>120660</EventRecordID>
    <Correlation />
    <Execution ProcessID="2584" ThreadID="3752" />
    <Channel>Application</Channel>
    <Computer>Removed To Protect The Innocent
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Filtering-FIPFS
Date:          1/29/2013 2:53:25 PM
Event ID:      6024
Task Category: None
Level:         Information
Keywords:     
User:          NETWORK SERVICE
Computer:     Removed To Protect The Innocent
Description:
MS Filtering Engine Update process is checking for new engine updates.
 Scan Engine: Microsoft
 Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
    <EventID>6024</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-29T12:53:25.654390000Z" />
    <EventRecordID>120667</EventRecordID>
    <Correlation />
    <Execution ProcessID="2584" ThreadID="3752" />
    <Channel>Application</Channel>
    <Computer> Removed To Protect The Innocent
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="EngineName">Microsoft</Data>
    <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Filtering-FIPFS
Date:          1/29/2013 2:56:07 PM
Event ID:      6030
Task Category: None
Level:         Information
Keywords:     
User:          NETWORK SERVICE
Computer:   Removed To Protect The Innocent  
Description:
MS Filtering Engine Update process is attempting to download a scan engine update.
 Scan Engine: Microsoft
 Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
    <EventID>6030</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-29T12:56:07.715314800Z" />
    <EventRecordID>120668</EventRecordID>
    <Correlation />
    <Execution ProcessID="2584" ThreadID="3748" />
    <Channel>Application</Channel>
    <Computer> Removed To Protect The Innocent
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="EngineName">Microsoft</Data>
    <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Filtering-FIPFS
Date:          1/29/2013 3:48:03 PM
Event ID:      7003
Task Category: None
Level:         Information
Keywords:     
User:          NETWORK SERVICE
Computer:    Removed To Protect The Innocent 
Description:
MS Filtering Engine Update process has successfully scheduled all update jobs.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
    <EventID>7003</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-29T13:48:03.321784200Z" />
    <EventRecordID>120776</EventRecordID>
    <Correlation />
    <Execution ProcessID="2584" ThreadID="21120" />
    <Channel>Application</Channel>
    <Computer>Removed To Protect The Innocent</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
  </EventData>
</Event>

Regards

Bright

Hi 

I am in the middle of Exchange 2013 Migration from 2010. i setup Exchange 2013 server and i moved one test mailbox from 2010 to 2013. but i found that mails are moving only one direction. ie, From 2013 to 2010. do i need to create any send  and receive connectors between two exchange box's. (2010 - 2013). fortunately External mails working

i tried to sent an email from Exchange 2010 mailbox to 2013 mailbox and ii got Delivery delay mail 

"
This message hasn't been delivered yet. Delivery will continue to be attempted.

The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time."

could you please tell me how i can fix this issue.?

Regards

Kris

Exchange Server 2013 CU1, two mailbox servers (DAG, only one mail database), two CAS servers (NLB cluster). Two Sendmail/CentOS-based SMTP relays route mail between Exchange servers and Internet (incoming mail is routed to NLB cluster name).

Usually mail flow is OK: messages are sent and received normally. However, I've got several complains from different users. They state that occasionally they don't receive messages that were sent to them from outside. Tomorrow morning I've decided to investigate the issue.

So, we have a message sent from Gmail account that was not delivered in user mailbox. It was received and routed to Exchange by Sendmail host:

Jun 27 22:06:37 MX01 sendmail[12169]: r5RG6HC8012166: to=<USER_ADDRESS>, delay=00:00:19, xdelay=00:00:19, mailer=smtp, pri=124702, relay=NLB-FQDN [NLB-IP], dsn=2.0.0, stat=Sent (<CAHgK_sjEkj41htuVsutMP3XhgR5RRDs8-EgSC-UfHoaiHWFj=A@mail.gmail.com> [InternalId=13069585481819] Queued mail for delivery) 

Running Get-MessageTrackingLog applet on the mailbox servers displayed the followed log entries for the message:

DB Server #1:

    22:11:18 HAREDIRECT

    22:11:18 RECEIVE

    22:11:18 AGENTINFO

DB Server #2:

    22:11:18 HARECEIVE

    22:12:44 HADISCARD

So, we can see that the message was placed into shadow queues, but was NOT delivered into mailbox (no DELIVER status entries). Also pay attention to the timing. Time on all the servers is in sync, but Sendmail timestamp is 22:06, and Exchange timestamps are 5 minutes behind it.

Today a message sent to the same address from the same Google mailbox was received by Exchange and placed into user mailbox with no glitches.

We use Exchange antispam system activated on Exchange mailbox servers. Spam is never dropped silently. It is either returned to sender (SCL 9) or placed into quarantine mailbox (SCL 6 and above). I'm pretty sure that the lost message was not in the quarantine mailbox this morning, and the sender didn't receive any NDRs.

Any ideas what to investigate next?

Sender receives the following when sending an email to me.  I'm using Exchange 2010.

      ===============================================

              THIS IS A WARNING MESSAGE ONLY

          YOU DO NOT NEED TO RESEND YOUR MESSAGE

      ===============================================

A temporary error occurred while delivering to the following address(es):

  <emailAddress>: 451 Timeout trying verify RCPT (emailAddress) for domain (xxx.xxx)

I will continue trying to send the message until it is delivered or expires.

message header:
-----------------------------------------
Received: from unknown [98.175.195.132] (EHLO remote.coretech.us)
    by p01c11o145.mxlogic.net(mxl_mta-7.1.0-3) over TLS secured channel
    with ESMTP id 4e690b15.0.115642.00-344.278324.p01c11o145.mxlogic.net (envelope-from <xxx@coretech.us>);
    Thu, 06 Jun 2013 08:05:21 -0600 (MDT)
X-MXL-Hash: 51b0972174c9097c-07de3edec2f7909f4a8643371f2134c47cba85c5
Received: from CTIEXCH1.coretech.local ([fe80::184e:b79a:e34d:4bda]) by
 CTIEXCH1.coretech.local ([fe80::184e:b79a:e34d:4bda%11]) with mapi id
 14.02.0318.004; Thu, 6 Jun 2013 09:01:45 -0500
From: <xxx@CoreTech.us>
To:
Subject: FW: Warning: could not send message for past 4 hours
Thread-Topic: Warning: could not send message for past 4 hours
Thread-Index: AQHgkFk49P8XvluEo3acsCQJWjX2PgHwS79CAajIjnyY55LpwA==
Date: Thu, 6 Jun 2013 14:01:44 +0000
Message-ID: <E9F1FB6812C1C046A71D5A57CDB5025447C20B70@CTIEXCH1.coretech.local>
References: <mxl~ee32.1539.b680@p01c12o144.mxlogic.net>,<CCEC9C54-53BC-45F1-B309-53FF4CDD493C@vrana.com>
 <7506827BF57E1549A24F4B9A1CC5A1E813E8FBBE29@SBS1.vrana.local>
In-Reply-To: <7506827BF57E1549A24F4B9A1CC5A1E813E8FBBE29@SBS1.vrana.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.10.114]
x-exclaimer-md-config: 1d0b0ba3-9050-4738-a989-cec61d99f927
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Hi,

I am looking at Exchange 2013 plus DLP.  I am also looking at Sophos to do Antivirus plus DLP since they have a much more comprehensive coverage.  My question here is,  Does anyone know if Exchange or Sophos can provide multi level approval before an sensitive email or attachment can be sent out?  Thanks.

Regards,

Hi all,

The next issue is bothering me for days now.. hope someone can point me to the solution :)

I've got an Exchange 2010 server (14.03.0146.000) with all roles installed (except Lync)  

I've got an application who uses an SMTP relay. 
I've set-up a recieve connector, to allow the IP adress of the application server, with anonymous access. 

I can send an e-mail to a user, or to distribution group A. But it doesen't work for distribution group B.

Offcouse I checked if the "require that all senders are authenticated" is not checked. Even with Get-DistributionGroup <<naam>> | fl  I can't find an diference between group A and B..

- The message doesn't stay in the queue
- Mails to Group A are in the message tracking, messages for Group B are not.
- I can send mails from Hotmail/Gmail to Group B
- No difference if I make it an Mail Universal Group or Mail Universal Security Group. 

Hope someone can point me in the right direction! 
Kind regards,
Robert

Robert Jager

The Microsoft Exchange Frontend Transport service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Exchange couldn't start transport agents. The Microsoft Exchange Transport service will be stopped. Exception details: Invalid agent configuration in file 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Shared\fetagents.config'. : Microsoft.Exchange.Data.ExchangeConfigurationException: Invalid agent configuration in file 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Shared\fetagents.config'. ---> System.Xml.XmlException: Root element is missing.
   at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
   at System.Xml.XmlDocument.Load(XmlReader reader)
   at Microsoft.Exchange.Compliance.Xml.SafeXmlDocument.Load(XmlReader reader)
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExConfiguration.LoadPublicAgents(String filePath, List`1& publicAgents)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExConfiguration.LoadPublicAgents(String filePath, List`1& publicAgents)
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExConfiguration.Load(String filePath)
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExRuntime.Initialize(String configFile, String agentGroup, ProcessTransportRole processTransportRole, String installPath)
   at Microsoft.Exchange.Transport.Extensibility.AgentComponent.Load()

We have an Edge Transport Server expose to internet and open relay has been disabled.

However, recently we find there are some spam email sent out from our email server.

We do not have any anonymous SMTP connectors in organization.

So ,we suspect there may be user password leakage, or there may be some computers have been compromised.  

As the email must send from an authenticated user from Exchange, we are trying to find out the user name of spam email.

We looking into Message Trace Log, find out the spam email message and e find a field named "Sender" with content "MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@domain".

While, the next question left , How to find out user name from above Sender?

Hi,

Our edge server seems to delay emails sent to some domains without an DNS/MX record. For example emails sent to a gmail.com.au account will be delayed instead of rejected. It appears to be related to the fact that @gmail.com exists.

____________________________________________________________________________________________________

Delivery is delayed to these recipients or groups:

user@gmail.com.au

Subject: test

This message hasn't been delivered yet. Delivery will continue to be attempted.

The server will keep trying to deliver this message for the next 3 days, 19 hours and 53 minutes. You'll be notified if the message can't be delivered by that time.

___________________________________________________________________________________________________

However, if the domain does not exist at all it does reject them:

Diagnostic information for administrators:

Generating server: xxxxx

test@fnidsncoindscoid.com
#554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain ##

__________________________________________________________________________________________________

It appears that it will delay emails sent to any @domain.com.au if the @domain.com exists. This is means that end users are not provided with instant feedback that they are inadvertantly attempting to send to a wrong email address. Anyone dealt with this issue previously? Any advise assistance would be appreciated.