Company security team on a mission: purging all malicious messages with URLs and attachments

June 15, 2016, 7:38 am

≫ Next: Stop Spoofing own domain but allow exception

≪ Previous: 550 5.7.1 Unable to relay

$

0

0

Apologies if this is not the right place for this.  I have a situation at my company.  The security team has put in place a policy that forces the messaging team to go through search and purge procedures for what seems to be any spam message with a URL or attachment.  These purge requests are raised at the highest priority, and there can be anywhere from 1 to 18 a day.  Apparently they got scared by a report of a similar type of company getting breached due to an employee getting tricked into giving up credentials, although this has never happened to us.  I have been working with our gateway vendor, and doing other research into how to stop the problem messages, but as we all know some messages will get through.  We have 24,000 mailboxes. This is a serious burden for the messaging team.  Can anyone advise on how to approach the company to express to them how much of a burden this is, and to some how change the policy to something more reasonable?

Thanks in advance!

---

Stop Spoofing own domain but allow exception

June 16, 2016, 4:25 am

≫ Next: Transport rule / catchall mailbox on a one server environment

≪ Previous: Company security team on a mission: purging all malicious messages with URLs and attachments

$

0

0

Hello, I have configured our Exchange (2010 SP3) to not accept emails pretending to come from own accepted domains. I did this by removing AD Permission "ms-Exch-SMTP-Accept-Authoritative-Domain-Sender".

Now I'd like to add kind of an excepetion, if emails come fro a certain server/ip. The reason why is that our website is hosted externally and it sends some forms via email from like info@company.com to internal exchange users. Now these emails are not accepted anymore due to the above modification.

Is there any chance to add some mail server as trusted, etc?

kind regards,

Dieter Tontsch

mobileX AG

Transport rule / catchall mailbox on a one server environment

June 17, 2016, 12:50 am

≫ Next: IIS SMTP - The server response was: 5.7.1 Unable to relay for outgoing address, Still not working

≪ Previous: Stop Spoofing own domain but allow exception

$

0

0

Hi,

we have only one Exchange server in our environment, and we have to configure a catchall mailbox, where we would like to BCC some mails. We made a regex on the Subject to catch the ones we need. However if I enable the rule, very soon the EdgeTeansport process eats up all the CPU. What can be the problem? Do we need a separate server to make this functionality?

Thanks:
Peter

IIS SMTP - The server response was: 5.7.1 Unable to relay for outgoing address, Still not working

June 17, 2016, 5:45 pm

≫ Next: Regex to catch ABC-123 pattern in Transport rule

≪ Previous: Transport rule / catchall mailbox on a one server environment

$

0

0

I'm unable to fix this issue by following steps:

1. Go to Administrative Tools -> IIS 6.0 Manager
2. Right click "SMTP Virtual Server" then Click Properties
3. Select Access tab
4. Click "Relay..." in Relay Restrictions
5. Select "Only the list below"
6. Add 127.0.0.1 and my server IP to the list
7. Check Allow all computers which successfully authenticate to relay, regardless of the list above
8. Click "OK"

I would really appreciate if anyone can give me any other idea. I tried above steps but I could not solve the problem.

Thank You!

Best Regards,

Sandeep

Regex to catch ABC-123 pattern in Transport rule

June 20, 2016, 6:15 am

≫ Next: Delivery Status Notification (Failure)

≪ Previous: IIS SMTP - The server response was: 5.7.1 Unable to relay for outgoing address, Still not working

$

0

0

Dear All,

we fight with Exchange to create a regex for transport rule. What we have to catch is a ABC-123 pattern: so 3 letters, a dash than 3 numbers. It can appear anywhere in the subject, the regex should fire. We tried \D\D\D-\d\d\d, (\w|\s)*\D\D\D-\d\d\d(\w|\s)*, but none of them works. Can someone please help us?

Delivery Status Notification (Failure)

June 22, 2016, 4:31 pm

≫ Next: windows defender

≪ Previous: Regex to catch ABC-123 pattern in Transport rule

$

0

0

Recently my Hotmail email stopped working and I receive the following message not sure how to fix this.

Reporting-MTA: dns;BLU004-WSS1S2.hotmail.com
Received-From-MTA: dns;BLU436-SMTP17
Arrival-Date: Wed, 22 Jun 2016 16:12:10 -0700

Final-Recipient: rfc822;XXX@live.com
Action: failed
Status: 5.6.2
Diagnostic-Code: smtp;554 5.6.2 Delivery SMTP Error. Command: 3. Response: 535-5.7.8 Username and Password not accepted. Learn more at
535 5.7.8  https://support.google.com/mail/answer/14257 49sm1015250qtn.16 - gsmtp
. Type=2 (1908582017:817:-2147418113)

windows defender

June 22, 2016, 10:29 am

≫ Next: Spam being sent to others with my email address

≪ Previous: Delivery Status Notification (Failure)

$

0

0

I paid irescue 199. for use of windows defender for two years term. Is this legit. I read that window 8. already has it installed. Was it already on my computer? What am I paying for?

Spam being sent to others with my email address

June 27, 2016, 8:20 am

≫ Next: Exchange 2010 Transport Back pressure error 15007

≪ Previous: windows defender

$

0

0

How do i stop junk mail /spam from being sent to people with my email address? I have reset my password several times already

---

Exchange 2010 Transport Back pressure error 15007

June 22, 2016, 11:40 am

≫ Next: #5.7.1 smtp;550 5.7.1 Sender ID (PRA) Not Permitted> #SMTP#

≪ Previous: Spam being sent to others with my email address

$

0

0

We had our Transport Server stop accepting messages because of high memory.  I checked the mail logs and saw that one user sent an e-mail to 539 users using the "TO" line with individual messages.  We send e-mail to a lot more recipients that that but usually to DL's.  

I was wondering if there was a performance benefit for using DL's and if not using a DL for that many users could have caused the 15007 error?

Thanks!

#5.7.1 smtp;550 5.7.1 Sender ID (PRA) Not Permitted> #SMTP#

June 29, 2016, 6:05 am

≫ Next: Creating Rules for Auto Deleting Messages After read 5 Days

≪ Previous: Exchange 2010 Transport Back pressure error 15007

$

0

0

Hello,

I have an SBS 2008 with Exchange 2007. When I send email to a specific domain , to an Offie365 service account, I have the below response#5.7.1 smtp;550 5.7.1 Sender ID (PRA) Not Permitted> #SMTP#

I have an SPF record and I have tested that is OK.

The message is delivered without error, I have set logging to verbose for Send Connector. After a while I get back an NDR with the above error message.

There is no edge server in our network, emails are delivered directly from Exchange.

Analyzing NDR message with Microsoft’s Connectivity Analyzer the only that could block the message , at my opinion is a record in the first row of Received Headers that contains as submitting and receiving host my server’s local domain name “server.localdomain.local({IP v6 address})” with Type = mapi. On the second record is containing my static IP address with the mx record for submitting host (are contained in SPF record) and for receiving host the IP and name address of Office365 service with Type = Microsoft SMTP Server (TLS).

Thank you

Ioannis Sotiriadis

Creating Rules for Auto Deleting Messages After read 5 Days

July 6, 2016, 7:40 pm

≫ Next: Exchange SMTP Helo Auth Login Loop.

≪ Previous: #5.7.1 smtp;550 5.7.1 Sender ID (PRA) Not Permitted> #SMTP#

$

0

0

Customer need Creating Rules for Messages After read 5 Days Auto Deleting on exchange 2013 or 2016.

Exchange SMTP Helo Auth Login Loop.

July 13, 2016, 10:24 am

≫ Next: 2013 outbound attachment issues

≪ Previous: Creating Rules for Auto Deleting Messages After read 5 Days

$

0

0

Hello I have identified a bug in Exchange SMTP. It does not occur with just IIS SMTP installed without Exchange, and I am not sure which versions beyond Exchange 2003 or before for sure have this bug.  I have scoured the internet and only find a handful of references where it was not realized this is a bug and they resolved it by changing commands or using a different server.

The issue is if you connect to the SMTP server and run a HELO, then AUTH LOGIN, which is an available command, it then responds "503.5.5.2.Send.Hello.First".  If you use EHLO this does not happen and works as expected.  However I am using another device that will not work without Authentication, and does not give me an option to Send an EHLO instead of HELO , so it fails to connect and I am stuck.  Below is a packet capture of this Loop happening.  The HELO then AUTH LOGIN works as expected with straight IIS SMTP with no exchange, regardless of the Authentication options selected.  I am hoping there is a patch or a registry setting that may be able to resolve this issue.

SMTP Server-220.SMTPServer.MyDomain.com.Microsoft.ESMTP.MAIL.Service,.Version:.6.0. 3790.4675.ready. at..Wed,.13.Jul.2016.10:00:27.-0700...         
NS_Dev-HELO.LocalHost
SMTP Server-250.SMTPServer.MyDomain.com.Hello.[XX.XX.XX.XX]..     
NS_Dev-AUTH.LOGIN..             
SMTP Server-503.5.5.2.Send.hello.first...            
NS_Dev-HELO.LocalHost
SMTP Server-250.SMTPServer.MyDomain.com.Hello.[XX.XX.XX.XX]..     
NS_Dev-AUTH.LOGIN..             
SMTP Server-503.5.5.2.Send.hello.first...            
NS_Dev-HELO.LocalHost
SMTP Server-250.SMTPServer.MyDomain.com.Hello.[XX.XX.XX.XX]..     
NS_Dev-AUTH.LOGIN..             
SMTP Server-503.5.5.2.Send.hello.first...            

Thank you,

Andrew

2013 outbound attachment issues

July 12, 2016, 8:25 am

≫ Next: Error From Exchange sending to address

≪ Previous: Exchange SMTP Helo Auth Login Loop.

$

0

0

I've got an Exchange server driving me bonkers.  It suddenly started having an issue where outbound emails with attachments get stuck in queue.  It has worked since 2014, but just started failing in the last week.

Inbound works fine.

No changes were made to Exchange prior to this issue arising.

I have swapped the send connector from EOP to direct, so it is now creating a queue for every domain.  This helps, because messages destined for domains that don't already have one stuck in queue at least go through, but attachments still get stuck in their respective queues.

Errors for affected messages include:

421 4.4.2 Connection dropped due to SocketError                                                                       
421 4.4.2 Connection dropped due to TimedOut                                                                          
451 Internal resource temporarily unavailable - https://community.mimecast.com/docs/DOC-1369#451                       
451 Internal resource temporarily unavailable - https://community.mimecast.com/docs/DOC-1369#451                       
451 Internal resource temporarily unavailable - https://community.mimecast.com/docs/DOC-1369#451                       
421 4.4.2 Connection dropped due to TimedOut                                                                          
421 4.4.2 Connection dropped due to TimedOut                                                                          
421 4.4.2 Connection dropped due to TimedOut                                                                          
451 please retry later (gl)                                                                                           
451 please retry later (gl)                                                                                           
451 4.3.2 Internal error reading data

I am at wits end and completely clueless in regards to exchange.  Anyone care to give me a few pointers?

Error From Exchange sending to address

July 20, 2016, 7:44 am

≫ Next: How to remove a Pop Up called Micrsoft Partner

≪ Previous: 2013 outbound attachment issues

$

0

0

Getting the following error when a user emails this particular person in Germany.  He can successfully send to other addresses in foreign countries, however.  Any ideas why this might be happening?  

How to remove a Pop Up called Micrsoft Partner

July 21, 2016, 6:00 am

≫ Next: SMTP authentication - error

≪ Previous: Error From Exchange sending to address

$

0

0

How can you help me remove a popup

---

SMTP authentication - error

July 25, 2016, 6:07 am

≫ Next: Regex Email Address

≪ Previous: How to remove a Pop Up called Micrsoft Partner

$

0

0

Hello,

sending alarm e-mails should be done after successful SMTP authentication.

On a device sending without authentication works, with authentication it doesn't work (see error message below). I tried both with port 25 and port 587. On another device sending with authentication works.

MAIL: bad answer from mail server: 504 5.7.4 Unrecognized authentication type

How can it be solved? A problem with permission?

Regex Email Address

July 27, 2016, 6:35 am

≫ Next: MailboxExportRequest using -ContentFilter with multiple body words

≪ Previous: SMTP authentication - error

$

0

0

Hi,

I seem to be getting lot's of spam where there is a certain pattern in the sender address

Examples:

abc.12@somedomain.com

abc.123@somedomain.com

abcdefg.12345@somedomain.com

There is a minimum of 3 letters then a fullstop then a minimun of 2 numbers so I tried this:

(\S\S\S\.\d\d+@)

Without the brackets I get an error in Exchange Mail Flow Rules (invalid start and end) so I included it in brackets.

In ECP, Mail Flow, Create New Rule, More Options, The Sender Address Matches (above regex), Delete Without Notifying Anyone, Save.

Is there a better regex I could use?

---

Homepage |Twitter

MailboxExportRequest using -ContentFilter with multiple body words

July 30, 2016, 1:00 am

≫ Next: 451 4.4.0 Primary target IP address responded with:"454 4.7.0 Temporary authentication failure"

≪ Previous: Regex Email Address

$

0

0

Hi,

I want to make a search on multiple words in the body of a mailbox. When I execute the command it completes and generates a 513kb PST-file if I open the PST-file, there is no items in it.

New-MailboxExportRequest -Mailbox user -ContentFilter {(body -like "*helpdesk*") -and (body -like "*support*") -and (body -like "*Office*") -and (body -like "*microsoft*") -and (body -like "*Exchange*") -and (Received -gt "07/07/2016")} –FilePath "\\server\l$\pst\user.pst"

Best regards
Brian Pedersen

---

Best regards Brian Pedersen

451 4.4.0 Primary target IP address responded with:"454 4.7.0 Temporary authentication failure"

November 16, 2007, 12:41 am

≫ Next: Exchange 2013 / 2007 Private Messages

≪ Previous: MailboxExportRequest using -ContentFilter with multiple body words

$

0

0

I have this error on both my hub transport servers. I cannot get the communication between them.

This is also accompanied by the event ID 2017 in the application log. Description
Outbound authentication failed with error TargetUnknown for Send connector Intra-Organization SMTP Send Connector. The authentication mechanism is ExchangeAuth. The target is SMTPSVC/<servername.FQDN>.


I have already the following http://technet.microsoft.com/en-us/library/bb217800.aspx

It only tells me how to fix a send connector that i created. The connectors mentioned above is the ones that exchange creates when trying to send between sites.

Has anyone else got this problem if so how did you resolve it?

Exchange 2013 / 2007 Private Messages

August 9, 2016, 1:31 am

≫ Next: Exchange 2007 users can send as any user in organization

≪ Previous: 451 4.4.0 Primary target IP address responded with:"454 4.7.0 Temporary authentication failure"

$

0

0

i am in the process of migrating from exchange 2007 to 2013. We use mobile iron for our mobile solution.

If i send a private message from exchange 2013 to a mobile device it keeps the setting. i then reply and it is still private.

if i send a private message from exchange 2007 to the mobile device it keeps the setting but when i reply to it the private setting is stripped from it.

Is there a setting in exchange 2007 hub transport that i can set to keep the message private?

thanks

Lee