All of a sudden, our exchange server has started sending out emails to .com.br addresses from accounts that do not exist in our organization. For example:
sadfjkh32#myorganization.com
sasdfsdkh4352#myorganization.com
sadhdf#myorganization.com
Please help.
You should review your recieve connector configuration to make sure you are not allowing someone to relay mail over your server.
Aditionally use the message tracking in esm and look for those emails.
Try to find the source IP address of those emails, meaning where they are generated.
Are they generating from an application server on your network. Maybe a scanner device, a pc...
As soon as you find the ip address you will have a better idea what is going on
Liran Zamir
Related
My basic requirement is that I need to create "something" that is capable of intercepting emails incoming/outgoing from our mail server. It cannot be an extension to mail clients. Currently we consider only exchange server. In my research I found below resources that seems to be helpful.
Mail flow and the transport
Delivery agents and Delivery Agent connectors
Transport agents
From these transport agents seems to be quite old. Now I can't figure out what's the best from the remaining options(Mail flow and the transport or Delivery agents and Delivery Agent connectors).
Whatever I develop should be able to read email get some statistics (using mail header(s), amount of attachments etc...) and store it into a custom database. Additionally add some custom headers to incoming/outgoing mails.
Can anyone point me to right direction? Should it be some kind of a service that I can install in Exchange server? (admin center->mail flow-> connectors). For example, can I write it in c# and host it like an assembly? or may be a web hook to a hosted service where Exchange will forward emails in real time etc...
I couldn't find any examples/tutorials except this
If its OnPrem Exchange and you don't have or are considering Office365 then Transport Agents would be the right thing to use. They haven't change since 2013 but are still what is used for this type of thing the last SDK was 2010 but its still valid given the lack of change on the backend https://learn.microsoft.com/en-us/previous-versions/office/developer/exchange-server-2010/dd877026(v=exchg.140)
Delivery Agents are more for when you have an external gateway that you want to send and receive messages from.
I was setting up two new Exchange 2013 servers with MBX/CAS roles and added them to the existing send connectors that route mail through a smart host. Apparently the guy who quit before I started never got the networking team to whitelist the IPs for these servers. Now, I've got a small chunk of mail sitting here that won't send because of this. My networking team says that they can't do anything about it until tomorrow night. I'm afraid that some business critical mail may have got caught before I noticed what was going on. My question is, how can I re-route the mail stuck in these queues to go out through the send connectors from the previously implemented Exchange servers?
First of all, you should remove these servers from the send connectors to avoid more messages being stuck. You can either remove them from GUI console or by using cmdlet Set-SendConnector
Check here for more details about Set-SendConnector
Secondly, you should export those messages stuck in queue as .eml files by using Export-Message cmdlet.
Check here for more details about how to use Export-Message
At last, you can put all these .eml files under Pickup or Replay folder on any working transport servers. The transport service will pick up all eml files there and submit them to re-transport.
Check here for more details about Pickup and Replay folder
Closely monitor the queue and ensure all emails are delivered, then you are good!
I have read numerous articles and done everything recommended to setup a mail server in windows 2008R2
I am simply trying to send messages from my server from certain websites that I host.
I queued mail for delivery then got this back....
4.4.7 Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
For reference, I followed the instructions here...
How to setup an SMTP server
Is there something I am missing?
While I am not familiar with Windows mail servers, I have encountered a similar issue. If this only happens with some destinations, the receiving mail server could be simply refusing the connection.
For example, mail servers often refuse connections from IP addresses that ISPs hand out to "regular" (non-business) customers. Another common reason to reject mail is if the reverse DNS entry for your IP doesn't match the hostname in the HELO (or EHLO) command. (However, in that case, you probably wouldn't get "unable to connect" errors.)
You could try online tools like mxtoolbox to help diagnose the problem.
So when I try to send mails with Laravel's mail facade, I can only send within our company domain, when trying to send E-mails to either gmail or outlook, the mail never gets deliviered, but if I use outlook, the mail is delivered instantly.
I have turned everything upside down to figure out what it can be, but I cant find anything that cause this issue, not even a single trace of my app sending "non-internal" mails in the exchange logs.
Our company uses an Exchange 2003 server, I have checked the logs, no trace of (Out of company) mails are there
Im on a 20 hour streak, sorry for any confusion
/Tarre
The issue was that our Exchange SMTP relay didnt have the correct connectors and configuration.
To use exchange with SMTP.
Add a Connector bridge between your Exchange server and the Virtual SMTP server.
Configure "trusted" IP's.
Everything is done in the Exchange Server Management part.
We currently need some help setting up email sending from one of our Rails apps via our own Microsoft Exchange SMTP server. It seems that the Heroku IPs are blocked by Trend Micro. We are having this message:
"Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue"
What can we do in this case, please give us some guidelines.
Thanks
If you can get around the requirement to use the exchange server that's blocking you, you can just use one of the email add-ons on Heroku. Alternatively, you could maybe use the Proximo add-on to get a static external IP address to send emails from, and then make sure that static IP is whitelisted on your exchange server.