none
In coexistence external mail can appear as SPAM

    Question

  • Currently in coexistence (Exchange 2010/2003), for sites more secure, I see results of an scl 9 on a bounce back. Most messages are sending properly. This makes sense because the detailed header shows the message coming from the internal domain. I'm sure this is because Exchange 2003 is passing the message on as the SMTP connector. I have created an internet facing external connector on the 2010 box - but not sure how I can 'enforce it'. Kind of surprised I haven't seen more information on this. Am I making sense? :)  Thanks for any help in advance. 
    Sunday, March 04, 2012 3:20 PM

Answers

  • That is where I am referring to, you should have no external DNS servers set.

    Just re-reading the question again, in the NDR - the error that you have posted means what it says - the user is unknown and the message is bouncing back. It has nothing to do with the settings on the server.

    If you are concerned about the internal server name appearing in the headers, then it doesn't matter. The only reference that external recipients care about is the last hop. That is the FQDN value set on the Send Connector and the FQDN value set on the SMTP virtual server, under Properties, Delivery, Advanced. Ignore the check DNS button in there.

    No other settings matter, because that is the internal delivery of the email.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Monday, March 05, 2012 7:39 PM

All replies

  • You should have a routing group connector between the two servers, not SMTP connector, although email is passed over SMTP, Exchange knows that it is internal email and shouldn't touch it or score it with an SCL of -1.

    The reason you haven't seen anything about this is because it doesn't happen in most instances. Very unusual to get an SCL of 9 on email anyway, as that means Exchange is convinced with a high score of probability that the message is spam, so that would indicate your email looks like spam or something else is changing the value.

    I would check that you do not have an SMTP Connector with a smart host as another Exchange server and that you have the routing group connectors setup correctly.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Sunday, March 04, 2012 3:35 PM
  • ** Grrr - In reality, I should have posted the subject line as "In coexistence SENT mail can appear as SPAM" **

    Simon,

    Many thanks for your feedback. Perhaps if I post what I am seeing on a bounce back will make better sense. You are correct, the routing group does exist between the two servers. This was the routing group that installed/configured during the Exchange 2010 install. I've created alias names to protect the innocent. 

    Generating server:

    smtp801.microsoftonline.com #<smtp801.microsoftonline.com #5.1.1 smtp; 550 5.1.1 User unknown> #SMTP#

    Original message headers:

    Return-Path: <sender@sender_domain.com>
    Received: from mail107-ch1 (localhost [127.0.0.1])
        by mail.bouncebackmessage.com (Postfix) with ESMTP id 7832F2A0320
        for <receiver@receiver_domain.com>; Sat,  3 Mar 2012 22:26:09 +0000 (UTC)
    X-SpamScore: -9
    X-BigFish: vps-9(zz18c4Mc85fh125fI13e6Kzz1202hzz8275bh8275dhz2dh47h793h668h839h34h)
    X-Forefront-Antispam-Report: CIP:xxx.xx.xxx.xxx;KIP:(null);UIP:(null);IPV:NLI;H:mailhost.internal_domain.domain_name.com;RD:mailhosthost.domain_name.com;EFVD:NLI
    Received: from mail107-ch1 (localhost.localdomain [127.0.0.1]) by mail107-ch1 (MessageSwitch) id 133081356796271_8326; Sat,  3 Mar 2012 22:26:07 +0000 (UTC)
    Received: from mail.bouncebackmessage.com (snatpool2.int.messaging.microsoft.com [xx.xx.xx.xxx])
        by mail107-ch1.bigfish.com (Postfix) with ESMTP id 12D1E3E004F
        for <receiver@receiver_domain.com>; Sat,  3 Mar 2012 22:26:07 +0000 (UTC)
    Received: from mailhost.internal_domain.domain_name.com (xxx.xx.xxx.xxx) by
     CH1EHSMHS017.bigfish.com (10.43.70.17) with Microsoft SMTP Server id
     14.1.225.23; Sat, 3 Mar 2012 22:26:06 +0000
    Received: from mailhost.internal_domain.domain_name.com ([fe80::7d14:ddce:2765:1757]) by
     mailhost.internal_domain.domain_name.com ([fe80::7d14:ddce:2765:1757%11]) with mapi id
     14.01.0355.002; Sat, 3 Mar 2012 17:26:04 -0500
    From: "Last_Name, First" <sender@sender_domain.com>
    To: "receiver@receiver_domain.com"
        <receiver@receiver_domain.com>
    Subject: XXXXXXXXX
    Thread-Topic: XXXXXXXXX
    Thread-Index: Acz5htY4Fyy6aZp5SKuN/tdsdS6kMw==
    Date: Sat, 3 Mar 2012 22:26:03 +0000
    Message-ID: <4CE50942A92A664F8728A0D4F16737A408A11D@mailhost.internal_domain.domain_name.com>
    Accept-Language: en-US
    Content-Language: en-US
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator:
    x-originating-ip: [10.1.102.28]
    Content-Type: text/plain
    MIME-Version: 1.0


    • Edited by dogfish_exchange Sunday, March 04, 2012 7:54 PM Left out pertinent information
    Sunday, March 04, 2012 7:51 PM
  • Are you migrating to/from Microsofts online service? Or do you use their scanning service?

    Ensure that you do not have a smart host configured on the SMTP Virtual Server. If you do, remove it and restart the SMTP Server Service.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Sunday, March 04, 2012 10:09 PM
  • No, it's an on premises platform. No smart host exists. Thanks.
    Sunday, March 04, 2012 11:18 PM
  • According to the NDR, your email is going out to Microsoft's online system.

    smtp801.microsoftonline.com

    There is also a postfix system involved there somewhere as well.

    Have you got external DNS servers configured on the SMTP virtual server?

    Something is different to the defaults on the old server.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Sunday, March 04, 2012 11:36 PM
  • That's coming from the 'generating server' where it bounced back from. They must be using Microsoft's online system and postfix. Does your suggested change still apply?

    If so, are you talking about what's in ...

    2003 Exchange ESM > Protocols > Default SMTP Virtual Server > Properties > Delivery Advanced > Configure External DNS Servers > Configure?

    Thanks,

    Mark

    Monday, March 05, 2012 12:55 PM
  • That is where I am referring to, you should have no external DNS servers set.

    Just re-reading the question again, in the NDR - the error that you have posted means what it says - the user is unknown and the message is bouncing back. It has nothing to do with the settings on the server.

    If you are concerned about the internal server name appearing in the headers, then it doesn't matter. The only reference that external recipients care about is the last hop. That is the FQDN value set on the Send Connector and the FQDN value set on the SMTP virtual server, under Properties, Delivery, Advanced. Ignore the check DNS button in there.

    No other settings matter, because that is the internal delivery of the email.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Monday, March 05, 2012 7:39 PM
  • Yes no external DNS servers are set. And come to find out this WAS a bad e-mail address. (Bitter!) I appreciate your response to all this and will think about the values set on the send connector.
    Tuesday, March 06, 2012 8:27 PM