Remove From My Forums

Edge AntiSpam mail flow to Quarantine Mailbox

Question
0

Sign in to vote

Hi,

Since we've migrated from Exchange 2010 (Edge + Mailbox Server) to Exchange 2016 (Edge + Mailbox Server) the Edge server is unable to deliver SPAM messages to SPAM Quarantine Mailbox.

Error received:

Source                  : SMTP
EventId                 : FAIL

RecipientStatus         : {[{LRT=5/16/2016 4:23:23 PM};{LED=550 5.7.53 SMTP; Command not authorized in current state};{FQDN=<Mailbox Server IP Address>};{IP=<Mailbox Server IP Address>}]}

I've searched the internet for this error but no luck...

Any ideas?

Monday, May 16, 2016 5:06 PM

Answers

0

Sign in to vote
After a long period of tests we've found a workaround for this issue.

The definition of the address spaces on the send connector created by Edge subscription from Outside to my organization was something like this:

Type;Domain;Cost;
smpt;<my domain>;100;

If I change <my domain> to the default "--" (all accepted domains) it works fine!

The Microsoft case is still open for evaluation and identify this as a Bug or not.
- Marked as answer by Fernando MGR Wednesday, August 10, 2016 9:14 AM
Wednesday, August 10, 2016 9:14 AM

All replies

0

Sign in to vote

I have same problem

Monday, May 16, 2016 5:10 PM
0

Sign in to vote

Hi Fernando,

Welcome to our forum.

Are there any other A/V software in organization?

Are there any other application installed on Exchange Edge server?

Please make sure you have configured spam quarantine mailbox by the following link:

https://technet.microsoft.com/en-us/library/bb123746(v=exchg.160).aspx

If spam quarantine mailbox has been configured, please refer to the following link to troubleshoot:

1. Make sure antispam feature are enabled: https://technet.microsoft.com/en-us/library/bb201691(v=exchg.160).aspx
2. Check if content filter is enabled: Get-ContentFilterConfig | Format-List Enabled
3. Check the value for the SCL quarantine threshold

Best Regard,

Jim Xu

Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
Jim Xu
TechNet Community Support

Tuesday, May 17, 2016 9:44 AM
0

Sign in to vote
Thank you Jim for your reply.

The only AV we use is SCEP, no other 3rd party AV software in the Organization. Also no other software besides Exchange Edge 2016 Server is installed on our Edge.

The spam quarantine mailbox exists and it was working with our old Exchange 2010 servers (Edge+Mailbox).

The Transport Agents are enabled.

[PS] C:\>Get-TransportAgent

Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         True            1
Address Rewriting Inbound Agent                    True            2
Edge Rule Agent                                    True            3
Content Filter Agent                               True            4
Sender Id Agent                                    True            5
Sender Filter Agent                                True            6
Recipient Filter Agent                             True            7
Protocol Analysis Agent                            True            8
Attachment Filtering Agent                         True            9
Address Rewriting Outbound Agent                   True            10

The Content Filter is enabled and configured

[PS] C:\>Get-ContentFilterConfig | Format-List Enabled

Enabled : True

[PS] C:\>Get-ContentFilterConfig

Name                                  : ContentFilterConfig
RejectionResponse                     : Server rejected your message as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients                    : {}
QuarantineMailbox                     : spam.quarantine@<MyDomain>
SCLRejectThreshold                    : 7
SCLRejectEnabled                      : False
SCLDeleteThreshold                    : 9
SCLDeleteEnabled                      : False
SCLQuarantineThreshold                : 7
SCLQuarantineEnabled                  : True
BypassedSenders                       : {}
BypassedSenderDomains                 : {}
Enabled                               : True
ExternalMailEnabled                   : True
InternalMailEnabled                   : False
AdminDisplayName                      :
ExchangeVersion                       : 0.1 (8.0.535.0)
DistinguishedName                     : CN=ContentFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,CN={C8588207-0E3D-42D9-B301-3DAA8AFF5797}
Identity                              : ContentFilterConfig
Guid                                  : 7cff7013-2346-422d-86aa-e283c7e8ee8f
ObjectCategory                        : CN=ms-Exch-Message-Hygiene-Content-Filter-Config,CN=Schema,CN=Configuration,CN={C8588207-0E3D-42D9-B301-3DAA8AFF5797}
ObjectClass                           : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged                           : 5/16/2016 4:05:21 PM
WhenCreated                           : 3/10/2016 3:52:11 PM
WhenChangedUTC                        : 5/16/2016 3:05:21 PM
WhenCreatedUTC                        : 3/10/2016 3:52:11 PM
OrganizationId                        :
Id                                    : ContentFilterConfig
OriginatingServer                     : localhost
IsValid                               : True
ObjectState                           : Unchanged

Here the agent log:

Timestamp               : 5/17/2016 9:39:41 AM
ClientIp                :
ClientHostname          :
ServerIp                :
ServerHostname          : <MyEdgeServer>
SourceContext           : Quarantine
ConnectorId             :
Source                  : DSN
EventId                 : DSN
InternalMessageId       : 6983616823427
MessageId               : <25056246861230.851kgo82701gn@gmacdonalddds.com>
NetworkMessageId        : b1367d6a-b307-460f-efe3-08d37e2eca57
Recipients              : {spam.quarantine@<MyDomain>}
RecipientStatus         : {}
TotalBytes              : 24031
RecipientCount          : 1
RelatedRecipientAddress :
Reference               : {<25056246861230.851kgo82701gn@gmacdonalddds.com>}
MessageSubject          : Undeliverable: Spam Pfizer's caplet for me that want more.
Sender                  : postmaster@<MyDomain>
ReturnPath              : <>
Directionality          : Originating
TenantId                :
OriginalClientIp        :
MessageInfo             : <Hayes_Lynnette@cnahfs.com],
                          [AccountForest, localhost]}
TransportTrafficType    : Email

Timestamp               : 5/17/2016 9:39:46 AM
ClientIp                :
ClientHostname          :
ServerIp                :
ServerHostname          : <MyEdgeServer>
SourceContext           :
ConnectorId             :
Source                  : DSN
EventId                 : BADMAIL
InternalMessageId       : 6983616823427
MessageId               : <25056246861230.851kgo82701gn@gmacdonalddds.com>
NetworkMessageId        : b1367d6a-b307-460f-efe3-08d37e2eca57
Recipients              : {spam.quarantine@<MyDomain>}
RecipientStatus         : {}
TotalBytes              : 24031
RecipientCount          : 1
RelatedRecipientAddress :
Reference               :
MessageSubject          : Undeliverable: Spam Pfizer's caplet for me that want more.
Sender                  : postmaster@<MyDomain>
ReturnPath              : <>
Directionality          : Originating
TenantId                :
OriginalClientIp        :
MessageInfo             :
MessageLatency          :
MessageLatencyType      : None
EventData               : {[BadmailReason, NDRing a mail recipient that requires a DSN], [DeliveryPriority, Normal],
                          [OriginalFromAddress, Hayes_Lynnette@cnahfs.com], [AccountForest, localhost]}
TransportTrafficType    : Email

Timestamp               : 5/17/2016 9:39:46 AM
ClientIp                : <MyEdgeServerIPAddress>
ClientHostname          : <MyEdgeServer>
ServerIp                : <MyMailboxServerIPAddress>
ServerHostname          : <MyMailboxServerIPAddress>
SourceContext           :
ConnectorId             : EdgeSync - Inbound to FirstSite
Source                  : SMTP
EventId                 : FAIL
InternalMessageId       : 6983616823427
MessageId               : <25056246861230.851kgo82701gn@gmacdonalddds.com>
NetworkMessageId        : b1367d6a-b307-460f-efe3-08d37e2eca57
Recipients              : {spam.quarantine@<MyDomain>}
RecipientStatus         : {[{LRT=5/17/2016 8:39:41 AM};{LED=550 5.7.53 SMTP; Command not authorized in current state};{FQDN=<MyMailboxServerIPAddress>};{IP=<MyMailboxServerIPAddress>}]}
TotalBytes              : 24031
RecipientCount          : 1
RelatedRecipientAddress :
Reference               :
MessageSubject          : Undeliverable: Spam Pfizer's caplet for me that want more.
Sender                  : postmaster@<MyDomain>
ReturnPath              : <>
Directionality          : Originating
TenantId                :
OriginalClientIp        :
MessageInfo             : 2016-05-17T08:39:41.772Z;SRV=<MyEdgeServer>:TOTAL-EDGE=5.065|UTH=0.002|DSN=0.005|CAT=0.002|
                          SMSC=0.027|SMS=5.016
MessageLatency          :
MessageLatencyType      : None
EventData               : {[E2ELatency, 5.049], [ExternalSendLatency, 0.000], [ToEntity, Unknown], [FromEntity,
                          Hosted], [ToEntity, Internet], [FromEntity, Hosted],
                          [Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel, Opportunistic],
                          [DeliveryPriority, Normal], [OriginalFromAddress, Hayes_Lynnette@cnahfs.com],
                          [AccountForest, localhost]}
TransportTrafficType    : Email

Hope you can help me.

Best regards,

Fernando
- Edited by Fernando MGR Tuesday, May 17, 2016 10:25 AM
Tuesday, May 17, 2016 10:17 AM
0

Sign in to vote

Hi Fertnando,

Please post the “Header information” of this specific message to us for troubleshooting.

By this issue, we also suggest you do the following steps for troubleshooting:

1. Restart “Microsoft Exchange Transport” service on Edge server
2. Rebuild Windows profile on Exchange 2016 Edge server

Best Regard,

Jim Xu
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
Jim Xu
TechNet Community Support

Thursday, May 19, 2016 12:55 AM
0

Sign in to vote

Hi Jim,

The NDR is discarded as soon as it fails to deliver the NDR.

I've already restarted the service and the Server also and no luck.

After searching the logs I've notice that the problem isn't with AntiSpam and the delivering of the NDR to the SPAM Quarantine mailbox.

The problem is with all NDR's generated by the Edge server that aren't delivered to the organization with this same error: "BadmailReason, NDRing a mail recipient that requires a DSN" and "550 5.7.53 SMTP; Command not authorized in current state".

I will open a case in Microsoft to see if they can help me sorting this out.

Thank you for your help e if you have any more ideas please share!

Best Regards,

Fernando

Friday, May 20, 2016 8:35 AM
0

Sign in to vote

I'm still waiting for Microsoft support has they wanted to apply the CU2 for Exchange Server but this didn't solve the problem also...

I'll get back here as soon I've more news...

Tuesday, July 5, 2016 4:57 PM
0

Sign in to vote
After a long period of tests we've found a workaround for this issue.

The definition of the address spaces on the send connector created by Edge subscription from Outside to my organization was something like this:

Type;Domain;Cost;
smpt;<my domain>;100;

If I change <my domain> to the default "--" (all accepted domains) it works fine!

The Microsoft case is still open for evaluation and identify this as a Bug or not.
- Marked as answer by Fernando MGR Wednesday, August 10, 2016 9:14 AM
Wednesday, August 10, 2016 9:14 AM
0

Sign in to vote

hi, where did you get log error,

I have the same issue like this,

Saturday, October 6, 2018 4:18 PM
0

Sign in to vote

how can I collect log error like this

timestamp               : 5/17/2016 9:39:41 AM

ClientIp                :
ClientHostname          :
ServerIp                :
ServerHostname          : <MyEdgeServer>
SourceContext           : Quarantine
ConnectorId             :
Source                  : DSN
EventId                 : DSN
InternalMessageId       : 6983616823427
MessageId               : <25056246861230.851kgo82701gn@gmacdonalddds.com>
NetworkMessageId        : b1367d6a-b307-460f-efe3-08d37e2eca57
Recipients              : {spam.quarantine@<MyDomain>}

Saturday, October 6, 2018 5:59 PM
0

Sign in to vote

Hi Deby IT.

Check the message tracking logs on your servers.

The default path to their physical location is %ExchangeInstallPath%TransportRoles\Logs\MessageTracking.

If it helps to understand the content of the log files:

https://docs.microsoft.com/en-us/Exchange/mail-flow/transport-logs/message-tracking?view=exchserver-2019

Best regards,

Fernando

Tuesday, October 9, 2018 10:28 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Edge AntiSpam mail flow to Quarantine Mailbox

Question

Answers

All replies