locked
Remote Server returned '550 5.7.1 Message rejected due to unacceptable attachments' RRS feed

  • Question

  • Hi,

    Currently I have a hybrid implementation Exchange 2013 and Office 365. In the local datacenter I manage two 2016 EDGE Exchange servers located in the DMZ.  The EDGE Servers is only for mail flow between O365 and On-premise and viceversa.  I have a mail gateway on the edge to filter all incoming messages.

    However, a couple of days ago a person external to the company sent a Webex invitation from Outlook through an AddOn called Oracle Beehive Extensions for Outlook. For non-migrated mailboxes, the invitation arrives correctly. But for a mailbox migrated to O365 the invitation does not arrive and the mailbox servers return the following message:

    Delivery has failed to these recipients or groups:
    usercloud01@contoso.mail.onmicrosoft.com


    Your message was not due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.

    The following organization rejected your message: mail.contoso.com.

    Diagnostic information for administrators:
    Generating server: MAILBOXEXC003.contoso.local
    usercloud01@contoso.onmicrosoft.com
    mail.contoso.com
    Remote Server returned '550 5.7.1 Message rejected due to unacceptable attachments'


    I was reviewing this information to validate if it was only to remove an extension so that the filter in the EDGE Transport service would omit it. However, apparently it is filtering by content type and not by extension.

    Workarround executed:
    1.-  I applied this solution without positive result: https://support.microsoft.com/en-sg/help/945046/you-receive-an-ndr-message-when-you-send-an-e-mail-message-by-using-an  
    2.-  I configured the domain as BypassSenderDomains adding the webex.com domains, etc without positive result. Ref: http://woshub.com/manage-domains-and-email-address-whitelist-in-exchange-server-2013/

    The only way that the user "usercloud01@contoso.com" received the invitation was to disable the transport filter completely with the following command: Disable-TransportAgent "Attachment Filtering Agent" Ref: https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/attachment-filtering-procedures?view=exchserver-2019#use-the-exchange-management-shell-to-enable-or-disable-attachment-filtering 

    Attach images and the error header received by the sender of the invitation:

    ____________________________________________________________________________

    Error message received by the sender of the webex invitation (NDR)

    Delivery has failed to these recipients or groups:

    Usercloud01@contoso.mail.onmicrosoft.com
    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.

    The following organization rejected your message: mail.contoso.com.

    Diagnostic information for administrators:

    Generating server: MAILBOXEXC003.contoso.local

    Usercloud01@contoso.mail.onmicrosoft.com
    mail.contoso.com
    Remote Server returned '550 5.7.1 Message rejected due to unacceptable attachments'

    Original message headers:

    Received: from MAILBOXEXC001.contoso.local(10.1.26.86) by
     MAILBOXEXC003.contoso.local (10.1.26.117) with Microsoft SMTP Server
     (TLS) id 15.0.1367.3; Fri, 26 Oct 2018 14:42:21 -0600
    Received: from mailgateway.contoso.local (10.1.13.31) by
     MAILBOXEXC001.contoso.local(10.1.26.86) with Microsoft SMTP Server
     id 15.0.1367.3 via Frontend Transport; Fri, 26 Oct 2018 14:42:21 -0600
    Received: from mailgateway.contoso.local (unknown [127.0.0.1])
            by IMSVA (Postfix) with ESMTP id 3F0D71040E0
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 14:41:45 -0600 (CST)
    Received: from mailgateway.contoso.local (unknown [127.0.0.1])
            by IMSVA (Postfix) with ESMTP id EBE761040CE
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 14:41:44 -0600 (CST)
    Received: from userp2130.externaldomain.com (unknown [156.151.31.86])
            by mailgateway.contoso.local (Postfix) with ESMTPS
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 14:41:44 -0600 (CST)
    Received: from pps.filterd (userp2130.externaldomain.com [127.0.0.1])
            by userp2130.externaldomain.com (8.16.0.22/8.16.0.22) with SMTP id w9QKciOS021083
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 20:42:19 GMT
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=externaldomain.com; h=mime-version :
     message-id : date : from : to : subject : content-type; s=corp-2018-07-02;
     bh=dYxtOw388WK4MP9Y/FkY84W2hyoh09sInTDGr8h0FO0=;
     b=Qji7fnBsDWp0CuHafCEmIr//2p0uuvD4lAeCsIpEHSJe+tbmEIM5VhMnIPIWZAV9GQvp
     zHBFjI4EEQSq6UsRCIcVTZzOO0H/oqjEYM0xyt5QEwL41NFxcsZeGLyh3Izgbk1Tduyw
     aJm6wkeJYfn5Vj1LH+eDdYPwlAy63oJnd88Z40M81OJ8JgVJIgS2p5bQnGBtXNj/KLgb
     Io1BlCy6CO9Bj4ewFW2lc19S0D+5kb/RvKNI0mUuPz5oABRtZ64e4wvlUv+HFSa6zBFA
     65qLD2R30ZDxoivXsRMDYaEVu2R0L8J5sJpqYH98lPJ4lFBo9yOaV9zB26Wp0cQv1K1t Bg==
    Received: from aserv0021.externaldomain.com (aserv0021.externaldomain.com [141.146.126.233])
            by userp2130.externaldomain.com with ESMTP id 2n7usus7yx-1
            (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 20:42:19 +0000
    Received: from userv0122.externaldomain.com (userv0122.externaldomain.com [156.151.31.75])
            by aserv0021.externaldomain.com (8.14.4/8.14.4) with ESMTP id w9QKgD35010057
            (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 20:42:13 GMT
    Received: from abhmp0006.externaldomain.com (abhmp0006.externaldomain.com [141.146.116.12])
            by userv0122.externaldomain.com (8.14.4/8.14.4) with ESMTP id w9QKgC4W019881
            for <usercloud01@contoso.com>; Fri, 26 Oct 2018 20:42:13 GMT
    MIME-Version: 1.0
    Message-ID: <312098eb-e3e0-414c-ab1d-c5e8ba9290b8@default>
    Date: Fri, 26 Oct 2018 13:42:12 -0700
    From: <user1@externaldomain.com>
    To: <usercloud01@contoso.com>
    Subject: Test2
    Content-Type: multipart/mixed;
           boundary="__1540586532308304064abhmp0006.externaldomain.com"
    X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9058 signatures=668683
    X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0
     phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=960
     adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
     engine=8.0.1-1807170000 definitions=main-1810260174
    X-TM-AS-GCONF: 00
    X-TM-AS-Product-Ver: IMSVA-9.1.0.1689-8.2.0.1013-24182.002
    X-TM-AS-Result: No--20.446-4.5-31-10
    X-imss-scan-details: No--20.446-4.5-31-10
    X-TM-AS-User-Approved-Sender: No
    X-TM-AS-User-Blocked-Sender: No
    X-TMASE-Version: IMSVA-9.1.0.1689-8.2.1013-24182.002
    X-TMASE-Result: 10--20.445700-10.000000
    X-TMASE-MatchedRID: pkU3wFj3KaVwFIoZlVVfYd7SWiiWSV/1wbqJE/DzRePDra5IbmQvVuOA
     Q6TuIiqMcD4QCuOmEKiSjwDwS+uEt4uBeCEZUtCSoJLkW6Ru4ghtv2q+Uxc7gjyC5ddG2Jcg76K
     RuHN16MMo1qU88HwltWmSg36Zr2bJop6LIMDenYfhPQQVFw3HFHzIY7d2+Tz9AnW+Tu2Fi4b5QL
     oD/Y8s92u3JC/iS7FeHgzKhxgBE8nLeXmflSdL07qQyAveNtg6cbVmJQ7kUKV40NDah2ISIR1pw
     TJylD34789pseECvAEv1OGI1GjxcXS29oFNPDB8cLw8nYQVLsgytf6nW43O0F7zF1i7scLKXpkM
     Mah9hY2No4yU4Zjt4b//VCGogePzPRFFcuGraA7kGAR1SqoA1BSRa9qpSosfWP9qYuzytBI6woI
     cQIJqTSZ0YsqHPCUr3SP2q/m1iCMc8rqbc8GMR6YIboJpp2Az42/HbSbnQnVkYpwdTJ43fZUdXE
     /WGn0FFUew0Fl/1pGBrDV+XoP2jh/NtPF4loti2bNx1HEv7HAeb2CAVWgJwLL3GmCxvwldOfdW3
     F0EYt8pKd553Jo2EJBdn25VYGvagHxuRyoeHKOwgc7PXT3Sq9FRVDoLb9MR4YP8Jdm6coAgTupb
            YHaNzg==
    X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
    Return-Path: user1@externaldomain.com
    X-MS-Exchange-CrossPremises-OriginalArrivalTime: 26 Oct 2018 20:42:21.5884
     (UTC)
    X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 10.1.13.31
    X-MS-Exchange-CrossPremises-OriginalServerIPAddress: 10.1.26.86
    X-MS-Exchange-CrossPremises-AuthSource: MAILBOXEXC001.contoso.local
    X-MS-Exchange-CrossPremises-AuthAs: Internal
    X-MS-Exchange-CrossPremises-AuthMechanism: 10
    X-MS-Exchange-CrossPremises-Cross-Premises-Headers-Processed: MAILBOXEXC001.contoso.local
    X-MS-Exchange-CrossPremises-MessageHighPrecisionLatencyInProgress: LSRV=MAILBOXEXC001.contoso.local:TOTAL-FE=0.000|SMRPI-FrontendProxyAgent=0.005|SMRPI=0.005|SMR=0.012;2018-10-26T20:42:21.588Z
    X-MS-Exchange-CrossPremises-Network-Message-Id:
            a404c168-febe-4980-6ca7-08d63b83874f
    X-MS-Exchange-CrossPremises-OriginalSize: 14598
    X-MS-Exchange-CrossPremises-HygienePolicy: Standard
    X-MS-Exchange-CrossPremises-MessageLatency:
            SRV=MAILBOXEXC001.contoso.local:TOTAL-FE=0.003|SMRPI-FrontendProxyAgent=0.005|SMRPI=0.005|SMR=0.012|SMS=0.003
    X-MS-Exchange-CrossPremises-AVStamp-Enterprise: 1.0
    X-MS-Exchange-CrossPremises-Recipient-Limit-Verified: True
    X-MS-Exchange-CrossPremises-Transport-Properties: DeliveryPriority=Normal
    X-MS-Exchange-CrossPremises-Prioritization: 1
    X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
    X-OrganizationHeadersPreserved: MAILBOXEXC003.contoso.local

    _____________________________________________________________________________

    DESIRED OBJECTIVE:
    What I want is to be able to keep the EDGE side filter enabled so that it can allow the delivery of that webex invitation.

    Any ideas or comments that can help me solve the problem?

    Thanks by your help!

    Frank


    FF



    Wednesday, October 31, 2018 2:02 PM

All replies

  • Hi Frank,

    You can try to remove the entry which filters attachments that have the .gif file name extension and check if any helps:

    Remove-AttachmentFilterEntry -Identity FileName:*.gif


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, November 1, 2018 6:27 AM
  • Hi Niko,

    Thanks for your recommendation. The .gif file extensions are not included in the Edge filter. However, when you include it to perform a test, the message arrives in the mailbox in O365 but without receiving the attachment. And the user receives the message indicating that the .gif file was removed. The following image shows the above

    From the previous test, I definitely think that the Edge filter is denying the delivery of the message because it is executing any of the following two reasons:
    1-. By Content Type
    2-. Because it does not adequately identify the image of the message and for this reason it rejects it as an "unacceptable attachment"

    Validating the application that sends the invitation messages yes it is a Java-based application

    This link shows a case similar to mine: https://social.technet.microsoft.com/Forums/exchange/en-US/a979279c-17a0-4414-9862-4f8b37a061f6/exchange-2010-amp-571-messages-rejected-unacceptable-attachments?forum=exchangesvrsecuremessaginglegacy

    DESIRED OBJECTIVE:
    What I want is to be able to keep the EDGE side filter enabled so that it can allow the delivery of that webex invitation.

    Other comments and help are welcome!

    Thanks,

    Frank


    FF








    Thursday, November 1, 2018 4:41 PM
  • Hi,

    Someone who can comment or help me?

    Thanks!


    FF


    Monday, November 5, 2018 4:46 PM