none
Mail from relay connector doesn't go through the transport rules

    Question

  • We have a situation that we have to add a header field to every outgoing email to the internet.

    (The server is Exchange 2010, latest build, fully patched)

    We have created a Transport Rule and now every email is modified, this works with email send from Outlook.

    We also have application servers that use the Exchange server as an external relay host, and send their emails to an unauthenticated receive connector. Now we see that every email that is send from the application server doesn't have the extra line in the header when it arrives at the recipient.

    The strange thing is that if we create a telnet session through cmd from the application server to the receive connector, and send a email message through the console, the header line has been added. The supplier of the application says that the application created a normal SMTP session with nothing fancy.

    We have tested 2 different receive connectors, one with anonymous enabled and one with the option "Externaly secured" doesn't work either.

    We have checked all transport predicates, and all requirements are met. Like the email that is being used by the application server (user that uses the app) is a MUE, MBX or a PF.

    We have enabled Pipelinetracing and see that the emails from the applicationservers doesn't even apply a very very basic test transport rule.

    Does anyone have a clue what could be wrong?

    A Pipelinetrace with a message through telnet 25 session with ADDs the header:

    X-CreatedBy: MessageSnapshot-Begin injected headers
    X-MessageSnapshot-UTC-Time: 2016-08-16T08:15:57.306Z
    X-MessageSnapshot-Record-Id: 2744686
    X-MessageSnapshot-Source: OnRoutedMessage,Transport Rule Agent
    X-Sender: postmaster@domain.nl
    X-Receiver: test@externaldomain.nl
    X-EndOfInjectedXHeaders: MessageSnapshot-End injected headers
    Received: from SERVER (10.40.1.143) by smtp-extern.domain.nl
     (10.40.1.175) with Microsoft SMTP Server id 14.3.248.2; Tue, 16 Aug 2016
     10:15:49 +0200
    MIME-Version: 1.0
    Content-Type: text/plain
    Message-ID:
     <fe53772d-781e-4fbe-a76f-258212924fc6@SERVER.domain.local>
    From: <postmaster@domain.nl>
    To: Undisclosed recipients:;
    Return-Path: postmaster@domain.nl
    Date: Tue, 16 Aug 2016 10:15:49 +0200
    X-MS-Exchange-Organization-OriginalArrivalTime: 16 Aug 2016 08:15:49.2440
     (UTC)
    X-MS-Exchange-Forest-ArrivalHubServer: SERVER.domain.local.local
    X-MS-Exchange-Organization-OriginalClientIPAddress: 10.40.1.143 (APP-SERVER)
    X-MS-Exchange-Organization-OriginalServerIPAddress: 10.40.1.175
    X-MS-Exchange-Organization-AuthSource: SERVER.domain.local
    X-MS-Exchange-Organization-AuthAs: Internal
    X-MS-Exchange-Organization-AuthMechanism: 10
    X-MS-Exchange-Organization-MessageDirectionality: Originating
    X-MS-Exchange-Forest-MessageScope: 00000000-0000-0000-0000-000000000000
    X-MS-Exchange-Organization-MessageScope: 00000000-0000-0000-0000-000000000000
    X-MS-Exchange-Organization-Cross-Premises-Headers-Processed:
     SERVER.domain.local
    X-MS-Exchange-Organization-OriginalSize: 12
    X-MS-Exchange-Organization-HygienePolicy: Standard
    X-MS-Exchange-Organization-Recipient-Limit-Verified: True
    x-ezorg-secbypass: true
    Content-Transfer-Encoding: quoted-printable
    X-MS-Exchange-Organization-Disclaimer-Hash:
     03a76ea71ba22066f1d3f47d1d168a5a8d34e724ccac2a1fd5c3b1cefe070d25
    X-MS-Exchange-Forest-RulesExecuted: SERVER
    X-MS-Exchange-Organization-Rules-Execution-History:
     Default-Securemail-Bypass%%%Default-Securemail%%%Organization
     Disclaimer

    Below a Pipeline trace, exact the same recipients but from an app server application.

    X-CreatedBy: MessageSnapshot-Begin injected headers
    X-MessageSnapshot-UTC-Time: 2016-08-16T08:13:54.352Z
    X-MessageSnapshot-Record-Id: 2744685
    X-MessageSnapshot-Source: OnRoutedMessage,Transport Rule Agent
    X-Sender: postmaster@domain.nl
    X-Receiver: test@externaldomain.nl
    X-EndOfInjectedXHeaders: MessageSnapshot-End injected headers
    Received: from SERVER (10.40.1.143) by smtp-extern.Domain.nl
     (10.40.1.175) with Microsoft SMTP Server id 14.3.248.2; Tue, 16 Aug 2016
     10:13:54 +0200
    Message-ID: <5BAD9D41340545BFBDF8074B4EE23D24@[Document]>
    From: "Administrator, Doc" <postmaster@domain.nl>
    To: <test@externaldomain.nl>
    Subject: =?Windows-1252?Q?Post=20In=20=2D=2097418=20Vervolgofferte=20en=20voorwaard?=
    Date: Tue, 16 Aug 2016 08:13:53 +0000
    MIME-Version: 1.0
    X-Priority: 3
    X-MSMail-Priority: Normal
    Content-Type: multipart/alternative; boundary="NextMimePart"
    Return-Path: postmaster@domain.nl
    X-MS-Exchange-Organization-OriginalArrivalTime: 16 Aug 2016 08:13:54.1335
     (UTC)
    X-MS-Exchange-Forest-ArrivalHubServer: SERVER.domain.local
    X-MS-Exchange-Organization-OriginalClientIPAddress: 10.40.1.143 (APP SERVER)
    X-MS-Exchange-Organization-OriginalServerIPAddress: 10.40.1.175
    X-MS-Exchange-Organization-AuthSource: SERVER.domain.local
    X-MS-Exchange-Organization-AuthAs: Internal
    X-MS-Exchange-Organization-AuthMechanism: 10
    X-MS-Exchange-Organization-MessageDirectionality: Originating
    X-MS-Exchange-Forest-MessageScope: 00000000-0000-0000-0000-000000000000
    X-MS-Exchange-Organization-MessageScope: 00000000-0000-0000-0000-000000000000
    X-MS-Exchange-Organization-Cross-Premises-Headers-Processed:
    SERVER.domain.local
    X-MS-Exchange-Organization-OriginalSize: 2261
    X-MS-Exchange-Organization-HygienePolicy: Standard
    X-MS-Exchange-Organization-Recipient-Limit-Verified: True

    --NextMimePart
    Content-Type: text/plain; charset="iso-8859-15"
    Content-Transfer-Encoding: quoted-printable

    test

    Volgnr. activiteiten: 19413
    Onderwerp: Vervolgofferte en voorwaarden =

    --NextMimePart
    Content-Type: text/html; charset="iso-8859-15"
    Content-Transfer-Encoding: quoted-printable

    <span style=3D"font-size: 10pt; font-family: Arial, Tahoma, Helvetica, sa=
    ns-serif">test</span><br><br><table border=3D'0' style=3D'font-family: Ar=
    ial, Tahoma, Helvetica, sans-serif; font-size: 10pt'><tr><td nowrap valig=
    n=3D'top'>&nbsp;Volgnr. activiteiten:&nbsp;</td><td valign=3D'top'>19413<=
    /td></tr>
    <tr><td nowrap valign=3D'top'>&nbsp;Onderwerp:&nbsp;</td><td valign=3D'to=
    p'></td></tr>
    </table>=

    --NextMimePart
    Content-Type: text/html; charset="iso-8859-15"
    Content-Transfer-Encoding: base64

    PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBUYWhvbWEs
    IEhlbHZldGljYSwgc2Fucy1zZXJpZiI+dGVzdDwvc3Bhbj48YnI+PGJyPjx0YWJsZSBib3JkZXI9
    JzAnIHN0eWxlPSdmb250LWZhbWlseTogQXJpYWwsIFRhaG9tYSwgSGVsdmV0aWNhLCBzYW5zLXNl
    cmlmOyBmb250LXNpemU6IDEwcHQnPjx0cj48dGQgbm93cmFwIHZhbGlnbj0ndG9wJz4mbmJzcDtW
    b2xnbnIuIGFjdGl2aXRlaXRlbjombmJzcDs8L3RkPjx0ZCB2YWxpZ249J3RvcCc+MTk0MTM8L3Rk
    PjwvdHI+DQo8dHI+PHRkIG5vd3JhcCB2YWxpZ249J3RvcCc+Jm5ic3A7T25kZXJ3ZXJwOiZuYnNw
    OzwvdGQ+PHRkIHZhbGlnbj0ndG9wJz5WZXJ2b2xnb2ZmZXJ0ZSBlbiB2b29yd2FhcmRlbiBpbmh1
    dXIgSy4gUnVzIDIwMTUgZ2xhc3ZlemVsbmV0d2VyayBidWl0ZW5nZWJpZWQgQWNodGVyaG9lazwv
    dGQ+PC90cj4NCjwvdGFibGU+

    --NextMimePart--


    Marcel



    Monday, August 15, 2016 10:18 AM

Answers

All replies

  • You should post all of the details of the transport rule you created.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, August 15, 2016 5:07 PM
    Moderator
  • RunspaceId                                   : 6b70229b-a11a-416d-aa0a-c34f91f0e024
    Priority                                     : 2
    Comments                                     :
    ManuallyModified                             : False
    Description                                  : If the message:
                                                       Is sent to 'Outside the organization'
                                                   Take the following actions:
                                                       set message header 'x-ezorg-secbypass' with the value 'true'
                                                   Except if the message:
                                                       Is received from a member of group 'SEC_Default-Securemail@domain.nl                                               st.nl'
                                                       or 'x-ezorg-secbypass' header matches the following patterns: 'false
                                                   '
                                                  
    RuleVersion                                  : 14.0.0.0
    Conditions                                   : {SentToScope}
    Exceptions                                   : {FromMemberOf, HeaderMatches}
    Actions                                      : {SetHeader}
    State                                        : Enabled
    From                                         :
    FromMemberOf                                 :
    FromScope                                    :
    SentTo                                       :
    SentToMemberOf                               :
    SentToScope                                  : NotInOrganization
    BetweenMemberOf1                             :
    BetweenMemberOf2                             :
    ManagerAddresses                             :
    ManagerForEvaluatedUser                      :
    SenderManagementRelationship                 :
    ADComparisonAttribute                        :
    ADComparisonOperator                         :
    SenderADAttributeContainsWords               :
    SenderADAttributeMatchesPatterns             :
    RecipientADAttributeContainsWords            :
    RecipientADAttributeMatchesPatterns          :
    AnyOfToHeader                                :
    AnyOfToHeaderMemberOf                        :
    AnyOfCcHeader                                :
    AnyOfCcHeaderMemberOf                        :
    AnyOfToCcHeader                              :
    AnyOfToCcHeaderMemberOf                      :
    HasClassification                            :
    HasNoClassification                          : False
    SubjectContainsWords                         :
    SubjectOrBodyContainsWords                   :
    HeaderContainsMessageHeader                  :
    HeaderContainsWords                          :
    FromAddressContainsWords                     :
    SubjectMatchesPatterns                       :
    SubjectOrBodyMatchesPatterns                 :
    HeaderMatchesMessageHeader                   :
    HeaderMatchesPatterns                        :
    FromAddressMatchesPatterns                   :
    AttachmentNameMatchesPatterns                :
    SCLOver                                      :
    AttachmentSizeOver                           :
    WithImportance                               :
    MessageTypeMatches                           :
    RecipientAddressContainsWords                :
    RecipientAddressMatchesPatterns              :
    SenderInRecipientList                        :
    RecipientInSenderList                        :
    AttachmentContainsWords                      :
    AttachmentMatchesPatterns                    :
    AttachmentIsUnsupported                      : False
    AnyOfRecipientAddressContainsWords           :
    AnyOfRecipientAddressMatchesPatterns         :
    ExceptIfFrom                                 :
    ExceptIfFromMemberOf                         : {SEC_Default-Securemail@domain.nl}
    ExceptIfFromScope                            :
    ExceptIfSentTo                               :
    ExceptIfSentToMemberOf                       :
    ExceptIfSentToScope                          :
    ExceptIfBetweenMemberOf1                     :
    ExceptIfBetweenMemberOf2                     :
    ExceptIfManagerAddresses                     :
    ExceptIfManagerForEvaluatedUser              :
    ExceptIfSenderManagementRelationship         :
    ExceptIfADComparisonAttribute                :
    ExceptIfADComparisonOperator                 :
    ExceptIfSenderADAttributeContainsWords       :
    ExceptIfSenderADAttributeMatchesPatterns     :
    ExceptIfRecipientADAttributeContainsWords    :
    ExceptIfRecipientADAttributeMatchesPatterns  :
    ExceptIfAnyOfToHeader                        :
    ExceptIfAnyOfToHeaderMemberOf                :
    ExceptIfAnyOfCcHeader                        :
    ExceptIfAnyOfCcHeaderMemberOf                :
    ExceptIfAnyOfToCcHeader                      :
    ExceptIfAnyOfToCcHeaderMemberOf              :
    ExceptIfHasClassification                    :
    ExceptIfHasNoClassification                  : False
    ExceptIfSubjectContainsWords                 :
    ExceptIfSubjectOrBodyContainsWords           :
    ExceptIfHeaderContainsMessageHeader          :
    ExceptIfHeaderContainsWords                  :
    ExceptIfFromAddressContainsWords             :
    ExceptIfSubjectMatchesPatterns               :
    ExceptIfSubjectOrBodyMatchesPatterns         :
    ExceptIfHeaderMatchesMessageHeader           : x-ezorg-secbypass
    ExceptIfHeaderMatchesPatterns                : {false}
    ExceptIfFromAddressMatchesPatterns           :
    ExceptIfAttachmentNameMatchesPatterns        :
    ExceptIfSCLOver                              :
    ExceptIfAttachmentSizeOver                   :
    ExceptIfWithImportance                       :
    ExceptIfMessageTypeMatches                   :
    ExceptIfRecipientAddressContainsWords        :
    ExceptIfRecipientAddressMatchesPatterns      :
    ExceptIfSenderInRecipientList                :
    ExceptIfRecipientInSenderList                :
    ExceptIfAttachmentContainsWords              :
    ExceptIfAttachmentMatchesPatterns            :
    ExceptIfAttachmentIsUnsupported              : False
    ExceptIfAnyOfRecipientAddressContainsWords   :
    ExceptIfAnyOfRecipientAddressMatchesPatterns :
    PrependSubject                               :
    ApplyClassification                          :
    ApplyHtmlDisclaimerLocation                  :
    ApplyHtmlDisclaimerText                      :
    ApplyHtmlDisclaimerFallbackAction            :
    ApplyRightsProtectionTemplate                :
    SetSCL                                       :
    SetHeaderName                                : x-ezorg-secbypass
    SetHeaderValue                               : true
    RemoveHeader                                 :
    AddToRecipients                              :
    CopyTo                                       :
    BlindCopyTo                                  :
    AddManagerAsRecipientType                    :
    ModerateMessageByUser                        :
    ModerateMessageByManager                     : False
    RedirectMessageTo                            :
    RejectMessageEnhancedStatusCode              :
    RejectMessageReasonText                      :
    DeleteMessage                                : False
    Disconnect                                   : False
    Quarantine                                   : False
    SmtpRejectMessageRejectText                  :
    SmtpRejectMessageRejectStatusCode            :
    LogEventText                                 :
    Identity                                     : Default-Securemail-Bypass
    DistinguishedName                            : CN=Default-Securemail-Bypass,CN=TransportVersioned,CN=Rules,CN=Transport
                                                    Settings,CN=domain,CN=Microsoft Exchange,CN=Services,CN=C
                                                   onfiguration,DC=domain,DC=local
    Guid                                         : b265d303-cd60-4af1-9e96-796110a700bc
    OrganizationId                               :
    Name                                         : Default-Securemail-Bypass
    IsValid                                      : True
    WhenChanged                                  : 13-8-2016 10:44:11
    ExchangeVersion                              : 0.1 (8.0.535.0)


    Marcel

    Tuesday, August 16, 2016 8:30 AM
  • You should post all of the details of the transport rule you created.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    The emails from the application server don't go through any transport rule. The senders email are valid recipients in the organization.


    Marcel


    Tuesday, August 16, 2016 8:48 AM
  • How does the application server send these messages?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, August 17, 2016 2:01 AM
    Moderator
  • The application sends his email to the external-relay connector, anonymous.

    We have tested a lot these days, and we came to the conclusion that every other applicationserver can send emails to the Exchange server, and the headerlines are added. So the problem lies within the specific application. The vendor of the application says "The email is delivered to the server, and there ends our support...."

    I can't put my finger behind the the process that Exchange decides to bypass the transport rules for these messages.


    Marcel

    Wednesday, August 17, 2016 8:01 AM
  • Hi,

    Assuming that the application uses a specific address to send these messages, as a workaround ,you can create a new rule to define the sender, other conditions do not change, and check if the same issue persist.

    like below:

    If the sender is Application@domain.nl, and  If the message is sent to 'Outside the organization'

    Take the following actions : set message header 'x-ezorg-secbypass' with the value 'true'

    Except if the message: Is received from a member of group  'SEC_Default-Securemail@domain.nl' or 'x-ezorg-secbypass' header matches the following patterns: 'false'.

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Wednesday, August 17, 2016 9:37 AM
    Moderator
  • The Application sends the email with the email address of the user that send the message.

    Example:

    Steven has email address steven@domain.nl, logs in to the application, sends an email, the application uses "mail from: steven@domain.nl" during the SMTP connection.

    I have compared the SMTP connectionlog for the applicationSMTP connection and the manual one, They are exactly the same! the only difference is that the application server sends MIME emails instead of manual Plain text format.


    Marcel

    Wednesday, August 17, 2016 11:28 AM
  • One thing to check, try adding -FromScope NotInOrganization to see if it makes any difference.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, August 17, 2016 10:44 PM
    Moderator