none
Can't send mail to user on new backend Server 2019 due to SPF failures? RRS feed

  • 問題

  • Firstly sorry if the header doesn't describe the issue correctly, and also if this is long, I try to put as much detail into these things as possible.

    I have had a working Exchange 2013 (A) on=premises setup for the last five years, and have now purchased a new server (B) and installed 2019 on it, I obviously want to ensure it's working before I decommission the 2013 box.

    Ultimately it will send and receive emails directly via the spam filter appliances, as (A) does currently, but at the moment, it's running as a back-end device serviced by (A) until it's ready to replace (A) completely.

    I moved a single mailbox from (A) to (B) and can access it via OWA and Outlook, I can send email OUT no problem and replies from my gmail account apparently work fine, but if I email (B)user from someone internally on (A) it arrives, but replies fail.

    *edit* Sorry, I miss-wrote this bit.

    "but if I email (B)user from someone internally on (A) it arrives, but replies fail."

    It should read "but if I email an (A)user from B(user) it arrives, but replies fail back to B(user)."


    Subject: Test 3 
    
    This message hasn't been delivered yet. Delivery will continue to be attempted.
    
    The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.
    
    Diagnostic information for administrators:
    
    Generating server: (A)
    
    
    (B)user@mydomain.com
    Remote Server returned '400 4.4.7 Message delayed'

    Also, if I email from my personal domain email address to (B)user I get additional information to the above:

    Received-SPF: fail ( (A).internal.domain: domain of me@mypersonaldomain.co.uk does not designates 192.168.x.x as permitted sender) client-ip=192.168.x.x
    Authentication-Results: (A).internal.domain;

    192.168.x.x is the internal IP address of our mail-filter appliance that then continues transmission to (A).

    I will cross-post this to Exchange Server 2016 - Mail Flow and Secure Messaging, as 2019 doesn't have specific sub-forums yet.

    Thanks,

    -Stuart.




    2019年9月17日 上午 08:24

解答

  • Hi Stuart,

    It seems that your personal account failed to pass the SPF check, since you could reply from your GMail account, I am afraid that we should check your personal domain's the SPF record rather than your Exchange server's.

    Anyway, let's focus on the issue that Exchange 2019 mailbox cannot reply an email sending from Exchange 2013.

    Considering that you have received a NDR saying that the message was delayed, we could troubleshooting the issue via the steps below:

    1. Analyse the message header in ExRCA and send the result here.

    2. Search the message tracking log via the command below:

    Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Recipient "recipient address" -MessageSubject "the problematic message’s subject" | select *time*, source, EventID, sender, @{Name="recipients";Expression={$_.recipients -join " "}},MessageSubject, ClientHostname, ServerHostname, SourceContext, MessageID | Sort-Object -Property Timestamp 

    Look forward to your reply.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    2019年9月18日 上午 08:55
    版主

所有回覆

  • Hi

    I removed your duplicate post in the 2016 section.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    2019年9月17日 上午 08:38
    版主
  • Hello,

    if your internal domain is toto.com and your email is the same (split dns) could you build an internal SPF record in your internal dns ?

    including your internal ip ?

    Olivier

    2019年9月17日 上午 08:47
  • The AD domain dates back to Server 2000 so is a "domain.local", so doesn't match the external FQDN, but OWA/ECP etc all point to the external FQDN which there is an entry in the local DNS server pointing to the internal IP address, and resolves as such when pinged.
    2019年9月17日 上午 10:58
  • Hi Stuart,

    It seems that your personal account failed to pass the SPF check, since you could reply from your GMail account, I am afraid that we should check your personal domain's the SPF record rather than your Exchange server's.

    Anyway, let's focus on the issue that Exchange 2019 mailbox cannot reply an email sending from Exchange 2013.

    Considering that you have received a NDR saying that the message was delayed, we could troubleshooting the issue via the steps below:

    1. Analyse the message header in ExRCA and send the result here.

    2. Search the message tracking log via the command below:

    Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Recipient "recipient address" -MessageSubject "the problematic message’s subject" | select *time*, source, EventID, sender, @{Name="recipients";Expression={$_.recipients -join " "}},MessageSubject, ClientHostname, ServerHostname, SourceContext, MessageID | Sort-Object -Property Timestamp 

    Look forward to your reply.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    2019年9月18日 上午 08:55
    版主
  • Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

    Regards, 

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    2019年9月23日 上午 09:49
    版主