+ Reply to Thread
Results 1 to 18 of 18
  1. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #1

    Default Exchange Server 2007 not sending external Out of Office

    Ok, background of my setup is: I have a vm environment with 2 exchange servers 1 is running Exch 07 Mailbox role and the other Exch 07 HUB/CAS role both on Windows Server 2008. Mail is being delivered via a smart host (which is basically the ant-spam server). The problem I am having is i cannot get the external out of office to send out, internl is fine. When I turn message tracker on I get the following failed message from my external out of office: 550 Relaying not permitted (3.7):

    On hub transport server in remote domains the 3 rd option to allow out of office is selected.

    I have read some forums where the only way people have got external out of office to work is to allow mail to be delivered directly ie via dns mx record. This is far from ideal and not an option for me as all mail must go through our smart host. There must be another alternative to make the External OOF route through my smart host, does anyone know of one?

    Apparently microsoft have designed it this way and I have included some text supporting this, This is all related to a change that Microsoft has made to Exchange 2007's OOF & NDR responses. Essentially, previous versions of Exchange did not follow RFC 2298 guidelines for Message Disposition Notification (MDN) messages and therefore responded with an email address in the FROM: field, which doesnt actually follow the correct definitions for this type of SMTP response. The latest version of Exchange now strictly follows RFC 2298 definitions for MDN messages.

    The reason that this is an issue is because a blank sender field is often used by spammers to distribute unsolicited mail and is therefore blocked by default by many anti-spam systems. Anti-spam systems such as this are deployed at most major ISPs to avoid their mail relays being abused by users or compromised systems on their network, hence my customer's ISP were actually blocking their MDN messages (even though they appeared to accept them without issue).



    Any suggestions or site to be pointed are most welcomed, thank you for your time. cheers Bruce
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2007
    Posts
    209

    Certifications
    MCSA 2003, MCTS, MCITP Enterprise Messaging Administrator, ITIL v3 foundations
    #2
    When you are expecting an OOF are you sending the mail to a distribution group? i.e. sales@domain.com
    Reply With Quote Quote  

  4. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #3
    /fires up Exchange lab.

    When you say direct via DNS - you mean direct out the internet (i.e. the CAS/HUB doing all the resolution and sending out)

    Did this work with 2003?

    Is this a limitation of your spam server?
    Reply With Quote Quote  

  5. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #4
    Quote Originally Posted by CoryS
    When you are expecting an OOF are you sending the mail to a distribution group? i.e. sales@domain.com
    no, I'm expecting the OOF to reply to external senders address by the default way that it was installed in exchange 2007. thanks
    Reply With Quote Quote  

  6. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #5
    Quote Originally Posted by gorebrush
    /fires up Exchange lab.

    When you say direct via DNS - you mean direct out the internet (i.e. the CAS/HUB doing all the resolution and sending out)

    Did this work with 2003?

    Is this a limitation of your spam server?
    yes this worked fine in 2003 using exactly the same spam server, something in exhange 2007 has changed. I read somewhere that the OOF replies externally with a blank address so most spam filters think this is spam. I can have another look at my spam server but I was wondering if anyone has a simliar setup delivering mail out via a smart host (spam server) and their external OOF is working. thanks
    Reply With Quote Quote  

  7. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #6
    Quote Originally Posted by Bmac000
    Quote Originally Posted by gorebrush
    /fires up Exchange lab.

    When you say direct via DNS - you mean direct out the internet (i.e. the CAS/HUB doing all the resolution and sending out)

    Did this work with 2003?

    Is this a limitation of your spam server?
    yes this worked fine in 2003 using exactly the same spam server, something in exhange 2007 has changed. I read somewhere that the OOF replies externally with a blank address so most spam filters think this is spam. I can have another look at my spam server but I was wondering if anyone has a simliar setup delivering mail out via a smart host (spam server) and their external OOF is working. thanks
    if this helps anyone the setting specifying how mail is delivered out via its connector is on the HUB server under organisation configuration > send connectors > right click all email > properties > network tab. It is this setting that i have going via my smart host (spam server) which i do not want to change.
    Reply With Quote Quote  

  8. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #7
    Could get users to use a reply rule as opposed to OOO ?

    Bit of a pants way around, but would get round the problem.
    Reply With Quote Quote  

  9. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #8
    I'm using a smart host and my external ooo has always worked fine...
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  10. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #9
    When you're looking at the logging, what server is actually doing the rejecting? It will give you the address... is it Exchange, your spam appliance, ISP?
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  11. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #10
    Quote Originally Posted by blargoe
    I'm using a smart host and my external ooo has always worked fine...
    thats good to know. This is on windows 2008 with exchange 2007? did you have to create any special rules on your smart host?
    Reply With Quote Quote  

  12. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #11
    Quote Originally Posted by blargoe
    When you're looking at the logging, what server is actually doing the rejecting? It will give you the address... is it Exchange, your spam appliance, ISP?
    it seems to be the smart host so looks like thats where the problem may be as the error is 550 relay not permitted.
    Reply With Quote Quote  

  13. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #12
    Quote Originally Posted by Bmac000
    Quote Originally Posted by blargoe
    I'm using a smart host and my external ooo has always worked fine...
    thats good to know. This is on windows 2008 with exchange 2007? did you have to create any special rules on your smart host?
    Windows 2003 Standard with Exchange 2007
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    May 2007
    Posts
    209

    Certifications
    MCSA 2003, MCTS, MCITP Enterprise Messaging Administrator, ITIL v3 foundations
    #13
    I use a smart host as well although it doesnt do any outbound message hygiene as yours sounds like it does.. I had to add the ip of the sending HT server to the allowed list of sending machines on the smart host.. I have yet to have an OoO response fail for any reason beyond the minor tweaks required for distribution groups.
    Reply With Quote Quote  

  15. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #14
    Quote Originally Posted by CoryS
    I use a smart host as well although it doesnt do any outbound message hygiene as yours sounds like it does.. I had to add the ip of the sending HT server to the allowed list of sending machines on the smart host.. I have yet to have an OoO response fail for any reason beyond the minor tweaks required for distribution groups.
    thanks CoryS i wll have a look at that also.
    Reply With Quote Quote  

  16. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #15
    Quote Originally Posted by CoryS
    I use a smart host as well although it doesnt do any outbound message hygiene as yours sounds like it does.. I had to add the ip of the sending HT server to the allowed list of sending machines on the smart host.. I have yet to have an OoO response fail for any reason beyond the minor tweaks required for distribution groups.
    thanks CoryS i wll have a look at that also.
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Mar 2009
    Location
    Colchester
    Posts
    2

    Certifications
    MCSE, MCITP EM, EA
    #16
    same problem here.

    did anyone get to the bottom of this ? we are having that issue with NTL.

    I cant believe there is no way to set a default returnPath for OOO alerts.

    HELP !!!!
    Reply With Quote Quote  

  18. Member
    Join Date
    Jun 2005
    Location
    London
    Posts
    43

    Certifications
    MCSE on Windows Server 2003 - 270,290,291,227,293,294,298 ITILv3, PRINCE2
    #17
    yes we set a rule on the smart host (spam box) to allow all outbound. probably not the best way of doing it but it worked

    Quote Originally Posted by ken-doh View Post
    same problem here.

    did anyone get to the bottom of this ? we are having that issue with NTL.

    I cant believe there is no way to set a default returnPath for OOO alerts.

    HELP !!!!
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Mar 2009
    Location
    Colchester
    Posts
    2

    Certifications
    MCSE, MCITP EM, EA
    #18
    hi

    not much good when our smart host is NTL and they wont make that change



    idiots.

    we now relay via messagelabs
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks