Forum Widgets
Latest Discussions
Exchange 2019 SMTP Relay Issue After Adding New Server to Send Connector
I have an Exchange environment with two Exchange 2019 servers — one on-premises (EX01) and the other recently deployed in an Azure VM (EX02). The goal is to eventually decommission the old on-premises server. We use a receive connector for SMTP relay from MFPs (printers) and applications to send scanned documents to internal users (all mailboxes are hosted in Microsoft 365). I've replicated the receive connector on the new server (EX02) with identical settings, including the public certificate. All necessary ports are open, and the configuration matches the old server (anonymous relay). However, when I add EX02 to the send connector and test email relays from scanners or apps, the messages are never delivered — they seem to disappear entirely. No NDRs are generated, and nothing shows up in the queues or logs indicating a failure. Interestingly, the new server does receive the relay messages — I can see its hostname in the message headers for successfully delivered emails (prior to adding EX02 to the send connector), so it's definitely accepting the relay connection but something is wrong on the sending. I haven’t run the Hybrid Configuration Wizard on either server, as these servers are only used for SMTP relay purposes. Any idea what I might be missing? What could be causing this mail transport issue on the new server? Much appreciate your ideas !! Thank youHTTP Response Headers Hardening for Exchange 2019 on Windows Server 2022
Category: Security Hardening Issue: Currently, Exchange 2019 running on Windows Server 2022 does not have strict HTTP response headers configured, leaving it potentially vulnerable to security threats such as MIME type sniffing, clickjacking, and cross-site scripting (XSS) attacks. Objective: Harden the security of Exchange 2019 web services by enabling the following HTTP response headers: X-Content-Type-Options: Prevents MIME type sniffing by forcing browsers to respect declared content types. X-Frame-Options: Prevents embedding of Exchange web pages in iframes to mitigate clickjacking attacks. X-XSS-Protection or Content-Security-Policy (CSP): Protects against reflected XSS attacks (X-XSS-Protection is deprecated, CSP is preferred). I have found this article; can anyone tell me if it applies to Exchange 2019 as well? HTTP Security Headers - Icewolf Blog Thank youExchange 2019 - Custom Internet Receive Connector with Different FQDN and Trusted SSL Certificate
Hello, I am running Exchange Server 2019 on Windows Server 2022, and I need to create a new "Internet" Receive Connector with an FQDN different from the Default FrontEnd Receive Connector on port 25 (which uses the Exchange server’s FQDN). However, when I test my SMTP TLS configuration using www.checktls.com, I notice that Exchange presents its self-signed certificate instead of the trusted SSL certificate I have installed. My Goal: Create a custom Internet Receive Connector that uses a different FQDN (e.g., mail.mydomain.com). Ensure that when external senders connect via SMTP, the correct SSL certificate (issued by a trusted CA) is presented instead of the self-signed certificate. Issues Encountered: The Default FrontEnd Receive Connector is tied to the Exchange server’s FQDN. Even after assigning my trusted certificate to the SMTP service, the self-signed certificate is still presented. I need guidance on how to properly configure the FQDN for SMTP TLS connections and ensure my trusted SSL certificate is used. In advance thank you.
554 5.3.4 Content conversion limit(s) exceeded
Could not send mail from PowerBI to local mailbox using SMTP receive connector. There is EventID DELIVERFAIL: "STOREDRV.Deliver.Exception:ConversionFailedException; Failed to process message due to a permanent exception with message The content conversion limit has been exceeded. ConversionFailedException: The content conversion limit has been exceeded. [Stage: PromoteCreateReplay]'" in Transport log. How/where could I check/set the content conversion limit? Is there some other log, where I can find detailed information about this? Message size is 1.3MB, maximum message size in connector is 20MB Exchange 2019 CU 14 Thanks.Using Groups to Assign Exchange Admin Roles to Accounts Without Mailboxes
Exchange Online. Cloud-only environment. I'm trying to figure out the best way to assign Exchange admin roles to various IT staff in our organization. All of our IT staff have dedicated admin accounts for admin tasks, and these accounts do not have mailboxes. Ideally, I'm trying to make things so that when I add an IT tech's admin account to a group, they get the necessary Exchange roles. I have an Exchange admin role. But I see that only mail-enabled security groups can be assigned to these roles (and direct user assignment which I'm trying to avoid). No problem. So I try to create a mail-enabled security group and add these admin accounts (no mailbox) as members of the mail-enabled security group. I can't because the accounts don't have mailboxes. Is there a better way to do this? Any recommendations?Defender: Exploit of HAFNIUM on newest MS Exchange Version?
Hi all, I'm running an exchange on Windows Server 2022, on Exchange Build 15.2.1544.14 (Nov 2024 CU) I've just received an MS Defender EDR High Incident of possible infection of the exchange server. I've checked the Version and Patchmanagement, everything looks fine, even Defender says in the device page "missing kbs" that there is nothing to update. Can I ignore that? I'd say yes, but why would defender create a high incident for that? BR Schnittlauch
How to repair a corrupted Public Folder (on-prem)
Hello guys, Hope all is well. In our Exchange 2019 environment we use Public Folders extensively. Everything seems ok except one of folders that looks corrupted. I can execute commands Get-PublicFolder / Set-PublicFolder against it, I can get its items statistics (Get-PublicFolderItemStatistics) and have access to items through Outlook. But commands Get-PublicFolderStatistics, Get-PublicFolderClientPermission return the same error: The security principal specified is already on the permission set. + CategoryInfo : NotSpecified: (:) [Get-PublicFolderStatistics], CorruptDataException + FullyQualifiedErrorId : [Server=E7,RequestId=b2f89187-878f-4cab-b05f-fcdaa7d82c0d,TimeStamp=2/17/2025 3:19:42 PM] [FailureCategory=Cmdlet-CorruptDataException] B960021F,Microsoft.Exchange.Manag ement.MapiTasks.GetPublicFolderStatistics I tried to repair the corresponding public folder mailbox (New-MailboxRepairRequest) but none of my requests found errors. I moved the public folder content to a different public folder mailbox, no success. Any ideas how to fix the issue? My guess is that ACL list of the public folder is corrupted. Regards, Dmitry HorushinReject multiple From addresses (P2 From headers) without a Sender header
We are proactively opting tenants out of the rollout that were detected as sending high volumes of emails exhibiting multiple From addresses without a Sender address header. These exempted senders will only be able to send emails exhibiting multiple From addresses without a Sender address header to recipients belonging to the same tenant as the sender. We will provide a subsequent update by the end of May 2025 (previously end of March) with an updated timeline for tenants that are opted out. The originator fields of a message consist of the from field, the sender field (when applicable), and optionally the reply-to field. The from field consists of the field name "From" and a comma-separated list of one or more mailbox specifications. If the from field contains more than one mailbox specification in the mailbox-list, then the sender field, containing the field name "Sender" and a single mailbox specification, MUST appear in the message. In either case, an optional reply-to field MAY also be included, which contains the field name "Reply-To" and a comma-separated list of one or more addresses. from = "From:" mailbox-list CRLF sender = "Sender:" mailbox CRLF reply-to = "Reply-To:" address-list CRLF The originator fields indicate the mailbox(es) of the source of the message. The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message. RFC 5322 https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2 General Availability (Worldwide, GCC): We will begin rolling out April 15, 2025, and expect to complete by May 15, 2025. GCC High, DOD: We will begin rolling out July 1, 2025, and expect to complete by August 1, 2025. If email clients including devices and applications that you use to send messages, do so using multiple From addresses but without a Sender address header after the change starts rolling out to your environment, you will get an NDR error code 550 5.1.20 “Multiple From addresses are not allowed without Sender address."Mobile Device Access Rules
Hello - I have been trying to figure out how to permit all current Active Sync mobile devices before switching the Exchange Online Active Sync to Quarantine. I found an old script that supposedly allows the current devices to be grandfathered in, but I have not had any success with it. Could someone assist me with this issue?
