cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange auto forward to external e-mail, sometimes it fails

Kasperk1180
Copper Contributor

‎Sep 17 2023 10:18 PM

‎Sep 17 2023 10:18 PM

Exchange auto forward to external e-mail, sometimes it fails

Hi community

 

I have set up a forwarding rule on a shared mailbox, which forwards all mails to an external email address. This works i would say 95% of the time, but 5% of the times it returns an: email failed delivery notification.

I've got the message-trace below:

My guess after reviewing it, is that it is failing SPF, since the forwarded mail is forwarded through mail-servers whom are not allowed to be sending emails on the original domains behalf. Is this assumption right and how would I go about fixing it?

Ive replaced all domain names in the error message below.

 

Thank you, kind regards.

´´´

Resent-From: <email address removed for privacy reasons>

Received: from DB9PR01MB10268.eurprd01.prod.exchangelabs.com

 (2603:10a6:10:301::14) by AS4PR01MB9231.eurprd01.prod.exchangelabs.com

 (2603:10a6:20b:4ee::9) with Microsoft SMTP Server (version=TLS1_2,

 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6768.25; Wed, 6 Sep

 2023 20:12:33 +0000

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

 b=AVvnruxlEFqpXnmGqN5uLDsCYphtpM1RPR3qvhZkIROTQ71zwsHP8FHtejFFKw+nNpSQAk9WPR2nQgtOyQ2P8z/jb55LP7L2g7sp4yxmb7mg4Te7xqqJQ/7oKdCbccwUN1maZCmcyCDDcq2atOSUcGRmxi25nnGQwDIY756gc2xwJvy+Pjvm0pAVP5b7jjewDotu2NHOGoyH3/O/3DctWVShuR2wRwh57gL/qzDHi5kk/PL6ECVAUD1ils/ZuEqpWaEOIfDZY71vLDDeYBUi6Fg+M+o1/Ha4fqLnVYm7YvJLgt8NWLaQ/bsCjP8heX86Re1tRzwFtvYNp2Ogi4sQIw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

 s=arcselector9901;

 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

 bh=gvpa9KZ3WSnps3qzoO5lksOOBe3sGT3HuIPJ1ftksYs=;

 b=EKw5wnK0L3EvAjXgY6I2/YOIjf+5YsrZHrVisoGnhdCvNqe+MQVC9sjxWjfI2lMhpOQj0ep5He56ZuAsyez8eIsOC94WWG0ou6aInj5Q0tk5B4dQIEPqckE5MDd9+S1jkHWsZevfTeWkc8CmY/FZRHXPCWVu4WL2WV3JIQD1H3G2X6i8Z9RB4vmRhsdODP4n/803orKnIRNhwt21mrKbS0EWoDiBNaznLFd+gWMp3PSO9/ZsKYk5s+UbVlkz/1EAMbvKpEjlt1Yl87iijqiiHjfcLGN6NBSQm31T6YcE3Ro/ALD4mLq6a+Nhv/rOITa82tDHPvwULY9o1v85jrX7HQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

 20.50.183.144) smtp.rcpttodomain=example.com smtp.mailfrom=example.com; dmarc=fail

 (p=quarantine sp=quarantine pct=100) action=quarantine header.from=example.com;

 dkim=none (message not signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

 d=example.onmicrosoft.com; s=selector2-example-onmicrosoft-com;

 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

 bh=gvpa9KZ3WSnps3qzoO5lksOOBe3sGT3HuIPJ1ftksYs=;

 b=S9qS6nEl3NEkfv8FZQQLgUHl1uDHtF42tgcMMKzEcZ4JT0LjT7efeTiHAvUejp2+kwm0mdAPd0AAniAfD5aWuJhsmOKS2bYWR4fh3VyzcMAyiwxEc45Af4gi4qxLDZMhslUroEJed277/rgjJKWAtuPhPjzRvJ7h3mTUVAMFWcM=

Resent-From: < email address removed for privacy reasons >

Received: from AS9PR06CA0757.eurprd06.prod.outlook.com (2603:10a6:20b:484::10)

 by DB9PR01MB10268.eurprd01.prod.exchangelabs.com (2603:10a6:10:301::14) with

 Microsoft SMTP Server (version=TLS1_2,

 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.16; Wed, 6 Sep

 2023 08:05:04 +0000

Received: from AM2PEPF0001C70B.eurprd05.prod.outlook.com

 (2603:10a6:20b:484:cafe::b7) by AS9PR06CA0757.outlook.office365.com

 (2603:10a6:20b:484::10) with Microsoft SMTP Server (version=TLS1_2,

 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34 via Frontend

 Transport; Wed, 6 Sep 2023 08:05:04 +0000

Authentication-Results: spf=fail (sender IP is 20.50.183.144)

 smtp.mailfrom=example.com; dkim=none (message not signed)

 header.d=none;dmarc=fail action=quarantine header.from=example.com;

Received-SPF: Fail (protection.outlook.com: domain of example.com does not

 designate 20.50.183.144 as permitted sender) receiver=protection.outlook.com;

 client-ip=20.50.183.144; helo=eu-esec-02.heimdalsecurity.com;

Received: from eu-esec-02.heimdalsecurity.com (20.50.183.144) by

 AM2PEPF0001C70B.mail.protection.outlook.com (10.167.16.199) with Microsoft

 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

 15.20.6768.25 via Frontend Transport; Wed, 6 Sep 2023 08:05:04 +0000

Authentication-Results-Original: halon-node2.esf-we-priv.heimdalsecurity.com;

   dmarc=pass header.from=example.com;   spf=pass smtp.mailfrom=example.com

 smtp.remote-ip=205.220.185.240;

X-HeimdalSecurity-TLS-Received: TLSv1.2 with cipher

 ECDHE-RSA-AES256-GCM-SHA384 (256 bits)

Received: from mx08-00348201.pphosted.com (unknown [205.220.185.240]) by

 halon-node2.esf-we-priv.heimdalsecurity.com with TLSv1.2 with cipher

 ECDHE-RSA-AES256-GCM-SHA384 (256 bits); Wed, 06 Sep 2023 08:04:16 +0000 (UTC)

X-HeimdalSecurity-ILT: 1693987456.639755

X-HeimdalSecurity-ID: f99321a1-4c8b-11ee-bb0e-000d3aac3d93-node2.esf-we

Received: from pps.filterd (m0281615.ppops.net [127.0.0.1])

        by mx08-00348201.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 3866UPev004006

        for < email address removed for privacy reasons >; Wed, 6 Sep 2023 08:04:15 GMT

Received: from gbahes518.example.example.com ([164.39.122.169])

        by mx08-00348201.pphosted.com (PPS) with ESMTP id 3sutc9j38q-13

        for < email address removed for privacy reasons >; Wed, 06 Sep 2023 08:04:15 +0000 (GMT)

Received: from GBAHES984 ([164.39.11.240])

          by gbahes518. example.example.com(IBM Domino Release 9.0.1FP10 HF66)

          with ESMTP id 2023090609041469-380942 ;

          Wed, 6 Sep 2023 09:04:14 +0100

MIME-Version: 1.0

From: eInvoicing < email address removed for privacy reasons >

To: email address removed for privacy reasons

Date: 6 Sep 2023 09:04:15 +0100

Subject: companyName - eInvoicing faktura

X-MIMETrack: Itemize by SMTP Server on GBAHES518/CORP/TPG(Release 9.0.1FP10 HF66|February

 09, 2018) at 09/06/2023 09:04:14 AM,

        Serialize by Router on GBAHES518/CORP/TPG(Release 9.0.1FP10 HF66|February

 09, 2018) at 09/06/2023 09:04:15 AM

Message-ID: <email address removed for privacy reasons>

Content-Type: multipart/mixed;

 boundary=--boundary_272156_338a8692-8db1-492d-9312-1ae69dffd4c4

X-Proofpoint-ORIG-GUID: n3cNTezMENHC2MNiZDRjhUD6otzLjr3k

X-Proofpoint-GUID: n3cNTezMENHC2MNiZDRjhUD6otzLjr3k

Return-Path: email address removed for privacy reasons

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: bf9f94cb-621c-4c1d-8b78-103b6e6749f9:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic:

        AM2PEPF0001C70B:EE_|DB9PR01MB10268:EE_|AS4PR01MB9231:EE_

X-MS-Office365-Filtering-Correlation-Id: 99026772-6da4-4dd1-2915-08dbaeaffa59

X-LD-Processed: bf9f94cb-621c-4c1d-8b78-103b6e6749f9,ExtFwd,ExtFwd

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info: rJf+tthE0krKr6MgUDVYZfLnSLNByjrfDTdf9KPa6FuhtQml7Si8bbG3fxIl/+GkTI0wi3UbcOox5FOmCAcrV8i2wzH/SY60dSXT/pUp9MLrR30ZDBBZRkCTriAjjdo49aKQQS5r/kTQG3dyYg/mZbYT7j/BGsGshK0dqERjA+KtMIdBmhi8coAwmzMd4qNij/rP97JjHFCZwzgnQpLwrxJ0yx982oxSOEAJ/KeaX/9GRkfXe1qSJ82ob5v8FZzLPQm5t2yThfLq0t9xgvmm3GQSIBUxibzZuZcZgJht3XmS8TWJgjqxXUd6kW1wWmx4gJbWBSoL5wN/sONzFyXDRPcb4i+YAOpAcR54bRuNxWxdL5grBBm+ni4TqZBrGHRYCDWYW+Spt8WZl2ewHMCeCMicpGsBl13H274/QOuGNQJi0Zp9S11yTqJfMn0xS9OuVDsHwLj2nQxZH9rnkof7Fy2D9KcS1pS0rEr8WXPdKH8DKQJIUyjlcVFN0aVah9Fyf9ikdAKF0atUIG4W7Rx2A1goWoSAknJgJGME8EJR1IOCi9Y4fxExp8lLA2I+tEDO2yoH0cvnm/b8Ohs2Di3OKvIQx4uoT+9VPk58OlHd6cnVIM0hAMFUGowGJJJOL2vyBET8bxozGn8/rR8KzFa09g==

X-Forefront-Antispam-Report: CIP:20.50.183.144;CTRY:NL;LANG:da;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:eu-esec-02.heimdalsecurity.com;PTR:eu-esec-01.heimdalsecurity.com;CAT:NONE;SFS:(13230031)(39840400004)(136003)(346002)(396003)(376002)(61400799006)(451199024)(48200799006)(356005)(336012)(498600001)(10310500001)(7636003)(966005)(83380400001)(15974865002)(86362001)(66574015)(10290500003)(956004)(2616005)(26005)(33964004)(68406010)(316002)(70586007)(36756003)(33656002)(2906002)(5660300002)(34206002)(8676002)(17046004);DIR:OUT;SFP:1022;

X-MS-Exchange-ForwardingLoop: email address removed for privacy reasons;bf9f94cb-621c-4c1d-8b78-103b6e6749f9

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2023 08:05:04.4620

 (UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 99026772-6da4-4dd1-2915-08dbaeaffa59

X-MS-Exchange-CrossTenant-Id: bf9f94cb-621c-4c1d-8b78-103b6e6749f9

X-MS-Exchange-CrossTenant-AuthSource: AM2PEPF0001C70B.eurprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR01MB10268

X-MS-Exchange-ForwardingLoop:

        email address removed for privacy reasons;bf9f94cb-621c-4c1d-8b78-103b6e6749f9

X-OriginatorOrg: example.com

´´´

 

Labels:
250 Views
0 Likes
5 Replies
Reply
5 Replies
Dhruva_Kudva

‎Sep 20 2023 02:03 PM

‎Sep 20 2023 02:03 PM

Re: Exchange auto forward to external e-mail, sometimes it fails

Hi @Kasperk1180 - Would you be able to share the NDR message you received by redacting the PII info?

 

Regards

Dhruva

0 Likes
Reply
Kasperk1180

‎Sep 21 2023 11:28 PM

‎Sep 21 2023 11:28 PM

Re: Exchange auto forward to external e-mail, sometimes it fails

@Dhruva_Kudva 

 

Hi

 

Thanks for the reply!

Just to be sure, you want the full "Not Delivered Response" with the PII removed, of course.

 

Kind regards

0 Likes
Reply
Kasperk1180

‎Sep 21 2023 11:29 PM

‎Sep 21 2023 11:29 PM

Re: Exchange auto forward to external e-mail, sometimes it fails

Non Delivered Report*
0 Likes
Reply
Dhruva_Kudva

‎Sep 22 2023 08:25 AM

‎Sep 22 2023 08:25 AM

Re: Exchange auto forward to external e-mail, sometimes it fails

Yes, that's correct.
0 Likes
Reply
Kasperk1180

‎Sep 24 2023 09:33 PM - edited ‎Sep 24 2023 09:37 PM

‎Sep 24 2023 09:33 PM - edited ‎Sep 24 2023 09:37 PM

Re: Exchange auto forward to external e-mail, sometimes it fails

@Dhruva_Kudva 

 

Your email couldn't be forwarded from email address removed for privacy reasons to another email address.

email address removed for privacy reasons
Your message wasn't delivered. Despite repeated attempts to deliver your message, a connection to the remote server was closed abruptly.

Contact the recipient by some other means (by phone, for example) and ask them to tell their email admin that it appears that your email system is unable to connecto their email system. Give them the error details shown below. It's likely that the recipient's email admin is the only one who can fix this problem.

For Email Admins
This often indicates the recipient's firewall SMTP fixup setting or other firewall settings are preventing the SMTP protocol negotiation from succeeding.

For more information and tips to fix this issue see this article: https://go.microsoft.com/fwlink/?LinkId=389361.








Diagnostic information for administrators:

Generating server: AS4PR01MB9231.eurprd01.prod.exchangelabs.com
Receiving server: AS4PR01MB9231.eurprd01.prod.exchangelabs.com
Total retry attempts: 70

email address removed for privacy reasons
9/7/2023 8:06:16 AM - Server at AS4PR01MB9231.eurprd01.prod.exchangelabs.com returned '550 5.4.318 Message expired, connection reset (SuspiciousRemoteServerError)(450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError))'
9/7/2023 7:58:11 AM - Server at eu-esec-outbound.heimdalsecurity.com (20.50.183.148) returned '450 4.4.318 Connection was closed abruptly (SuspiciousRemoteServerError)'

Original message headers:

Resent-From: <email address removed for privacy reasons>
Received: from DB9PR01MB10268.eurprd01.prod.exchangelabs.com
 (2603:10a6:10:301::14) by AS4PR01MB9231.eurprd01.prod.exchangelabs.com
 (2603:10a6:20b:4ee::9) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6768.25; Wed, 6 Sep
 2023 20:12:33 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=AVvnruxlEFqpXnmGqN5uLDsCYphtpM1RPR3qvhZkIROTQ71zwsHP8FHtejFFKw+nNpSQAk9WPR2nQgtOyQ2P8z/jb55LP7L2g7sp4yxmb7mg4Te7xqqJQ/7oKdCbccwUN1maZCmcyCDDcq2atOSUcGRmxi25nnGQwDIY756gc2xwJvy+Pjvm0pAVP5b7jjewDotu2NHOGoyH3/O/3DctWVShuR2wRwh57gL/qzDHi5kk/PL6ECVAUD1ils/ZuEqpWaEOIfDZY71vLDDeYBUi6Fg+M+o1/Ha4fqLnVYm7YvJLgt8NWLaQ/bsCjP8heX86Re1tRzwFtvYNp2Ogi4sQIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=gvpa9KZ3WSnps3qzoO5lksOOBe3sGT3HuIPJ1ftksYs=;
 b=EKw5wnK0L3EvAjXgY6I2/YOIjf+5YsrZHrVisoGnhdCvNqe+MQVC9sjxWjfI2lMhpOQj0ep5He56ZuAsyez8eIsOC94WWG0ou6aInj5Q0tk5B4dQIEPqckE5MDd9+S1jkHWsZevfTeWkc8CmY/FZRHXPCWVu4WL2WV3JIQD1H3G2X6i8Z9RB4vmRhsdODP4n/803orKnIRNhwt21mrKbS0EWoDiBNaznLFd+gWMp3PSO9/ZsKYk5s+UbVlkz/1EAMbvKpEjlt1Yl87iijqiiHjfcLGN6NBSQm31T6YcE3Ro/ALD4mLq6a+Nhv/rOITa82tDHPvwULY9o1v85jrX7HQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
 20.50.183.144) smtp.rcpttodomain=example.com smtp.mailfrom=example.com; dmarc=fail
 (p=quarantine sp=quarantine pct=100) action=quarantine header.from=tnt.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=tndk1019695.onmicrosoft.com; s=selector2-tndk1019695-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=gvpa9KZ3WSnps3qzoO5lksOOBe3sGT3HuIPJ1ftksYs=;
 b=S9qS6nEl3NEkfv8FZQQLgUHl1uDHtF42tgcMMKzEcZ4JT0LjT7efeTiHAvUejp2+kwm0mdAPd0AAniAfD5aWuJhsmOKS2bYWR4fh3VyzcMAyiwxEc45Af4gi4qxLDZMhslUroEJed277/rgjJKWAtuPhPjzRvJ7h3mTUVAMFWcM=
Resent-From: <email address removed for privacy reasons>
Received: from AS9PR06CA0757.eurprd06.prod.outlook.com (2603:10a6:20b:484::10)
 by DB9PR01MB10268.eurprd01.prod.exchangelabs.com (2603:10a6:10:301::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.16; Wed, 6 Sep
 2023 08:05:04 +0000
Received: from AM2PEPF0001C70B.eurprd05.prod.outlook.com
 (2603:10a6:20b:484:cafe::b7) by AS9PR06CA0757.outlook.office365.com
 (2603:10a6:20b:484::10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34 via Frontend
 Transport; Wed, 6 Sep 2023 08:05:04 +0000
Authentication-Results: spf=fail (sender IP is 20.50.183.144)
 smtp.mailfrom=example.com; dkim=none (message not signed)
 header.d=none;dmarc=fail action=quarantine header.from=example.com;
Received-SPF: Fail (protection.outlook.com: domain of example.com does not
 designate 20.50.183.144 as permitted sender) receiver=protection.outlook.com;
 client-ip=20.50.183.144; helo=eu-esec-02.heimdalsecurity.com;
Received: from eu-esec-02.heimdalsecurity.com (20.50.183.144) by
 AM2PEPF0001C70B.mail.protection.outlook.com (10.167.16.199) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6768.25 via Frontend Transport; Wed, 6 Sep 2023 08:05:04 +0000
Authentication-Results-Original: halon-node2.esf-we-priv.heimdalsecurity.com;
   dmarc=pass header.from=example.com;   spf=pass smtp.mailfrom=example.com
 smtp.remote-ip=205.220.185.240;
X-HeimdalSecurity-TLS-Received: TLSv1.2 with cipher
 ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
Received: from mx08-00348201.pphosted.com (unknown [205.220.185.240]) by
 halon-node2.esf-we-priv.heimdalsecurity.com with TLSv1.2 with cipher
 ECDHE-RSA-AES256-GCM-SHA384 (256 bits); Wed, 06 Sep 2023 08:04:16 +0000 (UTC)
X-HeimdalSecurity-ILT: 1693987456.639755
X-HeimdalSecurity-ID: f99321a1-4c8b-11ee-bb0e-000d3aac3d93-node2.esf-we
Received: from pps.filterd (m0281615.ppops.net [127.0.0.1])
	by mx08-00348201.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 3866UPev004006
	for <email address removed for privacy reasons>; Wed, 6 Sep 2023 08:04:15 GMT
Received: from example.com ([164.39.122.169])
	by mx08-00348201.pphosted.com (PPS) with ESMTP id 3sutc9j38q-13
	for <email address removed for privacy reasons>; Wed, 06 Sep 2023 08:04:15 +0000 (GMT)
Received: from GBAHES984 ([164.39.11.240])
          by example.com (IBM Domino Release 9.0.1FP10 HF66)
          with ESMTP id 2023090609041469-380942 ;
          Wed, 6 Sep 2023 09:04:14 +0100 
MIME-Version: 1.0
From: eInvoicing <email address removed for privacy reasons>
To: email address removed for privacy reasons
Date: 6 Sep 2023 09:04:15 +0100
Subject: SUBJECT
X-MIMETrack: Itemize by SMTP Server on GBAHES518/CORP/TPG(Release 9.0.1FP10 HF66|February
 09, 2018) at 09/06/2023 09:04:14 AM,
	Serialize by Router on GBAHES518/CORP/TPG(Release 9.0.1FP10 HF66|February
 09, 2018) at 09/06/2023 09:04:15 AM
Message-ID: <email address removed for privacy reasons>
Content-Type: multipart/mixed;
 boundary=--boundary_272156_338a8692-8db1-492d-9312-1ae69dffd4c4
X-Proofpoint-ORIG-GUID: n3cNTezMENHC2MNiZDRjhUD6otzLjr3k
X-Proofpoint-GUID: n3cNTezMENHC2MNiZDRjhUD6otzLjr3k
Return-Path: email address removed for privacy reasons
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: bf9f94cb-621c-4c1d-8b78-103b6e6749f9:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic:
	AM2PEPF0001C70B:EE_|DB9PR01MB10268:EE_|AS4PR01MB9231:EE_
X-MS-Office365-Filtering-Correlation-Id: 99026772-6da4-4dd1-2915-08dbaeaffa59
X-LD-Processed: bf9f94cb-621c-4c1d-8b78-103b6e6749f9,ExtFwd,ExtFwd
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: rJf+tthE0krKr6MgUDVYZfLnSLNByjrfDTdf9KPa6FuhtQml7Si8bbG3fxIl/+GkTI0wi3UbcOox5FOmCAcrV8i2wzH/SY60dSXT/pUp9MLrR30ZDBBZRkCTriAjjdo49aKQQS5r/kTQG3dyYg/mZbYT7j/BGsGshK0dqERjA+KtMIdBmhi8coAwmzMd4qNij/rP97JjHFCZwzgnQpLwrxJ0yx982oxSOEAJ/KeaX/9GRkfXe1qSJ82ob5v8FZzLPQm5t2yThfLq0t9xgvmm3GQSIBUxibzZuZcZgJht3XmS8TWJgjqxXUd6kW1wWmx4gJbWBSoL5wN/sONzFyXDRPcb4i+YAOpAcR54bRuNxWxdL5grBBm+ni4TqZBrGHRYCDWYW+Spt8WZl2ewHMCeCMicpGsBl13H274/QOuGNQJi0Zp9S11yTqJfMn0xS9OuVDsHwLj2nQxZH9rnkof7Fy2D9KcS1pS0rEr8WXPdKH8DKQJIUyjlcVFN0aVah9Fyf9ikdAKF0atUIG4W7Rx2A1goWoSAknJgJGME8EJR1IOCi9Y4fxExp8lLA2I+tEDO2yoH0cvnm/b8Ohs2Di3OKvIQx4uoT+9VPk58OlHd6cnVIM0hAMFUGowGJJJOL2vyBET8bxozGn8/rR8KzFa09g==
X-Forefront-Antispam-Report: CIP:20.50.183.144;CTRY:NL;LANG:da;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:eu-esec-02.heimdalsecurity.com;PTR:eu-esec-01.heimdalsecurity.com;CAT:NONE;SFS:(13230031)(39840400004)(136003)(346002)(396003)(376002)(61400799006)(451199024)(48200799006)(356005)(336012)(498600001)(10310500001)(7636003)(966005)(83380400001)(15974865002)(86362001)(66574015)(10290500003)(956004)(2616005)(26005)(33964004)(68406010)(316002)(70586007)(36756003)(33656002)(2906002)(5660300002)(34206002)(8676002)(17046004);DIR:OUT;SFP:1022;
X-MS-Exchange-ForwardingLoop: email address removed for privacy reasons;bf9f94cb-621c-4c1d-8b78-103b6e6749f9
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2023 08:05:04.4620
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 99026772-6da4-4dd1-2915-08dbaeaffa59
X-MS-Exchange-CrossTenant-Id: bf9f94cb-621c-4c1d-8b78-103b6e6749f9
X-MS-Exchange-CrossTenant-AuthSource: AM2PEPF0001C70B.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR01MB10268
X-MS-Exchange-ForwardingLoop:
	email address removed for privacy reasons;bf9f94cb-621c-4c1d-8b78-103b6e6749f9
X-OriginatorOrg: example.com

 

here is the full NDR 

0 Likes
Reply