Home

Rejecting message based on email header ( in Office365 )

%3CLINGO-SUB%20id%3D%22lingo-sub-277574%22%20slang%3D%22en-US%22%3ERejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-277574%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20very%20simple%20'mail%20flow'%20rule%20which%20states%20that%20exchange%20should%20reject%20a%20message%20when%20it%20sees%20an%20email%20that%20has%20a%20header%20set%20to%20a%20specific%20value.%20The%20rule%20is%20in%20active%2Fenforced%20mode%20but%20I%20can't%20get%20it%20to%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20guess%20is%20that%20exchange%20is%20unable%20to%20find%20or%20match%20the%20header%20(Although%20the%20test%20email%20I%20am%20sending%20has%20header%20set%20to%20correct%20value).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tried%20that%20same%20(rejection)%20rule%20for%20the%20'subject'%20field%20and%20it%20worked%20as%20expected.%20I%20am%20using%20custom%2Fnon-standard%20header%20named%20%22Action%22%20but%20its%20a%20valid%20mail%2Fmime%20header.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAttached%20is%20the%20screenshot%20of%20the%20rule.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-277574%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278936%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278936%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ramu%2C%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20are%20right%2C%20Exchange%20treats%20all%20these%20as%20typical%20headers%2C%20and%20they%20accept%20values%20from%20any%20email%20systems.%20So%20these%20can%20be%20treated%20as%20Fields.%20Now%2C%20there%20are%20some%20X-MS%20headers%20which%20accepts%20certain%20values.%20Check%20this%20article%20if%20it%20helps%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Fexchange-web-services%2Fhow-to-provision-x-headers-by-using-ews-in-exchange%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Fexchange-web-services%2Fhow-to-provision-x-headers-by-using-ews-in-exchange%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278775%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278775%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Rishank%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20already%20reached%20out%20to%20support.%20They%20said%20they%20will%20look%20into%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20if%20it%20would%20work%20for%20headers%20such%20as%20Message-Id%20or%20Content-Type%20.%20These%20are%20typical%20headers%20that%20every%20message%20includes.%20I%20have%20verified%20it%20work%20for%20From%20and%20To%20headers%2C%20but%20there%20are%20specific%20rules%20for%20such%20fields%20(from%2Fto%2Fcc%2Fbcc%2Fsubject).%20You%20can%20guess%20that%20Exchange%20treat%20these%20as%20fields%2C%20not%20headers.%20Then%20why%20provide%20rules%20which%20talk%20about%20mail%20headers%2C%20just%20wondering.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20help.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278671%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278671%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ramu%2C%3C%2FP%3E%3CP%3EThis%20will%20not%20work%2C%20as%20you%20are%20trying%20to%20block%20an%20email%20using%20a%20Custom%20header%20which%20is%20generated%20by%20a%20Java%20Email%20Application.%20Custom%20Headers%20does%20not%20fall%20under%20predefined%20rules%20in%20Transport%20for%20Office%20365%20as%20far%20as%20I%20know.%20You%20can%20reach%20support%2C%20however%2C%20i%20know%20their%20answer.%20These%20things%20does%20not%20fall%20under%20Office%20365%20scope.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3ERishank%20Ganguly%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278488%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278488%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20test%20with%20telnet%20on%20port%2025%20sending%20to%20Office%20365%3F%20Remove%20the%20client%20from%20the%20equation%20just%20to%20see.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278476%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278476%22%20slang%3D%22en-US%22%3E%3CP%3EHmmm%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWell%20you%20hit%20all%20the%20information%20on%20the%20head%2C%20thank%20you%20for%20being%20through%20in%20your%20response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20does%20sound%20like%20that%20line%20is%20being%20stripped.%20Why%20I%20dont%20know.%20I%20have%20had%20issues%20in%20the%20past%20where%20things%20like%20this%20happened%2C%20and%20ultimately%20through%20a%20long%20escalation%20found%20out%20some%20change%20was%20made%20at%20O365%20that%20was%20never%20published%20because%20it%20was%20considered%20a%20small%20thing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20you%20are%20going%20to%20need%20to%20open%20up%20a%20case%20with%20premier%20support%2C%20show%20them%20these%20details%2C%20and%20see%20if%20the%20support%20tech%20can%20reach%20out%20to%20product%20to%20give%20you%20more%20information%20as%20to%20why.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%20I%20am%20not%20of%20more%20help%2C%20but%20you%20are%20covering%20all%20your%20basis.%20To%20me%20you%20need%20to%20talk%20to%20someone%20on%20the%20back%20end%20of%20the%20receiving%20servers%20at%20Microsoft.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdam%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278414%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278414%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Andy%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tested%20sending%20email%20to%20a%20different%20smtp%20server%20using%20javamail%20client%20with%20header%20set%20and%20the%20header%20shows%20up%20on%20the%20other%20side.%20The%20same%20email%20client%20I%20used%20for%20testing%20with%20Exchange%20online%20just%20to%20be%20consistent%20but%20no%20avail.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278393%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278393%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20telnet%20on%20port%2025%20to%20a%20mail%20server%20of%20your%20choice%20and%20manually%20send%20a%20test%20message%20with%20that%20header%2C%20does%20it%20show%20up%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-277966%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-277966%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Adam%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHeader%20is%20being%20added%20by%20smtp%20client%20(Header%20name%20is%20Custom-Header%20in%20this%20particular%20case%20and%20value%20is%20block%2C%20I%20have%20adjusted%20my%20rule%20to%20reflect%20the%20correct%20header%20name).%3C%2FP%3E%3CP%3EBelow%20is%20snippet%20from%20smtp%20client%20logs%3A%3C%2FP%3E%3CP%3E--------------%3C%2FP%3E%3CP%3EMessage-ID%3A%20%26lt%3B425255836.1.1540471453322.Mail.user%40host%26gt%3B%3CBR%20%2F%3ESubject%3A%20This%20is%20test%20subject%3CBR%20%2F%3EMIME-Version%3A%201.0%3CBR%20%2F%3EContent-Type%3A%20text%2Fplain%3B%20charset%3Dus-ascii%3CBR%20%2F%3EContent-Transfer-Encoding%3A%207bit%3CBR%20%2F%3E%3CSTRONG%3ECustom-Action%3A%20block%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20is%20test%20email%20body.%3CBR%20%2F%3E.%3CBR%20%2F%3E250%202.0.0%20OK%20%26lt%3B425255836.1.1540471453322.Mail.someuser%40somehost%26gt%3B%20%5BHostname%3DMWHPR14MB1135.namprd14.prod.outlook.com%5D%3C%2FP%3E%3CP%3E--------------%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20the%20recipient%20receives%20email%20(which%20it%20should%20not%20if%20rejection%20rule%20works%20correctly)%20I%20can%20see%20mail%20headers%20in%26nbsp%3B%20outlook%3CSTRONG%3E%20File%20%3C%2FSTRONG%3E%26gt%3B%3CSTRONG%3E%20Info%20%3C%2FSTRONG%3E%26gt%3B%20%3CSTRONG%3EProperties%3C%2FSTRONG%3E%2C%26nbsp%3B%20%3CSTRONG%3EInternet%20headers%2C%3C%2FSTRONG%3E%26nbsp%3B%20I%20do%20not%20see%20my%20custom%20header.%20Exchange%20seems%20to%20be%20stripping%20%2F%20rewriting%20headers.%20But%20is%20it%20stripping%20the%20header%20before%20running%20through%20transport%20rules%2C%20I%20have%20no%20way%20of%20knowing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBtw-%20I%20can%20confirm%20that%20I%20have%20seen%20the%20same%20rule%20hitting%20atleast%20once%20(couple%20of%20days%20ago)%20but%20it%20stopped%20working%20the%20next%20day%20(I%20don't%20remember%20making%20any%20config%20changes%20in%20between).%20After%20it%20stopped%20working%2C%20no%20matter%20what%20I%20do%20%2C%20rule%20would%20not%20match%20.%20I%20have%20removed%20all%20transport%20rules%2C%20connectors%20etc%20and%20just%20kept%20this%20single%20rule%20to%20make%20sure%20there%20are%20no%20conflicts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20help%2C%20I%20would%20like%20know%20what%20is%20the%20best%20place%20to%20post%20this%20question%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-277932%22%20slang%3D%22en-US%22%3ERe%3A%20Rejecting%20message%20based%20on%20email%20header%20(%20in%20Office365%20)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-277932%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233489%22%20target%3D%22_blank%22%3E%40Ramu%20Denduluri%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhere%20does%20the%20header%20get%20added%20in%3F%20Is%20this%20being%20done%20by%20a%20third%20party%20system%20or%20server%20before%20it%20is%20reaching%20O365%2C%20or%20is%20this%20being%20done%20by%20the%20client%20of%20the%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20first%20though%20was%20if%20this%20is%20being%20done%20somewhere%20for%20the%20users%2C%20it%20may%20be%20the%20case%20that%20the%20header%20value%20is%20not%20there%20when%20it%20is%20being%20processed%20through%20the%20edge%2Fgates%20for%20your%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20had%20success%20searching%20for%20%22x%22%20headers%2C%20which%20I%20know%20are%20added%20in%2C%20so%20I%20would%20be%20a%20bit%20surprised%20if%20it%20was%20missing%20it.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EWould%20you%20be%20able%20to%20post%20atleast%20the%20part%20of%20the%20header%20the%20action%20section%20is%20included%20in%20for%20our%20curiosity%20sack.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20it%20sounds%20like%20you%20have%20done%20some%20good%20due%20diligence%2C%20this%20might%20be%20one%20of%20the%20cases%20where%20you%20ultimately%20have%20to%20open%20up%20a%20premier%20case%20with%20Microsoft%2C%20as%20there%20is%20only%20so%20much%20we%20here%20on%20the%20forums%20can%20do%20without%20access%20to%20the%20actual%20servers.%20Most%20of%20our%20talk%20and%20suggestions%20are%20going%20to%20be%20speculative%2Fbased%20on%20our%20own%20experiences.%20Atleast%20to%20me%20in%20this%20case%20you%20seem%20to%20be%20pretty%20thorough%20in%20what%20you%20have%20done%20and%20tested%2C%20I%20am%20not%20sure%20how%20much%20we%20can%20find%20out%20without%20getting%20our%20hands%20dirty%20so%20to%20say.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAdam%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ramu Denduluri
New Contributor

I have a very simple 'mail flow' rule which states that exchange should reject a message when it sees an email that has a header set to a specific value. The rule is in active/enforced mode but I can't get it to work.

 

My guess is that exchange is unable to find or match the header (Although the test email I am sending has header set to correct value).

 

I have tried that same (rejection) rule for the 'subject' field and it worked as expected. I am using custom/non-standard header named "Action" but its a valid mail/mime header.

 

Attached is the screenshot of the rule.

 

Thanks.

9 Replies

Hello @Ramu Denduluri,

 

Where does the header get added in? Is this being done by a third party system or server before it is reaching O365, or is this being done by the client of the users.

 

My first though was if this is being done somewhere for the users, it may be the case that the header value is not there when it is being processed through the edge/gates for your users.

 

I have had success searching for "x" headers, which I know are added in, so I would be a bit surprised if it was missing it. 

Would you be able to post atleast the part of the header the action section is included in for our curiosity sack.

 

Also it sounds like you have done some good due diligence, this might be one of the cases where you ultimately have to open up a premier case with Microsoft, as there is only so much we here on the forums can do without access to the actual servers. Most of our talk and suggestions are going to be speculative/based on our own experiences. Atleast to me in this case you seem to be pretty thorough in what you have done and tested, I am not sure how much we can find out without getting our hands dirty so to say.


Adam

 

Hi Adam,

 

Header is being added by smtp client (Header name is Custom-Header in this particular case and value is block, I have adjusted my rule to reflect the correct header name).

Below is snippet from smtp client logs:

--------------

Message-ID: <425255836.1.1540471453322.Mail.user@host>
Subject: This is test subject
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Custom-Action: block

This is test email body.
.
250 2.0.0 OK <425255836.1.1540471453322.Mail.someuser@somehost> [Hostname=MWHPR14MB1135.namprd14.prod.outlook.com]

--------------

 

When the recipient receives email (which it should not if rejection rule works correctly) I can see mail headers in  outlook File > Info > PropertiesInternet headers,  I do not see my custom header. Exchange seems to be stripping / rewriting headers. But is it stripping the header before running through transport rules, I have no way of knowing.

 

Btw- I can confirm that I have seen the same rule hitting atleast once (couple of days ago) but it stopped working the next day (I don't remember making any config changes in between). After it stopped working, no matter what I do , rule would not match . I have removed all transport rules, connectors etc and just kept this single rule to make sure there are no conflicts.

 

Thanks for your help, I would like know what is the best place to post this question ?

 

Regards.

If you telnet on port 25 to a mail server of your choice and manually send a test message with that header, does it show up? 

Hi Andy,

 

I tested sending email to a different smtp server using javamail client with header set and the header shows up on the other side. The same email client I used for testing with Exchange online just to be consistent but no avail.

 

Thanks

Hmmm,

 

Well you hit all the information on the head, thank you for being through in your response.

 

It does sound like that line is being stripped. Why I dont know. I have had issues in the past where things like this happened, and ultimately through a long escalation found out some change was made at O365 that was never published because it was considered a small thing.

 

I think you are going to need to open up a case with premier support, show them these details, and see if the support tech can reach out to product to give you more information as to why.

 

Sorry I am not of more help, but you are covering all your basis. To me you need to talk to someone on the back end of the receiving servers at Microsoft.

 

Adam

Did you test with telnet on port 25 sending to Office 365? Remove the client from the equation just to see.

Hi Ramu,

This will not work, as you are trying to block an email using a Custom header which is generated by a Java Email Application. Custom Headers does not fall under predefined rules in Transport for Office 365 as far as I know. You can reach support, however, i know their answer. These things does not fall under Office 365 scope.

 

Thanks,

Rishank Ganguly

Hi Rishank,

 

I have already reached out to support. They said they will look into the issue.

 

Any idea if it would work for headers such as Message-Id or Content-Type . These are typical headers that every message includes. I have verified it work for From and To headers, but there are specific rules for such fields (from/to/cc/bcc/subject). You can guess that Exchange treat these as fields, not headers. Then why provide rules which talk about mail headers, just wondering.

 

Thanks for your help. 

Hi Ramu, 

You are right, Exchange treats all these as typical headers, and they accept values from any email systems. So these can be treated as Fields. Now, there are some X-MS headers which accepts certain values. Check this article if it helps:

https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-provision-x-...

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies