Exchange Server 2007 not sending external Out of Office

Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
Ok, background of my setup is: I have a vm environment with 2 exchange servers 1 is running Exch 07 Mailbox role and the other Exch 07 HUB/CAS role both on Windows Server 2008. Mail is being delivered via a smart host (which is basically the ant-spam server). The problem I am having is i cannot get the external out of office to send out, internl is fine. When I turn message tracker on I get the following failed message from my external out of office: 550 Relaying not permitted (3.7):

On hub transport server in remote domains the 3 rd option to allow out of office is selected.

I have read some forums where the only way people have got external out of office to work is to allow mail to be delivered directly ie via dns mx record. This is far from ideal and not an option for me as all mail must go through our smart host. There must be another alternative to make the External OOF route through my smart host, does anyone know of one?

Apparently microsoft have designed it this way and I have included some text supporting this, This is all related to a change that Microsoft has made to Exchange 2007's OOF & NDR responses. Essentially, previous versions of Exchange did not follow RFC 2298 guidelines for Message Disposition Notification (MDN) messages and therefore responded with an email address in the FROM: field, which doesnt actually follow the correct definitions for this type of SMTP response. The latest version of Exchange now strictly follows RFC 2298 definitions for MDN messages.

The reason that this is an issue is because a blank sender field is often used by spammers to distribute unsolicited mail and is therefore blocked by default by many anti-spam systems. Anti-spam systems such as this are deployed at most major ISPs to avoid their mail relays being abused by users or compromised systems on their network, hence my customer's ISP were actually blocking their MDN messages (even though they appeared to accept them without issue).



Any suggestions or site to be pointed are most welcomed, thank you for your time. cheers Bruce

Comments

  • CorySCoryS Member Posts: 208
    When you are expecting an OOF are you sending the mail to a distribution group? i.e. [email protected]
    MCSE tests left: 294, 297 |
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    /fires up Exchange lab.

    When you say direct via DNS - you mean direct out the internet (i.e. the CAS/HUB doing all the resolution and sending out)

    Did this work with 2003?

    Is this a limitation of your spam server?
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    CoryS wrote:
    When you are expecting an OOF are you sending the mail to a distribution group? i.e. [email protected]
    no, I'm expecting the OOF to reply to external senders address by the default way that it was installed in exchange 2007. thanks
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    gorebrush wrote:
    /fires up Exchange lab.

    When you say direct via DNS - you mean direct out the internet (i.e. the CAS/HUB doing all the resolution and sending out)

    Did this work with 2003?

    Is this a limitation of your spam server?

    yes this worked fine in 2003 using exactly the same spam server, something in exhange 2007 has changed. I read somewhere that the OOF replies externally with a blank address so most spam filters think this is spam. I can have another look at my spam server but I was wondering if anyone has a simliar setup delivering mail out via a smart host (spam server) and their external OOF is working. thanks
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    Bmac000 wrote:
    gorebrush wrote:
    /fires up Exchange lab.

    When you say direct via DNS - you mean direct out the internet (i.e. the CAS/HUB doing all the resolution and sending out)

    Did this work with 2003?

    Is this a limitation of your spam server?

    yes this worked fine in 2003 using exactly the same spam server, something in exhange 2007 has changed. I read somewhere that the OOF replies externally with a blank address so most spam filters think this is spam. I can have another look at my spam server but I was wondering if anyone has a simliar setup delivering mail out via a smart host (spam server) and their external OOF is working. thanks

    if this helps anyone the setting specifying how mail is delivered out via its connector is on the HUB server under organisation configuration > send connectors > right click all email > properties > network tab. It is this setting that i have going via my smart host (spam server) which i do not want to change.
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Could get users to use a reply rule as opposed to OOO ?

    Bit of a pants way around, but would get round the problem.
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    I'm using a smart host and my external ooo has always worked fine...
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    When you're looking at the logging, what server is actually doing the rejecting? It will give you the address... is it Exchange, your spam appliance, ISP?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    blargoe wrote:
    I'm using a smart host and my external ooo has always worked fine...
    thats good to know. This is on windows 2008 with exchange 2007? did you have to create any special rules on your smart host?
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    blargoe wrote:
    When you're looking at the logging, what server is actually doing the rejecting? It will give you the address... is it Exchange, your spam appliance, ISP?

    it seems to be the smart host so looks like thats where the problem may be as the error is 550 relay not permitted.
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    Bmac000 wrote:
    blargoe wrote:
    I'm using a smart host and my external ooo has always worked fine...
    thats good to know. This is on windows 2008 with exchange 2007? did you have to create any special rules on your smart host?
    Windows 2003 Standard with Exchange 2007
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • CorySCoryS Member Posts: 208
    I use a smart host as well although it doesnt do any outbound message hygiene as yours sounds like it does.. I had to add the ip of the sending HT server to the allowed list of sending machines on the smart host.. I have yet to have an OoO response fail for any reason beyond the minor tweaks required for distribution groups.
    MCSE tests left: 294, 297 |
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    CoryS wrote:
    I use a smart host as well although it doesnt do any outbound message hygiene as yours sounds like it does.. I had to add the ip of the sending HT server to the allowed list of sending machines on the smart host.. I have yet to have an OoO response fail for any reason beyond the minor tweaks required for distribution groups.

    thanks CoryS i wll have a look at that also.
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    CoryS wrote:
    I use a smart host as well although it doesnt do any outbound message hygiene as yours sounds like it does.. I had to add the ip of the sending HT server to the allowed list of sending machines on the smart host.. I have yet to have an OoO response fail for any reason beyond the minor tweaks required for distribution groups.

    thanks CoryS i wll have a look at that also.
  • ken-dohken-doh Member Posts: 2 ■□□□□□□□□□
    same problem here.

    did anyone get to the bottom of this ? we are having that issue with NTL.

    I cant believe there is no way to set a default returnPath for OOO alerts.

    HELP !!!!
  • Bmac000Bmac000 Member Posts: 43 ■■□□□□□□□□
    yes we set a rule on the smart host (spam box) to allow all outbound. probably not the best way of doing it but it worked
    ken-doh wrote: »
    same problem here.

    did anyone get to the bottom of this ? we are having that issue with NTL.

    I cant believe there is no way to set a default returnPath for OOO alerts.

    HELP !!!!
  • ken-dohken-doh Member Posts: 2 ■□□□□□□□□□
    hi

    not much good when our smart host is NTL and they wont make that change

    icon_sad.gif

    idiots.

    we now relay via messagelabs
Sign In or Register to comment.