Solved

Exchange 2010 mails with 15MB attachments getting blocked

Posted on 2012-04-02
22
3,371 Views
Last Modified: 2016-07-29
Hello!
Our organization uses Exchange 2010 SP1 RO 6.
One of our users cannot receive mails sent from an external email address when the mail has a 15 MB attachment (the user can receive mails from the same sender when the attachment size is less than 10 MB), although our Exchange server is set with mail size receive limits as 20 MB.
All our mails come through an external spam scanner ZScaler. But these mails with a 15 MB attachment do not appear in the logs of the spam scanner nor in the Exchange server logs.
The sender receives this error reply, after trying to send a mail to our user.
----

  The following organisation rejected the message: mta1c.mail.zscaler.net.



   Diagnose information for system administrator:

   Generating server: TM-SE-EX.Myhrvold.local

    <our.users.emailaddress@ourdomain.com>
    mta1c.mail.zscaler.net #554-Transaction failed (id=4F74675610C00001), maximum 8    recipients listed below: 554-Address: <our.users.emailaddress@ourdomain.com> Server:95.172.88.18 Command:EODT Error:554 Transaction failed 554 Transaction failed ##



-------

95.172.88.18 is incidentally ‘mta1d.mail.zscaler.net’ which is not located on our MX records.
Our MX records are as:
Priority                       FQDN
40                    mta1e.mail.zscaler.net.
50                  mta1a.mail.zscaler.net.
100                  mta1c.mail.zscaler.net.

The receive limit for that particular user’s mailbox is not set.
All receive connectors have a maximum receive limit of 20 MB.
Maximum receive size for Organisation (Global Settings->Transport Settings) is also 20 MB.
These blocked mails, do not appear in the logs of the Spam scanner and neither in our Exchange Transport logs.

Our spam scanner, ZScaler, says that the mail is blocked by our Exchange server and not the spam scanner.
Where could the problem lie?

Thanks!
0
Comment
Question by:Tomasz Czyz
  • 11
  • 6
  • 3
  • +2
22 Comments
 
LVL 3

Expert Comment

by:darasunil
ID: 37795307
you can check this by bypass your zscaler.net server
1. configure Outlook Express or any PoP3 / SMTP email client
2. configure SMTP as your exchange server
3. send mail more than 15 MB
4. If it goes well to user than there is problem with your ISP
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37795309
There is a possibility that the anti-spam you are using have the settings of 10 MB and didn't allow emails more then that.
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37795313
You can also check by sending emails internally of more then 10 MB and up to 20 MB.
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795327
It's easy to miss a connector in 2010.  Here is a link that includes a script to sort your connectors and give you some useful output to help identify if you missed any.  
http://www.flamingkeys.com/2011/04/how-to-standardise-exchange-2010-message-size-limits/
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795346
I've sent mails from an external mailaddress with an attachment of 13 MB and it came in.
Also the Spam Scanner guys say that their limit is 128 MB per mail.

But what does that error mean -

1. The following organisation rejected your message (since that is shown as one of the spam scanner's servers, does that mean it is blocked at the spam scanner)
2.Command: EODT for Transaction Failed Error: 554
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795352
All receive connectors and TransportConfig checked.
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795363
Error 554 is a very vague message.  Do you have internal Spam filtering on the Exchange server turned on by chance?
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795379
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795722
Thanks! But internal spam filtering is off and we are not using the Edge server role (hence no filtering by attachments like shown in the link).
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795736
This would be time to go from theory to trial.  Can you bypass the spam filter for a bit just bit to see if the message goes through?  All data points back to your spam filter being the culprit.
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795738
@darasunil...
I bypassed the spam filter and tried and it worked....it even worked for a test mail with an attachment of around 13 MB through the spam filter for me.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795743
What I find strange is that the error occurs at a server of ZScalar which is not in my MX records....
but I have seen various 504 errors ......but what does the EODT mean here?
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795748
And why is it not appearing in the logs of the spam filter.....Once before we had a similar problem....due to a wrong value for receive limit on one of my Send Connectors, the mails were blocked by our server....but they didnt appear in the logs of the spam filter (won't the mails first go through it and then come to Exchange and get blocked?)
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795845
Well the message states that the spam filter server is the one that gave the message.  You went through and checked for size and file type restrictions, as well as Spam restrictions.  There are also no logs on your server.  You have conflicting information.  The research you did here shows you should not be having an issue on your side.  If the message comes through without spam filtering you would know it was the filter.  If not, it is still somewhere on your server despite what we were able to look at.
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37795866
I checked for size, file type and spam restrictions on the Exchange server and found none because we don't have Anti-Spam (internal spam filter) in Exchange turned on and don't have an EDGE server role, hence I dont think we have file type and size restrictions.(as mentioned in the link). Yes, no logs on our server and on the external spam filter service's server (atleast according to the normal portal we can use to see logs). My test messages with large attachments came through with and and without the external spam scanner, but unfortunately a similar message was blocked for a normal user.
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795969
Can you send a larger attachment from a different outside address to that particular user?  If not, can you send from that same external address to a different user?
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37796043
Are you able to receive the email of 15 MB from the same sender whose emails are being rejected for the other user.
0
 
LVL 2

Accepted Solution

by:
Tomasz Czyz earned 0 total points
ID: 37826840
I restarted the Exchange servers and the services, maybe the limits were not applied earlier.
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37826851
NA
0
 
LVL 2

Author Comment

by:Tomasz Czyz
ID: 37826853
This was not really a solution
0
 
LVL 2

Author Closing Comment

by:Tomasz Czyz
ID: 37847929
This was not really a solution.
0
 

Expert Comment

by:mao sunsami
ID: 41734501
Dear Experts-exchange,
I have running exchange 2013, and I want to all my clients attachment file up to 15MB send out to internet, I ready done on user mailbox and send/receive connector. Another one step is change on Edge transport server. but I got an error when I set command "Set-TransportConfig -MaxSendSize 15MB", it got an error with message "An unexpected error has occurred and a Watson dump is being generated: Specified cast is not valid.

Any help,
Thanks in adv
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now