Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


the internal  virtual IP of network balance hub cas sever is written in the reply of postmaster

Posted on 2012-09-02
Medium Priority
Last Modified: 2012-09-15
Althought I removed the  ms-Exch-Send-Headers-Routing from the user NT AUTHORITY\ANONYMOUS LOGON in the send connector and
and the name of our internal server doesn't appear in the  message header of the sent message
the  internal virtual IP of network balance hub cas sever is written in the reply of postmaster to an external mail  as shown below ,what can i do to

#550 5.7.11 this user is not exist ##

Original message headers:

Received: from mail-iy0-f180.google.com ( by mail.mydomain.com
 (virtual internal IP of nework load balanced servers) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 30 Aug
 2012 11:23:25 +0200

my topology :

I have 2 mailbox mbx1 and mbx2 server members in DAG1 group
I have 2 network load balance servers hubcas1 and hubcas2
2 active directory
Question by:omzeyad
  • 5
  • 4
LVL 35

Expert Comment

ID: 38360726
It looks like that the stamp is made while receiving the original message?
Received from Google by YourExchnage....

So you may try also

If this is the case it may also cut off the stamp for other received mails...

Author Comment

ID: 38363424
Dear Bembi,

no it is not the case ,I tried to remove the Ms-Exch-Accept-Headers-Routing from the two intrenet receive coonnector I have and the default receive connector too but nothing changed

also |I tried to remove headers permission from the send connector I have
here is a breakdown-list of what I have removed :

 mydomain\Exchange Servers

 mydomain\Exchange Servers

 mydomain\Exchange Servers

 MS Exchange\Partner Servers

 MS Exchange\Hub Transport Servers

 MS Exchange\Hub Transport Servers

 MS Exchange\Hub Transport Servers

 MS Exchange\Edge Transport Servers

 MS Exchange\Edge Transport Servers

 MS Exchange\Edge Transport Servers

 MS Exchange\Externally Secured Servers

 MS Exchange\Legacy Exchange Servers
LVL 35

Expert Comment

ID: 38364381
The base point of my idea was the following....
If you send a message, the routing information is put into the header...
You stopped this by ms-Exch-Send.....

As I see in the routing, I assume you tried to send a mail from google to your server to an unknown address and got back the NDR with the message above.

The mail was stamped while receiving, means ms-Exch-Send... can not work. It must have to do with Ms-Exch-Accept...

Have you tried to set them analog the  ms-Exch-Send..... settings?
So Ms-Exch-Accept... with Routing, Organisation, Forest?

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 38366905
yes I removed the Ms-Exch-Accept-Headers-Routing from the 2 internet receive connector and the default receive connector but nothing changed as I told you ,and kindly be noted that I want to remove the original header from the reply of the postmaster as you can see below :

this NDR is generated as I configured up mailbox  to receive only messages from authenticated users ,so naturally if I sent from gmail to this account I will got an NDR ,I just want to remove the original header from the NDR

Delivery has failed to these recipients or groups:

Your message can't be delivered because delivery to this address is restricted.

Diagnostic information for administrators:

Generating server: mydomain.com.eg

#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##

Original message headers:

Received: from mail-ie0-f180.google.com ( by mail.mydomain.com.eg
 (myinternal IP) with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 4 Sep
 2012 13:26:11 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
MIME-Version: 1.0
Date: Tue, 4 Sep 2012 13:33:38 +0200
Message-ID: <CAFE6j3xkGN78XxSSOsR8pdJ49kJE6t8iV-iN743uvg-GmUD=8g@mail.gmail.com>
Subject: partner-routing
From: nashwa Zaki <nashwa.sowelam@gmail.com>
To: <up@mydomain.com.eg>
Content-Type: multipart/alternative; boundary="14dae9340e0b20222204c8dea11a"
Return-Path: nashwa.sowelam@gmail.com
Received-SPF: Pass (HC01.mydomaindc.local: domain of nashwa.sowelam@gmail.com
 designates as permitted sender)
 receiver=HC01.mydomaindc.local; client-ip=;

Final-Recipient: rfc822;up@mydomain.com.eg
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized
LVL 35

Expert Comment

ID: 38367759
Yes, nevertheless I come back to my statement....
a.) You send a mail to your server.
--> Receive --> Mail is stamped...
b.) Your server produces an NDR and puts the original header (the header from the receiving, which is stamped) into the NDR.

That means, in my mind, you can only avoid it, if you do NOT allow the stamping of incoming emails.

The sending filter removes the header from the outgoing mail, but not from the content, which is put into the NDR.

Another option may be, at least for this case, to use the anti-spam functionality and set the "Block messages sent to recipients not listed in the Global Address List" of the Recipient Filtering option. This at least changes the NDR and does not send a header information.

Or you may just customize the settings for the NDRs

Author Comment

ID: 38367820
Dear Bembi

thanks for your patience in advance and your kind support

Let me change the question the problem is not about NDR regarding non-existing user my server also generate NDR for mailboxex that only accepts message from authenticated users .

the problem in in the diagnostic information of the NDR itself ,as you know every NDR has 2 section user section and Diagnostic Information for Administrators

the diagnostic information for administrators display the virtual internal ip of the network load balanced hub-cas servers .  as you see in the previous post

did you got me
LVL 35

Expert Comment

ID: 38369608
> also generate NDR for mailboxex that only accepts
The idea was just in general to use customized NDRs, you can create them for every return code...

But you are right, the extended information may there too...

So comming back to Ms-Exch-Accept-xxx
to avoid the stamping of the original incoming mail, which is put into the NDR?

Accepted Solution

omzeyad earned 0 total points
ID: 38382564
I solved the problem by running the following

set-Remotedomain -NDRDiagnosticInfoEnabled $false

then it prompts me for the identity so I typed *

and voila there is no diagnostic information in the NDR sent to remote domains

Author Closing Comment

ID: 38401304
as my solution solved the problem

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month14 days, 2 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question