550 Administrative prohibitio

What do you mean CU3 is not supported, it's only like 4 or 5 months old?  oh well.  I guess I need to upgrade to SP1, but I'm a bit scared as to upgrade to SP1, I read that it does a complete uninstall of exchange and then reinstalls it.

In the past, when that took place, all my custom configurations got lost, so that's why I'm not really anticipating on performing the upgrade.

My hardware firewall has anti-spam, but I don't have any software installed on my exchange server.   All other emails are fine, so I'm a bit perplexed about receiving this error message.

How can I tell if I'm using the anti-spam agents in exchange, I guess I'm not sure, I would have to check.

so under malware filter, it's enabled, with the lowest priority, I guess by default.
I don't remember turning it on, so it's what ever got turned on by default.

CU3 is almost twelve months old - it was released in November of last year.
The support cycle is well documented - the Exchange product team blogged on it.
http://blogs.technet.com/b/exchange/archive/2013/02/08/servicing-exchange-2013.aspx

All Exchange 2013 updates are a remove and reinstall of the product. It is the best way, resolves a lot of problems. It also means if you do a new installation of Exchange you can use the current CU for the update.

Simon.

so  are you saying that it's best to wait until CU7 comes out?
I don't know what the "litigation hold" is.

I actually checked using powershell if the email that should have arrived in exchange, but it never made it in exchange.

If my exchange servers sends this message:
Google tried to deliver your message, but it was rejected by the server for the recipient domain domain.org by mail.domain.org. [66.xxx.xxx.xxx]. The error that the other server returned was: 550 Administrative prohibition

Doesn't that mean that it made it to my exchange server?  I'm just trying to find out how to resolve this type of problem?

Simon,

so does that mean that all my receive and send connectors I created, I have to recreate those?
How about the rest of the data that I have, does it save all of my configuration?

so  are you saying that it's best to wait until CU7 comes out?
 I don't know what the "litigation hold" is.

Litigation hold gives you the ability to put a mailbox on hold so the user can't delete any items that could be used in a court case. If you aren't using that. Or have another appliance or service outside of Exchange that provides that for you, then you can safely update to CU6.

If you don't see it in Message Tracking, you could try and browse manually through the SMTP Receive Protocol log. Sometimes connections are dropped here and never logged any further.

But my guess is still the firewall. Can you temporarily disable anti-spam on the firewall to test? Or, do you have logging on the firewall to see if the message was blocked?

When you install the cumulative update, all settings are retained. Therefore if you have created additional connectors, those will be retained as well.

As this message was rejected at the point of delivery it isn't going to appear in message tracking. The only place it would appear is in the logs for the receive connector, which are not enabled by default.

CU7 is due at some point next month. Hard to say whether to wait or not.

Simon.

How do I enable the the logs for the receive connector?
Then what command would I use to search for a specific email by email address?

From EAC.

Mail Flow >> Receive Connectors >> double click your connector (most like the Default Frontend) >> on the General tab click Verbose. Click Ok. Restart the Transport Service.

Will this cause the logs to grow exponentially?
Is this log something I only turn on for testing purposes, or can I leave it enabled always?

I made some changes to my firewall and after testing again today, I received the email.

The culprit was my firewall, which I suspected.

Thanks guys for the good info.  I'll plan to upgrade to SP1 in a few weeks I think.