Solved

Exchange Online Protection and internal email

Posted on 2015-01-20
7
272 Views
Last Modified: 2015-01-23
Hi,

Last month we pointed our Exchange 2010 server to EOP to help reduce spam and virus problems. I set up the Exchange server to use send through EOP as well. I've been tweaking the settings as best as I can, but we are having one big problem. A lot of our internal email is being caught by the Junk Email filter in Outlook, even if we specify our domain as a safe sender. Are there any other settings I can look at whether in EOP or Outlook that could fix this? We have a lot of users missing important emails and reports that are send internally that they don't see until they check their Junk Email folder.

Thanks!
0
Comment
Question by:OrbusLLC
  • 4
  • 3
7 Comments
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
Comment Utility
Just add some transport rules to set SCL to -1? You can also add the IPs to the IP allow list under Protection -> Connection filter. Here is an article with more details on both methods: http://technet.microsoft.com/en-us/library/jj200718(v=exchg.150).aspx
0
 

Author Comment

by:OrbusLLC
Comment Utility
So will this work with internal IP's or do I enter my external IP's? We are in hybrid mode right now. Getting ready to move users into the cloud.

Thanks!
0
 
LVL 38

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
Comment Utility
For hybrid, mail between the two organizations should be treated as internal, if it doesnt, check this article for some common causes: http://support.microsoft.com/kb/2663556

Creating transport rules with SCL set to -1 should solve any remaining cases. The Connection filter Allow list will accept private IP ranges too, but you should of course add the IP that the EOP servers 'see' (i.e. check headers).
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:OrbusLLC
Comment Utility
I worked with a tech from Microsoft last night on my hybrid configuration and asked him the question about internal email going to the junk e-mail folder. He said that all internal email is rated with -1 so if it's still going to junk e-mail there must be something Outlook see's. Is there a way to add our domain as a safe sender for all users? I guess it would be in group policy. But would that help? I believe I have a couple users with the address in question as a safe sender, but it still goes to junk email.

Thanks
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
Comment Utility
Well, check the headers of one of those messages. If SCL is indeed -1, Outlook is to blame. If SCL is different, review the article above to make sure mail is indeed treated as internal.
0
 

Author Comment

by:OrbusLLC
Comment Utility
Here is the one that went to Junk E-Mail, I don't even see an SCL rating!

Received: from SQLSERVER (192.168.254.8) by mail.company.com
 (192.168.254.118) with Microsoft SMTP Server id 14.3.210.2; Wed, 21 Jan 2015
 07:45:04 -0600
Thread-Topic: This was executed at 1/21/2015 7:45:04 AM
thread-index: AdA1gHXUfQq+9EY4T0qOko1pQz6QjQ==
Reply-To:
From: <admin@company.com>
To: <user@company.com>
CC: <userl@company.com>, <user@company.com>,
      <user@company.com>, <user@company.com>,
      <user@company.com>, <user@company.com>
BCC:
Subject: This was executed at 1/21/2015 7:45:04 AM
Date: Wed, 21 Jan 2015 07:45:04 -0600
Message-ID: <0496B19573FC477792F632E1C096A9AF@company.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----=_NextPart_000_0E78_01D0354E.2B5C39D0"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18645
Return-Path: admin@company.com
X-MS-Exchange-Organization-AuthSource: mail.company.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-Auto-Response-Suppress: DR, OOF, AutoReply
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
Comment Utility
This is like internal internal one, it doesnt even go to EOP :) Change SQLSERVER to something that at least resemble an FQDN if possible, i think this is what Outlook doesnt like.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now