BMH Kong
asked on
error message 554 5.7.1: Exchange 2013 blocking emails (banned words)
My Exchange Server 2013 is blocking genuine emails with the error message 554 5.7.1 This message has been blocked because it contains a banned word. (in reply to end of DATA command). Where do i maintain this list as i never setup any filtering on the exchange server. I already have the filtering on the gateway level. This is strange as i even disable the malware filtering in the Exchange 2013 ECP. I don't want any blocking of emails on the Exchange server
Rdgs
Kong
Rdgs
Kong
ASKER
Yes incoming email. . There is filtering on the cloud which I want to maintain the control there. I want to disable the filtering feature on the server. I checked the cloud filtering (Trend Micro Email Hosted Security) that the email was released and delivered to the exchange server.
ASKER
I am using exchange 2013. What ps can I call out for the similar results?
ASKER
It is also strange. I ask the sender to send to my Gmail and then I forward to the exchange server and it was delivered. So where is the banned word in this case? If banned word, it shd be blocked as well
Do you have any third party Transport Agent? if yes you may give a try by disabling it
ASKER
No, I did not install any third part agent on the exchange server
Get-Transportagent Does it show anything?
Does it behave the same way for internal and External or how does it behave?
Pipeline tracing will help it
Does it behave the same way for internal and External or how does it behave?
Pipeline tracing will help it
ASKER
Hi Pradiip Singh, i have the follow result . For the blocked email, only some external incoming email has this issue. Internal email is ok
[PS] C:\Windows\system32>get-tr ansportage nt
Identity Enabled Priority
-------- ------- --------
Transport Rule Agent True 1
Malware Agent False 2
Text Messaging Routing Agent True 3
Text Messaging Delivery Agent True 4
[PS] C:\Windows\system32>get-tr
Identity Enabled Priority
-------- ------- --------
Transport Rule Agent True 1
Malware Agent False 2
Text Messaging Routing Agent True 3
Text Messaging Delivery Agent True 4
a number of logs against incoming SMTP connections to the Exchange server. please see all related logs from below official guide.
https://docs.microsoft.com/en-us/exchange/mail-flow/transport-logs/transport-logs?view=exchserver-2019
of course, you don't really need to manually search throughout all the logs, just use "554 5.7.1" as the keyword to check the related logs available on your Exchange server.
please update once you have found something interesting. thanks.
https://docs.microsoft.com/en-us/exchange/mail-flow/transport-logs/transport-logs?view=exchserver-2019
of course, you don't really need to manually search throughout all the logs, just use "554 5.7.1" as the keyword to check the related logs available on your Exchange server.
please update once you have found something interesting. thanks.
ASKER
I cant figure anything on the log. Not sure if the logging was disabled.
I ran the following commands
[PS] C:\Windows\system32>Get-Co ntentFilte rConfig | Format-List ExternalMailEnabled
ExternalMailEnabled : True
Can i know if the top command shows that content filtering is enable? and i ran the below command
[PS] C:\Windows\system32>Set-Co ntentFilte rConfig -ExternalMailEnabled $false
[PS] C:\Windows\system32>Get-Co ntentFilte rConfig | Format-List ExternalMailEnable
ExternalMailEnabled : False
did i disable the content filtering correctly?
i have yet to test it as i have no way to reach the sender on a weekend
Rdgs
I ran the following commands
[PS] C:\Windows\system32>Get-Co
ExternalMailEnabled : True
Can i know if the top command shows that content filtering is enable? and i ran the below command
[PS] C:\Windows\system32>Set-Co
[PS] C:\Windows\system32>Get-Co
ExternalMailEnabled : False
did i disable the content filtering correctly?
i have yet to test it as i have no way to reach the sender on a weekend
Rdgs
you can do that but you need to verify it if its set for what? and if that specific one is your issue
ASKER
Well the error message has something to do with ban word. So I guess is the content filtering that causing this. Hence is an trying to disable totally for external email content filtering. I have content filtering on the cloud, so I think I am relatively safe. I will test it tomorrow. Thank you
ASKER
the error is still there. I have disable content filter for external email,
[PS] C:\Windows\system32>Get-Co ntentFilte rConfig | Format-List ExternalMailEnabled
ExternalMailEnabled : False
but still i have this bounced email
554 5.7.1 This message has been blocked because it contains a banned word. (in reply to end of DATA command)
Anyone expert can help?
[PS] C:\Windows\system32>Get-Co
ExternalMailEnabled : False
but still i have this bounced email
554 5.7.1 This message has been blocked because it contains a banned word. (in reply to end of DATA command)
Anyone expert can help?
Do you have any custom Transport Rules that may be blocking mail by Subject or Message Body content. Run Get-TransportRule to view rules.
ASKER
yes i do, but those are only forwarding emails to another email addresses. I dont have any rule to check for ban words and bounce it back.
Did you restart the transport services after disabling it ? also you can do the message tracking and see which agent has rejected it while processing
ASKER
yes i restart the entire server still cannot. Can teach me how to completely stop or remove the content filtering function?
Try this - Set-ContentFilterConfig -Enabled $false
Reff - https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/content-filtering-procedures?view=exchserver-2019
Reff - https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/content-filtering-procedures?view=exchserver-2019
The problem seems to be related to the server that sends these emails.
If you can get the same mail from a place like gmail or outlook.com, you should search the problem on sender side.
If you can get the same mail from a place like gmail or outlook.com, you should search the problem on sender side.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
This is incoming email?
You have filtering "in the cloud", which sends all email into your Exchange server?