I am getting a "421 4.4.2 Connection dropped due to connection reset" and " 421 4.4.2 Connection dropped due to ConnectionAborted" on a few messages.  Message is going from my exchange server to an smtp gateway in the dmz.  I have noticed that this is only happening to emails with zipped attachment.  If I attach those same files unzipped, the message is relayed without an issue. I first noticed this with a specific address, but I have been able to replicate it to my yahooo and msn accounts with the compressed attachment.  There is a PaloAlto firewall between the server smtp gateway.  Here are some logs:

Without Attachment

Identity: EX2010XXXXX\1123444\43962205
Subject: Data 00000160526US01 520789US
Internet Message ID: <XXXXXXXXXXXXXXXXXXXXXXXXXXXX@XXXXXXXXXXX.XXXXX.lan>
From Address: XXXXXX@XXXX.com
Status: Ready
Size (KB): 27
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 3/14/2019 3:16:17 PM
Expiration Time: 3/16/2019 3:16:17 PM
Last Error:
Queue ID: EX2010XXXX\1123444
Recipients:  XXXXXX@yahoo.com;2;2;;0;CN=EX2010_to_XXXdaemon,CN=Connections,CN=Exchange Routing Group (XXXXXXX),CN=Routing Groups,CN=Exchange Administrative Group (XXXXXXXXX),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXX,DC=lan XXXXXXe@msn.com;2;2;;0;CN=EX2010_to_XXXdaemon,CN=Connections,CN=Exchange Routing Group (XXXXXXXXXXX),CN=Routing Groups,CN=Exchange Administrative Group …

Going to be migrating to Exchange 2016 (from EX2010) and need some advice on External URL's and SSL Certs.  On my Exchange 2010 I was using the host name of both my Internal & External URL's for Virtual Directories (ActiveSync, OWA, AOB, ..etc).  I was told that it is recommended to not use the host name on these external url's.  I should use ex.: mail.mydomain.com (use just general mail name instead of my host name).  So should i just use this on my External URL's or both Internal and External?

When creating my new SSL Cert for EX2016 would I still need to put my host name on this Cert?  My current SSL Cert (EX2010) has the following: hostname.mydomain.com; autodiscover.mydomain.com, legacy,mydomain.com; mydomain.com.

I would like to use as minimal amount of SAN names as possible.

I have exchange 2016.  I have a user that receives payroll info that is encrypted.  Those emails are not being delivered.  The spam company says they have handed it off.  I check the message tracking logs and that email doesn't exist there.  How can I verify the email was actually received or not during the transport from the Spam host to my exchange server?

We are deploying Office 365 and setting up a new domain for a new company. There is an on-site AD using the Sync program to sync accounts to O365.

We have a problem whereby everyones default outbound email address is not using our own domain name but is using the company.onmicrosoft.com one.

In the AD users, the UPN is set to use the correct domain name, in O365 it wont allow us to update the priamry email address, but says to update it on the AD. im not sure where to update this, or waht to do to fix it?

Any help appreciated.

Thanks

I have perflib event errors after a fresh install of Server 2016 and Exchange 2016. I have re-installed the performance counters for Exchange. Commands in text file attached.
I have these event logged in eventviewer.
Event ID 1023
Attached text file for more information.

Appreciate your help.
Event.txt

IS there a way to export multiple mailboxes out of Exchange Server 2010?

We are on O365 and have noticed that internal emails sent using this method, mostly option 2 (https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3), are sent to the junk mail folder. On most occasions we right click and tell it to trust our domain. However on a certain email they keep going to the junk mail folder even though we tell it to trust the domain. I am going to double check with the person who handles the script/application that sends the email to see how they are doing it because the strange thing i see is that it says its coming from, device@domain.com, but when i do a message trace on the O365 admin side it shows the person who initiated the script/application.

The way the script application works it we are using sharepoint and our sharpoint admin created a page/site that allows a user to request a check. They fill out a form and then when they hit submit it goes to the person they request the check from.

So if Bob Smith is the one doing the check request it's sent to the person he choose from the drop down and when that person sees the email it looks like it's coming from device@domain.com.but the message trace shows the person who initiated the check request.  

I don't know where on the O365 admin side i look at for internal rules. I'm thinking since its uses the smtp relay it seeing it as an outside email? But I am not sure.

We are on Exchange 2010 onsite, and I have been asked a question to see if I can find emails from a certain person (email address) and we have 35 some odd users, they want me to see if I can scan any and all emails to see if there are emails from this person either going out or coming in?
Is there a way I can run a scan of some sort on the Exchange Server?

Good morning,
                  I need to configure an exchange 2010 (SBS 2011 product) with two ISP providers to send and recieve mails from. Send part is easy because i add a second A record on my AD DNS and it works. But i don't know how i can recieve from second ISP because i can't use 587 port for both ISP. Should i create a FW rule on my router? External record are created with both MX records.

Thank you very much,
Regards,
Martín Averame

Hi One of my bigger clients had an outside firm come in and check out the network for things I was doing wrong.  One thing they found was two email addresses that were for sale on the dark web.  They just suggested changing the password and all would be fine.

Question: how do you search the "Dark Web" for emails on one of my domains that are for sale?  

Thanks all

I am doing some analysis of shared mailboxes and I am getting confused how some mailboxes are being monitored/accessed, if at all, due to who has access to them, or the lack of people who have access to them should I say.

For example, I ran this query to get a list of mailbox permissions:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITYSELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv

Select all Open in new window

which works great, and gives me who has full control, sendas etc to all mailboxes. However, on a couple there is literally nobody bar a standard exchange admin account with access. So I cannot see how anyone is monitoring these mailboxes. So my query is - is this command giving me a true picture of who can access the mailbox, or are there alternative ways of granting access to a mailbox that the output of this command does not reveal? The server is exchange 2010.

looking for a minimal C or other compiled program that can act as a replacement for the "sendmail -ti" command

it would write mail files read on STDIN to a maildrop directory in a well known or configurable location.
recipients will be extracted from the headers.
replacements that send the mail over smtp DO NOT qualify. please do no suggest mini_sendmail

it needs to be compiled/compilable for linux and opensource. no perl, no shell, ...
if it comes in a debian existing package, all the better.

i'm currently looking into adapting postfix's but i'd rather use something minimal that does not require so many config files and dynamic libs.

thanks

is there a way in exchange server to get a full report of all mailboxes, which AD account they are associated with (mailbox owner?), and all distribution groups. Just a really basic list of all mailboxes and distribution groups in a single report, showing type, e.g. this is a mailbox, this is a distribution list, written to CSV. Similar I suppose to a full version of the global address list in outlook but also showing hidden entries, but to easily show which items are mailboxes and which are distribution lists.