using exchange server 2013;
A few of exchange users are complaining that they are not receiving emails from a certain domain's certain users. I have checked the sender domains and domain is not found in any BL and domains SPF records are good as well.
so situation is
user1@externaldomain.com sends to myuser@mydomain.com and mail is
received. User2@externaldomain.com sends to myuser@mydomain.com and
mail is not received. User3@externaldomain.com sends to
myuser@mydomain.com and mail is not received.
And a similar complain is made by another user. So, I check a few things and found something in Message tracking…
[PS] C:\Windows\system32>Get-MessageTrackingLog -Server MYSERVER -Start "02/19/2019 02:00:00" -End "02/20/2019 16:00:00" -Recipients "myuser@mydomain.com”
HARED... SMTP user1@externaldomain.com {myuser@mydomain.com}
RECEIVE SMTP user1@externaldomain.com {myuser@mydomain.com}
FAIL AGENT user1@externaldomain.com {myuser@mydomain.com}
AGENT... AGENT user1@externaldomain.com {myuser@mydomain.com}
HARED... SMTP user1@externaldomain.com {myuser@mydomain.com}
RECEIVE SMTP user1@externaldomain.com {myuser@mydomain.com}
FAIL AGENT user1@externaldomain.com {myuser@mydomain.com}
AGENT... AGENT user1@externaldomain.com {myuser@mydomain.com}
I am not sure what is happening. why and what is causing that FAIL
Here are some more details
[PS] C:\Windows\system32>get-ContentFilterConfig
RunspaceId : dd89fbfd-2586-406a-a43f-00c61164159d
Name : ContentFilterConfig
RejectionResponse : Message rejected as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients : {}
QuarantineMailbox :
SCLRejectThreshold : 7
SCLRejectEnabled : True
SCLDeleteThreshold : 9
SCLDeleteEnabled : False
SCLQuarantineThreshold : 9
SCLQuarantineEnabled : False
BypassedSenders : {}
BypassedSenderDomains : { externaldomain.com, externaldomain2.com, paypa.com, CCC.net, gmail.com, microsoft.com}
Enabled : True
ExternalMailEnabled : True
InternalMailEnabled : False
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=ContentFilterConfig,CN=Message Hygiene,CN=Transport
Settings,CN= MYDOMAIN,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=MYDOMAIN,DC=com
Identity : ContentFilterConfig
Guid : 5091c1d6-14da-41db-b651-5c09135de269
ObjectCategory : MYDOMAIN/Configuration/Schema/ms-Exch-Message-Hygiene-Content-Filter-Con
fig
ObjectClass : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged : 2/13/2019 12:17:42 AM
WhenCreated : 4/29/2015 2:26:41 AM
WhenChangedUTC : 2/13/2019 8:17:42 AM
WhenCreatedUTC : 4/29/2015 9:26:41 AM
OrganizationId :
OriginatingServer : ADS.MYDOMAIN.com
IsValid : True
ObjectState : Unchanged
If you notice I have already set some domains in "BypassedSenderDomains" and externaldomain.com has already been added and my spam agent logs are showing that as well, and here are some spam agent logs
2019-02-20T02:28:52.455Z,08D6667109583CE6,xx.xx.xxx.xxx:2525,xx.xx..0.100:61670,xx.xx..0.100,<DB7P193MB03958494272A2C15517BE7F7AA7D0@DB7P193MB0395.EURP193.PROD.OUTLOOK.COM>,user1@externaldomain.com,user1@externaldomain.com;,myuser@mydomain.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: content filtering was bypassed.,,d70d3909-03ce-4458-3f21-08d696db2785,,Incoming
2019-02-20T02:30:25.064Z,08D6667109583CE6,xx.xx.xxx.xxx:2525,xx.xx..8.115:26160,xx.xx..8.115,<DB7P193MB0395D65CF9FA48BAAA779366AA7D0@DB7P193MB0395.EURP193.PROD.OUTLOOK.COM>,user1@externaldomain.com,user1@externaldomain.com;,myuser@mydomain.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: content filtering was bypassed.,,f612e78e-b3f0-4987-5969-08d696db5eb8,,Incoming
2019-02-20T05:03:04.567Z,08D6667109583D5F,xx.xx.xxx.xxx:2525,xx.xx..14.131:24231,xx.xx..14.131,<DB7P193MB0395AB0AA0027FECA619C88BAA7D0@DB7P193MB0395.EURP193.PROD.OUTLOOK.COM>,user1@externaldomain.com,user1@externaldomain.com;,myuser@mydomain.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: content filtering was bypassed.,,ccc92992-4a25-4a7f-9627-08d696f0b235,,Incoming
2019-02-20T06:42:41.796Z,08D6667109583DB4,xx.xx.xxx.xxx:2525,xx.xx..2.120:45283,xx.xx..2.120,<DB7P193MB0395E5E84AD36322A620F6A9AA7D0@DB7P193MB0395.EURP193.PROD.OUTLOOK.COM>,user1@externaldomain.com,user1@externaldomain.com;,myuser@mydomain.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: content filtering was bypassed.,,085ea7bd-add4-43f2-4d93-08d696fe9cea,,Incoming
2019-02-20T09:36:35.505Z,08D6667109583E99,xx.xx.xxx.xxx:2525,xx.xx..5.98:42760,xx.xx..5.98,<AM5P193MB0020E28194DFBEC6E1A4B99EA57D0@AM5P193MB0020.EURP193.PROD.OUTLOOK.COM>,user2@externaldomain.com,user2@externaldomain.com;,myuser@mydomain.com,1,Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,not available: content filtering was bypassed.,,439ae10c-c673-45fc-f7c2-08d69716e7e3,,Incoming
Please advise what i need to check to make sure that my user always receives mails from a certain domain.
Thank you
Ali
Best Answer
Since the event type is fail and the source is agent, it refers to the transport agent, which is being blocked by a transport rule. Have you had a look at the transport config yet? Here's a similar thread for your reference:
https://social.technet.microsoft.com/Forums/en-US/27072b07-6d54-47c4-a724-eaecd9e5aebd/transport-rules-and-message-tracking?forum=exchangesvrsecuremessaginglegacy