Exchange 2007 Send Connectors

Hello,
I'm relatively new to administering Exchange and I had some questions on Send Connectors. We send mail to a few different domains that usually 75% of the time will generate a message saying:
Delivery is delayed to these recipients or distribution lists:
This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.
Delivery of this message will be attempted until 1/9/2014 9:31:13 AM (GMT-05:00) Eastern Time (US & Canada). Microsoft Exchange will notify you if the message can't be delivered
by that time.
Sometimes messages will make it to the intended recipients and other times not. Most of the time they are just regular emails without any attachments on them. I'm not exactly sure how connectors work, but I'm thinking that I can set one up to tell exchange
that it should route these certain emails to that domain. Is this the correct thought process on how a send connector would work and are there any ramifications I need to worry about if I set up a second or third send connector?
I apologize if this is naïve or doesn't make sense. Please let me know if you need more information. We run Exchange 2007 on Windows SBS 2008.
Thank you.

Hi,
It seems that it could be a reverse DNS lookup issue. I recommend you check if the reverse DNS record is configured correctly.
If it is ok, I suggest you enable logging at your send connector. Then check the log to see if you could find some clues.
Best regards,
Belinda
Belinda Ma
TechNet Community Support

Similar Messages

Import csv file in Address Spaces in an Exchange 2007 Send Connector

hello , i must put more than 300 domains in the addres space of a Send connector.
is possible have a csv file with the 300 domains and a powershell script to import this file in the address space of one send connector?
example csv file :
cepsa.es
repsol.com
parsi.es
Regards
Thansk in advance
mcse 200x + mesaging 2000 2003 2007 2010

Hi
At First, you CSV should be set as the format like
Name
cepsa.es
repsol.com
parsi.es
If you would like to set a new Send Connector. you can simply do
New-SendConnector -Name ConnectName -AddressSpace ((Import-CSV <PathOfCSV>) | ForEach {$_.Name})
If you would like to add to a Send Connector that already existed, Please run
$al = (Get-SendConnector -Identity <ConnectName>).AddressSpaces
$al += (Import-CSV <PathOfCSV>) | ForEach {$_.Name})
Set-SendConnector -Name ConnectName -AddressSpace $al
Cheers
Zi Feng
Zi Feng
TechNet Community Support
The first script is still working as it should under Exchange 2013 when a send connector is created for the first time.
The second part of adding (or removing) address spaces from an existing send connector was a little bit trickier.
the following script did it:
Get-SendConnector "ConnectorName" | Set-SendConnector -AddressSpace ((Import-CSV <PathOfCSV>) | ForEach {$_.Name})
Watch out! this command also removes domains which are not present in the csv file!

Exchange 2007 send connector does nor respect Maximum message size (sometimes...)

Hi to all
We have 9 email server, 5 Mailboxes, 2 CAS and 2 HT, We began to have problems to send and receive from internet; so I checked the queues and I discovered that some users are sending messages with a size greater than 16 MB, althought internally can send
until 40MB, if they send externally, only until 16MB.
I revised all the configuration:
Organization Configuration/Hub Transport/Global Settings/ Maximum send size (KB):40960
Server Configuration/Hub Transport/HT01/Receive Connectors/Default HT01/Maximum message size(KB): 40960 (only this server can send outside, the other server is in spare)
Organization Configuration/Hub Transport/Send Connector/SendMailOuside/Maximum message size(KB) 16386
We send by an Smart host that is used only by the HT01 to a Symantec server.
With this, we have this situations:
In the queue, I see some users are sending emails with a size more than 16MB outside the organization, I revised their configuration and the "maximun send size" is clear the checkbox (just like my account), the weir is if I try to send an email
with a size more than 16MB, I got the message: "#550 5.3.4 ROUTING.SizeLimit; message size exceeds fixed maximum size for route ##", this is not sense because their account configuration is the same like mine, so the Exchange must not let
them to put the email in the queue...
If between internal users try to send an email with size more than 16MB, this is allowed and it's send without any problem
So I don't know where is the misconfiguration, is permited to send mails with size less than 40MB internally, but externally only until to 16MB, but I din't know why the Exchange system let some users to send (or at least put in the queue) this kind of messages,
my account is in the same DB like the other users...
I hope to be clear in the description of the situation, maybe a patch or some thing, the HT server has the January patch and in april will be applied the last patchs.
Doc MX

Hi DocMX,
Thank you for your question.
We could run the following command:
Get-TransportConfig | FL max*size
Then, we could check the send connector by the following command:
Get-SendConnector | FL Identity,MaxMessageSize
We could run the following command to check an individual user maximum size.
Get-Mailbox <username> | FL Name,Max*size
In my solution, we could rebuild the user profile that those users could send emails more than 16MB to check if the issue persist.
We could also restart the service of “Microsoft Exchange Transport”.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Exchange 2010 Send Connector to postfix (v. 2.11) smarthost uses STARTTLS and cannot connect

Dear all,
I am having problems with exchange 2010 sending emails through a postfix smarthost server which disconnects the sessions. I also use a sendmail as a smarthost
server which is working just fine but I have to switch to postfix and cannot do this as long as the encryption does not work.
Here is the log file of the postfix server:
Jan 4 14:18:59 server7 postfix/smtpd[1659]: initializing the server-side TLS engine
Jan 4 14:18:59 server7 postfix/smtpd[1659]: connect from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: setting up TLS connection from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: server1.mydomain.com[192.168.20.10]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:before/accept initialization
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => 11 (0xB))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 16 03 01 00 5a 01 00 00|56 03 01 ....Z... V..
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1BE] (84 bytes => 84 (0x54))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 54 a9 3d b9 0d 5e 8b 64|7c 6b b5 21 f2 93 e7 84 T.=..^.d |k.!....
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0010 17 ea 33 d7 e5 13 f2 75|3a 87 38 32 01 85 82 5b ..3....u :.82...[
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0020 00 00 18 00 2f 00 35 00|05 00 0a c0 13 c0 14 c0 ..../.5. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0030 09 c0 0a 00 32 00 38 00|13 00 04 01 00 00 15 ff ....2.8. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0040 01 00 01 00 00 0a 00 06|00 04 00 17 00 18 00 0b ........ ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0050 00 02 01 ...
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0053 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 read client hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write key exchange A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server done A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: write to 7F4823FA5210 [7F4823FB8B70] (1911 bytes => 1911 (0x777))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0774 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 flush data
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAC803] (5 bytes => 0 (0x0))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:failed in SSLv3 read client certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept error from server1.mydomain.com[192.168.20.10]: lost connection
Jan 4 14:18:59 server7 postfix/smtpd[1659]: lost connection after STARTTLS from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: disconnect from server1.mydomain.com[192.168.20.10]
I
have read in the post at https://social.technet.microsoft.com/Forums/exchange/en-US/6db38364-cb08-45c0-b159-3ddf30ef0b3e/exchange-2010-send-connector-uses-ssltls-and-cannot-connect-to-smarthost-how-to-deactivate-ssl?forum=exchange2010
how to deactivate the SSL encryption, but this is of course a security flaw, if I am not mistaken. I would like to encrypt the connection between the servers for obvious security
reasons but I have come to a standstill...
My Exchange server certificate is configured
as follows:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
essRule}
CertificateDomains : {server1, server1.solid-con.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=server1
NotAfter : 22/01/2017 13:18:02
NotBefore : 22/01/2012 13:18:02
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6925D91285B649BD4D5E4297F1A48471
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=server1
Thumbprint : 939A37173BF84E352CEDC74F7D9A3D71F498A005
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-SERVER1}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SERVER1
NotAfter : 19/01/2022 12:56:44
NotBefore : 22/01/2012 12:56:44
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1DB8711F7ADC5CB54196468EF2FF5D21
Services : None
Status : Valid
Subject : CN=WMSvc-SERVER1
Thumbprint : 191D86BDE274510453D58DDB91D253DABBCF05F1
And My Default Send Connector is configured as follows:
AddressSpaces : {SMTP:*;1}
AuthenticationCredential : System.Management.Automation.PSCredential
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
HomeMTA : Microsoft MTA
HomeMtaServerId : SERVER1
Identity : Internet
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : unlimited
Name : Internet
Port : 25
ProtocolLoggingLevel : None
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {server7.mydomain.com, server6.mydomain.com}
SmartHostsString : server7.mydomain.com,server6.mydomain.com
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {SERVER1}
TlsAuthLevel :
TlsDomain :
UseExternalDNSServersEnabled : False
Any help would be greatly appreciated as I am
stuck...
Luca

Hi Allen,
Thank you very much for your reply.
The Postfix TLS Manager is enabled in master.cf
tlsmgr unix - - n 1000? 1 tlsmgr
and running
server7:/etc/postfix # ps -efa|grep tls
postfix 11967 11863 0 11:21 ? 00:00:00
tlsmgr -l -t unix -u
Every other (Linux/UNIX) server has no problem e.g.:
Jan 5 11:28:36 server7 postfix/smtpd[12215]: connect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/smtpd[12215]: Anonymous TLS connection established from server2.mydomain.com[192.168.20.20]: TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: B5502946AB0: client=server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/cleanup[12221]: B5502946AB0: message-id=<[email protected]>
Jan 5 11:28:36 server7 postfix/qmgr[12200]: B5502946AB0: from=<[email protected]>, size=1026, nrcpt=1 (queue active)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: disconnect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: connect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: 4076A946AB1: client=localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4076A946AB1: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: from=<[email protected]>, size=1778, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/smtpd[12225]: disconnect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtp[12222]: B5502946AB0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.54, delays=0.05/0.01/0.01/0.47, dsn=2.0.0, status=sent
(250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4076A946AB1)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: B5502946AB0: removed
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4401F946AB0: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: from=<[email protected]>, size=1920, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/local[12226]: 4076A946AB1: to=<[email protected]>, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 4401F946AB0)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: removed
Jan 5 11:28:37 server7 postfix/smtp[12227]: Untrusted TLS connection established to 192.168.20.10[192.168.20.10]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
Jan 5 11:28:37 server7 postfix/smtp[12227]: 4401F946AB0: to=<[email protected]>, orig_to=<[email protected]>, relay=192.168.20.10[192.168.20.10]:25,
delay=0.29, delays=0/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=619] Queued
mail for delivery)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: removed
and if you take a look at the lines in bold you will see that mails can be delivered over TLS to that very Exchange server (the mailboxes are on that server)...
To summarise:
exchange --> postfix with TLS = session disconnected (and everything seems to be initiated by the exchange server -if I read the logs correctly)
postfix --> exchange with TLS = works
any further hints?
Thank you very much in advance,
Luca

Exchange 2007 - Send As Permission

Hello, I have Exchange Server 2007 installed on my Windows Server 2008 system and am using an ASP.NET web application to send an e-mail message when certain events occur. My problem is that I have everything set up and functioning properly, the e-mail message is sent with the designated e-mail address and I receive the e-mail message with no problems. In order to do this, I have a generic e-mail address that I created for my domain and granted that generic e-mail address "Send As" permission for a different domain e-mail address and use the generic e-mail address in my ASP.NET web application for security purposes.
My problem is the "Send As" permission seems to disappear very frequently. It seems that I need to go into the Exchange Management Console and grant this Send As permission every time my server is rebooted, or even after going into Exchange Management Console to "Look around" and see what I have set up. Does anybody know if there is a way to make the grant of Send As permission permanent so I don't have to constantly re-grant it? I have applied SP1 to Exchange Server 2007 and am always sure to apply the most recent patches, etc. as soon as they are released.
Thanks in advance!
Tim

Dear customer:
Thanks for Bala’s reply. He is right.
Active Directory uses a protection mechanism to make sure that ACLs are set correctly for members of sensitive groups. The mechanism runs one time an hour on the PDC operations master. The operations master compares the ACL on the user accounts that are members of protected groups against the ACL on the following object:
CN=adminSDHolder,CN=System,DC=<MyDomain>,DC=<Com>
Note "DC=<MyDomain>,DC=<Com>" represents the distinguished name (DN) of your domain.
If the ACL is different, the ACL on the user object is overwritten to reflect the security settings of the adminSDHolder object (and ACL inheritance is disabled). This process protects these accounts from being modified by unauthorized users if the accounts are moved to a container or organizational unit where a malicious user has been delegated administrative credentials to modify user accounts. Be aware that when a user is removed from the administrative group, the process is not reversed and must be manually changed.
The following list describes the protected groups in Windows Server 2003 and in Windows 2000 after you apply the 327825 hotfix or you install Windows 2000 Service Pack 4:
• Administrators
• Account Operators
• Server Operators
• Print Operators
• Backup Operators
• Domain Admins
• Schema Admins
• Enterprise Admins
• Cert Publishers
Additionally the following users are also considered protected:
• Administrator
• Krbtgt
So first, please check whether the user that you grant “sends as” permission for it belongs to the above group. If so, open ADSIEDIT.msc, Check"Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here" option on the adminSDHolder. And replicates all the DC, and grant “send as” permission for the user again via EMC, check whether the “send as” work fine.
For more information about adminSDHolder, please refer to “MORE INFORMATION” section in the following article:
Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/kb/817433/en-us
Additionally, for more information about Exchange 2007 Permissions, please refer to the following documents:
Exchange 2007 Permissions: Frequently Asked Questions
http://technet.microsoft.com/en-us/library/bb310792.aspx
Hope it helps. If you have any question, please feel free to let me know.
Rock Wang - MSFT

Exchange 2010 - Send Connector High Availability

Hi All,
I performed a successful migration a few years back from a single node Exchange 2003 server to a two node Exchange 2010 organisation with a DAG and Kemp load balanced CAS array. The solution works well and when we simulate a site failure
I am able to get the second node to handle all mail functions.
The one problem I have though is that I have to manually disable the send connector on the primary server in order for the one on the secondary server to be in use. I should explain that I have two send connectors as I do not want the secondary server
to be used unless the primary server is down or the route is unavailable. I realise that Exchange 2010 does not know whether the SMTP route is down or not so will just continue trying to use the send connector from the primary server (until I tell it
not to by disabling it).
My question is how do I get this to happen automatically? Does anyone else have an example of how this could be done or use a PowerShell script to achieve this? I guess a script could check the route and disable the send connector on the primary
server if necessary, but how would one do this?
Any help greatly appreciated.
Rob

Hi,
According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
For more information, you can refer to the following article:
http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
Thanks,
Angela Shi
TechNet Community Support

Exchange 2007 Receive Connector

Hi, We are using Exchange Server 2007 and are using Receive Connectors to allow application servers to relay emails both internally and externally. I would like to make sure that the application servers can send email only to the internal users and not outside
users. I would like to know how can I achieve this. Any suggestion would be welcome.
- Fazal Ur Rehman Shah
Fazal Ur Rehman Shah | Senior Consultant

Hi Fazal,
Thank you for your question.
We could refer to the following steps to create transport rule:
Navigate EMC-Organization Configuration-Hub Transport-Transport Rules
Click “New Transport Rule” and type transport rule name which is “Restrict to Internet”
In Conditions, Click “from people” and type
[email protected]
In Conditions, Click “sent to users inside or outside the organization” and choose “Outside”
In Actions, choose “silently drop the message”
Then we could enable this transport rule
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Exchange 2007 Sending with Second Email Address (trying to use Send As)

I support a company who just bought another company. I'm trying to bring a couple of users' old email addresses in to Exchange and have it work with their old and new addresses. They can receive mail under old and new accounts just fine. Sending
under the old address is the problem. They still need to send under the old address for existing contracts.
My first attempt was to create a distribution group, give it the user's old email address, and then give the user "send as" rights for the group using the Exchange Management Shell. I ended up with the same error I'll detail below.
My next (and current) attempt was to set up a shadow user in AD with the old email address and then give the user "send as" rights to the shadow mailbox. I assigned the "send as" permission by right-clicking on the mailbox and choosing
"Manage Send As Permission" and then adding the real user to the list. In Outlook, I clicked From and then choose the shadow user account from the Global Address Book. This added the address to the From drop down box.
This works, once... Every time I restart the Information Store service, I can get one email to send out successfully. Here is the error I get on every other attempt. Notice it says "send on behalf" in the error. Maybe I'm not
setting it up correctly in Outlook? I didn't make Outlook screenshots but you'll find my AD and Exchange setup screenshots below.
Thanks for the help.
(also posted at http://forums.msexchange.org/m_1800602162/mpage_1/key_/tm.htm#1800602162)
***ERROR START***
Delivery has failed to these recipients or distribution lists:
Tripp Beasley
You are not allowed to send this message because you are trying to send on behalf of another sender without permission to do so. Please verify that you are sending on behalf of the correct sender, or ask your system administrator to help you get the required
permission.
Diagnostic information for administrators:
Generating server:
[email protected]
#MSEXCH:MSExchangeIS:/DC=local/DC=XXXXXXXXXX:XXXXXXXXXX[578:0x000004DC:0x0000001D] #SMTP#
***ERROR END***

open the list of previous recipients and select the ones you need by holding the command button. then press "add to address book".

How to send email to a SMTP server over a secure channel using STARTTLS setting of a send connector (Exchange and SMTP server are in the same domain)

I’m trying to send email using exchange send connector STARTTLS setting to the SMTP server. I have read multiple documents on configuring TLS for send connector, but they talks about outbound connections to internet facing servers. My Exchange 2013 and SMTP
server is in the same domain (let’s say A.com) and I’m creating dummy domains on my SMTP server (e.g.
[email protected],
[email protected] ) and their respective send connectors on the exchange server end. In the smart host section added the IP address of the SMTP server and in the scoping section added the SMTP domain address (e.g. dummy1.local ). In the FQDN field, added
the FQDN of the exchange server 2013 which certificate is enabled with SMTP service.
Could you tell me a step by step procedure, where I’m going wrong or any extra settings needs to added?
Presently, it is giving me an error that 530 5.5.1 TLS encrypted connection is required.
Note: I’ve created the Microsoft CA certificates for the SMTP and exchange servers and imported them in the personal certificate container. In which, the exchange certificate is created with FQDN name of the server and enabled for the SMTP service.
I’m using OPENSSL certificate for making the SMTP server TLS enabled. (let me know, if I need to import the OPENSSL certificate anywhere on the exchange end)?
Thanks!

-IgnoreSTARTTLS is set to false on the send connector properties.
I'm trying to established a HTTP over TLS connection. I'm not using mutual TLS between these two server.
The send connector protocol logging is attached as below,
2014-09-22T20:09:45.468Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,2,10.219.3.74:24939,10.219.3.73:25,<,220 SMTP.A.local Welcome (MTA version),
2014-09-22T20:09:45.546Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,3,10.219.3.74:24939,10.219.3.73:25,>,EHLO Exchange.A.local,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,4,10.219.3.74:24939,10.219.3.73:25,<,250-SMTP.A.local Exchange.A.local OK,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,5,10.219.3.74:24939,10.219.3.73:25,<,250-SIZE,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,6,10.219.3.74:24939,10.219.3.73:25,<,250-8BITMIME,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,7,10.219.3.74:24939,10.219.3.73:25,<,250-BINARYMIME,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,8,10.219.3.74:24939,10.219.3.73:25,<,250-PIPELINING,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,9,10.219.3.74:24939,10.219.3.73:25,<,250-HELP,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,10,10.219.3.74:24939,10.219.3.73:25,<,250-DSN,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,11,10.219.3.74:24939,10.219.3.73:25,<,250-CHUNKING,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,12,10.219.3.74:24939,10.219.3.73:25,<,250-AUTH SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,13,10.219.3.74:24939,10.219.3.73:25,<,250-AUTH=SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,14,10.219.3.74:24939,10.219.3.73:25,<,250-STARTTLS,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,15,10.219.3.74:24939,10.219.3.73:25,<,250-DELIVERBY,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,16,10.219.3.74:24939,10.219.3.73:25,<,250-MT-PRIORITY,
2014-09-22T20:09:45.640Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,17,10.219.3.74:24939,10.219.3.73:25,<,250 ENHANCEDSTATUSCODES,
2014-09-22T20:09:45.655Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,18,10.219.3.74:24939,10.219.3.73:25,>,STARTTLS,
2014-09-22T20:09:45.671Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,19,10.219.3.74:24939,10.219.3.73:25,<,220 2.7.0 Ready to start TLS,
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,20,10.219.3.74:24939,10.219.3.73:25,*,,Sending certificate
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,21,10.219.3.74:24939,10.219.3.73:25,*,CN=Exchange.A.local,Certificate subject
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,22,10.219.3.74:24939,10.219.3.73:25,*,"CN=DC-CA, DC=A, DC=local",Certificate issuer name
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,23,10.219.3.74:24939,10.219.3.73:25,*,63E7E70100000000000B,Certificate serial number
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,24,10.219.3.74:24939,10.219.3.73:25,*,CAEB1200CDF49715E5F2E4B8315EFDDC01F8F945,Certificate thumbprint
2014-09-22T20:09:45.780Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,25,10.219.3.74:24939,10.219.3.73:25,*,Exchange.A.local,Certificate alternate names
2014-09-22T20:09:46.654Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,26,10.219.3.74:24939,10.219.3.73:25,-,,Local
2014-09-22T20:09:46.669Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,0,,10.219.3.73:25,*,,attempting to connect
2014-09-22T20:09:46.685Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,1,10.219.3.74:24940,10.219.3.73:25,+,,
2014-09-22T20:09:46.701Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,2,10.219.3.74:24940,10.219.3.73:25,<,220 SMTP.A.local Welcome (MTA version),
2014-09-22T20:09:46.701Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,3,10.219.3.74:24940,10.219.3.73:25,>,EHLO Exchange.A.local,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,4,10.219.3.74:24940,10.219.3.73:25,<,250-SMTP.A.local Exchange.A.local OK,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,5,10.219.3.74:24940,10.219.3.73:25,<,250-SIZE,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,6,10.219.3.74:24940,10.219.3.73:25,<,250-8BITMIME,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,7,10.219.3.74:24940,10.219.3.73:25,<,250-BINARYMIME,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,8,10.219.3.74:24940,10.219.3.73:25,<,250-PIPELINING,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,9,10.219.3.74:24940,10.219.3.73:25,<,250-HELP,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,10,10.219.3.74:24940,10.219.3.73:25,<,250-DSN,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,11,10.219.3.74:24940,10.219.3.73:25,<,250-CHUNKING,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,12,10.219.3.74:24940,10.219.3.73:25,<,250-AUTH SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,13,10.219.3.74:24940,10.219.3.73:25,<,250-AUTH=SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,14,10.219.3.74:24940,10.219.3.73:25,<,250-STARTTLS,
2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,15,10.219.3.74:24940,10.219.3.73:25,<,250-DELIVERBY,
2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,16,10.219.3.74:24940,10.219.3.73:25,<,250-MT-PRIORITY,
2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,17,10.219.3.74:24940,10.219.3.73:25,<,250 ENHANCEDSTATUSCODES,
2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,18,10.219.3.74:24940,10.219.3.73:25,*,,sending message with RecordId 52652004081667 and InternetMessageId <[email protected]>
2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,19,10.219.3.74:24940,10.219.3.73:25,>,MAIL FROM:<> SIZE=7653 BODY=BINARYMIME,
2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,20,10.219.3.74:24940,10.219.3.73:25,>,RCPT TO:<[email protected]>,
2014-09-22T20:09:46.825Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,21,10.219.3.74:24940,10.219.3.73:25,<,530 5.5.1 A TLS-encrypted connection is required,
2014-09-22T20:09:46.950Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,22,10.219.3.74:24940,10.219.3.73:25,<,503 5.5.1 unexpected RCPT command,
2014-09-22T20:09:46.981Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,23,10.219.3.74:24940,10.219.3.73:25,>,RSET,

Keep exchange 2007 Hub transport & CAS during migration to Exchange 2010

Hello,
during a migration from exchange 2007 to exchange 2010 is it supported to keep the old exchange 2007HUB and CAS in charge of the outside mail flow (send/receive) and OWA service.
Here is the scenario :
Actual OWA url : https : // webmail . compagnie . com (2007)
Future OWA url : https : // owa . compagnie . com 2010)
Keep the old url accessible for the users which have not be migrated to the new exchange 2010 MBX server.
Indicate to the migrated users to use the new url instead of the old one.
Keep the old hub transport server (2007) handle the mail flow (send/receive) to the outside.
At the end, when all the users will be migrated, configure the new 2010 Hub/cas to handle the mail flow (send/receive) to the outside.
Thanks a lot for your answers.
David

Thanks for your answers.
So if I have understood right, the only thing I have to take care about (in order to let the 2007 cas/hub server handle the external mail flow (on which the MX is bind) until all mailboxes are migrated) is to add the 2010 cas/hub server in :
Organization Configuration ---> send connector ---> Actual 2007 send connector --> Source server
Thanks a lot.
David
That will take care of the outbound message flow, yes.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Disable Send Connector BareLinefeedRejection

Hi,
Is it possible to disable BareLinefeedRejection for the Send Connector. similar to BareLinefeedRejectionEnabled for Receive Connectors?
We sometimes receive emails with bare line feeds, but these emails are rejected by the send connector used for journalling.

Hi,
Base on my knowledge, it is impossible to edit bare line feed on send connector.
It's by design that Exchange 2010 send connectors do NOT allow messages containing bare linefeeds to pass through.Bare line feeds aren’t allowed in SMTP communications. Although it may be possible for a message containing a bare line feed to be delivered
successfully, such messages don't adhere to the SMTP protocol standards and may cause problems with messaging servers.
Here is a similar thread for your reference:
http://social.technet.microsoft.com/Forums/exchange/en-US/8da8d33a-fac8-4cc3-8ac0-6ea7f86ebfc4/exchange-2010-barelinefeedsareillegal-error-when-journaling-to-external-box?forum=exchange2010
Thanks.
Niko Cheng
TechNet Community Support

Send connector from exchange 2007

Currently since I have both environments up, I see that Exchange 2013 is using the send connector that was created in my exchange 2007 environment. Will this send connector go away once I bring down my exchange 2007 environment? Shoould I create
a new one for Exchange 2013?

Hi
From what i have seen running ex2010 and upgrading to 2013 it stayed (exchange 2013 is clever :-)). you can just modify your send connector and make sure that the settings are for your exchange 2013 server.

Exchange 2007 Multiple Send Connector Cost Best Practice

Hi,<o:p></o:p>
I am running exchange 2007 SP2 and have 2x exchange connectors set up with an equal default cost of 1.<o:p></o:p>
Connector 1 is set to * address space and should forward all emails to two email security/management servers<o:p></o:p>
Connector 2 is set to a internal sub domain server whose purpose is to file the emails on a CMS. Emails are marked for "filing" when
the Outlook plugin adds the connector 2's subdomain address into the bcc field.<o:p></o:p>
What I want to clarify is if I was to change the cost of Connector 1 to 0 would all mail then only be routed via this connector?<o:p></o:p>
I presume it would ignore the 2nd connector because the 1st connector's address space is * and thus no emails would route through connector
2 and therefore be filed to CMS ?<o:p></o:p>
What would the best practice be for the costs of each connector ??<o:p></o:p>
Thanks<o:p></o:p>
Mat<o:p></o:p>

I don't believe that 0 is a valid cost for a connector (I get an error if I try to see a connector with that). If you have two connectors, Exchange will send to the one that matches the address space most correctly. If you had no second connector,
connector 1 would attempt delivery to your CMS. Since you have that second connector, those messages will be delivered by it.
Connector costs are normally used when you have multiple connectors with the SAME address space, and allows Exchange to fail from one to another when the preferred is not operational for some reason. For example, if you have an ISDN line as your backup
Internet connection, you want to give connectors that use it a higher cost than your MPLS connections use.
I'll add that in most environments I've worked for the past several years, this redirection is handled at the network layer rather than the application layer.

Exchange 2007 OWA sends attachments Outlook connector clients cannot send attachments.

Exchange Server 2007 SP1 + Rollup ***Problem with sending email attachments from Outlook 2007***
* Inbound mail arrives in OWA and Outlook normally with and without attachments.
* OWA email to external email account with attachment goes thru successfully.
* Outlook 2007 sends to an external email address with attachments the message does not arrive at the external mailbox. The messages leave Outbox but are never delivered. The messages appear in Sent Items also.
* Outlook sends non attachment emails to external addresses successfully.
* Outlook sends email attachments to local domain accounts fine.
#1 Exchange Server on Server 2013 fully patched problem commences. Exchange Server on version less than first RTM release of Exchange 2007.
#2 Outlook profiles were changed to see if that is the problem.
#3 Upgraded Exchange to SP1 and Rollup 10(Rollup was autodownloaded by MSUpdate)
#4 Ran EXBPA nothing of any interest in the report.
--Unified Messaging not configed (Done nothing)
--SenderID (Re-enabled) I had shut all of the antispam to eliminate these.
-- Junk Store threshold not configed (No change)
Any suggestions to get Outlook clients capable of sending attachments configured.
Thx,
-Scot

Hi Scot,
Providing some information on Poison Queue:
The poison message queue is a special queue that's used to isolate messages that are determined to be harmful to the Exchange system after a transport server or service failure.
The messages may be genuinely harmful in their content and format.
Alternatively, they may be the results of a poorly written agent that has caused the Exchange server to fail when it processed the supposedly bad messages.
The poison message queue is typically empty. If the poison message queue contains no messages it doesn't appear in Queue Viewer or
Get-Queue results. The messages in the poison message queue are never automatically resumed or expired. Messages remain in the poison message queue until they're manually resumed or removed by an administrator.
According to the description above, I suspect Outlook 2007 changed the email's format when send email with attachment. The reason as below:
If the original email's (with attachment) content or format is harmful to the Exchange 2007 server, it will go to the Poison Queue when sending via OWA. However it didn't, sending via OWA is perfect. So I suspect it is an issue on the Outlook 2007
client side.
Please using Pipeline Tracing to verify whether there is something changed during transmission.
More details in the following article:
Using Pipeline Tracing to Diagnose Transport Agent Problems
http://technet.microsoft.com/en-us/library/bb125198(v=exchg.80).aspx
If it is convenient, I suggest doing following tests to narrow down this issue:
Note: Same content, same attachment, same format.
1. Please using Outlook 2010/2013 or others' Outlook clients for testing.
2. Please change to another format for testing. More details in the following article:
Change the message format to HTML, Rich Text, or plain text
http://office.microsoft.com/en-001/outlook-help/change-the-message-format-to-html-rich-text-or-plain-text-HP001232996.aspx
Thanks
Mavis
Mavis Huang
TechNet Community Support

Exchange 2007 Smarthost send connector backing up

I have seen some similar posts to this but none have had any good answers.
We route all outbound mail through an Barracuda spam/virus appliance. We are a busy college campus with roughly 2k staff banging away at our mail gateways with mass mailings to our students, homework assignments, class schedules, blah blah blah..
At no time is our outbound mail queue empty. The trouble is, is that at any given time the most "Active" delivery status messages I see in queue viewer is 6 messages. Whether there are 30 or 5000 messages stuck in there it never try's to send
more than 6 at a time.
Sometimes the queue viewer shows no "Active" connections just all "Ready's". I never see the status change to "Retry" or anything else other than "Ready" or "Active".
We often have delivery delays of 3 or 4 hours when mass mailing messages that do not exceed more than 10 to 20k.
Here is what we've tried so far:
In Powershell use: get-transportserver | fl   (to view these)
and use: set-transportserver -ConfiguratorName (to change the values)
updated MaxConcurrentMailboxDeliveries to 50
updated MaxConcurrentMailboxSubmissions to 50
updated PickupDirectoryMaxMessagesPerMinute to 200
MaxConnectionRatePerMinute 1200
MaxOutboundConnections 1000
MaxPerDomainOutboundConnections 1000
"...MaxMessageAttachSize" 100MB (For testing only)
use: get-sendconnector | fl    to verify the value of "MaxMessageSize". Ours is set to unlimited.
use: get-transportconfig   to check all the "Max" settings in there particularly the MaxDumpsterSizePerStorageGroup setting. Ours is 125MB.
Protocol logging is set to Verbose on the send connector. There are no error messages in the send or connectivity logs. The "Microsoft MailFlow Troubleshooter" is a joke.
We have no throttling turned on at the Barracuda level, so says their tech support. I of course have no way of verifying this as I do not have access to it.
I guess my question is. Does anyone know how or where we can increase the number of "Active" messages in the queue to more than 6 messages?

On Thu, 16 May 2013 20:19:55 +0000, Elvis P. Johnson wrote:
>We route all outbound mail through an Barracuda spam/virus appliance. We are a busy college campus with roughly 2k staff banging away at our mail gateways with mass mailings to our students, homework assignments, class schedules, blah blah blah..
>
>
>
>At no time is our outbound mail queue empty. The trouble is, is that at any given time the most "Active" delivery status messages I see in queue viewer is 6 messages. Whether there are 30 or 5000 messages stuck in there it never try's to send more than
6 at a time.
You're sending all mail to a single smart host? I'd be looking at that
machine's configuration.
>Sometimes the queue viewer shows no "Active" connections just all "Ready's". I never see the status change to "Retry" or anything else other than "Ready" or "Active".
You have only one queue, for the smart host, right? Is there a "Last
error" value for it?
Are there any "back-pressure" events in the server's application event
log?
>We often have delivery delays of 3 or 4 hours when mass mailing messages that do not exceed more than 10 to 20k.
[ snip ]
>Protocol logging is set to Verbose on the send connector. There are no error messages in the send or connectivity logs. The "Microsoft MailFlow Troubleshooter" is a joke.
>
>We have no throttling turned on at the Barracuda level, so says their tech support. I of course have no way of verifying this as I do not have access to it.
The barracuda has DOS protection. I *think* the default is to limit
the number of "parrallel connections" to 5, but that may be different
on different models. There are probably other "rate limiting"
settings, too.
>I guess my question is. Does anyone know how or where we can increase the number of "Active" messages in the queue to more than 6 messages?
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP

Exchange 2007 Send Connectors

Similar Messages

Maybe you are looking for