Forum Discussion

__AlexXx__'s avatar
__AlexXx__
Brass Contributor
Dec 31, 2024

SMTP Issue - Exchange 2019

Hi All,

 

I have an hybrid exchange environment (365 + 2019), and the onprem server is used for smtp relay only.

An internal app uses this relay and send email as "email address removed for privacy reasons", and all works well except by an specific message-subject.

 

This application can send all the emails with any subject, but if the subject is "Purchace Order to be approved" the relay fails.

Checking logs, I could see that when the message has this mentioned subject then the field "sender-address" is always empty (return-path is ok). And, of course, SPF/DKIM fails and message is quarantined.

All other message subjects contain the address in "sender-address".

 

This could be an issue with my application or something related to smtp config?

 

Source for fields analyzing: https://learn.microsoft.com/pt-br/exchange/mail-flow/transport-logs/message-tracking?view=exchserver-2019

 

Thanks and happy new year to all of you.

admin
exchange online
Exchange Server
hybrid
office 365
  • EmekaNgene's avatar
    EmekaNgene
    Brass Contributor
    Jan 04, 2025

    Hello Alex

     

    Happy New Year to you,

    What an interesting scenario I must say, 

    According to you "This application can send all the emails with any subject, but if the subject is "Purchace Order to be approved" the relay fails.

    Checking logs, I could see that when the message has this mentioned subject then the field "sender-address" is always empty (return-path is ok). And, of course, SPF/DKIM fails and message is quarantined.

    All other message subjects contain the address in "sender-address".

     

    Well here are my thoughts on this

    1. You can use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft, This will help you understand why it was blocked.                                                                                                        https://learn.microsoft.com/en-us/defender-office-365/submissions-admin                                   https://learn.microsoft.com/en-us/defender-office-365/submissions-result-definitions?source=recommendations
    2. If the SPF/DKIM fails then check if the sending IP address is part of the SPF record that might be a pointer to why it fails.
    3. Since you mentioned that you have a hybrid exchange environment, I believe that emails from your on-prem is routed through a connector, use the message header anaylzer to check the mail flow or mail route of a working email and compare it with the one that fails to determine if they follow the same route or come from the same source.
    4. You can also use message trace and extended message trace to check and to understand the activities/actions that happened to the emails (both working and not working) as they get delivered.
    5.  You can use another smtp application to simulate this, I mean try to send an email using the same subject with another smtp application, I usually use powershell to do this                                        # Send the email Send-MailMessage -From <Email address> -To <Emaill address> -Subject <MessageSubject> -Body <MessageBody> -SmtpServer <SmtpServer> -Credential -Credential (Get-Credential) -UseSsl -Port 587 or 25

             or you can try any SMTP Diag tool.

             This will help you confirm if it is from your application or not.

     

    Good luck buddy

     

     

     

     

     

     

     

Resources