0

My work Exchange server just recently started rejecting some emails sent from Gmail accounts. Some emails sent from Gmail accounts come through just fine.

We have our spam protection through Google so our MX record points to Google where the email is scrubbed for spam and the good emails are forwarded through to our Exchange server. Recently some emails sent from Gmail have begun to bounce. I can check the logs on Google and see that the emails were successfully received and passed through to our Exchange sever. Our server is rejecting them and there is no sign of these emails in the Exchange log files.

I worked with Google who said everything was correctly configured. My personal email is a custom domain where my MX record is pointed at Google. Google hosts my email but it's my domain and I have full control over DNS. Emails from my personal domain were being rejected by my work Exchange server (never had before). At Google's suggestion, I configured SPF, DKIM and DMARC (for my personal domain) - none of which were configured before. When I did, suddenly my emails flowed through.

Why would my work Exchange server suddenly care about SFP and DKIM? I don't believe Exchange 2010 even has built in support for those checks and I haven't added any addons to my server. The bounce emails aren't very informative, just saying "The recipient server did not accept our requests to connect."

I have recently installed three Microsoft updates on the work Exchange server (2008 R2) but they are all Security and Quality rollups and shouldn't affect the Exchange server specifically. Any ideas what may have happened or what I can do to troubleshoot?

BKahuna
  • 131
  • 3
  • You've provided no evidence to support your hypothesis that Exchange is rejecting the email. What do the transport logs show? What does a message trace show? What do your firewall logs show? Start with those things. – joeqwerty Sep 07 '20 at 00:02
  • You're right, and if fact, we've eliminated the Exchange server as the problem. These emails never show in the Exchange logs and we don't believe the Exchange server is ever getting them. SPF and DKIM are not native to Exchange 2010 and I've installed no addons. Our spam control is sending the emails but our Exchange server is never getting them. We're looking at the firewall and DNS now. – BKahuna Sep 08 '20 at 23:14

2 Answers2

0

Did you send these unsuccessful delivery messages again and check if these messages flow through?

Based on your description, everything is fine after you configured SPF,DKIM and DMARC records, and as far as i known, the purpose of these records are to prevent phishers from sending illegal emails on behalf of the organization. Depending on these records identify the Google Apps mail servers as the authorized mail servers for your exchange domain, which leads mail flow again.

Joy Zhang
  • 1,057
  • 1
  • 5
  • 5
  • Yes, things flow through after I configured my SPF and DKIM. The thing is that wasn't necessary before. I'm sure we have a lot of people we do business with that have Gmail accounts where they haven't configured their DKIM and SPF. I don't want our server rejecting their messages. These things flowed before and now they don't - that's the puzzle! – BKahuna Sep 07 '20 at 15:43
  • Is there a 3 party tool to reject gmails? – Joy Zhang Sep 10 '20 at 09:18
  • No, but there are third party tools to reject emails with improper configured SPF\DKIM. – BKahuna Sep 11 '20 at 15:58
0

It turns out, after much going back and forth, that Google added several new IPs from which they will send SMTP traffic. They have not published this change, we found out by badgering their tech support people. Our firewall was set to only accept SMTP traffic from the Google IPs that have been used by them for several decades. They apparently began sending email traffic that didn't comply with SPF out of one of the new IPs and our firewall didn't recognize it so it block the traffic was blocked. We've included the new IPs in the range we accept and now all mail is flowing normally. Gotta love Google!

BKahuna
  • 131
  • 3