1

I have largely achieved what I need to, but due to the way I've implemented it I'm finding that certain e-mail servers are refusing to accept our messages.

We have a mail-enabled Public Folder in Exchange 2013 to receive certain enquiries. We want people emailing to receive a reply saying "Thanks we've got your mail, we'll deal with it in due course" etc.

So my public folder is Enquiries and accepts emails addressed to enquiries@mydomain.com. I've used the Folder Assistant in Outlook to set up a reply template which sends the auto reply.

In addition I have added a new email address enquiries@noreply.mydomain.com to the public folder and set this as the default reply address.

Separately, certain users have SendAs permission for the public folder so they can send out replies without their own direct email address appearing.

All works ok except that we get rejections from certain email addresses and I'm 99% sure that is because their SMTP server is doing some advanced antispam checking and identifying that noreply.mydomain.com is not valid (which indeed it isn't).

What's the best way round this? Could I create some dummy MX record? If so, where should I point it?

Is there any way in Exchange to set the autoreply to come from a different address? That way I could setup a distribution group noreply@mydomain.com (with no members) and have the reply sent from there.

Another way was to try and route outbound email to the problematic addresses via our ISP's smarthost, but it seems when creating a Send Connector I can only specify a domain as the address space and not an individual address.

george
  • 71
  • 9

1 Answers1

0

Your issue revolves around the receiving end doing either SPF or DMARC or both.

I've seen a few options in your instance:

  1. Leave it with just a single email address for both receiving and auto-reply. Setup a rule that says "if I receive an email with "RE:" in the subject line delete the email." -- that would drop any incoming replies back (assuming the user doesn't change the subject line). Internal users wouldn't use SEND AS but rather they would get into the public folder and reply as themselves to any inquiries....and thus correspond with the external party as themselves going forward in that inquiry.
  2. setup the "noreply.mydomain.com" domain in your external DNS with a proper SPF and DMARC record. You won't need an MX record...as you won't be receiving mail to that domain. Now you could be nice and setup an MX record pointing to your Exchange server and then setup that domain in your Exchange server that would allow them to reply and then a transport rule that immediately replies back with "We told you this mailbox isn't monitored!"
  3. You can setup Inquiries@mydomain.com as a simple mailbox in Exchange. External users would email that mailbox. This mailbox would do 3 things: first it would autoreply with your auto-response (make sure the FROM address is what is below in "Third". Second, it would forward that message to the "Public Folder" for your internal users to deal with. That public folder would have an email address like "InquiriesSupport@mydomain.com" or whatever. This would be the address the internal users would SEND AS and further discussion would like on. Third the simple mailbox that originally got the email would need to have its default SMTP address set to NO-REPLYInquiries@mydomain.com. This would be where it's autoreply comes from. You would then setup a transport rule in Exchange that says "drop emails coming into NO-REPLYInquiries@mydomain.com (One alternative: you can also setup a transport rule to begin with instead of a mailbox to auto send down to the PF, only problem here is you won't have a great dump mailbox for auditing/logging just in case someone says "well they said they sent it")

The 3rd option is the best setup IMO, because this would handle any new emails to your Inquiry "mailbox" that would be sent down to PF automatically and reject any replies or emails to the NO-REPLYinquiries@mydomain.com default FROM address. You also get the benefit of using the PF separately for all the actual correspondence and users can send as that PF instead of the original "Inquiries" address.

Hope that helps..it's not an easy thing to setup a "NO-REPLY" mailbox if you want someone to originally email that mailbox.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • thanks very much for your comprehensive reply. All valid suggestions. It's frustrating as it is only affecting a small number of our users so I'm reluctant to make major changes to our setup. It's a shame a Send Connector cannot be setup by individual address (as oppose to whole domain). Also our current domain does not actually have SPF or DMARC setup so I don't know whether the remote servers are looking for that, that's why I wondered about creating some sort of MX record (which yes technically I don't need as I don't need to receive email to the noreply subdomain). – george Sep 16 '16 at 09:03
  • Every domain you send email from should have at least an SPF record and preferred to have DMARC as well. Almost every mail server does an SPF lookup these days and its very easy to set them up and will ensure your outbound email is really coming from you and that the receiving end can "trust" you. – TheCleaner Sep 16 '16 at 14:58
  • NOTE: I've updated #3 option above. I think it makes more sense. I've tested it out and it works well enough. Exchange just isn't really designed easy enough around what you are wanting to do. Most of the time "no-reply" mailboxes are just sending email, not receiving originally. – TheCleaner Sep 16 '16 at 15:07
  • Thanks again. I agree about noreply normally sending only, will maybe review the situation. One question regarding option 3 (and it might be what you're getting at with your alternative bit in brackets), but could I just keep the original PF (not create any new mailbox), change the default email to noreplyenquiries@mydomain.com rather than noreply@enquiries.mydomain.com and then implement a Transport Rule to drop messages coming into the noreply address? – george Sep 19 '16 at 08:04
  • @George - Yes, I think you can. However, you may need to flip it and make the default be inquiries and the secondary be noreplyinquiries. The reason for this is that I don't recall whether your users will be able to "send as" the secondary address on the PF or not. I think they would only SEND AS the primary. But then you get stuck that the noreply secondary may not be able to be set on the auto-reply...but you may even be able to setup a transport rule for the auto-reply itself. – TheCleaner Sep 19 '16 at 13:52
  • 1
    Yes I meant make Noreply the primary address (So both the Autoreply and Send As would come from that) and have "enquires" as a secondary address so it would receive the original email. Will hopefully give this a try when I get a chance. – george Sep 19 '16 at 15:49