1

Our users complained they are unable to receive email attachments larger than 10MB. The least size setting among Mailbox, Receive Connector and Transport config is 20MB. Investigating further we realized an unusual behavior. The server receives the email on RC01, sends it to itself through the send connector SC01 and receives it again.

I reviewed Protocol Logs and Pipeline Logs, did not find it very helpful. Where to look for this configuration and how to fix it?

This is a screenshot of header analyzer output. The email was sent from GMail, reaches our external address on Hop #3 and Hops in the same server at #4 and #5

enter image description here

Lordbalmon
  • 121
  • 1
  • 7

2 Answers2

2

In Exchange 2013, the incoming SMTP mail flow is handled in multiple steps by multiple services; this is true even when you only have one server.

This leaves traces in the SMTP headers of messages, because it adds additional hops to the message path; it looks like a server sends messages back to itself, because it actually does: they are moved between different services using the SMTP protocol.

This is expected behavior and does not indicate any issue in your Exchange environment.

More info here:
https://technet.microsoft.com/en-us/library/aa996349(v=exchg.150).aspx
https://technet.microsoft.com/en-us/library/aa996395(v=exchg.150).aspx

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Hi Massimo, may be it is not an issue but we can no longer set a receive limit higher than send limit. I don't think this could be the desirable setup. – Lordbalmon May 11 '17 at 20:27
  • I was only commenting on the "message bouncing back and forth" issue (which is not an issue at all); I don't know why 10-MB messages can't get through if all connectors have a maximum size of at least 20 MB. – Massimo May 11 '17 at 21:12
  • Anyway, you should check *all* receive connectors; they are many, and if any one of them has a lower message size limit, a message exceeding that limit will be discarded if it needs to go through that connector. – Massimo May 11 '17 at 21:13
  • Also, have a look here: https://technet.microsoft.com/en-us/library/bb124345(v=exchg.150).aspx. – Massimo May 11 '17 at 21:13
  • Massimo, I checked the connectors, the limit increased when I increased the limit on the send connector. – Lordbalmon May 11 '17 at 22:46
1

It appears your server is using a common, but often broken method of implementing spam filters. Normally, the filtering should be done on your MX server. Messages are accpeted, passed to the filter and then re-injected into the mail stream.

Filters like this will generate back-scatter spam if they send out reject messages.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • Sounds plausible, how can I confirm this? I will check policies and admin configuration, any other setting I should fix in the exchange itself? We use SMSMSE. – Lordbalmon May 11 '17 at 11:48
  • @Lordbalmon If you are going to run SMSMSE it should be on the MX server. I don't know the available toolset for MSE, so I can't recommend a solution that won't generate back-scatter. One spam solution is to blackhole rejected mail, possibly sending rejections when the source can be verified to be authorized for the sender (SPF policy). – BillThor May 11 '17 at 13:37