Hi all I am getting pressure to "allow automatic replies" to be sent externally from our organisation, and it is coming from a huge section of users who were allowed to do this on systems they have migrated FROM (GroupWise and Domino). Now, it is possible that those Systems were just poorly configured and this was allowed despite the potential for mail loops, but I dont know and I guess that "political issue" is not really relevant to this technical query. However, with Exchange 2007, I am trying to figure out the best way to ALLOW this, but to mitigate the "loop risks" as much as possible. Once I allow it, ANYONE can in theory create such an "autoreply" from their mailbox, which makes management centrally almost impossible (When I say "management" I refer to having people create rules that have at least 3 or 4 conditions on them to alleviate the risk of creating a loop). I can tell them how they MUST create rules, but I can't dictate that in my environment or enforce it technically (Unless there is a way to DISABLE the "Have server reply with a specific message" condition within "rules and Alerts"???).. DOES ANYONE out there have experience of ALLOWING this and preventing\detecting EXTERNALLY created mail loops (Internally, Exchange detects a mail loop between mailboxes instantly. EXTERNALLY though, I can create a constant mail loop within minutes i.e. autoreply on googlemail, autoreply on Exchange mailbox, Emails bounce between one another constantly). If there is no reasonable TECHNICAL way, then a process that you follow to detect loops would be a great start for me. Your help is massively appreciated. Tom

Possible start of a loop detector: This should give you a list of the recipients that have received more than 100 messages from the same sender in the last hour. get-messagetrackinglog -server <transportserver> -EventId deliver -start (get-date).addhours(-1) -resultsize unlimited | select sender,recipients | group sender |? {$_.count -gt 100} |% {$_.group | group recipients} |? {$_.count -gt 100} |% {($_.group[0]).recipients}[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Thanks mjolinor ;-) This was one of the options I started looking at last Thursday and nearly got what you have here, it just would not alleviate the MAIN concern which is prevention over a weekend. But it is a reasonable option My other thought was to inform users that the Mailbox-Rule they create MUST use a "generic Dummy address" in the "Have Server reply with a message" template. I could then Silently DROP via a transport Rule any emails that were subsequently SENT to that address. PROBLEM with this one is I'd need to SOMEHOW ensure that all 50 000 users adhere to that way of creating a rule. Subjectively speaking, Is the root cause purely that the Current Exchange product does not have a "well developed and configurable" feature for detection external mail loops? Tom

You could run that as a scheduled task every hour, and use some datetime logic to determine if it's happening on a weekend or after hours and automatically drop the hammer on the prohibitsendquota of any mailbox it gets a hit on, and send you an email notification about it.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Great thinking! In terms of "reasonable" efforts to detect a loop i thnk this may just be enough... I would certainly run it on the hour as you say and send an email to my "system" queue as I do for mail loops that I detect via the "redirect" messagetracking process (If there are X number of redirects within an hour from one address I receive an email suggesting a possible mail loop). HOWEVER ;-) I also use POSTMASTER to retain NDR's, so in "claymore'ing" the quota I would be sending the 5.2.2 ndr back to the external autoresponder. Assuming they allow NDR's through (Which we do so no reason they wont), we'd then have an NDR-External autoResponder loop continuing. Because I'm trying to pacify one of my customer who "Dont want ANY email unreceived", POSTMASTER was my way of allaying their fears to an extent. So POSTMASTER in theory needs to remain healthy and not get maxxed out either. LOW risk I appreciate, but if I leave it to chance it'll just be bugging my mind you understand :-) An email to me or my team on the week

Redirects Within a minute I should have said....

Ah, but you're only "claymoring" the send quota, which means the mailbox can still receive, but not respond. That will break the loop. There will be one delivery failure, sent back to the recipient's mailbox from Exchange when it tries to respond, but nothing sent back the to original sender. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

There really is realistic method. In addition to some of the responses you can create a transport rule to append header X-Auto-Response-Suppress: AutoReply for externallly bound emails. This basically means users can send auto replies out but they users will never receive auto replies coming in. It's typically only used for certain apps such as listservs. Always set quota limits for send as well as receive to ensure that routing loops do not consume your all your disk space. Set correct monitors to monitor queue levels etc. 2.1.2.20 Auto Response Suppress http://msdn.microsoft.com/en-us/library/ee219609(EXCHG.80).aspx James Chong (MVP) MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.comJames Chong (MVP) MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi James, May i know how to create such a transport rule to append the header for X-Auto-Response-Suppress? thanks alot.