Exchange 2013 CAS server returned '500 Message rejected' (Network Steve Forum)

Exchange 2013 CAS server returned '500 Message rejected'

Hi, all.

Exchange 2013 with CAS server and 2 mailbox servers. Health checks are all 100% healthy.

One of our users cannot receive email from an external user. Our CAS server keeps rejecting the message. I can trace the message and see that it did indeed hit our servers, and was rejected. But I cannot find out WHY it was rejected.

Here is the Delivery Report from the EAC:

Delivery Report for NAME (user@ourcompany.com)
Failed
3/30/2015 1:41 PM <CAS servername>
The message couldn't be delivered.

[{LRT=};{LED=500 Message rejected};{FQDN=};{IP=}]

The external user gets this NDR:

<our local CAS servername> gave this error:
Message rejected

In the Diagnostic information for administrator section:

<our local CAS servername> returned '500 message rejected'

followed by the Original message headers. I think I'm looking for some more verbose logging to see what rule or configuration rejected the message. Any help would be greatly appreciated!

March 30th, 2015 5:13pm

Hi Dan.

To answer your question it is necessary to more detailed information from the message and the response code.

DSNs and NDRs in On-Premises Exchange 2013

Free Windows Admin Tool Kit Click here and download it now

March 30th, 2015 5:52pm

Hi Dan,

Please confirm if the issue only happens when this problematic user receives message from the specific external sender. What about other external senders sending message to this user?

In Exchange server, please check whether there is any Transport Rule created for the message rejected. In Client side, please check whether this external sender is added in the blocked sender list.

Regards,

March 31st, 2015 5:32am

My main question: how can I see what triggered my CAS server to reject this message with error 500?

Our user can receive email from other external senders ok. It seems to be just this one sender having trouble.

Our transport rules are not complex, and I see no rules that would block this sender or domain.

We use Exchange Online Protection. The message gets through EOP and hits our CAS server. The CAS server rejects the message - it never gets to the Client.

The CAS server gives the error 500 - but that's all I can find. I need a command or somewhere to look to see what triggered the 500 error.

I've posted the NDR received by the sender and scrubbed our identifying information.

Rcn.com looks like the sender's online forwarding host - the spf record for senderdomain.net points back to rcn.com. I've run an spf record check and it passes, so I do not believe that is the issue.

Here is the NDR:

From: postmaster@ourdomain.onmicrosoft.com
To: sender@senderdomain.net
Sent: Monday, March 30, 2015 1:41 PM
Subject: Undeliverable: Hello from FirstName

CAS1.our_internal_domain.local rejected your message to the following email addresses:
FirstName LastName (Username@ourdomain.com)
A problem occurred while delivering your message to this email address. Try sending your message again. If the problem continues, please contact your email admin.
CAS1.our_internal_domain.local gave this error:
Message rejected

Diagnostic information for administrators:
Generating server: BY1PR0501MB1112.namprd05.prod.outlook.com
Username@ourdomain.com
CAS1.our_internal_domain.local
Remote Server returned '500 Message rejected'
Original message headers:
Received: from BLUPR05CA0049.namprd05.prod.outlook.com (10.141.20.19) by
BY1PR0501MB1112.namprd05.prod.outlook.com (25.160.103.146) with Microsoft
SMTP Server (TLS) id 15.1.118.21; Mon, 30 Mar 2015 17:40:54 +0000
Received: from BL2FFO11FD027.protection.gbl (2a01:111:f400:7c09::115) by
BLUPR05CA0049.outlook.office365.com (2a01:111:e400:855::19) with Microsoft
SMTP Server (TLS) id 15.1.125.19 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Received: from smtp.rcn.com (69.168.97.78) by
BL2FFO11FD027.mail.protection.outlook.com (10.173.161.106) with Microsoft
SMTP Server (TLS) id 15.1.130.10 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Return-Path: sender@senderdomain.net
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.0 cv=PMSNCIWC c=1 sm=1 a=gRQJo8bc1j9+0GSSRogFxg==:17 a=NTyKUL13AAAA:8 a=ML7w5Z3_AAAA:8 a=3H5rcUylbt2uBKgiyYQA:9 a=wPNLvfGTeEIA:10 a=XQfDMMe_SRUA:10 a=SEXQnC1BqQAA:10 a=7ZjHjvgxCjAA:10 a=Wcs1mLwGzyUA:10 a=sBa8ZLUje9YA:10 a=k-GqB2yPh3IA:10 a=N4kHG9ehtKzd7-3o534A:9 a=_W_S_7VecoQA:10 a=gRQJo8bc1j9+0GSSRogFxg==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHAtZm1hQHJjbi5jb20=
Authentication-Results: smtp02.rcn.cmh.synacor.com
header.from=sender@senderdomain.net; sender-id=neutralourdomain.com; dkim=none
(message not signed) header.d=none;ourdomain.com; dmarc=pass action=none
header.from=senderdomain.net;
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.mail=sender@senderdomain.net; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=sender; auth=pass (LOGIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 69.72.92.252 is neither permitted nor denied by domain of senderdomain.net)
Received: from [69.72.92.252] ([69.72.92.252:2689] helo=FirstNameLastName)
        by smtp.rcn.com (envelope-from <sender@senderdomain.net>)
        (ecelerity 3.6.2.43620 r(Platform:3.6.2.0)) with ESMTPA
        id 58/6E-17115-4AA89155; Mon, 30 Mar 2015 13:40:53 -0400
Message-ID: <011A7DBF0D954F62987032D45778AF29@FirstNameLastName>
From: FirstName LastName <sender@senderdomain.net>
To: FirstName LastName <Username@ourdomain.com>
Subject: Hello from FirstName
Date: Mon, 30 Mar 2015 13:40:49 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0007_01D06AEF.223E4A60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of senderdomain.net designates
69.168.97.78 as permitted sender) receiver=protection.outlook.com;
client-ip=69.168.97.78; helo=smtp.rcn.com;
Authentication-Results: spf=pass (sender IP is 69.168.97.78)
smtp.mailfrom=sender@senderdomain.net;
X-Forefront-Antispam-Report:
        CIP:69.168.97.78;CTRY:US;IPV:NLI;EFV:NLI;SFV:SKN;SFS:;DIR:INB;SFP:;SCL:-1;SRVR:BY1PR0501MB1112;H:smtp.rcn.com;FPR:;SPF:None;LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test:
        BCL:0;PCL:0;RULEID:(601004);SRVR:BY1PR0501MB1112;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-OriginatorOrg: ourdomain.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2015 17:40:54.1243
(UTC)
X-MS-Exchange-CrossTenant-Id: c92ecf05-92f8-42f4-a246-24bee4988793
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB111

Free Windows Admin Tool Kit Click here and download it now

March 31st, 2015 9:16am

This topic is archived. No further replies will be accepted.
Other recent topics