Scenario
You have configured Exclaimer for your Microsoft 365 tenancy. When you send an email through Exclaimer's server, the email is rejected.
In some scenarios, you see an email trace with a similar message:
Reason
This issue occurs in specific scenarios when no sender is specified in the message envelope. If the sender is blank, Exclaimer cannot identify which tenant to route the email back to. Due to restrictions imposed by Microsoft, Exclaimer cannot accept emails with no mail from address.
Resolution
The resolution of this issue depends upon different scenarios - some of which are listed below:
These settings are:
- ReportToOriginatorEnabled
- ReportToManagerEnabled
If ReportToManagerEnabled is set to True, the email will still route correctly; however, a signature will be applied for the sender's manager, therefore the ReportToManagerEnabled should be set to False.
NOTE: By default, a group created in Exchange Online will have ReportToOriginatorEnabled set to True.
If the group is synchronized from Active Directory then set ReportToOriginatorEnabled to true:
- Open Active Directory Users and Computers.
- Navigate to the View menu and select Advanced Features.
- Navigate to the group in your directory.
- Open the group properties (you can either right-click the Properties or double-click the group).
- Open the Attribute Editor tab.
- Scroll down to reportToOriginator.
- Select Edit.
- Set the value to True.
- In the Boolean Attribute Editor window, select OK.
- In the Properties window, select OK.
- These changes will only take effect once the on-premises Active Directory domain has been synchronized and replicated in Microsoft 365.
- If you do not see reportToOriginator in the list of attributes, check that
- Show only attributes that have values is not selected in the filters (Filter > Show only attributes that have values)
- Active Directory Schema has been extended with Exchange Attributes. For more information, see Can I extend Active Directory schema to include Exchange Attributes?
If the group is Microsoft 365 only (not synchronized from Active Directory) then set ReportToOriginatorEnabled to true using Powershell
Microsoft 365 Global Administrator credentials
Install Exchange Online Powershell V2 module:
- Open the Windows Powershell and run this command as an Administrator:
Install-Module -Name ExchangeOnlineManagement - Confirm that you want to install this Powershell module.
NOTE: For additional installation options, see ExchangeOnlineManagement.
Connect to Exchange Online:
- Run this command:
Connect-ExchangeOnline -UserPrincipalName <UPN> -ShowProgress $trueWhen prompted, enter your password (and the Multi-Factor Authentication verification code if required).
To check the ReportToOriginatorEnabled property for a specific group:
- Run the following command:
Get-DistributionGroup <Group Email Address> | fl ReportToOriginatorEnabled
Where <Group Email Address> is replaced with the email address for the affected group
- If the value returned is False, run this command to change it to True:
Set-DistributionGroup <Group Email Address> -ReportToOriginatorEnabled $true
Where <Group Email Address> is replaced with the email address for the affected group
NOTE: If you see an error stating that the group must not report to both the manager and the originator like below:
Set-DistributionGroup: Ex9A45AC|Microsoft.Exchange.Data.DataValidationException|The group "<Group Name>" must not report to both
the manager and the originator. Please set "ReportToManagerEnabled" or "ReportToOriginatorEnabled" to false.
You will need to first set ReportToManagerEnabled to false using this command:
Set-DistributionGroup <Group Email Address> -ReportToManagerEnabled $false
Where <Group Email Address> is replaced with the email address for the affected group
Then set ReportToOriginatorEnabled to true as above.
TIP! To quickly set ReportToOriginatorEnabled to true for all groups, run these two commands:
Get-DistributionGroup | Where-Object {$_.ReportToManagerEnabled -eq $True} | Set-DistributionGroup -ReportToManagerEnabled $false
Get-DistributionGroup | Where-Object {$_.ReportToOriginatorEnabled -eq $false} | Set-DistributionGroup -ReportToOriginatorEnabled $true
The JournalingReportNdrTo setting is intended for specifying a mailbox for Non-Delivery Reports (NDRs) to be delivered when journalling messages fail.
According to Microsoft, "Any mail to JournalingReportNdrTo mailbox will not be journaled, and it will not honor transport and mailbox rules settings. It is recommended to create a dedicated mailbox for the JournalingReportNdrTo setting or set it to an external address."
The Exclaimer Support team find that this setting is commonly configured so that an Administrator is set to receive these journalling NDRs; however, this is against best practices and will lead to mail delivery issues.
To set a dedicated mailbox as the recipient for Journal Report NDR messages:
NOTES: The steps described below should be applied even if message journaling is not enabled; the steps are for both the GUI and Powershell - please select the method that works best for you:
Microsoft 365 Global Administrator credentials
To configure the JournalingReportNdrTo setting using the Microsoft Purview portal (GUI):
- Browse to the Microsoft Purview compliance portal.
- Navigate to Solutions > Data lifecycle management >Exchange Legacy.
- Select Settings.
- Under Send undeliverable journal reports to:, select Replace.
- Enter the email address for a dedicated mailbox for receiving journalling NDRs.
To configure the JournalingReportNdrTo setting using Powershell:
Install Exchange Online Powershell V2 module:
- Open the Windows Powershell and run this command as an Administrator:
Install-Module -Name ExchangeOnlineManagement - Confirm that you want to install this Powershell module.
NOTE: For additional installation options, see ExchangeOnlineManagement.
Connect to Exchange Online:
- Run this command:
Connect-ExchangeOnline -UserPrincipalName <UPN> -ShowProgress $true
When prompted, enter your password (and the Multi-Factor Authentication verification code if required).
To check the JournalingReportNdrTo setting:
- Run the following command:
Get-transportconfig |fl JournalingReportNdrTo
To configure the JournalingReportNdrTo setting:
- Run the following command:
set-transportconfig -JournalingReportNdrTo <insert mailbox address>
-
Option 1 (Recommended): Create a new transport rule in addition to the existing Exclaimer transport rules already set up. The new rule will ensure that Exclaimer does not process 'Out of Office' emails.
-
Option 2: Re-run the connector setup: The Microsoft 365 connector setup will automatically create the Transport Rule.
See how you can re-run the Microsoft 365 connector setup. Also, please note that it can take up to a few hours for the changes to come into effect.
- If you re-run the connector setup, then any existing Exclaimer transport rules will be removed in the process.
- If you create a new transport rule, then any existing Exclaimer transport rules will not be removed in the process.
To create a new Transport rule:
NOTE: The steps described below are for both the GUI and Powershell; please select the method that works best for you:
To create a new transport rule in the Exchange Admin center (GUI):
Microsoft 365 Global Administrator credentials
- Sign in to the Exchange Online admin portal (https://admin.exchange.microsoft.com) as an Administrator.
- From the left-hand navigation menu, select Mail flow, then select Rules:
- From the right-hand pane, select the + Add a rule (plus) drop-down and select Create a new rule...
A new rule window is displayed.
- In Name, enter Prevent Out of Office messages being sent to Exclaimer.
- From Apply this rule if... drop-down select The message properties...then select include the message type.
- For select message type, specify Automatic reply.
- Select Save.
- In Do the following...drop-down, select Modify the message properties...then select set a message header.
- Set the message header to X-ExclaimerHostedSignatures-MessageProcessed.
- Now, set the value to true.
- Select Next.
- Tick the Activate this rule on option.
- Select Next.
- Select Finish to save the changes made.
The new rule will now be displayed in the rules list.
- Select the new rule, then select Move Up to ensure that the priority is lower than the rule Identify messages to send to Exclaimer.
The rules are now in the correct order:
NOTE: It can take up to a few hours for the changes to come into effect.
To create a new transport rule using Powershell:
Install Exchange Online Powershell V2 module:
- Open the Windows Powershell and run this command as an Administrator:
Install-Module -Name ExchangeOnlineManagement - Confirm that you want to install this Powershell module.
NOTE: For additional installation options, see ExchangeOnlineManagement.
Connect to Exchange Online:
- Run this command:
Connect-ExchangeOnline -UserPrincipalName <UPN> -ShowProgress $true
When prompted, enter your password (and the Multi-Factor Authentication verification code if required).
Create the transport rule:
- Run this command:
New-TransportRule -Name "Prevent Out of Office messages being sent to Exclaimer" -MessageTypeMatches OOF -enabled $true -SetHeaderName "X-ExclaimerHostedSignatures-MessageProcessed" -SetHeaderValue "true" -Priority 0
NOTE: It can take up to a few hours for the changes to come into effect.
To generate the script:
- Open the Windows Powershell and run the following commands as an Administrator:
Invoke-WebRequest -URI https://cdn.exclaimer.com/Support/Tools/Script%20Files/ExchangeOnlineExclaimerCheck.ps1 -OutFile $env:LOCALAPPDATA\Temp\ExchangeOnlineExclaimerCheck.ps1 -
$ScriptPath = "$env:LOCALAPPDATA\temp\ExchangeOnlineExclaimerCheck.ps1"
-
Invoke-Expression $ScriptPath
This script will generate a file (C:\Temp\ExchangeOnlineExclaimerCheck.txt), which will allow the Support team to see how your mail flow is currently configured.
Attach this file when you raise the Support ticket.