Scenario
You have configured Exclaimer for your Microsoft 365 tenancy. When you send an email, you find that it is not delivered and you receive a non-delivery report with a similar message:
DSN generated by: LO2P123MB1902.GBRP123.PROD.OUTLOOK.COM
Remote server: uk1.smtp.exclaimer.net
Reason
This error typically occurs because of the Directory-Based Edge Blocking (DBEB) settings configured within Exchange Online.
DBEB is usually enabled for your accepted domains in Microsoft 365 to reject external emails with addresses that are not present within the Azure Active Directory.
There are a few likely causes of this error, depending on the scenario:
-
The email was sent to a user or group:
The error can occur as a result of misconfigured mail routing settings in Exclaimer or due to the mail flow settings in Microsoft Exchange Online not having fully replicated.
-
The email was sent to a public folder:
Public folder mailboxes are not synchronized with the Azure Active Directory. As your emails are routed out to Exclaimer and then back to Microsoft 365 - they are considered external from the DBEB purpose.
For more information, see Office 365 Directory Based Edge Blocking support for on-premises Mail Enabled Public Folders.
Resolution
Please click on the required options listed below to go through the detailed description:
Solution 2: Force the replication of the connectors within the Microsoft 365 environment
If an incorrect routing address is in the Exclaimer Settings
- Log into the Exclaimer portal (portal.exclaimer.com) and Launch your subscription.
- From the left-hand pane, click Configuration, then select Manage Mail Flow.
- In the right-hand pane, under Mail Routing Domain, are the relevant options.
- In Domain Name, enter the .omnicrosoft.com domain name - this can be located in the Domain list in the Microsoft 365 Admin Center. This setting is important, and an incorrect domain can result in mail flow issues.
Example:
- Click SAVE to save the changes made.
NOTES: The MX record for the Domain name (in the Mail Routing settings) should specify a single Exchange Online Server for your Microsoft 365 tenancy.
- To check the MX record for your own Domain name, use a DNS lookup tool, such as MXToolbox.
Example showing Exclaimer's domain:
Force the replication of the connectors within the Microsoft 365 environment
- Delete the Exclaimer transport rule.
-Log in to the Exchange admin center using your Microsoft 365 Administrator credentials.
- Select mail flow from the left-hand pane, then select rules.
- You will see the Transport Rule you created when setting up Signatures for Office 365.
- Click the trashcan icon above the Transport Rule.
A Warning message is displayed, prompting you to confirm if you want to permanently delete the Transport Rule.
-Click Yes to permanently delete the Transport Rule.
WARNING! Once the Transport Rule has been deleted, it cannot be undone. - Delete both Exclaimer connectors.
-Highlight the Receive connector and click the trashcan icon:
A Warning message is displayed, prompting you to confirm if you want to delete the selected connector.
- Click Yes to permanently delete the selected connector.
WARNING! Once the Office 365 connectors are deleted, they cannot be undone.
- Repeat the same process to delete the Send connector.
- With the Transport Rule and Office 365 connectors deactivated/deleted, your emails will no longer be routed to an Exclaimer Azure server, and signatures will not be added to any emails.
- Remove the Exclaimer domain:
- In the Microsoft 365 Admin Center, navigate to Settings > Domains (via the left-hand navigation pane).
- On the Domains page, select the required domain (this will be in the form <unique tenant ID>.smtp.exclaimer.cloud).
- Click Remove.
- Follow any additional prompts, then click Close.
For additional information, see how you can remove the Exclaimer domain.
- Re-run the connector setup.
Solution 2: If your public folders are hosted in Exchange Online
If your public folders are hosted on-premise
- Open the Microsoft Azure Active Directory Connect screen.
- Select Optional Features on the left-pane, then tick Exchange Mail Public Folders on the right-pane.
This will ensure that Mail Enabled Public Folders addresses will no longer be considered invalid addresses by DBEB. And messages will be delivered to them like they are delivered to any other recipient.
If your public folders are hosted in Exchange Online
Directory-Based Edge Blocking (DBEB) is not yet supported for Mail Enabled Public Folders hosted in Exchange Online.
But there are two possible workarounds:
-
Stop routing emails sent to Public folders to Exclaimer. No Server-Side signature will be applied. (Recommended)
- Disable the Directory-Based Edge Blocking (Not Recommended)
To stop routing emails sent to Public folders to Exclaimer (Recommended):
- Log into Exchange Online.
- Navigate to Mail flow, then select rules.
- Select the rule Identify Messages to send to Exclaimer.
- Click Edit.
- Scroll down to the Except if... section.
- Click on add exception.
- Select the Recipient... Is this person.
- In the Select Member's dialog, select all of the public folder mailboxes.
- Click Add.
- Click OK, then click Save.
To disable Directory Based Edge Blocking (Not Recommended)
- Log into Exchange Online.
- Navigate to Mail flow, then select Accepted domains.
- Select the domain of the public folder, then click Edit.
- Under This accepted domain is select Internal relay to disable DBEB.
- Click Save.