-->

Tuesday, February 19, 2019

Exchange 554 5.7.105 sender's email address is on SenderFilterConfig list

One of my users submitted a ticket that "an important client was getting blocked by our spam filter". Checking the filter, all messages from that sender were clean and not being blocked at all. After further digging i.e. the user finally gave me the NDR that the external sender was getting:

host 123.45.67.89 [123.45.67.89] said: 554 5.7.105 SenderFilterAgent; Sender denied as sender's email address is on SenderFilterConfig list

**Note** In the above bounce message, the "host IP address" refers to my Edge server.

In message tracking, it shows the same bounce message; you can view that by running the following in the EMS (Exchange Management Shell):

Get-MessageTrackingLog -Sender sender@externaldomain.com -Start "2/18/19 8AM" -End "2/18/19 5PM" | fl *RecipientStatus*

RecipientStatus : {[{LED=554 5.7.105 SenderFilterAgent; Sender denied as sender's email address is on SenderFilterConfig list};{MSG=};{FQDN=};{IP=10.28.68.138};{LRT=}]}

This could be one of two things:

The sender or external domain is on the SenderFilterConfig BlockedSenders/BlockedDomains on the Exchange Edge or Mailbox Server(s)

-or-

The sender/domain is listed in the User's MailboxJunkEmailConfiguration blocked senders list in Outlook.

I do run an Edge server, but I don't have entries in the Sender Filter Config (because I run a 3rd party spam filter) as seen here:

Get-SenderFilterConfig | fl *block*

BlockedSenders               : {}
BlockedDomains               : {}
BlockedDomainsAndSubdomains  : {}
BlankSenderBlockingEnabled   : False
RecipientBlockedSenderAction : Reject


Upon checking the User's Junk mail config, bingo! She had hundreds of senders in there; this particular sender being one of them.

**Note** The User also had the sender in the TrustedSendersAndDomain list, but the block list takes precedence over allowed.

To view the list, run the following in the EMS:

$formatenumerationlimit=-1

The above cmdlet will allow you view the entire list because if it's large, PowerShell will truncate it.

Then, run:

Get-MailboxJunkEmailConfiguration -Identity "user mailbox" | fl *block*

**Note** Change "user mailbox" to the user you're dealing with.

You can then right-click the Shell title bar and Edit > Find to search for the suspect sender.

Now, let's remove that sender from the blocked sender list:

Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains @{remove="sender@domain.com"}

**Note** Replace "sender@domain.com" with the actual email address of the sender.

One thing I noticed: the removal of the sender from the blocked list didn't take effect immediately. In fact it didn't do anything for the hour I waited. 
The background operation that happens is: even though the blocklist is client-specific, it pushes that setting up to the Exchange servers, and if you run an Edge, it will need to EdgeSync over.

In order for the sender to be cleared from the blocked list, I had to disable/re-enable the SenderConfig on the Edge.

To turn off the Sender Filter Config, run:

Set-SenderFilterConfig -Enabled $false

Then, run:

Set-SenderFilterConfig -Enabled $true

After that, the messages starting being delivered successfully! Now, tell your user they don't need to add every single sender in world to the blocklist, your spam filter can handle the heavy lifting ;)

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete