In my environment, we run SuccessFactors (part of SAP) and as most Exchange admins can attest, SAP is absolutely terrible when it comes to relaying through Exchange/M365. One of the many problems we have (weekly, it seems) was our timecard notification jobs every Monday started erroring out after about the 5th message. The error (below) would cause any further messages in the job to stop.
It would throw a 554 5.6.0 invalid message content, stopping all further messages:
The way we have our relaying set, is for SuccessFactors (SF) to connect to our on-premises Exchange Hybrid servers. So, the most obvious place to start was message tracking on there. Sure enough, tracking showed the following:
{[{LRT=};{LED=554 5.6.211 Invalid MIME Content: Single text value size (32782) exceeded
allowed maximum (32768) for the 'Replicon_time_entries' header.
[MN2PR06MB6623.namprd06.prod.outlook.com 2024-04-29T14:43:26.364Z 08DC665FAD5D7B03]
[DS7PR05CA0090.namprd05.prod.outlook.com 2024-04-29T14:43:26.372Z 08DC6833DB2077BC]
[DS3PEPF000099D3.namprd04.prod.outlook.com 2024-04-29T14:43:26.374Z
08DC667B5B6206E2]};{FQDN=};{IP=}], [{LRT=};{LED=554 5.6.211 Invalid MIME Content: Single
text value size (32782) exceeded allowed maximum (32768) for the 'Replicon_time_entries'
header. [MN2PR06MB6623.namprd06.prod.outlook.com 2024-04-29T14:43:26.364Z 08DC665FAD5D7B03]
[DS7PR05CA0090.namprd05.prod.outlook.com 2024-04-29T14:43:26.372Z 08DC6833DB2077BC]
[DS3PEPF000099D3.namprd04.prod.outlook.com 2024-04-29T14:43:26.374Z
08DC667B5B6206E2]};{FQDN=};{IP=}], [{LRT=};{LED=554 5.6.211 Invalid MIME Content: Single
text value size (32782) exceeded allowed maximum (32768) for the 'Replicon_time_entries'
header. [MN2PR06MB6623.namprd06.prod.outlook.com 2024-04-29T14:43:26.364Z 08DC665FAD5D7B03]
[DS7PR05CA0090.namprd05.prod.outlook.com 2024-04-29T14:43:26.372Z 08DC6833DB2077BC]
[DS3PEPF000099D3.namprd04.prod.outlook.com 2024-04-29T14:43:26.374Z
08DC667B5B6206E2]};{FQDN=};{IP=}]}
That means the header is too large for O365 to accept, so it bounces - it does not actually reach EXO, so tracing on that side won't show it.
If you look at the header of one of the working messages, SAP is adding a whole chunk of text, making the header way too big. Here's part of the header where you can see the extra junk:
Received: from BLAPR06MB6819.namprd06.prod.outlook.com (2603:10b6:208:29c::10)
by SA1PR06MB7860.namprd06.prod.outlook.com with HTTPS; Mon, 29 Apr 2024
14:43:30 +0000
Received: from CH2PR20CA0025.namprd20.prod.outlook.com (2603:10b6:610:58::35)
by BLAPR06MB6819.namprd06.prod.outlook.com (2603:10b6:208:29c::10) with
Received: from vsa12723543.stl1.od.sap.biz (172.26.59.32) by
EXHYB-01.exchangeitup.com (172.2.1.11) with Microsoft SMTP Server (TLS) id
15.0.1497.2; Mon, 29 Apr 2024 09:38:24 -0500
Date: Mon, 29 Apr 2024 14:38:24 +0000
From: <sf_email@exchangeitup.com>
To: <raghi@exchangeitup.com>, <huang@exchangeitup.com>
Message-ID: <1453815201.500.1714401504559@webmail.exchangeitup.com
Subject: Replicon Clock Time Report for your Employees.
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_499_2028040997.1714401503408"
breadcrumbId: ID-vsa12723543-1714116965992-360-6612
Replicon_time_entries:
=?us-ascii?Q?Employee=5FId,User=5FFirst=5FName,User=5FLast=5FName,Punch?=
=?us-ascii?Q?=5FDate,Actual=5FTime,Rounded=5FTime,Device=5FName20002644,M?=
=?us-ascii?Q?ariah,Ak,04/22/2024,7:43:12,7:45:00,RepCC-4220002644,Mari?=
=?us-ascii?Q?ah,Ak,04/22/2024,16:07:06,16:15:00,RepCC-4220008894,Kimbe?=
=?us-ascii?Q?rly,Schex,04/22/2024,8:03:26,8:00:00,RepCC-4220008894,?=
=?us-ascii?Q?Kimberly,Schex,04/22/2024,16:27:29,16:30:00,RepCC-4220?=
=?us-ascii?Q?008894,Kimberly,Schex,04/23/2024,5:45:53,5:45:00,RepCC?=
=?us-ascii?Q?-4220008894,Kimberly,Schex,04/23/2024,14:39:37,14:45:0?=
=?us-ascii?Q?0,RepCC-4220008894,Kimberly,Schex,04/24/2024,5:51:44,5?=
=?us-ascii?Q?:45:00,RepCC-4220008894,Kimberly,Schex,04/24/2024,14:3?=
=?us-ascii?Q?1:30,14:30:00,RepCC-4220008894,Kimberly,Schex,04/25/20?=
=?us-ascii?Q?24,5:49:15,5:45:00,RepCC-4220008894,Kimberly,Schex,04/?=
=?us-ascii?Q?25/2024,15:50:32,15:45:00,RepCC-4220008894,Kimberly,Schex?=
=?us-ascii?Q?der,04/26/2024,7:18:20,7:15:00,RepCC-4220008894,Kimberly,Sch?=
=?us-ascii?Q?ex,04/26/2024,15:02:55,15:00:00,RepCC-4220009046,David?=
=?us-ascii?Q?,Le,04/22/2024,8:52:00,9:00:00,RepCC-4220009046,David,L?=
=?us-ascii?Q?e,04/22/2024,17:19:04,17:15:00,RepCC-4220009046,Davi=09?=
=?us-ascii?Q?d,Le,04/23/2024,14:42:26,14:45:00,RepCC-4220009046,Davi?=
=?us-ascii?Q?d,Le,04/23/2024,17:33:48,17:30:00,RepCC-4220009046,Davi?=
=?us-ascii?Q?d,Le,04/24/2024,7:09:38,7:15:00,RepCC-4220009046,David,?=
=?us-ascii?Q?Le,04/24/2024,11:33:42,11:30:00,RepCC-4220009046,David,?=
=?us-ascii?Q?Le,04/24/2024,12:39:00,12:45:00,RepCC-4220009046,David,?=
=?us-ascii?Q?Le,04/24/2024,17:07:04,17:15:00,RepCC-4220009046,David,?=
=?us-ascii?Q?Le,04/25/2024,8:23:55,8:30:00,RepCC-4220009046,David,Le?=
=?us-ascii?Q?,04/25/2024,12:38:36,12:45:00,RepCC-4220009046,David,Le?=
=?us-ascii?Q?,04/25/2024,13:24:12,13:30:00,RepCC-4220009046,David,Le?=
=?us-ascii?Q?,04/25/2024,18:24:30,18:30:00,RepCC-4220009046,David,Le?=
=?us-ascii?Q?,04/26/2024,8:56:30,9:00:00,RepCC-4220009046,David,Leon?=
=?us-ascii?Q?,04/26/2024,13:09:16,13:15:00,RepCC-4220009046,David,Leon?=
=?us-ascii?Q?,04/26/2024,17:19:09,17:15:00,RepCC-42?=
SAP_MessageProcessingLogID: AGYvsBZt3pwAL7njbCl8KGJK3Otz
SAP_MplCorrelationId: AGYvsBZ7JcYHEU4lhPxb5wfRsIrh
SAP_PregeneratedMplId: AGYvsN9elo-RaXm3THlA0l_jfzPn
SapGroup: 1
SapSplitExpression: //RepliconPunches
Return-Path: sf_email@exchangeitup.com
See all that extra text? That made the header way past the 32KB size limit. So, we need to get our SAP guys to check their flow on the SAP server-side to stop it from editing the header.
Once you get that fixed it'll be just like any other mail header and send successfully!