Shulou(Shulou.com)06/02 Report--

Recently, we encountered a problem in a Hybrid environment where local mail is treated as external mail by cloud transport rules. Let's share the analysis process with you.

Environment:

Local Exchange Server 2013

Exchange Online E3

Question:

The administrator creates a transport rule in Exchange Online and adds a disclaimer to messages from outside the organization, as shown below:

After that, cloud users reported that they received emails from local users, and this rule was also applied.

After receiving this question, we first check the accepted domain of the cloud from the EAC interface of Exchange Online, and confirm that the local domain is listed as an authoritative domain:

By looking at the header of this email:

X-MS-Exchange-Organization-MessageDirectionality: Incoming

X-Matching-Connectors: 131805302641153032; (05e94084-a2b6-4099-acf4-08d53af20ab8 Magneto c8718832-8213-4759FEECaLY 08d449cac4ccmm6fb0ce17Mub21bMuy4747-06d9-08d2eb2f6ec1Mold 9d95b77bM071fFF48d9FafcbFIL08d4dd6cc1m42fac3f6cc1MIT 4adafc4C965-08d4a15bfd9d).

X-CrossPremisesHeadersFiltered: PU1APC01FT061.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-Organization-AuthSource:

PU1APC01FT061.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-Organization-AuthAs: Anonymous

X-MS-PublicTrafficType: Email

X-MS-Exchange-CrossTenant-Id: ca435bfc-b770-4010-9cf9-aebba18ae9a2

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK0PR03MB3665

We see that this email is indeed treated as an ordinary public network email. Because in a normal Hybrid environment, the information in this type of header should be as follows:

X-MS-Exchange-Organization-AuthAs: Internal

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

Next, check the receive connector and local send connector in the cloud, especially the TLS-related settings:

Cloud receive connector

Local send connector

When the certificate was checked, it was found that the certificate of the receive connector used in the cloud for Hybrid had expired.

So update it with the following command:

Get-InboundConnector | Set-InboundConnector-TlsSenderCertificateName ""

After waiting for a while before testing, it was found that messages from local sources were no longer treated as external messages.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.