Mac Outlook 2011 Error 18500

    Question by:
    On

    Topics:

    Hi.
    My client is running SBS 2011/Exchange 2010.  He is running on a Mac with Outlook 2011

    The mac is able to RECEIVE email just fine from the exchange server.
    However, the Mac CANNOT SEND any email.  Just sending a short 1 word email, with no attachment, gives the error:

    "HTTP error. The server cannot fulfill the request.
    Details
    ----
    Mail could not be sent. The message has been moved to your Drafts folder.
    Error -18500"

    I *really* hope someone can help!  I''m stumped.

    TIA,
    jim
    Good Question?
    0

    Featured Post

     Java Android Coding Bundle

    Whether you're an Apple user or Android addict, learning to code for the Android platform is an extremely valuable, in-demand skill. It all starts with Java, the language behind the apps and games that make Android the top platform it is today.

    Deal ends on 6/22!

    Top Expert Contributor

    Essential articles and videos from the Experts

    Fighting against spam on Exchange 2010

    Article by Miguel Angel Perez Muñoz

    Today preventing spam is more important than ever. A lot of script kiddies and other deviants would be severe headache and cause disruption to your Exchange, or simply just leverage it to send copious amounts of spam. Supposing that your Exchange environment is running smoothly, I will try to give you some best practices to help securing your Exchange environment against spammers. Review Your DNS Records: There is a special DNS record called SPF that could help you to stop email spoofing. The SPF record determines whether or not email servers are authorized to send emails in name of a domain name. Using one of this would prevent spammers from spoofing your email addresses, and supplanting your organizations authority. Creating a SPF record is an a easy task using a configurator. You'll find many by searching across the internet, for example, Microsoft has one here (http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/), but to start with, we will use this: Create a next TXT record on your DNS Paste this code making your changes: v=spf1 ip4:1.1.1.1 ip4:2.2.2.2~all Where 1.1.1.1 is your first OUTGOING mailserver, 2.2.2.2 is your secondary outgoing server, etc. You can add more servers or a network subnet using this format: <space>ip4:1.1.1.0/24 Configure RBLs: I hate opening my mail and seeing a lot of mails trying to sending me Viagra, Rolex or whatever. You can fight against this emails using RBL. Also known as real-time blocking list, an RBL is a mega list with suspicious IP addresses of sending spam. Some of them are free to use and others may require a subscription. I have using Spamhaus and Spamcop for a few years now, and have not had any problems. Implementing an RBL is easy. First, you can use as many as you want, but you must consider that when your server receives an email, it must be do a query to your list. Using ten list equals to ten queries and may exhaust your internet access or your server resources. implementation Procedure First, you must install antispam features on your server. Run: ./install-AntispamAgents.ps1command from the %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder. Then, restart Microsoft Exchange Transport service using this Restart-Service MSExchangeTransport command. Open your Exchange console, go to Organization configuration, hub transport, antispam tab. Enable IP Block List providers and go to properties. Click add. Provide a identification name (p. ex Spamcop) and lookup domain (bl.spamcop.net) Depending of your list, would provide return code or not. You will check this with your provider but usually spam is 127.0.0.2. Is a great idea add a error message to help legitimate email senders that might be listed incorrectly. I usually include a delisting procedure for them in our bounce message. For example: "This e-mail server has been blocked because is in a Black List. To delist, visit: http://www.spamcop.net/bl.shtml" Accept all. Repeat this procedure with other list that you desired. Other Antispam Features: Exchange 2010 has more antispam features than RBL. I also suggest you enable: Recipient filtering. Open properties, go to blocked recipients and mark block messages sent to recipients that do not exist in the directory. Sender filtering. Open properties, go to blocked senders and mark block messages that don´t have sender information. Sender ID. This feature enable SPF checks to incoming email. Depending on your antispam policy, you can configure delete message, reject or mark with sender ID and continue. Try the last one because it only marks emails as spam, and if the filter is accurate, it will consider other options. On untested implementations, will discard delete option by evident reasons. Any email detected as spam will be deleted without generate any notification. Anybody knows that this email will be deleted, to sender email was delivered and receipt has no evidence of this email. The question is mark or reject. Usually when SPF fails is because email was spoofed, but sometimes SPF was not correctly implemented and reject some important emails. This disturbs to users and causes delays to receive an important email. But marking as spam, users receive the email (on junk folder, but arrives to his/her mailbox) and can read it. When users are advised that are running a new spam filter and are committed to check more frequently his/her junk folder, is easy as report false positive to Exchange admin and read the email. But rejecting email will cause that sender ask to his/her Exchange admin (if exist) or call to our company very upset because you are rejecting legitimate email. This options are configured on properties, action tab. Sender reputation. Open properties and go to sender reputation. Mark perform an open proxy test when determining sender reputation level and go to action tab Configure a value (default is 7) of threshold. Unless you have a clear concept of how sender reputation works, don't change this parameters. Content Filtering. You can configure blocking emails using keywords. Have you got a spammers words list? you can add here and increase deficiency of spam filtering. In case you need a list, you can use this list from Wordpress (http://codex.wordpress.org/Spam_Words). I suggest that configure (action tab) to reject emails with SCL of 8 or greater. IP Allow list/IP Allow list providers. This is the same as RBL, you can use white lists to void false positives. Here you can add an IP or a whitelist providers. This must be configured as an EXCEPTION to blacklist, if only permit whitelist servers may be blocking legitimate email. Always Use Encryption: By default Exchange blocks non encrypted access to POP3 and IMAP4. This prevents sniffing passwords and/or emails. Consider keep this configuration if is possible. If you really must have non-encrypted traffic, then do it on a non-standard port so that it is at least hidden from plain view. You can check this using Get-PopSettings and Get-ImapSettings cmdlets. Login type shows if login is secure or not. To enable only secure login use: Set-PopSettings -LoginType SecureLogin or Set-ImapSettings -LoginType SecureLogin Exchange uses a self-signed certificate to this, but consider acquiring a certificate from a CA such as GoDaddy, VeriSign, eTrust, GeoTrust, or any other CA you prefer. Using Outlook 2003 clients may cause problems too. By default, Exchange 2010 encrypts all traffic but Outlook 2003, by default, does not encrypt any. This causes a problem where Outlook cannot connect because the server and client cannot agree on encryption. Thus, Outlook get permanently stuck in a disconnected state. I recommend you force encryption on clients. this KB from Microsoft will help. (http://support.microsoft.com/kb/2006508) As you can see, with a few clicks can help to users getting better experience with email, in 2010 year, as least 89,1% of email was spam, this unnecessary email is not only disturbing, it increases your server workload and by extension the hardware requirements needed to process all that spam. Using these configurations can save you time, money, hardware resources, and keep your users much happier. The fight against spam is everyone's responsibility.

    NDRs and the legacyExchangeDN

    Article by Jamie McKillop

    Everyone is familiar with the standard SMTP email address format (user@domain.com). SMTP is a standard that allows e-mail to be exchanged between e-mail servers of different types and vendors, across the internet. What you may not know is that Exchange doesn’t use SMTP addresses to route e-mail internally. Instead, Exchange relies on an address type called X500 to route messages. When Exchange receives a message addressed to an SMTP address, one of the first things it does is lookup that address in the directory and resolve it to an X500 address. This use of X500 addresses in Exchange is important to understand as it can lead to unexpected NDRs if you are not aware of how it works. X500 History The use of X500 addresses in Exchange dates back to the pre-Exchange 2000 days when Exchange had its own directory. In Exchange 5.5 and previous versions, Exchange used the X400 protocol. X400 uses the Distinguished Name of an object in the LDAP directory. The problem with using a Distinguished Name is that if the object is renamed or moved in the directory tree (for example to a different server), the Distinguished Name changes and this would break mail flow as the old X400 address would no longer be valid. To get around this, Exchange relied on X500 addresses to act as aliases and hold the old X400 address. This allowed mail to be routed properly even after objects were moved or renamed. legacyExchangeDN Starting with Exchange 2000, Exchange was switched to using Active Directory instead of having its own directory. For backward compatibility with previous versions of Exchange, Exchange 2000 and subsequent versions of Exchange (up to 2010 as of this writing) continue to use the X500 address format for message routing. An attribute was created in Active Directory called “legacyExchangeDN” to hold an address in X500 format that Exchange 5.5 could understand. This is the “master” address on all mail-enabled objects in Exchange. Like in Exchange 5.5, it allows mail to be delivered to the proper location even if the object is moved, renamed, or even if the SMTP address is changed. The format of the legacyExchangeDN is: (CODE) Outlook and legacyExchangeDN Since the legacyExchangeDN is the “master” address on all mail-enabled objects in Exchange, Outlook actually addresses internal messages using the legacyExchangeDN. You will notice that when sending internal e-mails, Outlook will resolve the object from the global address book and show the display name of the object. Behind the scenes, Outlook is actually looking up the legacyExchangeDN and using that to address the message. Even if you put the SMTP address of the object in the ”To” field, Outlook will resolve that to the legacyExchangeDN before sending. When you send an email, Outlook adds the recipients to the Outlook cache, which is used for the auto-complete as you start typing an address. The cached copy of internal recipients contains the legacyExchangeDN value as the object’s address. When you reply to any messages in your Inbox, which were sent from an internal mailbox, you are replying to the legacyExchageDN value. How legacyExchangeDN causes NDRs NDRs are caused by the legacyExchangeDN because a lot of administrators assume that Exchange uses SMTP for internal routing and thus assume that as they move SMTP addresses from object to object, mail delivery will work correctly. There are two common scenarios where this occurs. The first is when a mail-enabled object is deleted from Active Directory and a new object is created with the intention to take its place. An example of when this might occur is if a contact exists to route email to an external mailbox and that mailbox is now being brought into Exchange. The administrator deletes the contact, creates the new mailbox with the same display name and ensures SMTP addresses that were on the contact are added to the new mailbox. Not long after, users start complaining about receiving the following NDR: Delivery has failed to these recipients or distribution lists: jjmck The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator. _____ Sent by Microsoft Exchange Server 2007 Diagnostic information for administrators: Generating server: exchange01.domain.local IMCEAEX-_O=COMPANY_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=jjmck@domain.local #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ## The problem is that Outlook has the old object cached. When users start typing the name of the recipient, Outlook auto-completes the recipient from the cache. Since the cache contains the legacyExchangeDN of the old contact and the legacyExchangeDN of the new mailbox is different, Exchange will not be able to find the recipient and generates an NDR as a result. The second common scenario is when you do a mail migration between organizations and you are not using migration tools that either automatically add the old legacyExchangeDN from the source mailbox to the destination mailbox as an X500 address, or rewrites the recipient addresses as SMTP during the migration of mail. A migration method where this commonly occurs is when PST exports are used to migrate mail from one organization to another. When users reply to mail migrated in this manner, it will cause an NDR as Outlook is using the legacyExchangeDN as the recipient’s address and the legacyExchangeDNs from the source organization do not exist in the target organization. How to Prevent legacyExchangeDN NDRs NDRs can be prevented by adding the legacyExchangeDN value of the original directory object as an X500 address on the new object. If you are planning on deleting an object and replacing it with another object, such as the example of replacing a contact with a mailbox discussed above, you would first need to get the legacyExchangeDN of the contact. You can do that by running the following Powershell command: (CODE) You would then take the value of the legacyExchangeDN and add it to the new mailbox as an X500 address. You can do this in EMC by adding a Custom address on the email addresses tab or you can run the following Powershell script: (CODE) If you are unsure of legacyExchnageDN value of the original object, you can reconstruct it from the information in the NDR: IMCEAEX-_O=Company_OU=Exchange+20Administrative+20Group_cn=Recipients_cn=user@company.com Would translate to a legacyExchangeDN of /o=Company/OU=Exchange Administrative Group/cn=Recipients/cn=user You can also use MFCMAPI (http://mfcmapi.codeplex.com/) to open messages in Exchange mailboxes and view the PR_SENDER_EMAIL_ADDRESS property for the legacyExchangeDN value of recipients. Once you have added the legacyExchangeDN of the old object to the new object, mail will be delivered to the new object when Outlook users reply to emails sent from the old object or use the cached object when creating new messages. Conclusion Hopefully this article has given you a better understanding on how Exchange routes e-mail internally and the importance the legacyExchangeDN attribute plays in message delivery. By better understanding this concept, you can plan for changes in your address book during migrations and deletion and recreation of objects. If you ensure you maintain the legacyExchangeDN value as an X500 alias when you migrate from old to new mail-enabled objects, you will ensure message delivery stays consistent and eliminate annoying NDR messages.

    Exchange 2013: Creating a Mailbox Database

    Video by Gareth Gudger

    Setup SMTP relay to office 365

    Video by acox65807

    More valuable questions with Expert answers

    removing exchange 2010 from PDC after mail migration to office365 E2

    Answer by Peter Hutchison

    Question: I am looking for direction on removing exchange 2010 for our network. We have used the Codetwo tool to migrate our users to office365 accounts. Because of hardware requirements, we were not able to use the hybrid deployment as our Exchange server resides on the Domain Controller that holds all of the FSMO roles. Note, this is the only server on the network. We had a sbs2003 server that was updated to a new server box running 2008r2/exchange 2010 sp3. This Migration was done according to Dmazter's blog for the migration steps. And worked well. After many starts we discovered the Azure DirSync tool had could not run on this server as it was running too many roles. So now we have active office365 not linked to the local domain. So with exchange 2010 sill operating we can not use our office365 accounts on premises until we remove the exchange server. because the share a domain name. Actions 1) how to cleanly remove all traces of exchange locally. (its all on one server) 2) can i then perform a domain rename locally to get rid of .local and change to .org 3) if the local ad server (which is the only server in the building currently ) changes to the .org domain that is in use with office 365 will this cause any problems. 4) completely starting over is not an option as import account programs use this machine as well.

    Answer: 1. You can remove Exchange services and tools via Control Panel, Programs and Features, Uninstall a Program. 2. Yes, the operation can be done, also you may need to check and change and DNS suffixes on the server(s) to match the new domain name. The random tool is used to perform the rename (see this article on other potential issues: http://technet.microsoft.com/en-us/library/cc738208(v=WS.10).aspx) 3. Depends if the Office 365 domain is Federated or not and whether the federated domain is the same as the AD name. 4. That is okay, always make sure you have a Full backup of the server before you start, so that you can revert back if anything goes wrong.

    Exchange Server 2013 settings

    Answer by Deepak C

    Question: Hi all, I have a DC and an Exchange Server with a number of mailboxes created for colleagues. I am trying to sync my iphone to the ES but missing out on something because I cannot get it to work. Are there any settings or permissions in the ES or DC that I must be aware of in order to finally get my emails on my phone. Thanks

    Answer: You may try to use the below tool to check the connectivity this will give you a very good picture as to where it is stopping. https://testconnectivity.microsoft.com/

    Send E-mail along with attachment based on Filename

    Answer by Subodh Tiwari (Neeraj)

    Question: I have a a folder with pdf files with customer's name as the name of the file. I want to be able to send e-mail message and attach the corresponding file. I have an excel file with Customer name and To; CC; subject: and standard body

    Answer: Okay. Please try this and see if this works as per your requirement. (CODE)

    Take input from CSV and output to csv Displayname and TotalItemSize

    Answer by Subsun

    Question: I have this working but I want to output the results to a csv $Users = Import-Csv c:\test\users.csv foreach ($id in $users) {Get-MailboxStatistics $id.alias | select DisplayName, @{name="TotalItemSize(MB)";expression={$_.totalitemsize.value.ToMB()}}}

    Answer: Try this..(CODE)

    201601-LO-Qu-076

    Extend your technology team with the Experts Exchange community.

    — trusted by —

    Who answers my questions?Our community has technology experts around the world.

    Simon Butler (Sembee)

    5,046

    Solutions

    Expert in:

    • Exchange
    • Email Servers
    • Outlook
    • Active Directory
    • SBS

    Jeffrey Kane - TechSoEasy

    8,045

    Solutions

    Expert in:

    • SBS
    • Exchange
    • Windows Server 2003
    • MS Server OS
    • MS SharePoint

    Will Szymkowski

    4,045

    Solutions

    Expert in:

    • Exchange
    • Active Directory
    • Windows Server 2008
    • Email Servers
    • Outlook

    Amit

    5

    Articles

    2,351

    Solutions

    Expert in:

    • Exchange
    • Outlook
    • Active Directory
    • Email Servers
    • Windows Server 2008

    David Willis

    13

    Articles

    2

    Solutions

    Expert in:

    • Exclaimer
    • Office 365

    jakob_di

    577

    Solutions

    Expert in:

    • Wireless Networking
    • Wireless Hardware
    • Active Directory
    • Chat / IM
    • Exchange

    Tej Pratap Shukla ~Dexter

    8

    Articles

    110

    Solutions

    Expert in:

    • Exchange

    Qlemo

    8

    Articles

    6,302

    Solutions

    Expert in:

    • MS SQL Server
    • Powershell
    • VPN
    • MS DOS
    • MS SQL Server 2008

    davorin

    1,144

    Solutions

    Expert in:

    • Exchange
    • Outlook
    • SBS
    • Windows Server 2008
    • Email Servers

    RELATED TOPICS view all topics

    1. Outlook
      (94,311)
    2. SBS
      (58,241)
    3. Email Servers
      (23,731)
    4. Windows Server 2003
      (128,727)
    5. Active Directory
      (71,988)
    6. Windows Server 2008
      (81,300)
    7. Email Protocols
      (13,804)
    8. Email Clients
      (18,458)
    9. MS Server OS
      (55,598)
    10. Microsoft IIS Web Server
      (35,012)