This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 17%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB0%3C/text%3E%3C/svg%3E)
Hello All,
We recently set added DMARC, SPF and DKIM (plug-in) for our 2013 Exchange server. We are getting emails with the subject of "Inbound proxy probe" email messages from "noreply-dmarc-support@domain.local". I look at the messages in more detail and they show
"This is an authentication failure report for an email message
received from IP 127.0.0.1 on 'date and time'
....Received: from 'exchangeserver.local' ('intenral Ip') by 'exchangeserver.local'
('intenral Ip')
Received: from InboundProxyProbe (127.0.0.1) by 'exchangeserver.local'
(127.0.0.1)
X-MS-Exchange-ActiveMonitoringProbeName: OnPremisesInboundProxy
X-Exchange-Probe-Drop-Message: FrontEnd-CAT-250
Subject: Inbound proxy probe
Message-ID: <0479e598445545fc85f57c2d913e65a5@'exchangeserver.local'>
From: <inboundproxy@Company portal .com>
To: Undisclosed recipients:;
Return-Path: inboundproxy@Company portal .com
"
I researched the message and deleted the health mailboxes in case this was the issue. After recreating the health mailboxes by restarting the Exchange Health Manager Service, I ran the command "Get-Mailbox -monitoring | fl name,EmailAddresses" and got all the mailboxes to display their info.
Here is one sample of the info I see for for each mailbox:
"Name : HealthMailboxad'guid'
EmailAddresses : {smtp:HealthMailboxad'guid'@keyman .local, X400:C=US;A=
;P='domain';O=Exchange;S=HealthMailboxad'guid';,
SMTP:HealthMailboxad'guid'@keyman .com, SIP:HealthMailboxad'guid'@keyman .com}
"
From what I have read this could be due to an incorrect email address.
I see that smtp has two emails -
1) "HealthMailboxad'guid'@keyman .local"
2) "HealthMailboxad'guid'@keyman .com"
I also see the SIP also lists "HealthMailboxad'guid'@keyman .com"
Even though I forced the Health mailboxes to recreate, is it possible this information is incorrect? Or is it OK to have two aliases of ".local" and ".com"?
I would greatly appreciate further insight on this subject and possible resolutions.
thank you,
Brian
Hi @BTS-0610 ,
Have you changed the main SMTP address of your server? I'm not sure if both domain.com and domain.local are used by your server.
If this is what you are experiencing, please consider using a corresponding SMTP Address. After changing the address, please delete the health mailboxes from ADUC > Microsoft Exchange System Objects > Monitoring Mailboxes and then restart Exchange Health Manager Service on every server.
Or you can try use commands to change the SMTP address for them:
Get-Mailbox -Monitoring | Name
Set-Mailbox -Identity HealthMailbox*********@domain.com -PrimarySMTPAddress HealthMailbox*******@domain.local
Best regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you Lou for your response. I will look at your recommendations and keep you posted.
Sincerely,
Brian
...Additionally, if ".local" must be kept internally, are these the commands to remove ".local" from the public side of the email server?
thank you
Hi @BTS-0610 ,
Are you going to use both .com and .local for your organization as the accepted domain suffixes?
Or the server FQDN is like server.domain.local? And you added the server.domain.com as an accepted domain and use email address policy to change the default email address?
But actually after re-creating the health mailboxes, the SMTP address should be correct same with your user mailboxes. Will the reports appear again?
You can see the default SMTP address here and Yes the SMTP should be the default one:
To keep .local or remove it is based on your server settings.
Best regards,
Lou
Hello Lou,
thank you for your response. After I delete and recreate the Health mailboxes it lists both domain.local (smtp) and domain.com (SMTP(default)) for the Health mailbox addresses. The inbound proxy probe messages appear again. But something must be wrong with the configuration or we would not be getting the "inbound proxy probe" error messages. If this information helps we use an email filter and the email filter is what gives us further details, originally listed in the original post. The email filter indicates it doesn't accept the domain.local address appended to the email server.
So would the default email policy listing a secondary smtp address as .local still be a factor in the case?
thank you,
Brian
I posted that I thought I had figured it out. I did some research and needed to make some changes to align DKIM with DMARC. A few firewall rules were adjusted as well and that helped with some of the messages. But I am still getting the inbound proxy probe errors.
https://powerdmarc.com/why-is-dmarc-failing/
The inbound proxy probe emails state there is an authentication error. Any additional help would be appreciated.
"This is an authentication failure report for an email message received from...."
thank you,
Brian
Hi @BTS-0610 ,
Could you disable the MS Exchange Health Manager service and see if this happpens or not?
Basically I think you can check if your DMARC is correctly deployed with: https://mxtoolbox.com/dmarc.aspx
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
If the DMARC check passed, then I think disabling the service could be a good choice.
Best regards,
Lou
Hi @BTS-0610 ,
Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
If these emails still comes, please also check the SPF, DKIM settings and provide more information about your server.
Best Regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.