Hello All,
We recently set added DMARC, SPF and DKIM (plug-in) for our 2013 Exchange server. We are getting emails with the subject of "Inbound proxy probe" email messages from "noreply-dmarc-support@domain.local". I look at the messages in more detail and they show
"This is an authentication failure report for an email message
received from IP 127.0.0.1 on 'date and time'
....Received: from 'exchangeserver.local' ('intenral Ip') by 'exchangeserver.local'
('intenral Ip')
Received: from InboundProxyProbe (127.0.0.1) by 'exchangeserver.local'
(127.0.0.1)
X-MS-Exchange-ActiveMonitoringProbeName: OnPremisesInboundProxy
X-Exchange-Probe-Drop-Message: FrontEnd-CAT-250
Subject: Inbound proxy probe
Message-ID: <0479e598445545fc85f57c2d913e65a5@'exchangeserver.local'>
From: <inboundproxy@Company portal .com>
To: Undisclosed recipients:;
Return-Path: inboundproxy@Company portal .com
"
I researched the message and deleted the health mailboxes in case this was the issue. After recreating the health mailboxes by restarting the Exchange Health Manager Service, I ran the command "Get-Mailbox -monitoring | fl name,EmailAddresses" and got all the mailboxes to display their info.
Here is one sample of the info I see for for each mailbox:
"Name : HealthMailboxad'guid'
EmailAddresses : {smtp:HealthMailboxad'guid'@keyman .local, X400:C=US;A=
;P='domain';O=Exchange;S=HealthMailboxad'guid';,
SMTP:HealthMailboxad'guid'@keyman .com, SIP:HealthMailboxad'guid'@keyman .com}
"
From what I have read this could be due to an incorrect email address.
I see that smtp has two emails -
1) "HealthMailboxad'guid'@keyman .local"
2) "HealthMailboxad'guid'@keyman .com"
I also see the SIP also lists "HealthMailboxad'guid'@keyman .com"
Even though I forced the Health mailboxes to recreate, is it possible this information is incorrect? Or is it OK to have two aliases of ".local" and ".com"?
I would greatly appreciate further insight on this subject and possible resolutions.
thank you,
Brian