question

MikaelBohlin-3682 avatar image
0 Votes"
MikaelBohlin-3682 asked ·

DBEB working randomly

DBEB in Exchange Online Protection should reject inbound emails to addresses not found in the internal directory. If I send an email to a made-up address (john.doe@mycompany.org) from an external mailbox, I do get a NDR saying 5.4.1 access denied. So far so good. But when I send an email that we deleted back in year 2011, from our internal AD and onprem Exchange, the email is accepted by the DBEB and processed by the MTA. The result gives an NDR as well, but with "not found in the smtp addressbook". Why is DBEB accepting a user that we deleted 10 years ago, a user that was deleted many years before AD Sync to Azure and the Exchange Hybrid setup? I assume there are something left in AD/Exchange, but where shall I look for it?

office-exchange-online-itprooffice-exchange-server-mailflow
· 2
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joyceshen-MSFT avatar image joyceshen-MSFT ·

Hi @MikaelBohlin-3682

Is there any update about your issue?

0 Votes 0 ·
joyceshen-MSFT avatar image joyceshen-MSFT ·

Hi @MikaelBohlin-3682

Any progress so far?

0 Votes 0 ·

1 Answer

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered ·

Hi @MikaelBohlin-3682

According to your information above, the user is deleted before you configure Exchange hybrid and sync to cloud. And DBEB not working for this account.

DBEB block all messages sent to email addresses that aren’t present in Azure Active Directory.

Try using the commands below to see any result returned back about the user:

 Get-AzureADUser -ObjectId "testUpn@tenant.com"
 Get-Recipient -Identity <MailUserIdentity> | Format-List

Detailed information Manage mail users in standalone EOP

In addition, have you checked in onprem AD that the deleted user is not able to be found?

Could you please provide the complete NDR you received for that account?

Some further information about DBEB attached here as well: In Deployment: Directory Based Edge Blocking for Exchange Online Protection

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.