I have a postfix server getting emails from multiple office 365 tenants using Outbound connectors.
A small percentage of the emails arriving to my server start with some strange data which isn't valid for headers. Only afterwards the expected Received header appears as well as the rest of the email. It looks like meta data added by Office 365, it includes things like the Outbound Connector name and recipient name.
Anyone knows what adds this and why? parsing such email is problematic. (i redacted the identifying data WITH "XXX", FIRST_NAME LAST_NAME, CONNECTOR_NAME)
<Microsoft.Exchange.Transport.MailRecipient.OrganizationScopeÀ÷ôª-¢X∂ å˜AttributionExoResourceForestnamprdXX.prod.outlook.com?Microsoft.Exchange.Transport.DirectoryData.MailDeliveryPriorityNormalIc
(|0eÿa7 [email protected]) CIAudited9XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:StampCompAuthResultstrueAgentForkDepth!Microsoft.Exchange.JournalRuleIds $XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
SendingOrgXXX.onmicrosoft.comb
J.)dHubAMicrosoft.Exchange.Transport.DeliveryQueueMailboxSubComponentList HMicrosoft.Exchange.Transport.DeliveryQueueMailboxSubComponentLatencyList
7Microsoft.Exchange.Transport.LatencyTracker.LatencyInfo$SRV=XXX.namprdXX.prod.outlook.com:TOTAL-HUB=1.309|SMRE=0.161(RENV=0.070|REOH=0.034|CMSGC=0.052|R-CMSG=0.059(R-HS=0.034(R-HSXD=0.034 )|R-CMSGC=0.024(R-HSRR=0.024)|XR-DR=0.034))|CAT=1.017(CATOS=0.150(CATSM=0.150(CATSM-DC Pre Content Filter Agent=0.146 ))|CATRESL=0.080(CATRESLLR=0.078)|CATORES=0.662(CATRS=0.662(CATRS-Transport Rule Agent=0.066 (X-ETREX=0.065)|CATRS-DC Content Filter Agent=0.133|CATRS-Spam Filter Agent=0.379 |CATRS-Tenant Outbound Connector Agent=0.052))|CATORT=0.120(CATRT=0.120(CATRT-Journal Agent=0.117 )))|D-PEN=0.125ú,–˘•?FâÂ*µ
5Microsoft.Exchange.Transport.DirectoryData.IsResourcej DMicrosoft.Exchange.Transport.DirectoryData.ExternalDirectoryObjectIdXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX1
` CFGÄ/o=ExchangeLabs/ou=Exchange Administrative Group (XXX)/cn=Recipients/cn=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-FIRST_NAME LAST_NAME
*D
∏ªƒMœXòÍ`Êˇ0ƒnamprdXX.prod.outlook.comΩ6XÅl'X婆√¨◊aœ
bl0pr02mb3795<6Microsoft.Exchange.Transport.MailRecipient.DisplayName
FIRST_NAME LAST_NAME
lXëú,–˘•?XâÂ*µ
CN=FIRST_NAME LAST_NAME,OU=XXX.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=XXX,DC=PROD,DC=OUTLOOK,DC=COM0Microsoft.Exchange.Transport.MailRecipient.IsVIP<Microsoft.Exchange.Transport.DirectoryData.UserPrincipalNameXXX@XXX.comResolverVerdictLogString8UserMailbox.Forwardable.Resolver.CreateRecipientItems.40&"1AutoResponseSuppress: 0
TransmitHistory: False
/Microsoft.Exchange.Transport.ExpansionGroupTypeMembersGroupExpansion#SpamEngine.RecipientOptionToEntity4Microsoft.Exchange.Hygiene.TenantOutboundConnectorIdß2÷/
/Eö—û.Ø˚ëCN=CONNECTOR_NAME,CN=Transport Settings,CN=Configuration,CN=XXX.onmicrosoft.com,CN=ConfigurationUnits,DC=XXX,DC=PROD,DC=OUTLOOK,DC=COM<Microsoft.Exchange.Hygiene.TenantOutboundConnectorCustomData®XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXPreserveCrossPremisesHeadersXXX@XXX.comReceived: from XXX.namprdXX.prod.outlook.com (XXX:XXX:404:f5::23)
by XXX.namprdXX.prod.outlook.com (XXX:XXX:X:25d::20) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id XX.XX.XXXX.XX; Wed, 2 Sep
2020 XX:XX:XX +0000
Received: from XXX.eop-NAMXX.prod.protection.outlook.com
Does this issue only occur when mails receive from office 365 tenants?
Has it happened before? Have you changed anything on your server?
Are there any mail flow rules in office 365 which maybe cause this issue? For more details: Mail flow rule actions in Exchange Online