Can anybody throw some light onto why I'm seeing thousands of spam emails going to HealthMailbox<GUID>. I guess these are originating from the 'Microsoft Exchange Health Manager' service, but why? Is it normal behaviour and if not what do I need to do to stop it? Diagnostic information for administrators: Generating server: EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx HealthMailboxd32564304edf4f1ca268412e9beca645@local.roycemcintyre.co.uk #550 5.2.1 Content Filter agent quarantined this message ## Original message headers: Received: from EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx (192.168.0.72) by EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx (192.168.0.72) with Microsoft SMTP Server (TLS) id 15.0.516.32; Sat, 10 Nov 2012 00:22:20 +0000 Received: from InboundProxyProbe (::1) by EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx (::1) with Microsoft SMTP Server id 15.0.516.32 via Frontend Transport; Sat, 10 Nov 2012 00:22:20 +0000 Subject: Inbound proxy probe Message-ID: <9438ef9d-1303-450d-87f1-884b9a2041f0@EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx> From: <inboundproxy@inboundproxy.com> To: Undisclosed recipients:; Return-Path: inboundproxy@inboundproxy.com Date: Sat, 10 Nov 2012 00:22:20 +0000 MIME-Version: 1.0 Content-Type: text/plain Received-SPF: Fail (EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx: domain of inboundproxy@inboundproxy.com does not designate ::1 as permitted sender) receiver=EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx; client-ip=::1; helo=InboundProxyProbe; No errors reported in the Event log

On Sat, 17 Nov 2012 09:26:52 +0000, Frogman_x0040_3guysonsharepoint wrote: >Can anybody throw some light onto why I'm seeing thousands of spam emails going to HealthMailbox<GUID>. I guess these are originating from the 'Microsoft Exchange Health Manager' service, but why? Is it normal behaviour and if not what do I need to do to stop it? > >Diagnostic information for administrators: > >Generating server: EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx > >HealthMailboxd32564304edf4f1ca268412e9beca645@local.roycemcintyre.co.uk #550 5.2.1 Content Filter agent quarantined this message ## > >Original message headers: > >Received: from EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx (192.168.0.72) by EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx (192.168.0.72) with Microsoft SMTP Server (TLS) id 15.0.516.32; Sat, 10 Nov 2012 00:22:20 +0000 Received: from InboundProxyProbe (::1) by EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx (::1) with Microsoft SMTP Server id 15.0.516.32 via Frontend Transport; Sat, 10 Nov 2012 00:22:20 +0000 Subject: Inbound proxy probe Message-ID: <9438ef9d-1303-450d-87f1-884b9a2041f0@EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx> From: <inboundproxy@inboundproxy.com> To: Undisclosed recipients:; Return-Path: inboundproxy@inboundproxy.com Date: Sat, 10 Nov 2012 00:22:20 +0000 MIME-Version: 1.0 Content-Type: text/plain Received-SPF: Fail (EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx: domain of inboundproxy@inboundproxy.com does not designate ::1 as permitted sender) receiver=EXCHANGE2.xxxxxx.xxxxxxxxx.xx.xx; client-ip=::1; helo=InboundProxyProbe; No errors reported in the Event log Do you have multiple receive connectors? Multipl Exchange HT server roles? Get-SenderReputationConfig | fl open* If the OpenProxyDetectionEnabled is set to "True" try turning it off and see if that stuff disappears. If it does I'm not sure what the fix is unless you have some odd arrangement of IP addresses and you haven't identified the networks properly in the "Organization Configuration / Hub Transport / Global Settings / Transport Settings / Message Delivery" dialog box. Since it's Exchange 2013 I don't have a definitive answer for you. But the open proxy detection is probably the source of your problem. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Please have an attempt to restart the transport service, or if it is possibletry a reboot. Also, how about setting the SCLQuarantineThreshold to 6 Set-Mailbox -identity user -SCLQuarantineThreshold 6 Not sure it will work or not, just have a try Cheers TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com Zi Feng TechNet Community Support

Thanks Rich, The installation is on a single server and everything is out of the box. I have tried all of your suggestions, without success with the exception of the 'odd arrangement of IP...' There are no odd arrangements. BTW the instructions you gave for identifying the networks no longer apply to 2013 but thank you all the same. Anyone else with any ideas? A further piece of info ... the activity I am seeing has a pattern. It occurs approximately every 7 days!

Hi Any update on this thread? Cheers TechNet Subscriber Support in forum If you have any feedback on our support, please contacttnmff@microsoft.comZi Feng TechNet Community Support