How To Troubleshoot Transport Rules Affecting Mail Flow In Exchange Online

In this post we are going to determine whether a transport rule or conditional routing rule is affecting mail flow in our Exchange Online environment. This post is part of troubleshooting mail flow issue in my MS-220 exam study guide

For this guide we are going to be using PowerShell. If you have not already installed the required modules for Exchange Online PowerShell or are not familiar with how to connect via PowerShell, first check out my guide: How to connect to Exchange Online with PowerShell.

Identity the message we want to interrogate via PowerShell

To start we are going to use the get-messagetrace cmdlet in PowerShell to identify the message we want to interrogate further. In this instance, we know both the recipient address and the time in which the email was received.

Get-MessageTrace -recipientaddress [email protected] -StartDate "07/10/2022 05:00 AM" -EndDate "07/10/2022 05:30 AM"

Output:

Identify transports rules or conditional routing rules affecting mail flow

Get-MessageTrace

Now we have identified the message, we are going to gather the message trace ID. We can do this by adding | select messagetraceid to the end of the previous command.

Get-MessageTrace -recipientaddress [email protected] -StartDate "07/10/2022 05:00 AM" -EndDate "07/10/2022 05:30 AM" | select messagetraceID

Output:

MessageTraceId
————–
3ae1b031-22af-4ea3-7772-08da6234164e

Get-MessageTraceDetail

Next we can use the Get-MessageTraceDetail cmdlet to view message trace event details for the specific message.

Get-MessageTraceDetail -MessageTraceId 3ae1b031-22af-4ea3-7772-08da6234164e -recipientaddress [email protected]

Output:

Date Event Detail
—- —– ——
10/07/2022 05:21:48 Receive Message received by: SA1P222MB0325.NAMP222.PROD.OUTLOOK.COM using TLS1.2 with AES256
10/07/2022 05:21:50 Spam No detail information available.
10/07/2022 05:21:50 Transport rule Transport rule: ‘Set SCL to high’, ID: (‘95091B95-3664-41E2-88EB-B6F39704DEDF’), DLP policy: ”, ID: (00000000-0000-0000-0000-000000000000).
10/07/2022 05:21:51 Deliver The message was delivered to the Junk Email folder.

In the above instance, we can see that the transport rule ‘Set SCL to high’ is affecting this email.

Lets take a look and what we would see if we had a rule applied that was routing our email away from our Exchange Online environment. 

In this case I have created a send connector in Office 365 which pushes my email to a non-existent mail server. The results of this test would also be true to FAIL if that mail server was down for any reason.

As you can see from the above, multiple mail flow rules are affecting this new email. The first rule is named ‘Sent to connect 1’. As we mentioned, connector 1 is a non-existent mail server (The server could also be unavailable for any reason). The final event in the list shows FAIL as the DNS name mail.ourcloudnetwork.com does not exist.

Get-TransportRule

We can look a little further at this rule to identify the condition of which mail is being pushed to our non-existent connector. We will use the following command to view the description of the transport rule affecting our mail

get-transportrule "Sent to connector 1" | select description | FL

Output:

Description : If the message:
Is received from ‘[email protected]
Take the following actions:
Route the message using the connector named ‘My mail server’.
and Set audit severity level to ‘High’

Get-MailDetailTransportRuleReport

The last command we are going to look at is the Get-MailDetailTransportRuleReport cmdlet. This will produce a report on all the rules which have had activity on them and where auditing is enabled in the rule.

Get-MailDetailTransportRuleReport -recipientaddress [email protected] | FL

Output:

Date : 10/07/2022 05:21:47
Message ID : <DB8PR09MB2810FBF2F7EA42920108708FBC849@DB8PR09MB2810.eurprd09.prod.outlook.com>
Message Trace ID : 3ae1b031-22af-4ea3-7772-08da6234164e
Domain : yqs06.onmicrosoft.com
Subject : Welcome
Message Size : 25496
Direction : Inbound
Sender Address : [email protected]
Recipient Address : [email protected]
Event Type : TransportRuleActionHits
Action : SetSpamConfidenceLevel
Transport Rule : Set SCL to high

Summary

Thank you for reading my post on how to troubleshoot transport rules affecting mail flow in Exchange Online. This how-to guide creates part of my MS-220 exam study guide for troubleshooting Exchange Online. Check out the full guide here: https://ourcloudnetwork.com/ms-220-study-guide-troubleshooting-microsoft-exchange-online/

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

Leave a Reply