This page contains a collection of possible issues and their solutions.

Sections on this page:

• Computer has User home directory on a fileshare (execution policy error)
• Special Case : Connectors with "/" or "\" in the name
• Special Cases - Still mail-loops after re-setup with Version 1.3.0+
• Well-Known Error: New-SC365Rules asks for rule names
• Testing ARC-Sealing (fail with reason 47)
  • Where to check with a test mail that everything went fine
  • ARC-Sealing and SPF-Record: hard fail
• Loading the ExchangeOnlineManagement Module with reduced memory

 

Computer has User home directory on a fileshare (execution policy error)

If your computer has the users directory on a fileshare, Powershell still installs the Module in the $currentuser scope in your homedirectory. This sill raise issues with execution policy settings. To avoid this you can.

1. Start PowerShell with no execution policy, by opening a terminal (cmd.exe) and run pwsh -executionpolicy unrestricted.
2. Install the module to a local drive by:
   Save-module seppmail365cloud -Path c:\temp
    
   import-module c:\temp\seppmail365cloud

Special Case : Connectors with "/" or "\" in the name

We had a version of the SEPPmail.cloud connectors in place which used slashes in the name. Microsoft somehow stopped to accept this. If you find such a connector, do this:

1. Rename connectors in the admin.microsoft.com portal
2. Delete them after renaming in the admin portal.

Special Cases - Still mail-loops after re-setup with version 1.3.0+

If you set up everything according to the description above, and still have mail-loops, check if the recipient is also in the SEPPmail.cloud, the recipient tenant MUST also use the newest connectors (CBC). Reach out to he recipients admin and force them to update their setup.

Well-Known Error: New-SC365Rules asks for rule names

We saw this on several windows machines, but could not trace it down so far. If you get this error send us an e-Mail to support.

Testing ARC-Sealing (fail with reason 47)

In a parallel setup, a working ARC-Sealing mechanism is imperative for a working mailflow. Use the below steps and guidance to check if your ARC-Sealing works.

Powershell command to check that we are added to the trusted domains:

Get-ArcConfig

Where to check with a test mail that everything went fine

Make sure to find a header with ARC-Message-Signature which starts with i=X, *.seppmail.cloud; spf=... This headers tells if SPF and DKIM were good when the mail arrived to us. To make sure Microsoft interpreted it correctly, with the first Authentication-Results from the top of the headers. Here, a failed spf or dkim is no problem as long as it ends up with either compauth=pass reason=100 (SPF and DKIM good, regardless of ARC) or compauth=pass reason=130 (SPF and/or DKIM failed, but a trusted ARC tells us everything is fine).

More information can be found in the Microsoft documentation on ARC Sealing.

To understand the compauth reason numbers, see Microsoft documentation on authentication result header fields.

ARC-Sealing and SPF-Record: hard fail

Please heed the Note regarding SPF-Record: hard fail in the SEPPmail Secure E-Mail Gateway manual.

Loading the ExchangeOnlineManagement Module with reduced memory

Microsoft posted an article on how to load the ExchangeOnlineManagement module with a minimum footprint on memory. If you have a machine with high memory consumption follow this article from the Exchange Team blog.