[Solved] Your message wasn’t delivered because the recipient’s mailbox is quarantined
Few days back at one of my client, Exchange server has started to show anonymous behavior and Database got dismounted. We had a hard time to restore that database and make it keep running. Everything was okay, but very next day my client made me a call and told me, he does have some emails as a NDR saying ‘Your message wasn’t delivered because the recipient’s mailbox is quarantined’. So, I asked for the reference email and this here is the detail.
Issue:
Email send to the several users inside the organization are getting NDR with ‘Your message wasn’t delivered because the recipient’s mailbox is quarantined’. Also the users are not able to get access to their email too.
Cause:
This is called Poison Mailbox issue, any mailbox identified as potential threat to the mailbox database will be quarantined by Exchange server.The mailbox is a potential threat to the health of the Information store and has been quarantined. In case of Exchange we can do few manual processes to restore the mailbox, but in case of O365 we cannot because of its Multi-tenant environment. Although the quarantine will get restore after 24 hrs.
Resolution:
To identify the issue, first make sure you had the proper mailbox, you can check it with the below cmdlet.
For the single user
[PS] C:\Windows\system32>Get-MailboxStatistics username |fl *quarantine*
To check in whole database, how many users are quarantined..
[PS] C:\Windows\system32>Get-MailboxStatistics -Database EXMDB01 |Select DisplayName, IsQuarantined
Basically, after 24 hours your email will be restored, but if you want to restore manually you can use below cmdlet. For O365, it will not work.
[PS] C:\Windows\system32>Disable-MailboxQuarantine test01
When you check again for that mailbox, you will find it is restored….
Reference on mailbox poisoning and store: https://technet.microsoft.com/library/bb331958.aspx
Related Posts
Creating Azure Active Directory Service
[How to]Configure Azure RMS for Exchange Online /O365
Windows 7 UAC Vulnerability…FIXED
About Author
pdhewjau
Prashant is a Principal Cybersecurity Specialist at Thakral One Nepal. His prior position as a Modern Work Security Specialist at Microsoft saw him providing invaluable guidance to major clients in Bangladesh, Brunei, Cambodia, and Myanmar, assisting them with their foundational security needs. Awarded the esteemed Microsoft Most Valuable Professional (MVP) accolade in 2017, Prashant is recognized globally among Microsoft peers. Since 2010, he has imparted his expertise as a Microsoft Certified Trainer (MCT), conducting specialized training across Nepal.
Add a Comment
Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
What was the reason for quarantine for internal mailboxes in org.
Hi Raj,
This could be various reason, you can find detail on this link https://technet.microsoft.com/library/bb331958.aspx .
Although in some cases it might be continues failure of mailbox database of threat generated by that mailbox to the mailbox database.
This helped me out so much! My drive that contained all my databases filled up and went into a protect mode for all of my users that were expanded beyond the default mailbox size. After expanding the drive and rebooting, all of those mailboxes were quarantined. Used the above scripts and life was good! Thank you!
You are welcome Jay… 🙂
How do you fix this problem on a Mac that is using Outlook?
Hi LG,
This is the server issue. not of the mac.
The error message indicates that your mail server is allowing HubSpot to submit the email, and prepare to send it – but then, the mail server fails the email due to “550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP.”
Pdhewjau, thanks for the clarification. How do you suggest I get those commands issued if my email is being hosted by 3rd party like Godaddy?