That worked, installing the Runtime from the ISO fixed the dll error and copying over the sql.ini file allowed the client app to properly reach the databaes.

@Dashrender said in Office 365 NDR for strange email address.:

@Romo said in Office 365 NDR for strange email address.:

@Obsolesce Found the client side rules that were set to forward to that address, thanks

What client? something on mobile?

Rules were set on OWA, targetting specific keywords on emails that was why not all emails where trying to get forwarded. Account was indeed compromised.

@Obsolesce Found the client side rules that were set to forward to that address, thanks

@Obsolesce said in Office 365 NDR for strange email address.:

Oh just seen they were caused by an auto reply. Just disable auto replies to that domain and g2g.

Not sure what is causing it yet really, I cant seem to find any autoreply or rule enabled.

@Dashrender No, incoming email is regular email no traces of this [email protected] address on incoming mail.

@Dashrender Screenshot in OP is the log from the trace on the user's account trying to send to [email protected], its failing but it is trying to.

here is an example of the header, where you can see its trying to email that address.

Doesn't seem to be any rule on the mailbox but the default ones:

So currently checking a user's account whos been getting Non-Delivery Reports for emails he hasn't been sending himself or replying to himself. This is caused by publicity email coming into his mailbox which appears to trigger some sort of autoreply to this mail address [email protected].

The user's main method of access to his mail is via his Ipad and iPhone. He does have a windows machine which in the first instance I believe was the culprit, but he doesn't have any email clients there. Whenever he needs to use the laptop he logs in via OWA from his browser and he pretty much never really uses the machine.

From within Office 365 admin and exchange consoles, I don't see anything that would be set to forward emails or autoreply to specific ones. We have already reset the account's password and it still keeps happening.

Does anyone have an idea of what other things to check to avoid this happening?

For now, I have set a mail flow route targetted at this recipient so the user doesn't get the NDR emails while we try to dig up was is actually happening.

@scottalanmiller This are different tags

Red Agent tag set via :

.\mc.exe -fullinstall -tag:xlab

Blue Tags are set via the webpage

@Ylian, Quick question what is the agent tag supposed to be used for? I see I can set it via the -tag:xxx after triggering a full install from the cli but since I cant find a way from the GUI to filter for it, I am not sure what it is for.

You can also check http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide-0.2.6.pdf page 30, It explains what is required to use nginx as a reverse proxy.