Messages with attachments are not delivered when ATP Dynamic Delivery and Exclaimer are used
Original KB number: 4014438
Symptoms
Consider the following scenario:
- A Microsoft 365 tenant is set up to route messages to Exclaimer for signature or disclaimer services.
- The Advanced Threat Protection (ATP) Safe Attachment feature is enabled.
- Under the Safe attachments unknown malware response option, the Dynamic Delivery feature is selected.
In this scenario, messages may be delayed by several hours or may never be displayed in the recipient's mailbox.
Cause
Exclaimer installs a transport rule that routes mail originating inside the organization to the Exclaimer cloud through an outbound connector. As soon as the signature is applied, the message is routed back into Microsoft 365 for delivery. Because attachment scanning begins before the message leaves Microsoft 365, the attachment cannot be added back to the message correctly when the message returns.
Resolution
To resolve this issue, edit the Exclaimer rule to bypass attachment scanning until Exclaimer has processed the message. To do this, follow these steps:
Sign in to Exchange Admin Center.
Locate mail flow, select rules, and then open the Exclaimer rule.
Under the Do the following field, select modify the message properties, and then set a message header as follows:
Header: X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
Value: 1Save the transport rule.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for