Forum Discussion
Exchange Online now blocking whitelisted domain
From what you've written I think you are in the wrong place. If you look at my post, while I'm talking about the anti-spam policy page, I was not talking about editing the Anti-spam inbound policy" !
Here again with additional clarification where that is:
Email & collaboration ⇒ Policies & Rules ⇒ Threat policies ⇒ Policies: Anti-spam ⇒ click "Connection filter policy (Default)" ⇒ Add IPs or IP Ranges in CIDR format in "IP Allow list"
In my screenshot there are way more IPs allow-listed than I need but I can't be bothered to clean up the list until things work again. Since my change was done no additional mails were rejected but I can't be sure since my change was done roughly at the end of the business day and mail volume in the evening is lower than during the day.
According to https://sender.office.com/ the IP is not currently blocked.
According to https://sendersupport.olc.protection.outlook.com/ all is fine with the IP.
According to MXToolbox blacklist check the IP reputation is mostly fine, just some generic blocks just because it's hosted with DigitalOcean (result has been this way for years). Not listed on any of the "real" blocklists.
The weird thing is: Why did it start on June 14th after working for many many years. And why are mails getting rejected RANDOMLY. Most still go through.
When researching the problem I found a single thing I had not configured correctly, on security.microsoft.com in ⇒ Policies & Rules ⇒ Threat policies ⇒ Anti-spam policies ⇒ Edit connection filter policy you can set a "connection filter policy" where IPs can be whitelisted. On this configuration I did not have the relevant IP entered. Which probably wasn't correct but it had been fine for years. I've now done this but am unsure if this will solve the delivery issue.
The error message:
550 5.7.1 Unfortunately, messages from [IP] weren't sent. For more information, please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(900)
unfortunately isn't really helpful, since the linked page refers to the blocked senders list which the IP is not on.
UPDATED: Thanks for the additional info. Please post if your updates to the Microsoft Defender policies fix the problem. According to my notes, I've been to the MS security page in the past (security.microsoft.com in ⇒ Policies & Rules ⇒ Threat policies ⇒ Anti-spam policies), and set the "Anti-spam inbound policy (Default)” to allow blocked senders and domains”. However, when I now click on the Security option from the Exchange 365 admin menu, the page that opens doesn't seem to have a "Policies & Rules" option. Am I missing something obvious?
Also, over the last day ALL messages from our Linux server are now being blocked. I hope Microsoft eventually sheds some light on what's going on...
- Ok, I found the "Policies & Rules" under the "Email & collaboration" menu. The bad news is that my "Anti-spam inbound policy (default)" rule was modified years ago with the correct domain name and has been working for years.
From what you've written I think you are in the wrong place. If you look at my post, while I'm talking about the anti-spam policy page, I was not talking about editing the Anti-spam inbound policy" !
Here again with additional clarification where that is:
Email & collaboration ⇒ Policies & Rules ⇒ Threat policies ⇒ Policies: Anti-spam ⇒ click "Connection filter policy (Default)" ⇒ Add IPs or IP Ranges in CIDR format in "IP Allow list"
In my screenshot there are way more IPs allow-listed than I need but I can't be bothered to clean up the list until things work again. Since my change was done no additional mails were rejected but I can't be sure since my change was done roughly at the end of the business day and mail volume in the evening is lower than during the day.
I just opened a console session on the server and successfully sent an email to the exchange online distribution group that we use to monitor the server. Hopefully, in the morning I'll have the full complement of emails that we are used to getting. Thank you very much for your help, and I hope this resolves the issue!