Forum Discussion

JNLVK's avatar
JNLVK
Copper Contributor
Jan 05, 2025

OOF to personal emails dropped at EOP relay

Issue: When an OutOfOffice recipient is gmail.com, outlook.com, msn.com ,etc, relay is dropped by EOP. Oof is delivered when recipient is an M365 tenant. Any other mail flows no issues to gmail and other personal addresses as well. It's only OOF to personal addresses.

Env: Exch 2016 with EOP send/receive (hybrid manually, not hcw)

We found 2 blog posts might be relevant, but these instructions did not resolve:
https://techcommunity.microsoft.com/blog/Exchange/updated-requirements-for-smtp-relay-through-exchange-online/3851357
https://techcommunity.microsoft.com/blog/exchange/enhanced-filtering-for-connectors---improving-deliverability-and-minimizing-fals/4160483

This is what we see on the smtp protocol log: 

>,MAIL FROM:<> SIZE=7072,
>,RCPT TO:<****@gmail.com> NOTIFY=NEVER,
<,250 2.1.0 Sender OK,
<,550 5.7.64 TenantAttribution; Relay Access Denied [*****.eurprd03.prod.outlook.com 2025-01-04T14:03:21.934Z *****],
>,QUIT,

###

We also looked into dkim, but finally found this line:

By design, Exchange Online Protection uses the high risk delivery pool (HRDP) to send OOF replies, because OOF replies are lower-priority messages.
https://learn.microsoft.com/en-us/exchange/troubleshoot/email-delivery/understand-troubleshoot-oof-replies#what-are-out-of-office-replies

We feel this is not likely a connector or ceritifcate or onprem issue, rather something with HRDP and OOF in EOP. 

Could you confirm we are on the right track now? If not the Exchange Team can help please let me know who. Thanks

 

  • JNLVK's avatar
    JNLVK
    Copper Contributor

    My best bet still it is a decision under the hood of HRDP, we do not have control of. If I'm right, this would be a wider case for others as well with Exch onprem hybrid EOP setups. Would be great if someone could check on that. This is our last onprem hybrid exchange left, no other tenant that I could check.

  • Andres-Bohren's avatar
    Andres-Bohren
    Steel Contributor

    Hi JNLVK 

    Check your RemoteDomains ad see if AllowedOOFType is set to "none" somewhere

    Get-RemoteDomain | ft DomainName, AllowedOOFType

    Kind Regards
    Andres

    • JNLVK's avatar
      JNLVK
      Copper Contributor

      Thanks Andres, only the Default * any domain exists (both exo and onprem.) 
      Name        DomainName           AllowedOOFType
      ----            ----------                   --------------
      Default      *                                External

  • JNLVK's avatar
    JNLVK
    Copper Contributor

    Hello Exchange Team. It seems to me nobody cares for problems when personal emails involved. The world isnt just B2B, there are plenty of B2C communication where the client is an individual having free personal gmail, outlook, yahoo etc addresses. Just think of a law office specialized in personal matters. All their clients have gmail, hotmail, etc... Killing OOF replies just by recipient isn't quite smart. Please reconsider this behaviour. 
    And if I made the wrong assumption please help us come over this and provide a resolution. Thanks  

    • Dan_Snape's avatar
      Dan_Snape
      Steel Contributor

      If no-one has the answer here in the community forum, you'd be best served logging a ticket directly with Microsoft for support

      • JNLVK's avatar
        JNLVK
        Copper Contributor

        Thanks Dan. I have 2 tickets 2 agents working on this for over a month now with zero progress. I was hoping to reach out to the team directly here.

Resources