Forum Discussion

PeterL295's avatar
PeterL295
Copper Contributor
Oct 20, 2024

Email not being delivered to M365 and being forwarded back on-prem

Hi All Hopefully I can explain the issue given it is a bit puzzling and a complex setup. We have 2 environments/tenants. contosedev.com for dev work and contoso.com for production. We have an on-pr...
email
exchange
Microsoft 365
Kidd_Ip's avatar
Kidd_Ip
MVP
Oct 20, 2024

PeterL295 

 

Connection configuration, transport rules even MX records may occur, can you first check on message trace for hints?

PeterL295's avatar
PeterL295
Copper Contributor
Oct 20, 2024

Kidd_Ip 

Yes the summary trace shows the email being forwarded rather than being delivered to the mailbox even though there are no forward or inbox rules. I'm starting to look at security now as I can see incoming email with @contoso.com is being tagged as spoofed. It's possible the records setup for our dev environment are different to prod in relation to SPF and DMARC. This is controlled by a 3rd party and maybe they've changed something we aren't aware of. I'm not sure how M365 works with spoofed emails. Would that be something preventing delivery and sending back to on-prem given we are using a CMT for all our email flow?

Subject: test

Sender: mailto:email address removed for privacy reasons

Recipient: mailto:email address removed for privacy reasons

 

Received -> Processed -> Delivered

 

Status: The message was forwarded to the Inbox folder of the following address:<br/><br/><b>Redirected to:</b> ‎email address removed for privacy reasons

 

More information: <div>If the sender didn't expect the mail to be forwarded, ask them to follow these steps to stop forwarding messages to another email address:<ol><li>In Outlook on the web, on the <a href='https://outlook.office365.com/owa/#path=/options/mail' target='_blank'>Options</a> page, go to <b>Mail</b> > <b>Accounts</b> > <b>Forwarding</b>. (See Note.)</li><li>Choose <b>Stop forwarding</b>.</li><li>Choose <b>Save</b>.</li></ol>Note: If you don't see <b>Forwarding</b> under Accounts, then your mail is probably being forwarded due to an Inbox rule. For more information on changing Inbox rules, see <a href='http://go.microsoft.com/fwlink/p/?LinkId=708514'>Organize mail using Inbox rules in Outlook on the web</a>.</div>

 

Date (UTC+10:00) | Event | Detail |

------------------------------------

10/17/2024, 3:17 PM | Receive | Message received by: SY0P300MB0069.AUSP300.PROD.OUTLOOK.COM using TLS1.2 with AES256

10/17/2024, 3:17 PM | Resolve | The message was resolved to mailto:email address removed for privacy reasons.

10/17/2024, 3:17 PM | Send external | Message sent to autodiscover.contoso.com at 1.2.3.4 using TLS1.2 with AES256

  • PeterL295's avatar
    PeterL295
    Copper Contributor
    Oct 20, 2024
    OK. Still have no clue what was screwed up. I re-ran the Hybrid config wizard, which thankfully now has the option to just redo certain bits. It doesn’t really cater for our CMT scenario with edge boxes between on-prem and M365, so fixed up the on-prem send connector, fixed the inbound and outbound connectors and hey presto all works. Go figure.
    I'll have to spend a bit of time and try and find out what specific thing has changed with one of those connectors, Ugh.