Not receiving emails from O365/Outlook.com companies with Barracuda email security

Highlighted
New Contributor

Hello,

Have an odd email delivery issue, which was working up until about 5/27.

 

We are no longer receiving emails from companies using O365/Outlook.com and Barracuda email security it appears (based on past working headers). Our internal org has Exchange 2016 on-prem behind SonicWall firewall/anti-spam.

 

The working headers showed usually 8-9 hops, before delivering the email. Now we are only seeing the first two hops from the senders orgs, typically just the outlook.com servers. The senders are getting NDR's with this error:

 

Remote Server returned '550 5.4.300 Message expired -> 421 temporary failure for one or more recipients (*****.**********@*********.org:451  Proxy timed out)'

 

Remote Server returned '550 5.4.300 Message expired -> 451 Proxy timed out'

 

Not sure where the proxy in question resides. We are not seeing emails reaching our firewall, or Exchange 2016 SMTP receive logs.

We've tested both orgs inbound/outbound SMTP for O365 and Exchange, via Microsoft Remote Connectivity Analyzer.

 

Seems like a sender side issue, but they are reporting no issues from O365/Barracuda.

Any thoughts?

Thanks.

 

7 Replies
Highlighted
Hello @bmerri19,

If the senders only see 2 hops in the NDR this sounds like it's the proxy configured on their mail server that's timing out.
Could you maybe post a NDR so we can have a look?
Highlighted
Barracuda offers two cloud-based services that protect all your business email in Office 365 with zero impact on email performance. Barracuda Essentials for Office 365 is a comprehensive email security suite that filters every inbound and outbound email to stop spam, viruses, data leaks, and malware. Barracuda Sentinel goes a step further to use an AI engine to inspect all the emails already in your in box to block against impersonation-based fraud such as phishing. Together, they provide the industry’s best and most cost-effective protection for Office 365 users.

Highlighted

@PvB91 Here are two from separate organizations:

 

bmerri19_0-1593273159223.png

 

bmerri19_1-1593273176657.png

 

 

 

As well as headers from when it was working in April/May,

 

bmerri19_4-1593272907892.png

 

and now no longer working:

 

bmerri19_2-1593272880474.png

 

bmerri19_3-1593272891867.png

 

It's just weird that is a handful of external organizations with O365/Barracuda all of the sudden emails don't arrive. Curious if something changed at the end of May on O365 or Barracuda?

 

-Brian

 

 

 

 

 

Highlighted
Hi Brian,

Are you allowing both SMTP and ESMTP traffic from the outside? So ports 25 and 587?
And do you have a SonicWall that has a SSL certificate check possibility?
To me it looks like your firewall is blocking SMTP traffic with unsigned certificates as normal SMTP traffic is accepted but ESMTP is not.
It could be that the other side is using self signed certificates on the Barracuda...
Highlighted

A question for the community:

 

If the OP adds the Barracuda cloud ranges to his Connection filter Allowed list, does that just turn off filtering based on the source IP or does it also deactivate any other EOP defences for mail from those ranges?

 

https://campus.barracuda.com/product/essentials/doc/78809995/add-the-barracuda-email-security-servic... - page links on to the current Barracuda ranges.

 

The other concern with this tactic is whether the Barracuda cloud customer corpus as a whole would be meritorious of such a listing. It only takes a few bad apples, though I do not have an abuse folder on them.

Highlighted

Hello Brian, 

 

We are having the same exact issue to the "T".  We have been working this one for the past three weeks with Microsoft, SonicWall and Barracuda.  We have pretty much gone through the same steps as you have to troubleshoot with no success.  Have you found a resolution.

Thanks.

 

Averell

 

Highlighted

Have just re-read OP; had previously missed the fact that the Sonicwall was more than just a simple FW. Is it one of the ones with a tarpitting function (in amongst the Directory Harvest settings, on one set of documentation I found) and if so then is this feature turned on?

 

Observing the recent post, a clear distinction needs to be noted between senders using Barracuda cloud and Barracuda on-premises appliances. The latter do have a certain notoriety for both sending and receiving issues if not properly maintained. The former send from a large pool of IP addresses so an unrelated Barracuda customer may sully a particular IP for an unfortunate sender.