Not receiving emails from O365/Outlook.com companies with Barracuda email security

%3CLINGO-SUB%20id%3D%22lingo-sub-1493525%22%20slang%3D%22en-US%22%3ENot%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1493525%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EHave%20an%20odd%20email%20delivery%20issue%2C%20which%20was%20working%20up%20until%20about%205%2F27.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20no%20longer%20receiving%20emails%20from%20companies%20using%20O365%2FOutlook.com%20and%20Barracuda%20email%20security%20it%20appears%20(based%20on%20past%20working%20headers).%20Our%20internal%20org%20has%20Exchange%202016%20on-prem%20behind%20SonicWall%20firewall%2Fanti-spam.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20working%20headers%20showed%20usually%208-9%20hops%2C%20before%20delivering%20the%20email.%20Now%20we%20are%20only%20seeing%20the%20first%20two%20hops%20from%20the%20senders%20orgs%2C%20typically%20just%20the%20outlook.com%20servers.%20The%20senders%20are%20getting%20NDR's%20with%20this%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERemote%20Server%20returned%20'550%205.4.300%20Message%20expired%20-%26gt%3B%20421%20temporary%20failure%20for%20one%20or%20more%20recipients%20(%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Fbrian.merrifield%40usahockey.org%3A451%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E*****.**********%40*********.org%3A451%3C%2FA%3E%3CSPAN%3E%26nbsp%3BProxy%20timed%20out)'%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERemote%20Server%20returned%20'550%205.4.300%20Message%20expired%20-%26gt%3B%20451%20Proxy%20timed%20out'%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ENot%20sure%20where%20the%20proxy%20in%20question%20resides.%20We%20are%20not%20seeing%20emails%20reaching%20our%20firewall%2C%20or%20Exchange%202016%20SMTP%20receive%20logs.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESeems%20like%20a%20sender%20side%20issue%2C%20but%20they%20are%20reporting%20no%20issues%20from%20O365%2FBarracuda.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20thoughts%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1493525%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1493794%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1493794%22%20slang%3D%22en-US%22%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F711796%22%20target%3D%22_blank%22%3E%40bmerri19%3C%2FA%3E%2C%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20the%20senders%20only%20see%202%20hops%20in%20the%20NDR%20this%20sounds%20like%20it's%20the%20proxy%20configured%20on%20their%20mail%20server%20that's%20timing%20out.%3CBR%20%2F%3ECould%20you%20maybe%20post%20a%20NDR%20so%20we%20can%20have%20a%20look%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1493805%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1493805%22%20slang%3D%22en-US%22%3EBarracuda%20offers%20two%20cloud-based%20services%20that%20protect%20all%20your%20business%20email%20in%20Office%20365%20with%20zero%20impact%20on%20email%20performance.%20Barracuda%20Essentials%20for%20Office%20365%20is%20a%20comprehensive%20email%20security%20suite%20that%20filters%20every%20inbound%20and%20outbound%20email%20to%20stop%20spam%2C%20viruses%2C%20data%20leaks%2C%20and%20malware.%20Barracuda%20Sentinel%20goes%20a%20step%20further%20to%20use%20an%20AI%20engine%20to%20inspect%20all%20the%20emails%20already%20in%20your%20in%20box%20to%20block%20against%20impersonation-based%20fraud%20such%20as%20phishing.%20Together%2C%20they%20provide%20the%20industry%E2%80%99s%20best%20and%20most%20cost-effective%20protection%20for%20Office%20365%20users.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1493907%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1493907%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F399562%22%20target%3D%22_blank%22%3E%40PvB91%3C%2FA%3E%26nbsp%3BHere%20are%20two%20from%20separate%20organizations%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22bmerri19_0-1593273159223.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F201691iF715BBB03524ACC8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22bmerri19_0-1593273159223.png%22%20alt%3D%22bmerri19_0-1593273159223.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22bmerri19_1-1593273176657.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F201692iB6F29A061824A38B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22bmerri19_1-1593273176657.png%22%20alt%3D%22bmerri19_1-1593273176657.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20well%20as%20headers%20from%20when%20it%20was%20working%20in%20April%2FMay%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22bmerri19_4-1593272907892.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F201690i00CACCBBE577F523%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22bmerri19_4-1593272907892.png%22%20alt%3D%22bmerri19_4-1593272907892.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%20now%20no%20longer%20working%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22bmerri19_2-1593272880474.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F201688iFBDBF5FEEB2B72F6%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22bmerri19_2-1593272880474.png%22%20alt%3D%22bmerri19_2-1593272880474.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22bmerri19_3-1593272891867.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F201689i63D2D5F2273616DF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22bmerri19_3-1593272891867.png%22%20alt%3D%22bmerri19_3-1593272891867.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20just%20weird%20that%20is%20a%20handful%20of%20external%20organizations%20with%20O365%2FBarracuda%20all%20of%20the%20sudden%20emails%20don't%20arrive.%20Curious%20if%20something%20changed%20at%20the%20end%20of%20May%20on%20O365%20or%20Barracuda%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-Brian%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1499347%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1499347%22%20slang%3D%22en-US%22%3EHi%20Brian%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAre%20you%20allowing%20both%20SMTP%20and%20ESMTP%20traffic%20from%20the%20outside%3F%20So%20ports%2025%20and%20587%3F%3CBR%20%2F%3EAnd%20do%20you%20have%20a%20SonicWall%20that%20has%20a%20SSL%20certificate%20check%20possibility%3F%3CBR%20%2F%3ETo%20me%20it%20looks%20like%20your%20firewall%20is%20blocking%20SMTP%20traffic%20with%20unsigned%20certificates%20as%20normal%20SMTP%20traffic%20is%20accepted%20but%20ESMTP%20is%20not.%3CBR%20%2F%3EIt%20could%20be%20that%20the%20other%20side%20is%20using%20self%20signed%20certificates%20on%20the%20Barracuda...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503888%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503888%22%20slang%3D%22en-US%22%3E%3CP%3EA%20question%20for%20the%20community%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20OP%20adds%20the%20Barracuda%20cloud%20ranges%20to%20his%20Connection%20filter%20Allowed%20list%2C%20does%20that%20just%20turn%20off%20filtering%20based%20on%20the%20source%20IP%20or%20does%20it%20also%20deactivate%20any%20other%20EOP%20defences%20for%20mail%20from%20those%20ranges%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcampus.barracuda.com%2Fproduct%2Fessentials%2Fdoc%2F78809995%2Fadd-the-barracuda-email-security-service-ip-ranges-to-your-office-365-account%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcampus.barracuda.com%2Fproduct%2Fessentials%2Fdoc%2F78809995%2Fadd-the-barracuda-email-security-service-ip-ranges-to-your-office-365-account%2F%3C%2FA%3E%26nbsp%3B-%20page%20links%20on%20to%20the%20current%20Barracuda%20ranges.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20other%20concern%20with%20this%20tactic%20is%20whether%20the%20Barracuda%20cloud%20customer%20corpus%20as%20a%20whole%20would%20be%20meritorious%20of%20such%20a%20listing.%20It%20only%20takes%20a%20few%20bad%20apples%2C%20though%20I%20do%20not%20have%20an%20abuse%20folder%20on%20them.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1510276%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1510276%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Brian%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20having%20the%20same%20exact%20issue%20to%20the%20%22T%22.%26nbsp%3B%20We%20have%20been%20working%20this%20one%20for%20the%20past%20three%20weeks%20with%20Microsoft%2C%20SonicWall%20and%20Barracuda.%26nbsp%3B%20We%20have%20pretty%20much%20gone%20through%20the%20same%20steps%20as%20you%20have%20to%20troubleshoot%20with%20no%20success.%26nbsp%3B%20Have%20you%20found%20a%20resolution.%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAverell%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1510808%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1510808%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20just%20re-read%20OP%3B%20had%20previously%20missed%20the%20fact%20that%20the%20Sonicwall%20was%20more%20than%20just%20a%20simple%20FW.%20Is%20it%20one%20of%20the%20ones%20with%20a%20tarpitting%20function%20(in%20amongst%20the%20Directory%20Harvest%20settings%2C%20on%20one%20set%20of%20documentation%20I%20found)%20and%20if%20so%20then%20is%20this%20feature%20turned%20on%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EObserving%20the%20recent%20post%2C%20a%20clear%20distinction%20needs%20to%20be%20noted%20between%20senders%20using%20Barracuda%20cloud%20and%20Barracuda%20on-premises%20appliances.%20The%20latter%20do%20have%20a%20certain%20notoriety%20for%20both%20sending%20and%20receiving%20issues%20if%20not%20properly%20maintained.%26nbsp%3BThe%20former%20send%20from%20a%20large%20pool%20of%20IP%20addresses%20so%20an%20unrelated%20Barracuda%20customer%20may%20sully%20a%20particular%20IP%20for%20an%20unfortunate%20sender.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1882500%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1882500%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F711796%22%20target%3D%22_blank%22%3E%40bmerri19%3C%2FA%3E%26nbsp%3B%20Did%20you%20find%20a%20fix%20for%20this%20%3F%20Any%20pointers%20will%20be%20helpful.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1882717%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20receiving%20emails%20from%20O365%2FOutlook.com%20companies%20with%20Barracuda%20email%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1882717%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20did%20get%20a%20solution.%26nbsp%3B%20Our%20situation%20involved%20incoming%20mail%20from%20several%20O365%20clients%20hosted%20on%20barracuda%20network%20servers%2C%20coming%20to%20our%20Exchange%20server%20that%20is%20behind%20our%20SonicWall%20Firewall%20and%20using%20the%20SonicWall%20anti-spam%20filter%20CASS%202.0%20version.%26nbsp%3B%20In%20our%20case%20if%20we%20turned%20the%20spam%20filter%20off%20the%20mail%20would%20come%20in.%26nbsp%3B%20What%20we%20ended%20up%20doing%20was%20whitelisting%20in%20a%20sense.%26nbsp%3B%20Simple%20whitelisting%20of%20the%20domains%20in%20the%20anti-spam%20did%20not%20work.%26nbsp%3B%20In%20the%20SonicWall%20firewall%20we%20did%20the%20following.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EWe%20identified%20the%20IP%20addresses%20of%20the%20barracuda%20servers%20hosting%20the%20O365%20clients.%3C%2FLI%3E%3CLI%3EIn%20the%20SonicWall%20under%20the%20Network%20option%20we%20added%20the%20IP%20address%20entries%20as%20address%20objects%3C%2FLI%3E%3CLI%3EWe%20added%20barracudanetworks.com%20resolving%20to%20*.barracudanetworks.com%20to%20cover%20the%20whole%20domain%20in%20case%20the%20IP%20address%20entry%20changed.%3C%2FLI%3E%3CLI%3EWe%20also%20added%20the%20domains%20of%20the%20O365%20clients%20to%20the%20address%20objects.%3C%2FLI%3E%3CLI%3EGoing%20to%20the%20Anti-Spam%20selection%20we%20went%20to%20Settings%20and%20then%20User%20defined%20Access%20List%20and%20added%20the%20entries%20from%20the%20address%20objects%20to%20the%20Allow%20Client%20List.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20solution%20has%20worked%20for%20us%20allowing%20the%20O365%20mail%20to%20come%20in.%26nbsp%3B%20I%20don%E2%80%99t%20know%20if%20your%20situation%20matches%20mine%20with%20the%20SonicWall%20involved%20but%20hopefully%20this%20may%20help.%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAverell%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,

Have an odd email delivery issue, which was working up until about 5/27.

 

We are no longer receiving emails from companies using O365/Outlook.com and Barracuda email security it appears (based on past working headers). Our internal org has Exchange 2016 on-prem behind SonicWall firewall/anti-spam.

 

The working headers showed usually 8-9 hops, before delivering the email. Now we are only seeing the first two hops from the senders orgs, typically just the outlook.com servers. The senders are getting NDR's with this error:

 

Remote Server returned '550 5.4.300 Message expired -> 421 temporary failure for one or more recipients (*****.**********@*********.org:451  Proxy timed out)'

 

Remote Server returned '550 5.4.300 Message expired -> 451 Proxy timed out'

 

Not sure where the proxy in question resides. We are not seeing emails reaching our firewall, or Exchange 2016 SMTP receive logs.

We've tested both orgs inbound/outbound SMTP for O365 and Exchange, via Microsoft Remote Connectivity Analyzer.

 

Seems like a sender side issue, but they are reporting no issues from O365/Barracuda.

Any thoughts?

Thanks.

 

9 Replies
Hello @bmerri19,

If the senders only see 2 hops in the NDR this sounds like it's the proxy configured on their mail server that's timing out.
Could you maybe post a NDR so we can have a look?
Barracuda offers two cloud-based services that protect all your business email in Office 365 with zero impact on email performance. Barracuda Essentials for Office 365 is a comprehensive email security suite that filters every inbound and outbound email to stop spam, viruses, data leaks, and malware. Barracuda Sentinel goes a step further to use an AI engine to inspect all the emails already in your in box to block against impersonation-based fraud such as phishing. Together, they provide the industry’s best and most cost-effective protection for Office 365 users.

@BemmelenPatrick Here are two from separate organizations:

 

bmerri19_0-1593273159223.png

 

bmerri19_1-1593273176657.png

 

 

 

As well as headers from when it was working in April/May,

 

bmerri19_4-1593272907892.png

 

and now no longer working:

 

bmerri19_2-1593272880474.png

 

bmerri19_3-1593272891867.png

 

It's just weird that is a handful of external organizations with O365/Barracuda all of the sudden emails don't arrive. Curious if something changed at the end of May on O365 or Barracuda?

 

-Brian

 

 

 

 

 

Hi Brian,

Are you allowing both SMTP and ESMTP traffic from the outside? So ports 25 and 587?
And do you have a SonicWall that has a SSL certificate check possibility?
To me it looks like your firewall is blocking SMTP traffic with unsigned certificates as normal SMTP traffic is accepted but ESMTP is not.
It could be that the other side is using self signed certificates on the Barracuda...

A question for the community:

 

If the OP adds the Barracuda cloud ranges to his Connection filter Allowed list, does that just turn off filtering based on the source IP or does it also deactivate any other EOP defences for mail from those ranges?

 

https://campus.barracuda.com/product/essentials/doc/78809995/add-the-barracuda-email-security-servic... - page links on to the current Barracuda ranges.

 

The other concern with this tactic is whether the Barracuda cloud customer corpus as a whole would be meritorious of such a listing. It only takes a few bad apples, though I do not have an abuse folder on them.

Hello Brian, 

 

We are having the same exact issue to the "T".  We have been working this one for the past three weeks with Microsoft, SonicWall and Barracuda.  We have pretty much gone through the same steps as you have to troubleshoot with no success.  Have you found a resolution.

Thanks.

 

Averell

 

Have just re-read OP; had previously missed the fact that the Sonicwall was more than just a simple FW. Is it one of the ones with a tarpitting function (in amongst the Directory Harvest settings, on one set of documentation I found) and if so then is this feature turned on?

 

Observing the recent post, a clear distinction needs to be noted between senders using Barracuda cloud and Barracuda on-premises appliances. The latter do have a certain notoriety for both sending and receiving issues if not properly maintained. The former send from a large pool of IP addresses so an unrelated Barracuda customer may sully a particular IP for an unfortunate sender.

@bmerri19  Did you find a fix for this ? Any pointers will be helpful. 

Hello,

 

We did get a solution.  Our situation involved incoming mail from several O365 clients hosted on barracuda network servers, coming to our Exchange server that is behind our SonicWall Firewall and using the SonicWall anti-spam filter CASS 2.0 version.  In our case if we turned the spam filter off the mail would come in.  What we ended up doing was whitelisting in a sense.  Simple whitelisting of the domains in the anti-spam did not work.  In the SonicWall firewall we did the following.

 

  1. We identified the IP addresses of the barracuda servers hosting the O365 clients.
  2. In the SonicWall under the Network option we added the IP address entries as address objects
  3. We added barracudanetworks.com resolving to *.barracudanetworks.com to cover the whole domain in case the IP address entry changed.
  4. We also added the domains of the O365 clients to the address objects.
  5. Going to the Anti-Spam selection we went to Settings and then User defined Access List and added the entries from the address objects to the Allow Client List.

 

This solution has worked for us allowing the O365 mail to come in.  I don’t know if your situation matches mine with the SonicWall involved but hopefully this may help.

Thanks.

 

Averell