Jun 26 2020 08:53 PM - edited Jun 26 2020 08:57 PM
Hello,
Have an odd email delivery issue, which was working up until about 5/27.
We are no longer receiving emails from companies using O365/Outlook.com and Barracuda email security it appears (based on past working headers). Our internal org has Exchange 2016 on-prem behind SonicWall firewall/anti-spam.
The working headers showed usually 8-9 hops, before delivering the email. Now we are only seeing the first two hops from the senders orgs, typically just the outlook.com servers. The senders are getting NDR's with this error:
Remote Server returned '550 5.4.300 Message expired -> 421 temporary failure for one or more recipients (*****.**********@*********.org:451 Proxy timed out)'
Remote Server returned '550 5.4.300 Message expired -> 451 Proxy timed out'
Not sure where the proxy in question resides. We are not seeing emails reaching our firewall, or Exchange 2016 SMTP receive logs.
We've tested both orgs inbound/outbound SMTP for O365 and Exchange, via Microsoft Remote Connectivity Analyzer.
Seems like a sender side issue, but they are reporting no issues from O365/Barracuda.
Any thoughts?
Thanks.
Jun 27 2020 06:18 AM
Jun 27 2020 06:26 AM
Jun 27 2020 08:50 AM - edited Jun 27 2020 08:53 AM
@BemmelenPatrick Here are two from separate organizations:
As well as headers from when it was working in April/May,
and now no longer working:
It's just weird that is a handful of external organizations with O365/Barracuda all of the sudden emails don't arrive. Curious if something changed at the end of May on O365 or Barracuda?
-Brian
Jun 30 2020 10:14 AM
Jul 03 2020 04:37 AM
A question for the community:
If the OP adds the Barracuda cloud ranges to his Connection filter Allowed list, does that just turn off filtering based on the source IP or does it also deactivate any other EOP defences for mail from those ranges?
https://campus.barracuda.com/product/essentials/doc/78809995/add-the-barracuda-email-security-servic... - page links on to the current Barracuda ranges.
The other concern with this tactic is whether the Barracuda cloud customer corpus as a whole would be meritorious of such a listing. It only takes a few bad apples, though I do not have an abuse folder on them.
Jul 08 2020 03:22 PM
Hello Brian,
We are having the same exact issue to the "T". We have been working this one for the past three weeks with Microsoft, SonicWall and Barracuda. We have pretty much gone through the same steps as you have to troubleshoot with no success. Have you found a resolution.
Thanks.
Averell
Jul 08 2020 11:28 PM
Have just re-read OP; had previously missed the fact that the Sonicwall was more than just a simple FW. Is it one of the ones with a tarpitting function (in amongst the Directory Harvest settings, on one set of documentation I found) and if so then is this feature turned on?
Observing the recent post, a clear distinction needs to be noted between senders using Barracuda cloud and Barracuda on-premises appliances. The latter do have a certain notoriety for both sending and receiving issues if not properly maintained. The former send from a large pool of IP addresses so an unrelated Barracuda customer may sully a particular IP for an unfortunate sender.
Nov 12 2020 12:25 PM
@bmerri19 Did you find a fix for this ? Any pointers will be helpful.
Nov 12 2020 01:54 PM
Hello,
We did get a solution. Our situation involved incoming mail from several O365 clients hosted on barracuda network servers, coming to our Exchange server that is behind our SonicWall Firewall and using the SonicWall anti-spam filter CASS 2.0 version. In our case if we turned the spam filter off the mail would come in. What we ended up doing was whitelisting in a sense. Simple whitelisting of the domains in the anti-spam did not work. In the SonicWall firewall we did the following.
This solution has worked for us allowing the O365 mail to come in. I don’t know if your situation matches mine with the SonicWall involved but hopefully this may help.
Thanks.
Averell