Exchange Online now blocking whitelisted domain
We have an external linux server that has been been able to email logs and script output files to admin email addresses on Exchange 365 without problems for many years. Note: The domain name for the server has been whitelisted in Exchange Admin Center > Mail Flow > Rules.
Unfortunately, over the last few days we are now receiving NDRs for some of the emails originating from the server. For example:
This is the mail system at host ip-x.x.x.x.us-east-2.compute.internal.
I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<email address removed for privacy reasons>: host
companyname-com.mail.protection.outlook.com[z.z.z.z] said: 550
5.7.1 Unfortunately, messages from [n.n.n.n] weren’t sent. For more
information, please go to http://go.microsoft.com/fwlink/?LinkID=526655
AS(900) [DM6PR18MB3555.namprd18.prod.outlook.com 2024-06-17T23:44:01.329Z
08DC8F1D3280898A] [PH8PR15CA0013.namprd15.prod.outlook.com
2024-06-17T23:44:01.398Z 08DC8E6A7387EBAE]
[CY4PEPF0000E9D6.namprd05.prod.outlook.com 2024-06-17T23:44:01.398Z
08DC8E2D0D0B4FEE] (in reply to end of DATA command)
The article suggested by the NDR report (http://go.microsoft.com/fwlink/?LinkID=526655) recommends using the Microsoft delist portal to fix the problem. However, when I use the portal to attempt to delist the server’s IP address, I don’t get any confirmation email. Also, the NDR email doesn’t exactly match the conditions noted in the video found in the article – there isn’t any message in the NDR stating “Access denied – banned sending IP.”
Has anything changed in the Exchange Online environment recently that could cause this problem?
Thanks,
Don
PS Here is the log entry from the mail log on the linux server:
Jun 16 04:05:02 ip-172-31-1-188 postfix/smtp[417020]: 2F1A7103ECA3: to=<email address removed for privacy reasons>, orig_to=<root>, relay=companyname-com.mail.protection.outlook.com[z.z.z.z]:25, delay=2.1, delays=0.01/0/0.32/1.8, dsn=5.7.1, status=bounced (host companyname-com.mail.protection.outlook.com[z.z.z.z] said: 550 5.7.1 Unfortunately, messages from [n.n.n.n] weren’t sent. For more information, please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(900) [CO1PR18MB4810.namprd18.prod.outlook.com 2024-06-16T08:05:02.211Z 08DC8D95079D7987] [CH0PR03CA0236.namprd03.prod.outlook.com 2024-06-16T08:05:02.272Z 08DC8C31791B17CC] [DS3PEPF0000C37B.namprd04.prod.outlook.com 2024-06-16T08:05:02.264Z 08DC881BD5FEF961] (in reply to end of DATA command))
We have an external linux server that has been been able to email logs and script output files to admin email addresses on Exchange 365 without problems for many years. Note: The domain name for the server has been whitelisted in Exchange Admin Center > Mail Flow > Rules. Unfortunately, over the last few days we are now receiving NDRs for some of the emails originating from the server. For example: This is the mail system at host ip-x.x.x.x.us-east-2.compute.internal.
I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<email address removed for privacy reasons>: host
companyname-com.mail.protection.outlook.com[z.z.z.z] said: 550
5.7.1 Unfortunately, messages from [n.n.n.n] weren’t sent. For more
information, please go to http://go.microsoft.com/fwlink/?LinkID=526655
AS(900) [DM6PR18MB3555.namprd18.prod.outlook.com 2024-06-17T23:44:01.329Z
08DC8F1D3280898A] [PH8PR15CA0013.namprd15.prod.outlook.com
2024-06-17T23:44:01.398Z 08DC8E6A7387EBAE]
[CY4PEPF0000E9D6.namprd05.prod.outlook.com 2024-06-17T23:44:01.398Z
08DC8E2D0D0B4FEE] (in reply to end of DATA command) The article suggested by the NDR report (http://go.microsoft.com/fwlink/?LinkID=526655) recommends using the Microsoft delist portal to fix the problem. However, when I use the portal to attempt to delist the server’s IP address, I don’t get any confirmation email. Also, the NDR email doesn’t exactly match the conditions noted in the video found in the article – there isn’t any message in the NDR stating “Access denied – banned sending IP.” Has anything changed in the Exchange Online environment recently that could cause this problem? Thanks,Don PS Here is the log entry from the mail log on the linux server: Jun 16 04:05:02 ip-172-31-1-188 postfix/smtp[417020]: 2F1A7103ECA3: to=<email address removed for privacy reasons>, orig_to=<root>, relay=companyname-com.mail.protection.outlook.com[z.z.z.z]:25, delay=2.1, delays=0.01/0/0.32/1.8, dsn=5.7.1, status=bounced (host companyname-com.mail.protection.outlook.com[z.z.z.z] said: 550 5.7.1 Unfortunately, messages from [n.n.n.n] weren’t sent. For more information, please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(900) [CO1PR18MB4810.namprd18.prod.outlook.com 2024-06-16T08:05:02.211Z 08DC8D95079D7987] [CH0PR03CA0236.namprd03.prod.outlook.com 2024-06-16T08:05:02.272Z 08DC8C31791B17CC] [DS3PEPF0000C37B.namprd04.prod.outlook.com 2024-06-16T08:05:02.264Z 08DC881BD5FEF961] (in reply to end of DATA command)) Read More
