F5 SMTP Proxy for Office365 Message Header Issue

Vincent Truong
Vincent Truong used Ask the Experts™
on
We are in the process of migration our onprem Exchange 2010/2016 to Office365. F5 is currently the smtp proxy for office365. We are running into an issue where the SMTP header “X-MS-Exchange-Organization-AuthAs” is marked with “anonymous” whereas it needs to show as "Internal" in order for Out of Office messages to be interpreted correctly. Is there way to have the Virtual Server retain the message headers from office365 and not get altered by the F5.
Capture.JPG
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
run the hybrid configuration wizard that should fix this issue.
Vincent TruongSr Server Developer

Author

Commented:
Hi Sunil,

Can you elaborate on what part of the hybrid configuration process will fix this issue?  We have Professional Services assisting with our hybrid build out and this is what we are being told regarding the F5 being used a a 3rd Party SMTP Proxy.  I have also posted the same question on F5's DevCentral and was similarly told it cannot be done.  The Message Header will show as Anonymous and not Internal as pointed in my screenshot.  Thanks.
unless you run the hybrid wizard O365 does not if the email coming from your on-premise is an internal email, once you run the hybrid wizard, it will configure all the required details and internal mail flow so the exchange and 365 consider each other as one organization.
Vincent TruongSr Server Developer

Author

Commented:
Hi Sunil,

Our environment is already setup for hybrid mode.  The issue is that we are using the F5 as our smtp proxy instead of having Office365 communicate directly to our on-prem exchange server.  As per MS link below.  This is an issue and not supported so back to my original question regarding message header manipulation at the F5 level is possible.  I have an open question on F5s forum and was told it's not possible.

Microsoft does not technically support any third-party SMTP gateways between EOP and the on-premises hybrid connectors because of this header manipulation.
“Don't place any servers, services, or devices between your on-premises Exchange servers and Office 365 that process or modify SMTP traffic. Secure mail flow between your on-premises Exchange organization and Office 365 depends on information contained in messages sent between the organization. Firewalls that allow SMTP traffic on TCP port 25 through without modification are supported. If a server, service, or device processes a message sent between your on-premises Exchange organization and Office 365, this information is removed. If this happens, the message will no longer be considered internal to your organization and will be subject to anti-spam filtering, transport and journal rules, and other policies that may not apply to it.”
Reference: https://technet.microsoft.com/en-us/library/jj659055(v=exchg.150).aspx
Sr Server Developer
Commented:
We opt to continue our process and ignore the issue until the migration is completed.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial