Why are some incoming Office 365 TLS 1.2 SMTP connections dropped and others go through successfully?
Greetings,
I have a law firm client that is running on an On Premise Exchange 2013 system, The host that the Exchange 2013 server is running on is a Windows 2012 R2 Standard system. The Exchange setup is a single-server system, where the CAS and Mailbox servers are installed and operating on the same physical host. The Exchange version is Version 15.0 (Build 1156.6).
The issue we're actually having is on the front-end SMTP anti-spam server, which is a product called Interchange, made by LAN-ACES. Incoming SMTP connections come into the Interchange server, and received emails are then relayed into the Exchange server and delivered to recipient mailboxes. On the outbound side, mail from the Exchange server is relayed out through the Interchange server. About 3 or 4 days ago, my client said that some contacts that were formerly regularly sending him emails without issue were now unable to send to him. The contacts having issues are all Office 365 users. When I reviewed the activity logs that detail the dialog between the Office 365 sending servers and the Interchange server, I saw the following:
Incoming connections from Office 365 servers that were within the 104.47.0.0 ip addressing subnet failed with the following conversation:
Connection from 104.47.56.59 port 25
SMTP -> 220 mail.mycompany.com ESMTP ready
SMTP <- EHLO NAM04-BN3-obe.outbound.pro
SMTP->250-OK, hello NAM04-BN3-obe.outbound.pro
SMTP <- 250-8BITMIME
SMTP-> 250-STARTTLS
SMTP-> 250-PIPELINING
SMTP-> 250 SIZE 41943040
SMTP <- STARTTLS
SMTP -> 220 Ready to start TLS
Cipher is XXXXX-XXX-XXXXX-XXXXX (256 bits) (TLSv1.2)
SMTP <- QUIT
SMTP -> 221 Goodbye
And the incoming connection is just dropped.
However, when the incoming connection was from a server within the 40.107.0.0 ip addressing subnet, the servers connected successfully and the email went through:
Connection from 40.107.73.108 port 25
SMTP -> 220 mail.mycompany.com ESMTP ready
SMTP <- EHLO NAM05-DM3-obe.outbound.pro
SMTP->250-OK, hello NAM05-DM3-obe.outbound.pro
SMTP <- 250-8BITMIME
SMTP-> 250-STARTTLS
SMTP-> 250-PIPELINING
SMTP-> 250 SIZE 41943040
SMTP <- STARTTLS
SMTP -> 220 Ready to start TLS
Cipher is XXXXX-XXX-XXXXX-XXXXX (256 bits) (TLSv1.2)
SMTP <- EHLO NAM05-DM3-obe.outbound.pro
SMTP->250-OK, hello NAM05-DM3-obe.outbound.pro
SMTP <- 250-8BITMIME
SMTP-> 250-STARTTLS
SMTP-> 250-PIPELINING
SMTP-> 250 SIZE 41943040
SMTP <- MAIL FROM:<user@myvendor.com> SIZE=35573
SMTP -> 250 OK user@myvendor.com
SMTP <- RCPT TO:<jsmith@mycompany.com>
and the email is received successfully.
I've attached a PDF with pertinent sections of the activity log.
This is causing serious problems for my client, who needs to get up-to-the-minute court reports on all active cases. A growing number of court report sources are now using Office 365. I've called into Office 365 support but they can not offer a clue on this. Can anyone offer suggestions as to why incoming connections from certain MS Office 365 servers would be dropped, and others would go through successfully, and more significantly, how to address and resolve this?
Am appreciating any thoughts or suggestions towards resolving this in advance.
Thanks.
jkirman
finalized_TLS_connection_issues_from.pdf
I have a law firm client that is running on an On Premise Exchange 2013 system, The host that the Exchange 2013 server is running on is a Windows 2012 R2 Standard system. The Exchange setup is a single-server system, where the CAS and Mailbox servers are installed and operating on the same physical host. The Exchange version is Version 15.0 (Build 1156.6).
The issue we're actually having is on the front-end SMTP anti-spam server, which is a product called Interchange, made by LAN-ACES. Incoming SMTP connections come into the Interchange server, and received emails are then relayed into the Exchange server and delivered to recipient mailboxes. On the outbound side, mail from the Exchange server is relayed out through the Interchange server. About 3 or 4 days ago, my client said that some contacts that were formerly regularly sending him emails without issue were now unable to send to him. The contacts having issues are all Office 365 users. When I reviewed the activity logs that detail the dialog between the Office 365 sending servers and the Interchange server, I saw the following:
Incoming connections from Office 365 servers that were within the 104.47.0.0 ip addressing subnet failed with the following conversation:
Connection from 104.47.56.59 port 25
SMTP -> 220 mail.mycompany.com ESMTP ready
SMTP <- EHLO NAM04-BN3-obe.outbound.pro
SMTP->250-OK, hello NAM04-BN3-obe.outbound.pro
SMTP <- 250-8BITMIME
SMTP-> 250-STARTTLS
SMTP-> 250-PIPELINING
SMTP-> 250 SIZE 41943040
SMTP <- STARTTLS
SMTP -> 220 Ready to start TLS
Cipher is XXXXX-XXX-XXXXX-XXXXX (256 bits) (TLSv1.2)
SMTP <- QUIT
SMTP -> 221 Goodbye
And the incoming connection is just dropped.
However, when the incoming connection was from a server within the 40.107.0.0 ip addressing subnet, the servers connected successfully and the email went through:
Connection from 40.107.73.108 port 25
SMTP -> 220 mail.mycompany.com ESMTP ready
SMTP <- EHLO NAM05-DM3-obe.outbound.pro
SMTP->250-OK, hello NAM05-DM3-obe.outbound.pro
SMTP <- 250-8BITMIME
SMTP-> 250-STARTTLS
SMTP-> 250-PIPELINING
SMTP-> 250 SIZE 41943040
SMTP <- STARTTLS
SMTP -> 220 Ready to start TLS
Cipher is XXXXX-XXX-XXXXX-XXXXX (256 bits) (TLSv1.2)
SMTP <- EHLO NAM05-DM3-obe.outbound.pro
SMTP->250-OK, hello NAM05-DM3-obe.outbound.pro
SMTP <- 250-8BITMIME
SMTP-> 250-STARTTLS
SMTP-> 250-PIPELINING
SMTP-> 250 SIZE 41943040
SMTP <- MAIL FROM:<user@myvendor.com> SIZE=35573
SMTP -> 250 OK user@myvendor.com
SMTP <- RCPT TO:<jsmith@mycompany.com>
and the email is received successfully.
I've attached a PDF with pertinent sections of the activity log.
This is causing serious problems for my client, who needs to get up-to-the-minute court reports on all active cases. A growing number of court report sources are now using Office 365. I've called into Office 365 support but they can not offer a clue on this. Can anyone offer suggestions as to why incoming connections from certain MS Office 365 servers would be dropped, and others would go through successfully, and more significantly, how to address and resolve this?
Am appreciating any thoughts or suggestions towards resolving this in advance.
Thanks.
jkirman
finalized_TLS_connection_issues_from.pdf
if certain IPs are dropping while others are not then you will need to check the firewall or IDS to make sure that if you are filtering IPs then you need to allow all MS exchange online addresses through your firewall or IDS. see the below so that you will know the exchange online and Eop IP addresses to allow.
oops I forgot to add the link.
https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges
https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges
How exactly is Interchange configured? Does geolocation come into play? Blocks of IP addresses?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.