[AusNOG] Office365 Exchange Security contact

Martin - StudioCoast martin.sinclair at studiocoast.com.au
Wed May 22 12:36:41 EST 2019


In this case, the email messages are delivered correctly into the 
Office365 network for domains hosted by Office365.
(Our logs show the outlook.com MX records accepting delivery)
The problem is happening internal to their network, where a rogue mail 
flow rule for one customer is rerouting all emails from one of our servers.

It appears Office365 customers are allowed to add IP address based rules 
(in particular "mail flow connectors") without authentication which 
could be used by a malicious office365
user to effectively divert all mail from a source IP regardless of 
recipient into their account.

I am still in the process of trying to escalate within the Office365 
support channels, but not having much luck so far...


On 22/05/2019 11:54 am, Paul Wilkins wrote:
> Martin,
>
> Just so we're all on the same page, email routing is never directly 
> related to IP allocations, it's MX bound if properly standards 
> compliant. And if the canonical MX record is directing to the 
> alternate customer, the problem lies with DNS not email.
>
> Kind regards
>
> Paul Wilkins
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190522/a784a0d9/attachment.html>


More information about the AusNOG mailing list