[AusNOG] Office365 Exchange Security contact

Bradley Amm brad at bradleyamm.com
Wed May 22 13:48:36 EST 2019

Might be quicker to change the IP address of the server if you don't get any luck

Get Outlook for Android<https://aka.ms/ghei36>

From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Martin - StudioCoast <martin.sinclair at studiocoast.com.au>
Sent: Wednesday, May 22, 2019 10:36:41 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Office365 Exchange Security contact

In this case, the email messages are delivered correctly into the Office365 network for domains hosted by Office365.
(Our logs show the outlook.com MX records accepting delivery)
The problem is happening internal to their network, where a rogue mail flow rule for one customer is rerouting all emails from one of our servers.

It appears Office365 customers are allowed to add IP address based rules (in particular "mail flow connectors") without authentication which could be used by a malicious office365
user to effectively divert all mail from a source IP regardless of recipient into their account.

I am still in the process of trying to escalate within the Office365 support channels, but not having much luck so far...

On 22/05/2019 11:54 am, Paul Wilkins wrote:

Just so we're all on the same page, email routing is never directly related to IP allocations, it's MX bound if properly standards compliant. And if the canonical MX record is directing to the alternate customer, the problem lies with DNS not email.

Kind regards

Paul Wilkins

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190522/ac3ce392/attachment.html>

More information about the AusNOG mailing list