[AusNOG] Office365 Exchange Security contact
brad at bradleyamm.com
Wed May 22 13:48:36 EST 2019
Might be quicker to change the IP address of the server if you don't get any luck
Get Outlook for Android<https://aka.ms/ghei36>
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Martin - StudioCoast <martin.sinclair at studiocoast.com.au>
Sent: Wednesday, May 22, 2019 10:36:41 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Office365 Exchange Security contact
In this case, the email messages are delivered correctly into the Office365 network for domains hosted by Office365.
(Our logs show the outlook.com MX records accepting delivery)
The problem is happening internal to their network, where a rogue mail flow rule for one customer is rerouting all emails from one of our servers.
It appears Office365 customers are allowed to add IP address based rules (in particular "mail flow connectors") without authentication which could be used by a malicious office365
user to effectively divert all mail from a source IP regardless of recipient into their account.
I am still in the process of trying to escalate within the Office365 support channels, but not having much luck so far...
On 22/05/2019 11:54 am, Paul Wilkins wrote:
Just so we're all on the same page, email routing is never directly related to IP allocations, it's MX bound if properly standards compliant. And if the canonical MX record is directing to the alternate customer, the problem lies with DNS not email.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG