I just run the hybird wizard yesterday and now inbound mail from O365 does not work, fails for TLS auth. How did you change the config to allow mail to your backend Exchange servers.
On Thu, Apr 21, 2016 at 3:48 PM, Miller Bonnie L. < [email protected]> wrote: > Setup is Exchange 2013 CU11 DAG, two servers, barracuda LBs in front in > Hybrid with O365, and a barracuda 400 anti-spam in front doing Spam > filtering. > > > > We recently had to re-run our hybrid configuration wizard, like anyone > else in this setup, due to changes by Microsoft ( > https://community.office365.com/en-us/b/office_365_buzz/archive/2016/02/19/important-notice-about-certificate-expiration-for-exchange-2013-hybrid-customers > ). > > > > During this setup several weeks ago, it appears we could no longer route > mail inbound through our on-prem smarthost (barracuda 400 antispam), as > there doesn’t seem to be any connector option for it now. So, previously > all mail from O365 inbound would come in through the barracuda 400 to get > filtered, then went over to Exchange. Outbound went straight out from the > backend servers. > > > > Because there appears to be no connector option, we finally opened up the > backend servers directly to the O365 mail IPs, which is what a Microsoft > PFE had told us should be the configuration in the first place sometime > last year, but our network admin (and myself if I had another option) > didn’t want to do if we didn’t have to. > > > > Ever since opening this up several weeks ago, we are now getting a ton of > spam and junk messages, and when I check the delivery info, I can see they > are coming straight in from O365 IPs, which now bypass our barracuda 400 > filtering. > > > > So, does anyone know what our options really are? Is there a smarthost > connector and I’m just not seeing it, or it has to be set up via powershell > somehow? If there is no connector, what are the filtering options in this > scenario? I don’t mind installing or enabling something on the backend > servers if we need to, but it’s going to be confusing to our end users to > have to deal with two different filtering mechanisms, as we don’t use the > “Junk” folder now, but have the barracuda plugin. > > > > E-mailing every domain that the messages come from is not an option, which > is what MS says to do when you get spam from their outbound IPs (e-mail the > domain owner). We’ve had our Barracuda in place and working for so long > now, this is all new territory for me. > > > > Thanks for ideas and pointers, > > > > Bonnie > -- T. Todd Lemmiksoo
