We've recently run into the same thing, except we use IronPort. I think I can tell you w/o violating our NDA that Microsoft's response to us was this was "by design." The smart-host you are looking for isn't there in your tenant...it's native to the O365 architecture.
- WJR On Thu, Apr 21, 2016 at 3:48 PM, Miller Bonnie L. < [email protected]> wrote: > Setup is Exchange 2013 CU11 DAG, two servers, barracuda LBs in front in > Hybrid with O365, and a barracuda 400 anti-spam in front doing Spam > filtering. > > > > We recently had to re-run our hybrid configuration wizard, like anyone > else in this setup, due to changes by Microsoft ( > https://community.office365.com/en-us/b/office_365_buzz/archive/2016/02/19/important-notice-about-certificate-expiration-for-exchange-2013-hybrid-customers > ). > > > > During this setup several weeks ago, it appears we could no longer route > mail inbound through our on-prem smarthost (barracuda 400 antispam), as > there doesn’t seem to be any connector option for it now. So, previously > all mail from O365 inbound would come in through the barracuda 400 to get > filtered, then went over to Exchange. Outbound went straight out from the > backend servers. > > > > Because there appears to be no connector option, we finally opened up the > backend servers directly to the O365 mail IPs, which is what a Microsoft > PFE had told us should be the configuration in the first place sometime > last year, but our network admin (and myself if I had another option) > didn’t want to do if we didn’t have to. > > > > Ever since opening this up several weeks ago, we are now getting a ton of > spam and junk messages, and when I check the delivery info, I can see they > are coming straight in from O365 IPs, which now bypass our barracuda 400 > filtering. > > > > So, does anyone know what our options really are? Is there a smarthost > connector and I’m just not seeing it, or it has to be set up via powershell > somehow? If there is no connector, what are the filtering options in this > scenario? I don’t mind installing or enabling something on the backend > servers if we need to, but it’s going to be confusing to our end users to > have to deal with two different filtering mechanisms, as we don’t use the > “Junk” folder now, but have the barracuda plugin. > > > > E-mailing every domain that the messages come from is not an option, which > is what MS says to do when you get spam from their outbound IPs (e-mail the > domain owner). We’ve had our Barracuda in place and working for so long > now, this is all new territory for me. > > > > Thanks for ideas and pointers, > > > > Bonnie >
