cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
211
Views
0
Helpful
1
Replies

Can't validate office365 outbound connector because of IP reputation

DanielG_2020
Level 1
Level 1

I'm setting up a new ESA on a new Office365 tenant, and I'm not able to validate the outbound mail connector.

After enabling delayed HAT reject and looking at the incoming senders, I've figured out that the ESA is blocking the Office365 servers due to having a poor reputation.

I have the tenant.mail.protection.outlook.com domain already added to the RELAY sendergroup in the HAT, but it seems like the ESA is rejecting them before it even gets to validate that, especially as they're all showing up with various random-string-of-character domain names rather than the mail.protection one.

Any suggestions on how to work around this?

1 Reply 1

DanielG_2020
Level 1
Level 1

I just edited the relay policy to allow SBRS from -10.0 to +10.0 including NONE and the connector was finally able to verify and send messages. However, I am uncomfortable having to do that - I've run a similar setup on another ESA system before without ever needing to do that.

Does manually specifying the SBRS score range that way open me up to allowing unauthorized people to relay through me, or will the sender group provide that level of control?