On 29.03.2023 at 11:46 Graeme Fowler via mailop wrote: > On 28 March 2023 16:32:42 Tobias Fiebig via mailop <mailto:mailop@mailop.org> > wrote: >> https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
> This only affects Exchange Online customers with a hybrid setup, i.e. one > where they have an on-premises Exchange server tied into their EOL > environment. > > At $dayjob, that's our current setup. Exim talks to and from the outside > world, delivers to local Exchange, delivers to EOL (and the same IV reverse). > We are however in the process currently of removing the local Exchange > servers from the path. Ultimately the Exim end will disappear too... which > means I'll be doing something new! > > MS know what version and update level the local servers have because they're > in an Exchange Organisation with EOL so share data each way. > > So there's nothing nefarious here, just MS enforcing zero trust and best > practice on their customers. I'm not sure what is meant by EOL but Exchange 2007 delivering emails via an inbound connector seems just to be the first step. The article specifically mentions: "The enforcement system will eventually apply to *all* versions of Exchange Server and *all* email coming into Exchange Online, but we are starting with a very small subset of outdated servers: Exchange 2007 servers that connect to Exchange Online over an inbound connector type of OnPremises." So in the end it doesn't seem to matter whether the email is delivered via a hybrid connection, over an anonymous SMTP channel, fetched from an external mailbox, etc: If an email contains a Received header with an outdated Exchange version it will be throttled and then blocked. This is also the reason why Microsoft is limiting this to Exchange servers: Other MTAs usually do not print their build number into every outgoing email. -- BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
