Re: [AusNOG] Office365 Exchange Security contact
They should all be including a record you control rather than listing the IP directly. The point of the include directive is to prevent situations like this. > On 22 May 2019, at 3:22 pm, Martin - StudioCoast > wrote: > > We tried that initially, however it is a shared hosting server and a lot of > sites on it have SPF records listing the IP which we don't have access to, so > we're a bit stuck at the moment > short of contacting all the customers to manually change their SPF! > > On 22/05/2019 1:48 pm, Bradley Amm wrote: >> Might be quicker to change the IP address of the server if you don't get any >> luck >> > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Office365 Exchange Security contact
We tried that initially, however it is a shared hosting server and a lot of sites on it have SPF records listing the IP which we don't have access to, so we're a bit stuck at the moment short of contacting all the customers to manually change their SPF! On 22/05/2019 1:48 pm, Bradley Amm wrote: Might be quicker to change the IP address of the server if you don't get any luck ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Office365 Exchange Security contact
Might be quicker to change the IP address of the server if you don't get any luck Get Outlook for Android<https://aka.ms/ghei36> From: AusNOG on behalf of Martin - StudioCoast Sent: Wednesday, May 22, 2019 10:36:41 AM To: ausnog@lists.ausnog.net Subject: Re: [AusNOG] Office365 Exchange Security contact In this case, the email messages are delivered correctly into the Office365 network for domains hosted by Office365. (Our logs show the outlook.com MX records accepting delivery) The problem is happening internal to their network, where a rogue mail flow rule for one customer is rerouting all emails from one of our servers. It appears Office365 customers are allowed to add IP address based rules (in particular "mail flow connectors") without authentication which could be used by a malicious office365 user to effectively divert all mail from a source IP regardless of recipient into their account. I am still in the process of trying to escalate within the Office365 support channels, but not having much luck so far... On 22/05/2019 11:54 am, Paul Wilkins wrote: Martin, Just so we're all on the same page, email routing is never directly related to IP allocations, it's MX bound if properly standards compliant. And if the canonical MX record is directing to the alternate customer, the problem lies with DNS not email. Kind regards Paul Wilkins ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Office365 Exchange Security contact
In this case, the email messages are delivered correctly into the Office365 network for domains hosted by Office365. (Our logs show the outlook.com MX records accepting delivery) The problem is happening internal to their network, where a rogue mail flow rule for one customer is rerouting all emails from one of our servers. It appears Office365 customers are allowed to add IP address based rules (in particular "mail flow connectors") without authentication which could be used by a malicious office365 user to effectively divert all mail from a source IP regardless of recipient into their account. I am still in the process of trying to escalate within the Office365 support channels, but not having much luck so far... On 22/05/2019 11:54 am, Paul Wilkins wrote: Martin, Just so we're all on the same page, email routing is never directly related to IP allocations, it's MX bound if properly standards compliant. And if the canonical MX record is directing to the alternate customer, the problem lies with DNS not email. Kind regards Paul Wilkins ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Office365 Exchange Security contact
Martin, Just so we're all on the same page, email routing is never directly related to IP allocations, it's MX bound if properly standards compliant. And if the canonical MX record is directing to the alternate customer, the problem lies with DNS not email. Kind regards Paul Wilkins On Tue, 21 May 2019 at 10:14, Martin - StudioCoast < martin.sincl...@studiocoast.com.au> wrote: > Been there, done that. The support responses I have received show a lack > of understanding of the issue unfortunately... > > On 21/05/2019 8:16 am, Greg Lipschitz wrote: > > Hi Martin > > > The best way to get Office 365 support is log in to the portal as the > tenancy administrator and open a support request. > > > They are extremely good at finding these sorts of issues and have a range > of PowerShell scripts they can run against your tenancy to find the issue. > > > Cheers > > Greg > > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Office365 Exchange Security contact
Been there, done that. The support responses I have received show a lack of understanding of the issue unfortunately... On 21/05/2019 8:16 am, Greg Lipschitz wrote: Hi Martin The best way to get Office 365 support is log in to the portal as the tenancy administrator and open a support request. They are extremely good at finding these sorts of issues and have a range of PowerShell scripts they can run against your tenancy to find the issue. Cheers Greg ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
