Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 6342 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 365 Integration

RamonLopez

I have been working with an exchange professional over the course of the last couple weeks to migrate our exchange server to 365 we have configured our existing server to run in a hybrid configuration and have completed the setup as well as a test user migration. The issue now is when sending mail from a migrated 365 account to our internal server we are now receiving a certificate error message. We are at a loss as to what it could be. Below i have included as much information as i could at the moment please any insight would be great. 

Thank You

As you can see the MX is point to mail.w***.com (firewall), if we send any email to pcmtest@wbcci.com (office 365 mailbox) no matter whether it is from om-premise or from externally (Gmail/Hotmail/yahoo) it goes to firewall and it is rejecting that email, it even not getting delivered to Exchange.

 

In Exchange SMTPsend logs we are unbale to found any entry for office 365 as it is being blocked or rejected by Firewall.

Here is the message trace from my office 365 tenant to your office 365 tenant. Here you can see mail has been delivered to Firewall but it not yet defer to exchange.

 



This thread was automatically locked due to age.
  • 0

    Hi Ramon - your first post - welcome to the UM Community!

    Please show the lines in the SMTP log related to this email.

    Cheers - Bob
    PS Moving this thread to the Mail Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    This is the log tracking that mailbox
     
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-10:07:35 mail exim-in[7005]: 2017-12-19 10:07:35 [216.32.180.181] F=<pcmtest@wbcci.com> R=<rlopez@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-10:07:36 mail exim-in[7005]: 2017-12-19 10:07:36 1eRJUW-0001oz-0A <= pcmtest@wbcci.com H=mail-bn3nam01lp0181.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com) [216.32.180.181]:21536 P=esmtps X=TLSv1.2:AES256-SHA256:256 S=17579 id=BY2PR20MB045347F00B61F4BCBC18EEB2A10F0@BY2PR20MB0453.namprd20.prod.outlook.com
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-10:07:38 mail smtpd[6227]: SCANNER[6227]: 1eRJUY-0001cR-Nr <= pcmtest@wbcci.com R=1eRJUW-0001oz-0A P=INPUT S=13301
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-10:07:38 mail smtpd[6227]: SCANNER[6227]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="216.32.180.181" from="pcmtest@wbcci.com" to="rlopez@wbcci.com" subject="Test Email from office 365" queueid="1eRJUY-0001cR-Nr" size="13301"
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-10:07:39 mail exim-out[7013]: 2017-12-19 10:07:39 1eRJUY-0001cR-Nr => rlopez@wbcci.com P=<pcmtest@wbcci.com> R=static_route_hostlist T=static_smtp H=192.168.1.14 [192.168.1.14]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <BY2PR20MB045347F00B61F4BCBC18EEB2A10F0@BY2PR20MB0453.namprd20.prod.outlook.com> [Internal"
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:34:09 mail exim-in[21927]: 2017-12-19 11:34:09 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:34:30 mail exim-in[21978]: 2017-12-19 11:34:30 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:34:35 mail exim-in[21989]: 2017-12-19 11:34:35 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:36:04 mail exim-in[22227]: 2017-12-19 11:36:04 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:36:09 mail exim-in[22245]: 2017-12-19 11:36:09 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:36:19 mail exim-in[22262]: 2017-12-19 11:36:19 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-11:47:26 mail exim-in[24187]: 2017-12-19 11:47:26 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-15:28:02 mail exim-in[29233]: 2017-12-19 15:28:02 [216.68.85.112] F=<test@checktls.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-16:22:04 mail exim-in[6505]: 2017-12-19 16:22:04 [209.85.220.175] F=<ar.lovely20@gmail.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-16:22:09 mail smtpd[6571]: SCANNER[6571]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="209.85.220.175" from="ar.lovely20@gmail.com" to="pcmtest@wbcci.com" subject="Test" queueid="1eRPKz-0001hz-OM" size="206"
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-16:22:10 mail exim-out[6614]: 2017-12-19 16:22:10 1eRPKz-0001hz-OM => pcmtest@wbcci.com P=<ar.lovely20@gmail.com> R=static_route_hostlist T=static_smtp H=192.168.1.14 [192.168.1.14]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <CAEZob1rSDGLZzAFTcVoxvKJnF9Bujg+oEE7wL57jUXQQ+QhG0g@mail.gmail.com> [InternalId=77627] Qu"
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-17:11:14 mail exim-in[14884]: 2017-12-19 17:11:14 [104.47.101.61] F=<lovekesh@technetclub.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-17:11:18 mail smtpd[14621]: SCANNER[14621]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="104.47.101.61" from="lovekesh@technetclub.com" to="pcmtest@wbcci.com" subject="Test from technet" queueid="1eRQ6Y-0003np-F9" size="1575"
    /var/log/smtp/2017/12/smtp-2017-12-19.log.gz:2017:12:19-17:11:18 mail exim-out[15001]: 2017-12-19 17:11:18 1eRQ6Y-0003np-F9 => pcmtest@wbcci.com P=<lovekesh@technetclub.com> R=static_route_hostlist T=static_smtp H=192.168.1.14 [192.168.1.14]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <MA1PR0101MB1208B5FC288AD603ABAE808CCD0F0@MA1PR0101MB1208.INDPRD01.PROD.OUTLOOK.COM> [Inte"
    /var/log/smtp.log:2017:12:20-08:46:42 mail exim-in[24197]: 2017-12-20 08:46:42 [209.85.214.42] F=<lopezr2307@gmail.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp.log:2017:12:20-08:46:44 mail smtpd[23900]: SCANNER[23900]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="209.85.214.42" from="lopezr2307@gmail.com" to="pcmtest@wbcci.com" subject="google test" queueid="1eReho-0006DU-T8" size="213"
    /var/log/smtp.log:2017:12:20-08:46:45 mail exim-out[24266]: 2017-12-20 08:46:45 1eReho-0006DU-T8 => pcmtest@wbcci.com P=<lopezr2307@gmail.com> R=static_route_hostlist T=static_smtp H=192.168.1.14 [192.168.1.14]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <CAPJs1xkvXyE3w8Xe44ahXuSqtbxZGb5AenFWygxPfsGSgCO1yQ@mail.gmail.com> [InternalId=78791] Qu"
    /var/log/smtp.log:2017:12:20-11:09:35 mail exim-in[16373]: 2017-12-20 11:09:35 [192.168.1.14] F=<user@writebrothersconst.onmicrosoft.com> R=<pcmtest@wbcci.com> Accepted: from relay
    /var/log/smtp.log:2017:12:20-11:10:14 mail smtpd[15584]: SCANNER[15584]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.1.14" from="user@writebrothersconst.onmicrosoft.com" to="pcmtest@wbcci.com" subject="test email" queueid="1eRgwg-00043M-PY" size="0"
    /var/log/smtp.log:2017:12:20-11:10:15 mail exim-out[16829]: 2017-12-20 11:10:15 1eRgwg-00043M-PY => pcmtest@wbcci.com P=<user@writebrothersconst.onmicrosoft.com> R=static_route_hostlist T=static_smtp H=192.168.1.14 [192.168.1.14]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <cc90c4b0-4c2e-4098-8097-d9753c5cdf12@WBEXCH1.wbc.local> [InternalId=79547] Queued mail fo"
    /var/log/smtp.log:2017:12:20-11:48:31 mail exim-in[22766]: 2017-12-20 11:48:31 [209.85.216.178] F=<ar.lovely20@gmail.com> R=<pcmtest@wbcci.com> Verifying recipient address in Active Directory
    /var/log/smtp.log:2017:12:20-11:48:33 mail smtpd[22633]: SCANNER[22633]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="209.85.216.178" from="ar.lovely20@gmail.com" to="pcmtest@wbcci.com" subject="Test new" queueid="1eRhXl-0005t3-PD" size="206"
    /var/log/smtp.log:2017:12:20-11:48:34 mail exim-out[22824]: 2017-12-20 11:48:34 1eRhXl-0005t3-PD => pcmtest@wbcci.com P=<ar.lovely20@gmail.com> R=static_route_hostlist T=static_smtp H=192.168.1.14 [192.168.1.14]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <CAEZob1r7ORh4QBckKvY-Mou4F+yK20Y63FvkvQrKp2GvEKJ_Hg@mail.gmail.com> [InternalId=79715] Qu"
  • 0 in reply to RamonLopez

    I can see that you grepped on something, but I don't see any lines related to the email sent at 10:12. We really need to look at all of the lines for one email beginning with the "SMTP connection from" line.  If there are other lines mixed in and unrelated, just leave them in.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML