This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange Hybrid Connector Stopped Working

Hi All 

I am experiencing an issue with my Exchange Hybrid connector from O365 to my On Premises Exchange 2010 server. mail can flow to O365 from my on premises server but not the other way.

When validating the connector, it gives me an error  "the validation fails with error "LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061" 

The connector is coming in through port 25 and I have Sophos SG135 UTM.

What I have done so far

1.       Allowed all IP address in the local exchange receive connector.

2.       Opened up the firewall to allow direct firewall rule access to the local exchange server on all email services (previously had a DNAT rule which was working fine).

3.       Contacted the ISP to see if they have blocked port 25. This is a business grade internet connection and there is no blocking.

4.       Upgrade Exchange 2010 to the latest Update Rollup 26 for Exchange Server 2010 SP3.

5.       Re run the Exchange Hybrid Setup

 

I have had a look at the firewall logs and IPS logs but cant see anything being blocked on dspt port 25.

I have raised an issue with Microsoft but I want to confirm if there is not any issue with my Sophos. 

Can I somehow see all traffic coming in through port 25 to my public IP?

 

Thanks

 

Linesh



This thread was automatically locked due to age.
Parents
  • Hi Linesh and welcome to the UTM Community!

    You can do a packet capture with tcpdump to see what's coming in.

    You posted this in the Web Server Security forum.  If that was intentional, you should also look at the Web Application Firewall log.

    If you're using the SMTP Proxy, you will want to look in that log.  Should a moderator move this thread to the Mail Protection forum?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Linesh and welcome to the UTM Community!

    You can do a packet capture with tcpdump to see what's coming in.

    You posted this in the Web Server Security forum.  If that was intentional, you should also look at the Web Application Firewall log.

    If you're using the SMTP Proxy, you will want to look in that log.  Should a moderator move this thread to the Mail Protection forum?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data