Office 365 not respecting white listed IP and domain

JaredBusch

Problem: Office 3655 is rejecting white listed IP and domain
Reason: My colo IP is blocked by a CBL. Resolving that is not the point of this topic. That is simply a matter of checking into wtf my shit is doing. I can handle that.

Setup:
I have Office 365 E3 for most addresses on bundystl.com
I have servers in a colo space on 207.244.223.13
One of those is a PBX that sends email to voicemail.

I have that IP listed in the connectors.

https://i.imgur.com/M6OWOFa.jpg

I did not originally have my PBX configured with a valid domain as can be seen here. It was the default [email protected]

Dec 29 11:25:41 pbx postfix/pickup[15500]: 324231C0DB0: uid=498 from=<asterisk>
Dec 29 11:25:41 pbx postfix/cleanup[17959]: 324231C0DB0: message-id=<[email protected]>
Dec 29 11:25:41 pbx postfix/qmgr[9003]: 324231C0DB0: from=<[email protected]>, size=9389, nrcpt=1 (queue active)
Dec 29 11:25:47 pbx postfix/smtp[17961]: 324231C0DB0: to=<[email protected]>, relay=bundystl-com.mail.protection.outlook.com[207.46.163.215]:25, delay=6, delays=0.1/0.02/0.77/5.1, dsn=5.7.1, status=bounced (host bundystl-com.mail.protection.outlook.com[207.46.163.215] said: 550 5.7.1 Service unavailable; Client host [207.244.223.13] blocked using Spamhaus; To request removal from this list see http://www.spamhaus.org/lookup.lasso (in reply to RCPT TO command))

I updated /etc/postfix/main.cf to use bundystl.com for the domain.

myorigin = bundystl.com

I also went into the spam filtering block lists section and added the IP address in the always allow list.

https://i.imgur.com/Cp5xCJR.jpg

Then I also added the domain as an always allow in the allow lists section.

https://i.imgur.com/X5weIJ8.jpg

I then tried another voicemail and it say I am blocking it in my Allow List? WTF....

Dec 29 11:50:26 pbx postfix/pickup[21113]: 335D51C0D91: uid=498 from=<asterisk>
Dec 29 11:50:26 pbx postfix/cleanup[21229]: 335D51C0D91: message-id=<[email protected]>
Dec 29 11:50:26 pbx postfix/qmgr[21114]: 335D51C0D91: from=<[email protected]>, size=9478, nrcpt=1 (queue active)
Dec 29 11:50:32 pbx postfix/smtp[21231]: 335D51C0D91: to=<[email protected]>, relay=bundystl-com.mail.protection.outlook.com[207.46.163.215]:25, delay=6.1, delays=0.09/0.02/0.85/5.1, dsn=5.7.1, status=bounced (host bundystl-com.mail.protection.outlook.com[207.46.163.215] said: 550 5.7.1 Service unavailable; Client host [207.244.223.13] blocked using Customer Allow list ; To request removal from this list  (in reply to RCPT TO command))

JaredBusch

I removed the IP from the connection filter

https://i.imgur.com/50QauAV.jpg

https://i.imgur.com/ZvCDrub.jpg

And now I am getting the CBL block again. So I call this f[moderated]ed up on Microsoft's part.

Dec 29 14:07:28 pbx postfix/pickup[31860]: 906171C0D91: uid=498 from=<asterisk>
Dec 29 14:07:28 pbx postfix/cleanup[31920]: 906171C0D91: message-id=<[email protected]>
Dec 29 14:07:28 pbx postfix/qmgr[31861]: 906171C0D91: from=<[email protected]>, size=9930, nrcpt=1 (queue active)
Dec 29 14:07:34 pbx postfix/smtp[31923]: 906171C0D91: to=<[email protected]>, relay=bundystl-com.mail.protection.outlook.com[207.46.163.215]:25, delay=6, delays=0.06/0.01/0.86/5.1, dsn=5.7.1, status=bounced (host bundystl-com.mail.protection.outlook.com[207.46.163.215] said: 550 5.7.1 Service unavailable; Client host [207.244.223.13] blocked using Spamhaus; To request removal from this list see http://www.spamhaus.org/lookup.lasso (in reply to RCPT TO command))
Dec 29 14:07:44 pbx postfix/cleanup[31920]: 8E10E1C0D90: message-id=<[email protected]>
Dec 29 14:07:44 pbx postfix/qmgr[31861]: 8E10E1C0D90: from=<>, size=12211, nrcpt=1 (queue active)
Dec 29 14:07:44 pbx postfix/bounce[31935]: 906171C0D91: sender non-delivery notification: 8E10E1C0D90
Dec 29 14:07:44 pbx postfix/qmgr[31861]: 906171C0D91: removed

JaredBusch

Damnit.. this should be really easy... Added the IP back and same answer..

Dec 29 14:46:39 pbx postfix/pickup[31860]: B57B71C0D98: uid=498 from=<asterisk>
Dec 29 14:46:39 pbx postfix/cleanup[34426]: B57B71C0D98: message-id=<[email protected]>
Dec 29 14:46:39 pbx postfix/qmgr[31861]: B57B71C0D98: from=<[email protected]>, size=9130, nrcpt=1 (queue active)
Dec 29 14:46:45 pbx postfix/smtp[34428]: B57B71C0D98: to=<[email protected]>, relay=bundystl-com.mail.protection.outlook.com[207.46.163.170]:25, delay=5.8, delays=0.07/0.01/0.65/5.1, dsn=5.7.1, status=bounced (host bundystl-com.mail.protection.outlook.com[207.46.163.170] said: 550 5.7.1 Service unavailable; Client host [207.244.223.13] blocked using Customer Allow list ; To request removal from this list  (in reply to RCPT TO command))

I also made a rule as per this technet article

no difference

JaredBusch

Related to the actual cause of the problem, I apparently was testing some SMTP stuff a while back and disabled my rule to block all SMTP outbound on my network, then forgot to turn it back on. That rule is enabled again, so now waiting to see when it gets hit to find out what the hell on my system is sending spam.

But, this still does not resolve the MS problem with the white listing until the CBL drops off.