Microsoft - New Outbound Relay Pool

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Microsoft - New Outbound Relay Pool

Post by jimimaseye » 2021-07-05 09:59

Received as notification from Microsoft Message Center Major Change Update Notification (includes useful links):

New outbound relay pool

We're making some changes to harden the configuration for relaying or forwarding email through Office 365.

Starting July 27, 2021, we are updating special relay pools, a separate IP address pool that is used for relayed or forwarded mails that are sent from domains that are not a part of accepted domains in your tenant. Only messages that are sent from domains that are not accepted domains in your tenant are impacted by this change.

How this will affect your organization:

When this change is implemented, messages that do not meet the below criteria will route through the Relay Pool and the messages might potentially end up in recipient junk folder.

1. Outbound sender domain is an accepted domain of the tenant.
2. SPF passes when the message comes to M365.
3. DKIM on the sender domain passes when the message comes to M365.

All messages that meet the above criteria will not be relayed through the Relay Pool. For relayed messages, we will skip SRS rewrite.

What you can do to prepare:

When this change takes effect, you can tell a message was sent via the Relay Pool by looking at the outbound server IP (all Relay Pool IPs will be in the 40.95.0.0/16 range), or by looking at the outbound server name (will have "rly" in the name).

For the messages to go through the regular pool you will need to make sure when a message arrives to Microsoft Office 365, SPF or DKIM passes, or sender domain of the outbound message matches an accepted domain of your tenant

For DKIM to work, make sure you enable DKIM for sending domain for example fabrikam.com is part of contoso.com accepted domains, if the sending address is sender@fabrikam.com, the DKIM needs to be enabled for fabrikam.com. you can read on how to enable DKIM here.

To add custom domains follow the steps outlined here.
Attachments
Annotation 2021-07-05 085718.png
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Microsoft - New Outbound Relay Pool

Post by mattg » 2021-07-05 13:40

sounds good to me
We can simply spam score anything from 40.95.0.0/16
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: Microsoft - New Outbound Relay Pool

Post by SorenR » 2021-07-27 15:55

Well... It's the 27. today and I don't see any change.

So far this month 2 emails out of 41 from "*.outbound.protection.outlook.com" are SPAM (nude women and promises of dates and marriage)... Mostly in the 40.92.0.0/16 range but also 40.107.0.0/16 and 104.47.0.0/16.

The 2 non-SPAM emails are correspondance with an insurance company - Yeah... Not SPAM, it's about some permanent neck injuries my daughter got in a car crash. Two cars totalled and the other driver got her license permanently revoked.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

Post Reply