Exchange Online blocks email from unpatched Exchange servers

Microsoft has started to block e-mails sent due to the still insufficiently secured Exchange Server 2007 systems. E-mails sent from unpatched systems to Exchange Online accounts are now blocked.

Microsoft has reminded of this (via Gunter Born). The measure was taken to protect as many users as possible from attempts at manipulation.

It’s about the tiresome topic that many Exchange servers remain unpatched for too long – or permanently – despite important security updates. In the past, we have often reported on the problems that arise as a result. Microsoft had approached Exchange server operators with repeated public warnings because there were known vulnerabilities that were actively being exploited. But that didn’t help much.
Cybercrime infographic: Email remains the biggest security risk

Active exploitation of vulnerabilities known for years

Cyber ​​criminals specifically look for Exchange Servers that are accessible on the Internet and have not been secured with security updates. The vulnerabilities are gateways for various attacks, for example with blackmail Trojans and other types of malware.

Gradual changes

Therefore, another idea now takes hold: If you cannot simply provide the unsecured Exchange servers with updates remotely, the e-mails sent will be blocked upon arrival. Initially, only servers running Exchange Server 2007 that send email to Exchange Online via an on-premises inbound connector are affected. It is also planned that all versions of Exchange Server will be affected by the new enforcement system, regardless of how they connect to Exchange Online.

There are two stages. First a throttling, then a blockade. In the Techcommunity describes Microsoft now the procedure:

Safety measures

“If a server is not repaired after a period of time, Exchange Online begins throttling messages from that server. When this happens, Exchange Online issues a repeatable SMTP 450 error to the sending server, causing the sending server to stop the message to queue and try again later, resulting in delayed delivery of messages, in which case the sending server will automatically try to resend the message.

The duration of the throttling increases over time. The gradual throttling over several days is intended to raise administrators’ awareness and give them time to fix the server. However, if the admin does not fix the server within 30 days of the start of the throttling, enforcement will continue to the point where the email is blocked.

If throttling doesn’t prompt an administrator to patch the server, email from that server will be blocked after a period of time (see below). Exchange Online issues a persistent SMTP 550 error to the sender, which triggers a non-delivery notification (NDR) to the sender. In this case, the sender must resend the message. An example of SMTP error 550 is shown below: 550 5.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online blocked for 10 mins/hr.”

See also:

Microsoft cloud email office 365 microsoft 365 exchange cloud computing exchange server microsoft 365 business microsoft cloud microsoft exchange microsoft 365 for business exchange online mail server exchange logo microsoft exchange online microsoft Exchange online logo, email server, cloud hosting

Related Posts