Dnia 26.09.2025 o godz. 08:43:07 Benoît Panizzon via mailop pisze: > The situation we have here is an external sender sending emails to a > recipient local on the exchange Platform using a domain which is hosted > on exchange by a different tenant. > > So we have EXTERNAL to INTERNAL - no relaying - no authentication > required. [...] > It is traffic FROM outside to one MS customer. No inside traffic, this > is what I don't understand.
From your description, it looks like MS simply implemented their "DirectSend" wrong. Their system thinks that ANY incoming mail with sender address from a domain hosted on MS is "internal to internal", regardless of the fact it is coming from external source. They probably check the sender address first, and not the IP address, and if the sender address is from MS, they decide it's "internal to internal". I have already seen such behaviour, long time ago, on one Polish mail service (@op.pl). It was at the times when there was no SPF yet (so forwarding was commonly used without issues) and email services just started to implement SMTP AUTH - on port 25, without using a separate submission service. The scenario was when us...@op.pl was sending their mail to us...@example.com (external to op.pl, totally different service), and us...@example.com in turn forwarded the mail to us...@op.pl, the op.pl server rejected the mail with a message requring authentication - because it saw a sender address from op.pl domain. I think I see similar misconfiguration here. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
