The new transport configuration for Office 365 dedicated and ITAR


This article describes the new transport configuration that was deployed to all Microsoft Office 365 dedicated and ITAR customers in April 2013.

More Information

Historically, customers who introduced a new printer, application, or appliance had to inform Microsoft of their action and provide Microsoft with the IP address before the device went into production. Microsoft manually changed the RemoteIPRanges property on the appropriate receive connector to include the new IP address.

With the new, simplified design, customers no longer have to provide Microsoft with the IP addresses of on-premises applications, devices, and servers that are newly introduced. All customers' Simple Mail Transfer Protocol (SMTP) communication that is submitted over the dedicated link between the customer and Microsoft datacenters is trusted. If customers want to restrict the devices and applications that send email messages to the service, they can set up a firewall policy to enable clients and appliances to send SMTP traffic to Microsoft or to block clients or appliances from doing this. This means that Microsoft accepts all SMTP traffic. 

The new trusted receive connector is configured as follows:
  • It enables connections on port 25 from any server in the customer environment.
  • It routes mail to internal and external recipients.
  • It enables anonymous mail submission.
  • It resolves internal "from" addresses to address book entries in Microsoft Outlook.

To troubleshoot a connection or submission problem, follow these steps:
  1. Make sure that there is no firewall or other network configuration that may block filter connections to the management environment. The Microsoft managed environment accepts all connections from the customer's environment.
  2. Verify that the customer is using the correct Domain Name System (DNS) endpoint.
    • For customers who are being moved to the new High Availability topology, the DNS endpoint resembles the following:
      <cust#> -smtp-out. <CustomerDomain>.com
      For example, the DNS endpoint may be the following:
    • Customers who are not moved to the new DNS design continue to use their legacy endpoint.
  3. If connections to the managed environment are the problem, use the IP address of their endpoint instead of the host name to exclude any problem with DNS.
  4. If it is a submission problem, use Telnet on port 25 to manually connect from the customer's environment. To do this, follow these steps.

    Note For more information about Telnet, click the following article number to view the article in the Microsoft Knowledge Base:
    231866 The TELNET protocol
    1. Review the SMTP banner that is displayed to determine the server and the receive connector type. All submissions should use the trusted receive connector. If the receive connector is a trusted receive connector, the SMTP banner resembles the following:
      220 <ServerName> Trusted_From_Customer
    2. Check the Telnet connection. For example:
      • A successful Telnet connection resembles the following:
        Connected to
        220 0X-AM1MMR1-001 Trusted_From_Customer
      • A failed Telnet connection resembles the following:
        Connected to
        Connection closed by foreign host.
  5. If the connection fails, provide Microsoft with the results of the Tracert (trace route) command. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
    314868 How to use TRACERT to troubleshoot TCP/IP problems in Windows

ID d'article : 2838801 - Dernière mise à jour : 8 mai 2013 - Révision : 1