Office 365 mail protection

Berlioz42300 said:

Do you have a solution for add this domain with * on exeception because with the RDNS check i don't receive mail from O365 and hotmail.

But are you sure your RDNS checks are the problem? We don't have any problems with RDNS checks and Office 365 senders.

Yes i'm sure, if you use rDNS check Strict, all O365, hotmail and live mail are blocked and its normally.

If you send an email by a domain on Office 365 (test.fr for this example), the IP who want send your email is : xxxx.mail.protection.outlook.com !

Microsoft know this problem and palo alto are impacted too by this problem on reverse mail proxy.

The only solutions is exclude all ip of microsoft protection (too many IP and /22 or /16...) or exclude a domain totally.

The best solutions is exclude all domain xxxx.mail.protection.outlook.com but we need to wait an update for enter wildcard on exclusion MTA.

Yes i'm sure, if you use rDNS check Strict, all O365, hotmail and live mail are blocked and its normally.

If you send an email by a domain on Office 365 (test.fr for this example), the IP who want send your email is : xxxx.mail.protection.outlook.com !

Microsoft know this problem and palo alto are impacted too by this problem on reverse mail proxy.

The only solutions is exclude all ip of microsoft protection (too many IP and /22 or /16...) or exclude a domain totally.

The best solutions is exclude all domain xxxx.mail.protection.outlook.com but we need to wait an update for enter wildcard on exclusion MTA.

Can you show us the exception, which you try to deploy? 

I can successful build a FQDN Wildcard Exception in V17.5 

I'm not in 17.5 because it's a beta version, i'm in 17.1.3 MR3 (latest version)

But it's a good news when the version is ready for release !

Feel free to test V17.5

Some of our customers already deploy it on their productive systems without any issues. 

Not for me for the moment, i prefer wait...the migration between v16 and v17 remind me bad memories...