MS uses the Spamhaus CBL to match IP in the header of the sending device. X-Originating-IP
Generally block lists are used for abusive SMTP/email servers, but MS are using it against Exchange clients (Outlook / Active Sync and OWA). Presumably to kerb spammers abusing the trial.
Error
Resulting in a NDRRemote Server returned '550 5.7.501 Service unavailable, Client host blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16042849)'
The NDR will contain the IP of the actual device where the message was generated, not the Exchnage server IP, as it the case with some other platforms.
X-Originating-IP: [1.125.48.104]
The Fix:
Modify the default connection filter to allow these IP's- Use the EAC to edit the default connection filter policy - detailed here
- Use powershell to add multiple (max 1273) subnets (max subnet size /24)
PS> $UserCredential = Get-Credential
PS> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
PS> $sn=@{Add="1.124.0.0/24",
"1.124.1.0/24",
"1.124.2.0/24",
...<snip>...
"1.127.255.0/24"}
PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $null
PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $sn
Links
Telstra Mobile IP's - http://wq.apnic.net/apnic-bin/whois....AINTERNET49-AUPowershell command ref above - https://technet.microsoft.com/en-us/...xchg.160).aspx
EAC - IPAllowList Limits - https://technet.microsoft.com/en-us/...or=-2147217396
Full script - https://pastebin.com/3wkGF7Gx