Exchange 2016 , Exchange Hybrid RRS feed

  • Question

  • Hello  , 

    I have a Exchange 2016 CU 3  .   I have managed to setup the Hybrid Wizard without issue  (Centralised Mail flow configured enabled )  I am now able to migrate a user to the my tenant and send mail thought out my organ. No issue.

    But if this 0365 user sends to an Outbound address. I receive this with my Message Trace   

    Reason: [{LED=450 4.4.316 Connection refused};{MSG=Socket error code 10061};{FQDN=mail.test-domain.com};{IP=};{LRT=3/6/2017 12:21:09 AM}]. OutboundProxyTargetIP: OutboundProxyTargetHostName: mail.test-domain.com. 

    Oh, receiving from  the outside world is not an issue for the 0365 user , just sending .  


    Monday, March 6, 2017 4:12 AM

All replies

  • It seems you are unable to send  to the on premise user from O365 as per the error message. Make sure your firewall is allowing EOP IP addresses as per link below.




    Monday, March 6, 2017 4:17 AM
  • Our mail configuration does not allow us to setup EOP  .  What we wish is to use our On-prem server to send and receive all mail for our domain . From what I have read , Centralised Mail flow will allow this, am I correct.


    I have open port 25 to the list with that link, no go .   

    Is there any way I can see if my EX servers are not relaying emails coming from my o365 tenant . 



    Monday, March 6, 2017 4:30 AM
  • Centralized mail flow is fine if you need all mails to flow through on-premise for any compliance reasons, There is definitely something on the firewall not allowing SMTP traffic from O365, Do you have any kind of SMTP/AV scanning on the firewall. 



    Monday, March 6, 2017 4:43 AM
  • I don't administer our external firewall I am enquiring  .

    but  How does one monitor this type of relay message via On-perm servers.  I would think it would be helpful in troubleshooting routing issues. 


    • Edited by Dean Maher Monday, March 6, 2017 5:23 AM
    Monday, March 6, 2017 5:21 AM
  • Hi Dean,

    Please have a look at the following similar thread and check if any helps:

    Message delayed with 450 4.4.316 Connection refused


    It is IP ranges that are causing the problem, as they are not allowed to communicate to our on premise infrastructure.


    Instead of allowing only specific IPs we allowed all the traffic on 25 port from outside, after that change even doing tests and sending thousands of messages - haven't seen the error any more.

    Best Regards,

    Niko Cheng
    TechNet Community Support

    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Niko.Cheng Friday, March 10, 2017 9:01 AM
    Monday, March 6, 2017 8:59 AM