Delayed or blocked emails within a hybrid environment
Problem:
Your organization is using a hybrid Exchange environment. Emails recently started to be delivered with a delay or fail to be delivered at all. The problems seem to intensify over time.
Solution:
The problems you’re experiencing are most likely related to Microsoft’s (Mail) Transport-based Enforcement System that gradually restricts your mail flow from vulnerable Exchange server(s) to Exchange Online in your hybrid environment. The general purpose of the system is to encourage admins to patch or upgrade vulnerable on-premises servers to ensure overall security of your organization and Exchange Online.
Once the system detects that emails coming to Exchange Online are sent from a vulnerable version of Exchange Server like:
- an unsupported version, e.g. Exchange Server 2010,
- a version that hasn’t been updated/patched for a long time, e.g. Exchange Server 2016 that’s behind with security updates,
you’ll get a compliance report telling you how to avoid throttling (delaying) or blocking your mail flow in the future.
After a vulnerability is detected, you have 30 days to remediate the affected on-premises server(s). If you fail to do it, Exchange Online will start throttling incoming connections form the server(s), which will result in email delivery delays. The throttling will increase over time.
If you fail to remediate your server(s) for another 30 days, Exchange Online will start blocking emails. The degree of blocking will increase over time as well, resulting in a complete mail flow block after 90 days since the vulnerability was first detected.
Tip
If you need more time to remediate your on-premises server(s), you can also pause the Transport-based Enforcement System for up to 90 days per year. This will temporarily stop it from throttling and blocking emails sent from vulnerable servers in your environment.
Learn more about the Transport-based Enforcement System, ability to pause it & more
Addressing the problems
To eliminate the problems with email delivery, address the issue(s) listed in the compliance report:
- Update/patch the server(s) that are still supported (e.g. Exchange Server 2016).
- If your server(s) are not supported, migrate to a supported Exchange Server version (e.g. Exchange Server 2019). To do it, you can use the native methods or go for the CodeTwo migration tool, which is a lot easier to use and offers a number of additional features, including the possibility to quickly delta-migrate emails sent by users while the migration is under way.
Alternatively, you can retire your on-premises server(s) and decide to go 100% with the cloud, moving all your local mailboxes to Exchange Online. For this scenario, you can also find a dedicated, easy-to-use, GUI-based tool in CodeTwo’s portfolio.
Once you’ve remediated your server(s), the mail flow between the on-premises and cloud mailboxes will resume as normal.
Related products: | CodeTwo Exchange Rules 2007 1.x, 2.x, 3.x, 4.x, CodeTwo Exchange Rules 2010 3.x, CodeTwo Exchange Rules 2013 2.x, CodeTwo Exchange Rules 2016 1.x, CodeTwo Exchange Rules 2019 1.x, CodeTwo Exchange Rules Pro 2.x |
Categories: | FAQ, Troubleshooting |
Last modified: | July 31, 2023 |
Created: | July 19, 2023 |
ID: | 1039 |