Exchange Hybrid Port 25 IP Filtering

jpcapone 1,376 Reputation points
2020-10-27T15:34:20.93+00:00

I would like to confirm that if I want to secure inbound traffic to port 25 for my Exchange Hybrid server I would have to allow the Exchange endpoints listed below in order for Hybrid mail flow to work?

https://video2.skills-academy.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

*.mail.protection.outlook.com 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48 TCP: 25

I am concerned because the document also states:
Endpoint data below lists requirements for connectivity from a user's machine to Office 365. It does not include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections. See Additional endpoints for more information.

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,981 questions
0 comments
Accepted answer
  1. Andy David - MVP 144.4K Reputation points MVP
    2020-10-27T16:20:31.023+00:00

    Hi there.
    That doc is a mess isnt it? :)

    The IPs that you have are the correct ones since those are the only ones that are port 25 specific. They just don't make it very clear.

    The client submittal port is 587, so the ips listed for that are for client-endpoints.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. jpcapone 1,376 Reputation points
    2020-10-27T16:25:46.163+00:00

    Yes its confusing and I am a bit concerned because I usually open port 25 to all traffic in this scenario, leaving security to the cert. Thanks for the clarification!

    0 comments