Incident report: Some mails to Microsoft online services was getting blocked..
Yesterday we dealt with a spammer/phisher who specifically targeted the Microsoft outlook.com service (and it’s affiliates). One of the Kolab Now MX servers was listed on the Microsoft throttle list (S3150). This meant that some users saw, that mails sent to recipients at ‘@outlook.com’, ‘@live.com’, ‘@hotmail.com’, and other Microsoft online services was bounced back.
The bounced mails came with a message that looked something like this:
This is the mail system at host mx.kolabnow.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<some-email@outlook.com>: host
outlook-com.olc.protection.outlook.com[x.x.x.x] said: 550 5.7.1
Unfortunately, messages from [y.y.y.y] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. [Name=Protocol
Filter Agent][AGT=PFA][MxId=<some long number>]
[SG2PEPF03345FBECA.apcprd05.prod.outlook.com 2025-05-06T<timestamp>Z
<another long number>] (in reply to MAIL FROM command)
Although the listing was fast discovered, Microsoft was contacted and the listing was reversed as soon as it was possible, it has taken a while for MS support to respond. At this time emails should be delivered to the Microsoft online services. If you are one of the users impacted, then we thank you for your patience.
If you have any questions or concerns in this context, then please contact support.
2025-05-07 @ 10:04 UTC: The latest message from Microsoft support is, that the issue has been resolved, but it will take 24 – 48 hours for the solution to be distributed across their systems. This means that a limited and decreasing number of emails will still be impacted by this situation.
The root cause of the issue is, that the evil actor found a way to misuse the Kolab Now systems for the evil act. Already yesterday we implemented a change that prevented the specific activity.
We apologize for any inconvenience that this has caused.