Solved Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.
-
Hi all,
I want to monitor emails traffic at Firewall to track any spam emails have been sending from any computers on network (if there are any spam passing through, I will track back the pc and scan it for virus/ malware).
But I am not seeing any traffic at all for our domain (O365 emails) at Firewall for emails on ports 587, 993 and 995. Is that because of Outlook connecting directly to exchange server over HTTP or HTTPS ? If yes, how it's going to use these ports (as mentioned on ports used for O365 on MS Website) And how can I track or figure out spam emails ? (I guess, spam emails should hit at firewall at some port if it is a spam)
Any hints ?
-
Looking for SPAM on the network and looking for things coming from O365 are not the same. Your firewall will tell you if SPAM is attempting to send out regardless of how O365 is configured to talk to Outlook. So you are doing the right thing, there is just not rogue spamming agents sending things so you don't see anything.
-
When you send an email through 365, you don't send it from your phone, the email is sent over HTTPs to Microsoft and their servers then send it.
-
The ports you're looking at are the ones typically used by imap. Office 365 does most everything over 443.
On your firewall, you still want to block (and log if you can) any traffic on port 25 in case a machine on your LAN gets infected and tries to start spamming mail servers directly.
-
@Mike-Davis said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
The ports you're looking at are the ones typically used by imap. Office 365 does most everything over 443.
Even when not using 443, Outlook to Exchange is not an IMAP connection so would never be involved there.
-
@Mike-Davis said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
The ports you're looking at are the ones typically used by imap. Office 365 does most everything over 443.
On your firewall, you still want to block (and log if you can) any traffic on port 25 in case a machine on your LAN gets infected and tries to start spamming mail servers directly.
Yup, we are blocking port 25 explicitly on firewall.
-
I would fully expect the emails to be in an encrypted tunnel from the Outlook client (or whatever email client you're using) to O365. Unless you're using some type of proxy that can be a MITM, I don't think anything will see those messages. Even then - Does Outlook get them as email messages?
-
@Dashrender said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
I would fully expect the emails to be in an encrypted tunnel from the Outlook client (or whatever email client you're using) to O365. Unless you're using some type of proxy that can be a MITM, I don't think anything will see those messages. Even then - Does Outlook get them as email messages?
Not sure.
-
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
-
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
-
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
Is that also means, if our ISP is blocking our email things due to Spam issue, it's not going to effect our O365 users (while they send emails through outlook client) ?
-
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
Is that also means, if our ISP is blocking our email things due to Spam issue, it's not going to effect our O365 users (while they send emails through outlook client) ?
Outlook doesn't use SMTP or send email, it sends instructions to Exchange, which is totally different. No email protocols are involved.
-
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
Is that also means, if our ISP is blocking our email things due to Spam issue, it's not going to effect our O365 users (while they send emails through outlook client) ?
Outlook doesn't use SMTP or send email, it sends instructions to Exchange, which is totally different. No email protocols are involved.
Okay, so any email ports blocked by our ISP is not going to effect our O365 users.
-
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
Is that also means, if our ISP is blocking our email things due to Spam issue, it's not going to effect our O365 users (while they send emails through outlook client) ?
Outlook doesn't use SMTP or send email, it sends instructions to Exchange, which is totally different. No email protocols are involved.
Okay, so any email ports blocked by our ISP is not going to effect our O365 users.
Correct. You are not sending email in and out of your network, you are only looking at the email system remotely. There are no email protocols, no email traffic and no actual email moving across your network with the tools that you are using.
-
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
Is that also means, if our ISP is blocking our email things due to Spam issue, it's not going to effect our O365 users (while they send emails through outlook client) ?
Outlook doesn't use SMTP or send email, it sends instructions to Exchange, which is totally different. No email protocols are involved.
Okay, so any email ports blocked by our ISP is not going to effect our O365 users.
Correct. You are not sending email in and out of your network, you are only looking at the email system remotely. There are no email protocols, no email traffic and no actual email moving across your network with the tools that you are using.
It has nothing to do with Office365 either. Outlook does not use email protocols for any thing on an exchange server. In house or otherwise.
-
@JaredBusch said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@scottalanmiller said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
@openit said in Not seeing traffic for O365 emails at 587, 993 and 995 ports on Firewall.:
Ok, I understand, due to direct connection from Outlook with exchange, no port is being hit on Firewall. So only non-genuine emails going to be recognized at firewall.
Thanks.
Correct. Outlook has basically a private VPN back to the Exchange server over port 443 so no visible traffic of email on your network because there is none. That's better, so ANY SMTP traffic, on any port, is suspect.
Is that also means, if our ISP is blocking our email things due to Spam issue, it's not going to effect our O365 users (while they send emails through outlook client) ?
Outlook doesn't use SMTP or send email, it sends instructions to Exchange, which is totally different. No email protocols are involved.
Okay, so any email ports blocked by our ISP is not going to effect our O365 users.
Correct. You are not sending email in and out of your network, you are only looking at the email system remotely. There are no email protocols, no email traffic and no actual email moving across your network with the tools that you are using.
It has nothing to do with Office365 either. Outlook does not use email protocols for any thing on an exchange server. In house or otherwise.
Right, good point. This is all just general Exchange / Outlook protocol info, not related to a specific hosting service.