Will My Unsupported Microsoft Exchange Still Work?
Does your organization have an unsupported version of Exchange (2013 or older), or you’re not keeping up with patching? If so, you might be looking at some problems delivering emails to MS 365 in the near future.
Email is critical for organizations to do business. Most organizations that we work with use Microsoft 365 for their email, which is cloud based. But some organizations use good old-fashioned Exchange servers (which is at the heart of MS 365, by the way). Exchange servers can either be on-premise or in the cloud. Some email providers (like Rackspace, for example) used their Exchange servers to resell a service similar to MS 365. Until recently, anyway.
Exchange servers have been at the heart of a lot of security issues, as vulnerabilities have been discovered over the past couple of years. And Microsoft has been very responsive in terms of protecting against those vulnerabilities in the form of patches to the Exchange server.
So as long as you patch your Exchange servers, you’re ok (at least in terms of these vulnerabilities). But if not? Could be trouble.
Oh, and Microsoft is starting to force the issue.
That’s right. Microsoft recently announced that they are going to throttle and block emails that are being sent from unsupported or unpatched Exchange servers. Why? Because “Microsoft uses the Zero Trust security model for its cloud services, which requires connecting devices and servers to be provably healthy and managed. Servers that are unsupported or remain unpatched are persistently vulnerable and cannot be trusted, and therefore email messages sent from them cannot be trusted. Persistently vulnerable servers significantly increase the risk of security breaches, malware, hacking, data exfiltration, and other attacks.”
This is especially challenging if your organization is using an unsupported version of Exchange, which now includes Exchange 2013 and older versions. Microsoft doesn’t patch those versions anymore. Newer versions are ok, but only if they’re patched.
Let’s be clear. If you have an older unsupported or unpatched Exchange Server, Microsoft 365 will first send the original sender SMTP 450 error messages warning them of this issue. After 30 days of discovery, throttling will begin, which should cause your server to queue and retry the message later, resulting in delayed delivery of messages. From 30-60 days the delay from throttling will increase.
If the situation isn’t resolved after 60 days, your sent emails will undergo throttling and blocking.
After 90 days? Microsoft 365’s Exchange Online will not accept messages from your server.
Now this is Microsoft, and there are a whole bunch of nuanced issues here that could either accelerate or decelerate their implementation of this. But the bottom line is this: If you have an Exchange server more modern than Exchange 2013, patch that puppy, and keep up with it.
An older one? It’s time to upgrade. Not sure how? Reach out to Simplex-IT, we’ve upgraded over 100 organizations to Microsoft 365 or upgraded Exchange servers. And we also can help you make sure your patching gets done. Contact us!