IP Range of *.outbound.protection.outlook.com hosts?
Problem reported by michael~ - March 20, 2015 at 7:28 AM
Submitted
Hi all --  
 
I apologize if this is a repost, but the search function around here is horrible. 
 
I've been struggling with this problem for a while now, and the email ticket I opened with SM support is going no where.. The exact problem is described here (https://support.microsoft.com/en-us/kb/3019655).  Basically, any mail coming from Microsoft EOP/Office365 is sent from some host under outbound.protection.outlook.com.  But because each host has 10+ IPs associated with it, the SPF/rDNS lookup fails and the message is dropped in delivery.  The best suggestion SM support has is whitelisting every EOP IP range, which I'm willing to try, but they're unable to offer the IP ranges.
 
Does anyone have the EOP IP address ranges of the outbound.protection.outlook.com hosts?   Better yet, has anyone found a better solution to accepting messages from EOP without compromising spam settings and/or security (ie.- disabling SMTP authentication)?
 
Thanks
-- michael~

8 Replies

Reply to Thread
0
Scarab Replied
According to their SPF Record (spf.protection.outlook.com) these are the IP Ranges:
 
104.47.0.0/17
134.170.132.0/24
134.170.140.0/24
157.55.133.0/25
157.55.158.0/23
157.55.234.0/24
157.56.110.0/23
157.56.112.0/24
157.56.116.0/25
157.56.120.0/25
157.56.87.192/26
207.46.100.0/24
207.46.108.0/25
207.46.163.0/24
207.46.51.64/26
213.199.154.0/24
213.199.180.0/24
216.32.181.0/24
23.103.132.0/20
23.103.144.0/19
23.103.191.0/24
23.103.198.0/23
23.103.200.0/21
23.103.208.0/21
23.130.156.0/22
64.4.22.64/26
65.55.169.0/24
65.55.88.0/24
 
You can use http://mxtoolbox.com/spf.aspx to do manual SPF Record lookups.
 
If you are having difficulties receiving emails from these sources I would add them to your SECURITY > WHITELIST for "SMTP" & "Greylisting" only.
0
michael~ Replied
Not enough caffeine for this.... I FIIIIIIIIINALLY found the following technet article: 
which lists every IP range that Microsoft EOP uses to send..  I added all those to Security -> Whitelist for SMTP and NoGreylisting, but I have SMTP Auth enabled, which also causes the message to be dropped.
 
At this point, I'm wondering if it's a security/spam concern to also add those 36 IP ranges to Bypass SMTP Authentication.  Or if it's a sec/spam concern to have them in the Whitelist to begin with.
 
Thoughts?
Thanks.
 
edit:  for some reason I'm not allowed to add comments.. weird..  but @scarab: Thank you for the reply..  it helped my searching which led to this reply.
0
Jane Noel Replied
Michael - how's this working for you? Have you had problems resulting from adding these IPs to the whitelist?
1
Camilo Torres Replied
If somebody else decides to go this route, this is the list of IP address as of 10/31/2016 on TechNet:
 
 
Since Microsoft provides the list in the CIDR notation, but SmarterMail requires them in IP ranges, i had to change them all and this might be useful to somebody.
 
23.103.132.0-23.103.135.255
23.103.136.0-23.103.143.255
23.103.144.0-23.103.159.255
23.103.198.0-23.103.199.255
23.103.200.0-23.103.207.255
40.92.0.0-40.95.255.255
40.107.0.0-40.107.255.255
65.55.88.0-65.55.88.255
65.55.169.0-65.55.169.255
94.245.120.64-94.245.120.127
104.47.0.0-104.47.127.255
134.170.101.0-134.170.101.255
134.170.140.0-134.170.140.255
134.170.171.0-134.170.171.255
157.55.133.0-157.55.133.127
157.56.87.192-157.56.87.255
157.56.110.0-157.56.111.255
157.56.112.0-157.56.112.255
157.56.116.0-157.56.116.127
157.56.120.0-157.56.120.127
207.46.51.64-207.46.51.127
207.46.100.0-207.46.100.255
207.46.108.0-207.46.108.127
207.46.163.0-207.46.163.255
213.199.154.0-213.199.154.255
213.199.180.128-213.199.180.191
216.32.180.0-216.32.181.255
 
Also, if you are experienced enough with XML manipulation, you could paste the code below into this file and restart the SmarterMail service (i recommend adding one entry manually so you can locate the proper place to paste the rest): 
 
C:\Program Files (x86)\SmarterTools\SmarterMail\Service\mailConfig.xml
 

  <SmtpAuthBypassList>
    <address>23.103.132.0-23.103.135.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>23.103.136.0-23.103.143.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>23.103.144.0-23.103.159.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>23.103.198.0-23.103.199.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>23.103.200.0-23.103.207.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>40.92.0.0-40.95.255.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>40.107.0.0-40.107.255.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>65.55.88.0-65.55.88.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>65.55.169.0-65.55.169.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>94.245.120.64-94.245.120.127</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>104.47.0.0-104.47.127.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>134.170.101.0-134.170.101.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>134.170.140.0-134.170.140.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>134.170.171.0-134.170.171.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>157.55.133.0-157.55.133.127</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>157.56.87.192-157.56.87.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>157.56.110.0-157.56.111.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>157.56.112.0-157.56.112.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>157.56.116.0-157.56.116.127</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>157.56.120.0-157.56.120.127</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>207.46.51.64-207.46.51.127</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>207.46.100.0-207.46.100.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>207.46.108.0-207.46.108.127</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>207.46.163.0-207.46.163.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>213.199.154.0-213.199.154.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>213.199.180.128-213.199.180.191</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>
  <SmtpAuthBypassList>
    <address>216.32.180.0-216.32.181.255</address>
    <description>Office 365</description>
  </SmtpAuthBypassList>

  
  
 
0
Merle Wait Replied
Thanks... for the doing work... I appreciate it.. And YES, I will implement that. Thanks again.
0
adam Replied

I have created an Excel spreadsheet to take the list from Microsoft and convert it to the XML required for Smartermail. This makes it easy to update as Microsoft changes the list. The Excel sheet has the latest full list form Microsoft.

You can download the file from the below link under "SmarterMail Office365 IP Whitelist Tool":
www.gamwelltech.com/Support/Downloads/

Hope this is helpful to someone else too. It has made managing this list much easier for us.

0
Richard Frank Replied
I only added those IP numbers to the whitelist for greylisting, also the gmail IP ranges and other IP ranges of big providers.
There's totally no use of greylisting mailservers as it only checks the retry. And every good configured mailserver does.
 
I wouldn't want to smtp-whitelist any IP number except numbers that are my own.
0
PDSI Support Replied
Does SmarterMail have an API that will let me programmatically add/remove these IP Ranges?

Reply to Thread