Barracuda Email Security Service
This solution is primarily for customer using an On-Prem Microsoft Exchange server.
This problem also exists for customers using O365 but we have no solution for custgomer on O365. Please also note that we have reported this problem to Microsoft multiple times and they refuse to acknowledge that this is a problem or that they need to fix anything. We DO NOT however see this happening with any other mail server or mail service.
THE PROBLEMS WITH SENDING OUTBOUND MAIL THROUGH ESS for Microsoft Exchange and O365 customers:
First is that when sending mass mailings (one email to multiple addresses in multiple domains) ESS will return the RESULT of each delviery at the END OF DATA (per the SMTP spec). Exchange and O365 will incorrectly report back that a failure to one address is a failure to all addresses or will retry the mail to ALL recipients if ONE is deferred.
Second is that if you send mail to more than 100 recipients then ESS will deliver the mail for the first 100 and then defer the rest. Your mail server will then retry the next 100 and then the next 100 and so on until all are delivered. This is how a normal mail server works.
Exchange and O365 have a problem IF one of the destination mail servers returns a DEFERRAL for one of the recipients when the delivery was attemtped. Instead of moving on the the NEXT 100 recipients Exchange and O365 will retry the message again from the beginning. It will NOT acknowledge or accept that the mail to some of the recipients was already delivered.
As noted this problem only happens with Microsoft Exchange and O365 and not with any other mail server or service.
For customers using on on-prem Exchange server there is a way to mitigate this problem by enabling ESS DNS ROUTING.
For customers using O365 there is nothing we have found to get around this because Microsoft does not allow per account DNS routing in O365.
DNS routing uses DNS data to deliver mail for a domain instead of delivering it to the ESS smarthost.
With DNS routing enabled your mail server will break a single outbound mail to multiple users/domains into individual per domain packets. This will limit the delays/failures in mail delivery.
As noted when using DNS routing your mail server will break the mass mailing into per domain groups but still deliver the mail to BESS because you pointede your outbound connectors DNS server to the ESS servers listed below. The BESS DNS servers are configured to return the Barracuda Hostname as the MX record for ALL domains. It will send your mail to the correct ESS server based on your region.
NOTE: If you want to use your own local DNS routing server please configure it to return as the MX record the hostnames listed below for yhour region as the MX record for all domains.
Make sure you use the correct ESS DNS for your region.
The DNS server you can use for your outbound connector are:
US IP Addresses - 220.127.116.11 and 18.104.22.168
UK IP Addresses - 22.214.171.124 and 126.96.36.199
DE IP Addresses - 188.8.131.52 and 184.108.40.206
(enter both IP addresses into your DNS configuration to provide better redundancy)
This HOSATNAMES that the above DNS servers return for ALL MX lookups are:
US - dout.ess.barracudanetworks.com
UK - dout.ess.uk.barracudanetworks.com
DE - dout.ess.de.barracudanetworks.com
This allows your mail server to break up outbound mail into "per domain" packets but still send all the mail through the ESS service.
NOTE: If you use DNS routing for your outbound mail you will lose the redundancy the normal smarthost provides. We do not foresee any outage with these servers but it is something anyone using DNS routing needs to be aware of.
Another solution would be to NOT filter your OUTBOUND mail through the Barracuda Email Security Service when your mail server is Exchange or if you are using O365. This will allow you to deliver mail normally using DNS routing directly to the destination mail servers.
Microsoft technet documents that might be of assistance with this
Link to this page: