Once again, I let myself be led up the garden path. I had a Update for Exchange when a short time later the Outlook app for iOS and Android stopped working. The app no longer synchronized any data and there were no error messages. As I had carried out an update shortly beforehand, I suspected this at first. However, after some digging around in the Exchange logs, I noticed that the Outlook app was not connecting to the Exchange server at all.
I then checked the Sophos UTM web server protection logs. This is where I found what I was looking for.
Wie man hier sehen kann, stellt die Outlook App die Verbindung zu Exchange nicht direkt her, sondern geht den Umweg über Server im Internet (srcip=“23.101.75.158″). Hier der entsprechende Auszug aus dem Log der UTM:
2018:05:12-22:45:51 utm httpd: id=“0299″ srcip=“23.101.75.158“ localip=“192.168.10.106″ size=“236″ user=“-“ host=“23.101.75.158″ method=“POST“ statuscode=“403″ reason=“dnsrbl“ extra=“Client is listed on DNSRBL black.rbl.ctipd.astaro.local“ exceptions=“SkipURLHardening“ time=“1029″ url=“/Microsoft-Server-ActiveSync“ server=“mail.frankysweb.de“ port=“443″
The IP 23.101.75.158 belongs to Microsoft and in particular to the "Outlook cloud service":
Unfortunately, exactly this IP is on the Cyren blacklist, which is also used by the Sophos UTM:
Here you can find more information about the "Outlook cloud service" and how authentication works:
Now Microsoft will certainly not only use this single IP to establish the connection, so I had to disable the option "Block clients with bad reputation" in the firewall profile of the UTM:
The blacklists are therefore no longer checked and the Outlook app works again. As far as I know, there is no way to maintain a whitelist for IPs on the UTM.
Personally, I would prefer the app to connect directly to Exchange without any detours. However, there is no option to prevent this when using the Outlook app, so you still have to trust Microsoft not to mess up your login data.