Hello everyone,

I’m experiencing an issue with my newly installed Mailcow system that is integrated with Exchange Online Protection (EOP). All emails are received and sent through EOP by Mailcow, and this configuration works correctly for all my configured domains and connectors set up in EOP.

I can confirm that the configured connectors are working, as I am able to send and receive emails without any issues. Additionally, the DNS settings are correctly configured according to Microsoft’s guidelines, and all domains are properly set up in EOP.

However, I’m unable to test my connector through the Exchange Online Admin Center’s “Connector Validation Tool”, as it consistently fails with the following error:

502 5.3.3 Command not implemented [FR2DEU01FT025.eop-deu01.prod.protection.outlook.com 2025-04-06T20:00:23.830Z 08DD74BBA4EDE7F4]

Testing the connector always worked fine when I used a standalone Postfix configuration prior to setting up Mailcow.

Does anyone have an idea of what might be going wrong? Any suggestions on how to fix this would be greatly appreciated.

Thank you in advance!

Best regards,
Jo

502 5.3.3 Command not implemented

On the face of it, it seems like your mailcow postfix is being asked to do something it doesn’t understand. Possibly something unique to MS’s SMTP implementation?

Is there anything in the Postfix log on the receiving end that can shed light on what command is being rejected?

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

I work at a email security vendor where our clients often set up outbound connectors. Starting in the past two weeks we have seen a handful of tickets for this same error, to multiple different smarthosts.

I think this is an issue on Microsoft’s end, but their support has been unable to give our partners anything of substance through multiple ticket touches so far and we have investigated anything tenant specific we know to check.

I think your best bet is barking up Microsoft’s tree and after seeing enough tickets about it, someone with actual support ability may be able to fix it. Microsoft is giving us some BS about this being the smarthosts not accepting mail coming from their high risk delivery pool, but refuse to give any IP address/logging info to search for connection attempts, and are telling us emails go out the HRDP when they fail SPF/DKIM/ETC….even though they are generating the email from their environment…. (I think they are wrong, “command not implemented” does not sound like a refused or ignored connection at all….).

Just wanted to share that your not alone >🙂

No one is typing