Earlier this week, my Exchange 2013 environment stopped receiving any external email. This was very confusing as everything appeared to be running, internal mail was flowing OK, and outgoing mail was OK.
I discovered that the Connection Filtering Agent on my Edge Transport Server was rejecting every connection, and dropping it straight away. After a bit of digging, I found that I was getting a false positive by the IP Block List Providers I have configured. When I disabled the first provider, the connections were getting blocked by the second provider, and then by the third. I checked with Spamhaus' utility (https://www.spamhaus.org/lookup/), and the sender IP (in this case, I was using the Microsoft Remote Connectivity Analyser to test) was not in any of their blacklists. I didn't check the other providers, but I'm sure it's not listed.
I used the Test-IPBlockListProvider cmdlet against all the Providers I have listed, with the following results:
Provider ProviderResult Matched
-------- -------------- -------
SpamHaus {198.101.242.72} True
Barracuda Central {198.101.242.72} True
SpamCop {198.101.242.72} True
At the moment, I have the Connection Filtering Agent disabled, and email is coming through OK again, but I'd like to figure out what's going on, so I can enable it again.
Does anyone have any idea why it would start returning false positives for everything out of the blue? Is the fact that the ProviderResult the same (and not the input IP I provided) relevant?