This document describes the problem seen on new Cloud Email Security (CES) instances where emails configured to be delivered to Office365 (O365) mail servers are being rejected with the Simple Mail Transfer Protocol (SMTP) reply code "4.7.500 Server busy. Please try again later."
Problem: Office365 Throttling CES New Instance with "4.7.500 Server busy. Please try again later."
Issues are seen on new CES instances provisioned with new IPs with no reputation or recorded mail flows being throttled by O365 mail servers. Emails delivered to these servers receive on the delivery connnection ID (DCID) an SMTP code of "('451', ['4.7.500 Server busy. Please try again later from [IP of CES]. (AS77713180) [hostname.prod.protection.outlook.com]']) ".
Details on this throttling and recommendations from Microsoft is available here. (https://blogs.msdn.microsoft.com/tzink/2015/01/07/office-365-releases-ip-throttling/)
Additional resources from Microsoft to assist resolving this problem:
This problem is verfied on your CES devices with the mail_logs, requires the CLI access opened. To request CLI access to your CES devices, please contact Cisco TAC.
On the CLI, enter either of the commands:
grep "DCID.*4.7.500.*outlook.com" mail_logs
grep "Delayed: DCID.*outlook.com" mail_logs
These commands will dispaly results where O365 are throttling your CES Devices.
Thu Aug 16 10:11:57 2018 Info: Delayed: DCID 51749 MID 2627789 to RID 0 - 4.3.0 - Other mail system problem ('451', ['4.7.500 Server busy. Please try again later from [IP of O365].
This behavior is happening due to unexpected amounts of mail flow from these newly assigned IPs, this triggers the Microsoft O365 throttle policies to begin to take action.
To allow the new CES IP to deliver to the O365 servers without the throttling, the domain administrator needs to contact Microsoft to request to add their CES IPs into the warming list to allow the bypass of the throttling policies.
Note: It is not Cisco's responsibility to request Microsoft to add IPs to their warming list.
Alternatively, if mail flow can be migrated gradually, move a smaller percentage of emails from current mail server(s) to the CES. This is to allow the reputation to build before moving all emails into the CES side into full production to avoid further rate limiting or throttling.