If your running a Hybrid Office 365 implementation then you might come across this issue. What happens is mail destined for the Office 365 users just sits in the queue on your Exchange server. On closer inspection we can see they are erroring with the message :
451 4.4.0 Primary target IP address responded with: "451 5.7.3 STARTTLS is required to send mail." Attempted failover to alternate host but that did not succeed. Either there are no alternate hosts or delivery failed to all
In order to troubleshoot this I installed Telnet on the onpremise Exchange 2013 server and then tried telnetting to one of the Microsoft Mail servers. Once the connection was opened I tried delivering a mail manually over telnet. THe commands I used are below :
telnet 213.199.154.87 25
ehlo
mail from: [email protected]
rcpt to: [email protected]
On entering the receipt address I then got a message back :
550 5.7.1 Service unavailable; Client host [My Servers External IP] blocked using Blocklist 1; To request removal from this list please forward this message to [email protected]
So it seems as if Microsoft has blocked our on premise IP for some reason. We are on no public blacklists so I am not sure why this occured. Once our IP was removed mail started flowing once more.