I'm migrating from Exchange 2010 to Office 365/Exchange Online for a client this weekend. We have setup a Cutover Migration that's been chugging along happily for weeks.
Currently, the MX records for example.com point to: mx1.antispamprovider.com mx2.antispamprovider.com etc.
This cloud-based anti-spam provider (which we control) is configured to deliver mail to mail.example.com, which resolves to the static IP where Example Co's Exchange 2010 Server is NAT'ed behind.
All good, all is well.
As a smoke test, I figured I'd telnet into the Exchange Online mail endpoint (example-com.mail.protection.outlook.com port 25) and send a test email from myself to an existing licensed Exchange Online mailbox, then login as that user at outlook.office365.com and get that warm fuzzy feeling when I see my telnet message...
... half a dozen telnet messages later, and not a single one delivered, despite getting a 250 Queued Mail for Delivery
each time leaves me scratching my head.
Well, it's probably quarantined by Exchange Online Protection...
...Checked the Protection (spam, bulk, malware, phish, policy, etc.) and message tracing shows nothing either (tried the "New and Improved" one and the old one, just to be sure).
On a whim, I thought I'd login to the anti-spam provider's management interface and lo and behold, all my telnet messages are shown as being delivered to the Exchange 2010 Server.
So how in the heck does a direct telnet to an Exchange Online mail endpoint, an endpoint which is configured as authoritative for example.com, magically relay the telnet messages out via (presumably) an MX record lookup and not accept and deliver to the local Exchange Online mailbox?
I'm hesitant to actually change the delivery destination in the anti-spam provider, for fear of creating a loop.
EDIT: headers confirm that it indeed is routing out through the Internet by way of an MX lookup.
tl;dr:
Exchange Online (EO) is accepting mail for delivery, but not actually inserting mail in the EO mailbox, despite being licensed and authoritative for example.com. Headers confirm that MS EO/EOP are relaying to current MX records, which point to on-premise Exchange.