Linode Forum
https://forum.linode.com/

Delivering mail to hotmail.com servers
https://forum.linode.com/viewtopic.php?f=11&t=2860		 Page 1 of 2
Author:  tuux1598g [ Sat Sep 22, 2007 11:15 am ]
Post subject:  Delivering mail to hotmail.com servers
Hi,

I'm having some problems and have been in extensive correspondence with microsoft regarding this issue with no luck - they insist that it is an issue with my mail server although they don't give any clues as to what so I thought I would ask to see if anybody had any ideas here.

Running:
Ubuntu 7.04, with Exim 4.63 Debian install, greylistd, tinydns

Every email I send (either via exim, or manuallt via a telnet session to port 25 from my server) is accepted by hotmail.com servers and queued for delivery (aparently), however the messages never reach the hotmail inbox that they are bound for. Hotmail currently have me going round in circles to satisfy their 'rules' that are all already satisfied, despite them asking me to disable all firewalls and antivirus (which I have done to please them for a test send). I have SPF on all of my domain names, have now provided axfr with tinydns in case they decided to check SPF via a TCP query - exim is bound for outgoing SMTP to my secondary IP, which has reverse dns pointing back to the correct hostname, the hostname that the mailserver is reporting in its SMTP greeting etc. - there is literally nothing I can think of at all.

Microsoft claim that:
"We can see that there are connections coming from your IP 64.22.***.***, but there are no data packets being submitted. Our logs confirm that your server is establishing a connection to mail.hotmail.com and submitting messages for delivery. It is after Hotmail agrees to deliver your messages that your server then fails to deliver any data packets."

However, here is a telnet session to hotmail server:
shaun@whisky:~$ telnet mx1.hotmail.com 25
Trying 65.54.244.8...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 bay0-mc2-f1.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Fri, 21 Sep 2007 10:55:07 -0700
helo rum.********.***
250 bay0-mc2-f1.bay0.hotmail.com (3.4.0.37) Hello [64.22.***.***]
mail from: *****@**********.co.uk
250 *****@**********.co.uk....Sender OK
rcpt to: randomtestacct@hotmail.com
250 randomtestacct@hotmail.com
data
354 Start mail input; end with <CRLF>.<CRLF>
Date: Fri, 21 Sep 2007
To: RandomTestAcct@Hotmail.com
From: *****@**********.co.uk
Subject: Testing the Manual Telnet Session Data Transfer for SRX**********ID

In order to determine whether the connection is accepting the data we must confirm that data is being sent. We can test this by manually entering the data. In this way we know that there is no server error which may be causing the mail to fail delivery due to improperly formatted messaging.
.
250 <BAY0-MC2-F1x4ZwzjnO0007e2db@bay0-mc2-f1.bay0.hotmail.com> Queued mail for delivery
QUIT
221 bay0-mc2-f1.bay0.hotmail.com Service closing transmission channel
Connection closed by foreign host.


This appears to be a successful SMTP session to me, despite microsofts claim - however, as with all other messages from my server to hotmail.com this never arrived - almost as if hotmail are blackholing the mail. This occurs on two IP addresses for my server.

Its not an SPF issue (as I have been in-depth with microsoft about) as all of my domains currently have SPF setup correctly and hotmail.com accepts mail for my domain from an unauthorised mail server, but not from my authorised server.


Any suggestions or ideas welcome, I may have missed some details off so feel free to ask if I have tried anything in particular as I have had a *lot* of correspondence with microsoft, and they keep coming back with the same 'please disabled antivirus and firewalls and try again, check your spf record'.


PS I should mention that every other mail server accept mail from me, including gmail who check the SPF and pass this.

Cheers,

Shaun
Author:  gyver [ Sat Sep 22, 2007 11:42 am ]
Post subject: 
Their antispam solution is known to throw away messages. In particular the usually throw away messages from small business servers (it seems they don't care that small amounts of traffic end in a black hole).

In my cases, I could have my email delivered only a couple of days after I :
- setup SPF,
- sent a message to senderid@microsoft.com with the domain used in the Return-Path in the subject and body.

Now when you setup a new domain, you have to declare it to the MS Police, nice world...
Author:  tuux1598g [ Sat Sep 22, 2007 12:38 pm ]
Post subject: 
Thanks for the info - I emailed my domain(s) to senderid@microsoft.com and guess what... it was rejected:



This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

senderid@microsoft.com
SMTP error from remote mail server after end of data:
host maila.microsoft.com [205.248.106.64]: 550 5.7.1 <Your e-mail was rejected by an anti-spam content filter on gateway (205.248.106.64). Reasons for rejection may be:
obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.>


The content of the email was simply the domain name - certainly not obscene, unless my name is somehow offensive nowadays ;)

It seems microsoft can't get anything right eh.

Any further suggestions?


Cheers,

Shaun
Author:  zunzun [ Sat Sep 22, 2007 4:11 pm ]
Post subject: 
tuux1598g wrote:
Reasons for rejection may be:
obscene language, graphics, or spam-like characteristics.


Obscene language, eh... Hmmm, did the email you sent
have the letters l,i,n,u,and x in that order? Definitely
obscene to a Microsoft e-mail server or postmaster.

James
Author:  harmone [ Sat Sep 22, 2007 7:28 pm ]
Post subject: 
Maybe trying to implement Domainkeys would help?

http://en.wikipedia.org/wiki/Domainkeys
Author:  29535 [ Tue Sep 25, 2007 2:09 pm ]
Post subject:  hotmail
Some companies just want to dominate their customers at all costs, even at a cost of becoming irrelevant. I wouldn't bother with hotmail, it's not worth the trouble, unless your a spammer, in which case I think they sell some $400/year "whitelist" subscriptions, ensuring your mail gets thru. Oh, btw, their most important filter is that you use either some well known web mail account or MS Outlook as your client software, without it you never going to reach even junk folder.
Author:  TehDan [ Sat Oct 06, 2007 7:02 am ]
Post subject: 
I've been noticing the same problem. I noticed something that might be of use. I can't send an email from my linode-based account to hotmail. However, if I reply to an email sent from hotmail, it gets through no problem.

Since the SMTP transaction is essentially the same, MS can't sensibly argue that the problem is with your server - it must be due to their content filtering. You might want to try it.

I also filled in this form: https://support.msn.com/eform.aspx?prod ... ct=eformts (against my better judgement) as I had the same problem with mail sent to senderid@microsoft.com

Let me know if you get anywhere with this... its turning out to be a minor annoyance!
Author:  tuux1598g [ Sat Oct 06, 2007 9:46 am ]
Post subject: 
Hi there,

That is exactly the problem, you will also find that forwards are sent fine - I have searched around the net and found hundreds of reports of similar things - all of which come to the same conclusion, there is no way to configure your server/domain to send to hotmail as there does not seem to be any logic in their filtering methods - they just filter out any email that comes from IP addresses that they deem 'insignificant'.

The only way I have found to resolve this and allow us to send to hotmail.com is to setup a conditional smarthost in exim as follows, whereby any mail addressed to the domain names hotmail.com, hotmail.co.uk or msn.com are sent via the smarthost (with all other mail being processed as normal). The smarthost you use is entirely up to you and must be an SMTP server capable of sending to hotmail.com addresses (which is very hard to find as they filter so bloody much!). Gmail seems to work, but messages appear as From: [yourgmail address] on behalf of: [your email address]. Anyway, here is the filter, no idea if you can use this, depends on your setup but I thought it may help someone:

Under routers/200_exim4-config_primary

# deliver hotmail messages via gmail smarthost
hotmail_com:
driver = manualroute
domains = hotmail.com:hotmail.co.uk:msn.com
transport = remote_smtp_smarthost
self = pass
route_list = * smtp.gmail.com bydns
no_more


Under transport/30_exim4-config_remote_smtp_smarthost

remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists{CONFDIR/passwd.client} \
{ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}} }\
{} \
}
port=587
tls_tempfail_tryclear = false
DEBCONFheaders_rewriteDEBCONF
DEBCONFreturn_pathDEBCONF



The port is required for gmail... other smtp hosts comment this out. Of course you will also need to enter your SMTP Authentication details into passwd.client in your exim config dir if required.

Cheers,

Shaun
Author:  TehDan [ Mon Oct 08, 2007 7:17 am ]
Post subject: 
tuux1598g, thanks for your suggestion - I had wondered about doing something like that.

However, having filled out the form I linked to in my previous post, I recieved an email from MS a few hours later, promising to add me to their SenderID program. To my utter amazment this morning I can deliver email to my hotmail account!

Its all a bit of a faff, but I'm just pleased to see it working at this point! Would be interested to hear if this works for other people...
Author:  tuux1598g [ Tue Oct 09, 2007 7:49 am ]
Post subject: 
Hi,

If possible, could you let me know what you stated to them in their online form - as I was in talks with them for over a week trying to sort this out and they just kept insisting it was my server not delivering messages and to try sending test messages to a random email account they held at hotmail.com

Cheers.
Author:  TehDan [ Tue Oct 09, 2007 9:13 am ]
Post subject: 
I just put in:

contact email address: postmaster@domain.com

doman name: domain.com

Does the domain have an SPF record?: Yes

SPF record: v=spf1 a:mail.domain.com ~all

form goes off, you get a reply some hours later from a MS representative who "understands your concern". A day or so after that, and I'm succesfully delivering mail.

Its probably worth noting that even though I've specified ~all soft-failed messages still seem to be going missing
Author:  dfelicia [ Wed May 21, 2008 8:13 pm ]
Post subject: 
Just set up qmail + qmail-spp + qmail-scanner + vpopmail + squirrelmail on my linode, and have run across this same hotmail issue.

Before I follow the advice, here, and submit Microsoft's silly "please let me join your crappy club" form, I'm hoping some mail experts can validate that all of my ducks are in a row.

Mail to/from /etc/passwd accounts uses charon.donsbox.com. vpopmail users use donsbox.com.

DNS:
Code:
$TTL 86400
@   IN   SOA   ns1.linode.com. dfelicia.donsbox.com. (
               2008052180
               7200
               7200
               1209600
               86400 
            )
@      NS   ns1.linode.com.
@      NS   ns2.linode.com.
@         MX   20   mail.donsbox.com.
@         MX   10   charon.donsbox.com.
@         TXT   "v=spf1 a mx -all"
charon         TXT   "v=spf1 a mx -all"
@         A   64.22.124.206
www         A   64.22.124.206
mail         A   64.22.124.206
pictures         A   64.22.124.206
charon         A   64.22.124.206


qmail:
Code:
$ cd /var/qmail/control/
$ cat me
charon.donsbox.com
$ cat defaultdomain
donsbox.com
$ cat plusdomain
donsbox.com
$ cat locals
charon.donsbox.com
$ cat rcpthosts
donsbox.com
charon.donsbox.com
$ cat virtualdomains
donsbox.com:donsbox.com


Sample header from a mail sent from local account:
Code:
Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154923rvi;
        Wed, 21 May 2008 17:10:03 -0700 (PDT)
Received: by 10.150.83.41 with SMTP id g41mr1121877ybb.190.1211415002447;
        Wed, 21 May 2008 17:10:02 -0700 (PDT)
Return-Path: <jdoe@charon.donsbox.com>
Received: from charon.donsbox.com ([64.22.124.206])
        by mx.google.com with ESMTP id 9si3540901ywf.9.2008.05.21.17.09.55;
        Wed, 21 May 2008 17:10:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=jdoe@charon.donsbox.com
Received: (qmail 11018 invoked by uid 1000); 22 May 2008 00:08:55 -0000
Message-ID: <20080522000855.11017.qmail@charon.donsbox.com>


Sample header from a mail sent from a vpopmail account:
Code:
Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154754rvi;
        Wed, 21 May 2008 17:04:59 -0700 (PDT)
Received: by 10.150.49.2 with SMTP id w2mr1146434ybw.27.1211414698624;
        Wed, 21 May 2008 17:04:58 -0700 (PDT)
Return-Path: <john.doe@donsbox.com>
Received: from charon.donsbox.com ([64.22.124.206])
        by mx.google.com with ESMTP id 7si3543433ywo.7.2008.05.21.17.04.54;
        Wed, 21 May 2008 17:04:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=john.doe@donsbox.com
Received: (qmail 11000 invoked from network); 22 May 2008 00:04:53 -0000
Received: from localhost (HELO www.donsbox.com) (127.0.0.1)
  by localhost with SMTP; 22 May 2008 00:04:53 -0000
Received: from 68.198.216.174
        (SquirrelMail authenticated user jdoe@donsbox.com)
        by www.donsbox.com with HTTP;
        Wed, 21 May 2008 20:04:53 -0400 (EDT)
Message-ID: <1694.68.198.216.174.1211414693.squirrel@www.donsbox.com>
Author:  btmorex [ Thu May 22, 2008 12:48 am ]
Post subject: 
Something that I've found useful in the past is port25's verifier service (http://port25.com/domainkeys/).

From their page:

Quote:
To use our automated testing tool, send a sample of a marketing email or newsletter to get the summary results. Senders can choose where the results should be sent:

* If you wish to receive the results at the address in the "mail_from," the sample message should be sent to check-auth@verifier.port25.com.

* If you wish to receive the results at the address in the "from" header, the sample message should be sent to check-auth2@verifier.port25.com.

A reply email will be sent back to you with an analysis of the message's authentication status. The report will perform the following checks: SPF, SenderID, DomainKeys, DKIM and SpamAssassin.


That should at least let you know if your setup is functional.
Author:  dfelicia [ Thu May 22, 2008 8:37 am ]
Post subject: 
Both checks pass for my local and vpopmail users:

Code:
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham


So, i guess I'll move on to filling out Microsofts form. Will post-back, here, if it resolves my issue.
Author:  dfelicia [ Fri May 23, 2008 9:09 pm ]
Post subject: 
Hmm. So I filled out the form for Microsoft, and now have lots of these in my send-smtpd/current:

Code:
@400000004837697433f4aab4 tcpserver: status: 0/40
@40000000483769a20da9083c tcpserver: status: 1/40
@40000000483769a20da913f4 tcpserver: pid 22013 from 131.107.70.16
@40000000483769a20fee54bc tcpserver: ok 22013 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16621
@40000000483769a22fabfcb4 tcpserver: end 22013 status 256
@40000000483769a22fac086c tcpserver: status: 0/40
@40000000483769a22ff51b74 X-Qmail-Scanner-1.25st: Process 22016 closed, parent process died
@40000000483769a23747831c tcpserver: status: 1/40
@40000000483769a237478ed4 tcpserver: pid 22017 from 131.107.70.16
@40000000483769a237797c14 tcpserver: ok 22017 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16634
@40000000483769a30f301d6c tcpserver: end 22017 status 256
@40000000483769a30f302d0c tcpserver: status: 0/40
@40000000483769a30f6e2454 X-Qmail-Scanner-1.25st: Process 22020 closed, parent process died


Looking at this thread, wondering if it's Bare LF's issue? http://cr.yp.to/docs/smtplf.html
Page 1 of 2 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/