Hi,

I'm having some problems and have been in extensive correspondence with microsoft regarding this issue with no luck - they insist that it is an issue with my mail server although they don't give any clues as to what so I thought I would ask to see if anybody had any ideas here.

Running:
Ubuntu 7.04, with Exim 4.63 Debian install, greylistd, tinydns

Every email I send (either via exim, or manuallt via a telnet session to port 25 from my server) is accepted by hotmail.com servers and queued for delivery (aparently), however the messages never reach the hotmail inbox that they are bound for. Hotmail currently have me going round in circles to satisfy their 'rules' that are all already satisfied, despite them asking me to disable all firewalls and antivirus (which I have done to please them for a test send). I have SPF on all of my domain names, have now provided axfr with tinydns in case they decided to check SPF via a TCP query - exim is bound for outgoing SMTP to my secondary IP, which has reverse dns pointing back to the correct hostname, the hostname that the mailserver is reporting in its SMTP greeting etc. - there is literally nothing I can think of at all.

Microsoft claim that:
"We can see that there are connections coming from your IP 64.22.***.***, but there are no data packets being submitted. Our logs confirm that your server is establishing a connection to mail.hotmail.com and submitting messages for delivery. It is after Hotmail agrees to deliver your messages that your server then fails to deliver any data packets."

However, here is a telnet session to hotmail server:
shaun@whisky:~$ telnet mx1.hotmail.com 25
Trying 65.54.244.8...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 bay0-mc2-f1.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Fri, 21 Sep 2007 10:55:07 -0700
helo rum.********.***
250 bay0-mc2-f1.bay0.hotmail.com (3.4.0.37) Hello [64.22.***.***]
mail from: *****@**********.co.uk
250 *****@**********.co.uk....Sender OK
rcpt to: randomtestacct@hotmail.com
250 randomtestacct@hotmail.com
data
354 Start mail input; end with <CRLF>.<CRLF>
Date: Fri, 21 Sep 2007
To: RandomTestAcct@Hotmail.com
From: *****@**********.co.uk
Subject: Testing the Manual Telnet Session Data Transfer for SRX**********ID

In order to determine whether the connection is accepting the data we must confirm that data is being sent. We can test this by manually entering the data. In this way we know that there is no server error which may be causing the mail to fail delivery due to improperly formatted messaging.
.
250 <BAY0-MC2-F1x4ZwzjnO0007e2db@bay0-mc2-f1.bay0.hotmail.com> Queued mail for delivery
QUIT
221 bay0-mc2-f1.bay0.hotmail.com Service closing transmission channel
Connection closed by foreign host.


This appears to be a successful SMTP session to me, despite microsofts claim - however, as with all other messages from my server to hotmail.com this never arrived - almost as if hotmail are blackholing the mail. This occurs on two IP addresses for my server.

Its not an SPF issue (as I have been in-depth with microsoft about) as all of my domains currently have SPF setup correctly and hotmail.com accepts mail for my domain from an unauthorised mail server, but not from my authorised server.


Any suggestions or ideas welcome, I may have missed some details off so feel free to ask if I have tried anything in particular as I have had a *lot* of correspondence with microsoft, and they keep coming back with the same 'please disabled antivirus and firewalls and try again, check your spf record'.


PS I should mention that every other mail server accept mail from me, including gmail who check the SPF and pass this.

Cheers,

Shaun

Their antispam solution is known to throw away messages. In particular the usually throw away messages from small business servers (it seems they don't care that small amounts of traffic end in a black hole).

In my cases, I could have my email delivered only a couple of days after I :
- setup SPF,
- sent a message to senderid@microsoft.com with the domain used in the Return-Path in the subject and body.

Now when you setup a new domain, you have to declare it to the MS Police, nice world...

Thanks for the info - I emailed my domain(s) to senderid@microsoft.com and guess what... it was rejected:



This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

senderid@microsoft.com
SMTP error from remote mail server after end of data:
host maila.microsoft.com [205.248.106.64]: 550 5.7.1 <Your e-mail was rejected by an anti-spam content filter on gateway (205.248.106.64). Reasons for rejection may be:
obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.>


The content of the email was simply the domain name - certainly not obscene, unless my name is somehow offensive nowadays

It seems microsoft can't get anything right eh.

Any further suggestions?


Cheers,

Shaun

Obscene language, eh... Hmmm, did the email you sent
have the letters l,i,n,u,and x in that order? Definitely
obscene to a Microsoft e-mail server or postmaster.

James

Maybe trying to implement Domainkeys would help?

http://en.wikipedia.org/wiki/Domainkeys

Some companies just want to dominate their customers at all costs, even at a cost of becoming irrelevant. I wouldn't bother with hotmail, it's not worth the trouble, unless your a spammer, in which case I think they sell some $400/year "whitelist" subscriptions, ensuring your mail gets thru. Oh, btw, their most important filter is that you use either some well known web mail account or MS Outlook as your client software, without it you never going to reach even junk folder.

I've been noticing the same problem. I noticed something that might be of use. I can't send an email from my linode-based account to hotmail. However, if I reply to an email sent from hotmail, it gets through no problem.

Since the SMTP transaction is essentially the same, MS can't sensibly argue that the problem is with your server - it must be due to their content filtering. You might want to try it.

I also filled in this form: https://support.msn.com/eform.aspx?prod ... ct=eformts (against my better judgement) as I had the same problem with mail sent to senderid@microsoft.com

Let me know if you get anywhere with this... its turning out to be a minor annoyance!

Hi there,

That is exactly the problem, you will also find that forwards are sent fine - I have searched around the net and found hundreds of reports of similar things - all of which come to the same conclusion, there is no way to configure your server/domain to send to hotmail as there does not seem to be any logic in their filtering methods - they just filter out any email that comes from IP addresses that they deem 'insignificant'.

The only way I have found to resolve this and allow us to send to hotmail.com is to setup a conditional smarthost in exim as follows, whereby any mail addressed to the domain names hotmail.com, hotmail.co.uk or msn.com are sent via the smarthost (with all other mail being processed as normal). The smarthost you use is entirely up to you and must be an SMTP server capable of sending to hotmail.com addresses (which is very hard to find as they filter so bloody much!). Gmail seems to work, but messages appear as From: [yourgmail address] on behalf of: [your email address]. Anyway, here is the filter, no idea if you can use this, depends on your setup but I thought it may help someone:

Under routers/200_exim4-config_primary

# deliver hotmail messages via gmail smarthost
hotmail_com:
driver = manualroute
domains = hotmail.com:hotmail.co.uk:msn.com
transport = remote_smtp_smarthost
self = pass
route_list = * smtp.gmail.com bydns
no_more


Under transport/30_exim4-config_remote_smtp_smarthost

remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists{CONFDIR/passwd.client} \
{ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}} }\
{} \
}
port=587
tls_tempfail_tryclear = false
DEBCONFheaders_rewriteDEBCONF
DEBCONFreturn_pathDEBCONF



The port is required for gmail... other smtp hosts comment this out. Of course you will also need to enter your SMTP Authentication details into passwd.client in your exim config dir if required.

Cheers,

Shaun

tuux1598g, thanks for your suggestion - I had wondered about doing something like that.

However, having filled out the form I linked to in my previous post, I recieved an email from MS a few hours later, promising to add me to their SenderID program. To my utter amazment this morning I can deliver email to my hotmail account!

Its all a bit of a faff, but I'm just pleased to see it working at this point! Would be interested to hear if this works for other people...

Hi,

If possible, could you let me know what you stated to them in their online form - as I was in talks with them for over a week trying to sort this out and they just kept insisting it was my server not delivering messages and to try sending test messages to a random email account they held at hotmail.com

Cheers.

I just put in:

contact email address: postmaster@domain.com

doman name: domain.com

Does the domain have an SPF record?: Yes

SPF record: v=spf1 a:mail.domain.com ~all

form goes off, you get a reply some hours later from a MS representative who "understands your concern". A day or so after that, and I'm succesfully delivering mail.

Its probably worth noting that even though I've specified ~all soft-failed messages still seem to be going missing

Just set up qmail + qmail-spp + qmail-scanner + vpopmail + squirrelmail on my linode, and have run across this same hotmail issue.

Before I follow the advice, here, and submit Microsoft's silly "please let me join your crappy club" form, I'm hoping some mail experts can validate that all of my ducks are in a row.

Mail to/from /etc/passwd accounts uses charon.donsbox.com. vpopmail users use donsbox.com.

DNS:

$TTL 86400
@   IN   SOA   ns1.linode.com. dfelicia.donsbox.com. (
               2008052180
               7200
               7200
               1209600
               86400 
            )
@      NS   ns1.linode.com.
@      NS   ns2.linode.com.
@         MX   20   mail.donsbox.com.
@         MX   10   charon.donsbox.com.
@         TXT   "v=spf1 a mx -all"
charon         TXT   "v=spf1 a mx -all"
@         A   64.22.124.206
www         A   64.22.124.206
mail         A   64.22.124.206
pictures         A   64.22.124.206
charon         A   64.22.124.206

qmail:

$ cd /var/qmail/control/
$ cat me
charon.donsbox.com
$ cat defaultdomain
donsbox.com
$ cat plusdomain
donsbox.com
$ cat locals
charon.donsbox.com
$ cat rcpthosts
donsbox.com
charon.donsbox.com
$ cat virtualdomains
donsbox.com:donsbox.com

Sample header from a mail sent from local account:

Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154923rvi;
        Wed, 21 May 2008 17:10:03 -0700 (PDT)
Received: by 10.150.83.41 with SMTP id g41mr1121877ybb.190.1211415002447;
        Wed, 21 May 2008 17:10:02 -0700 (PDT)
Return-Path: <jdoe@charon.donsbox.com>
Received: from charon.donsbox.com ([64.22.124.206])
        by mx.google.com with ESMTP id 9si3540901ywf.9.2008.05.21.17.09.55;
        Wed, 21 May 2008 17:10:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=jdoe@charon.donsbox.com
Received: (qmail 11018 invoked by uid 1000); 22 May 2008 00:08:55 -0000
Message-ID: <20080522000855.11017.qmail@charon.donsbox.com>

Sample header from a mail sent from a vpopmail account:

Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154754rvi;
        Wed, 21 May 2008 17:04:59 -0700 (PDT)
Received: by 10.150.49.2 with SMTP id w2mr1146434ybw.27.1211414698624;
        Wed, 21 May 2008 17:04:58 -0700 (PDT)
Return-Path: <john.doe@donsbox.com>
Received: from charon.donsbox.com ([64.22.124.206])
        by mx.google.com with ESMTP id 7si3543433ywo.7.2008.05.21.17.04.54;
        Wed, 21 May 2008 17:04:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=john.doe@donsbox.com
Received: (qmail 11000 invoked from network); 22 May 2008 00:04:53 -0000
Received: from localhost (HELO www.donsbox.com) (127.0.0.1)
  by localhost with SMTP; 22 May 2008 00:04:53 -0000
Received: from 68.198.216.174
        (SquirrelMail authenticated user jdoe@donsbox.com)
        by www.donsbox.com with HTTP;
        Wed, 21 May 2008 20:04:53 -0400 (EDT)
Message-ID: <1694.68.198.216.174.1211414693.squirrel@www.donsbox.com>

Something that I've found useful in the past is port25's verifier service (http://port25.com/domainkeys/).

From their page:



That should at least let you know if your setup is functional.

Both checks pass for my local and vpopmail users:

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

So, i guess I'll move on to filling out Microsofts form. Will post-back, here, if it resolves my issue.

Hmm. So I filled out the form for Microsoft, and now have lots of these in my send-smtpd/current:

@400000004837697433f4aab4 tcpserver: status: 0/40
@40000000483769a20da9083c tcpserver: status: 1/40
@40000000483769a20da913f4 tcpserver: pid 22013 from 131.107.70.16
@40000000483769a20fee54bc tcpserver: ok 22013 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16621
@40000000483769a22fabfcb4 tcpserver: end 22013 status 256
@40000000483769a22fac086c tcpserver: status: 0/40
@40000000483769a22ff51b74 X-Qmail-Scanner-1.25st: Process 22016 closed, parent process died
@40000000483769a23747831c tcpserver: status: 1/40
@40000000483769a237478ed4 tcpserver: pid 22017 from 131.107.70.16
@40000000483769a237797c14 tcpserver: ok 22017 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16634
@40000000483769a30f301d6c tcpserver: end 22017 status 256
@40000000483769a30f302d0c tcpserver: status: 0/40
@40000000483769a30f6e2454 X-Qmail-Scanner-1.25st: Process 22020 closed, parent process died

Looking at this thread, wondering if it's Bare LF's issue? http://cr.yp.to/docs/smtplf.html