Delivering mail to hotmail.com servers

Hi,

I'm having some problems and have been in extensive correspondence with microsoft regarding this issue with no luck - they insist that it is an issue with my mail server although they don't give any clues as to what so I thought I would ask to see if anybody had any ideas here.

Running:

Ubuntu 7.04, with Exim 4.63 Debian install, greylistd, tinydns

Every email I send (either via exim, or manuallt via a telnet session to port 25 from my server) is accepted by hotmail.com servers and queued for delivery (aparently), however the messages never reach the hotmail inbox that they are bound for. Hotmail currently have me going round in circles to satisfy their 'rules' that are all already satisfied, despite them asking me to disable all firewalls and antivirus (which I have done to please them for a test send). I have SPF on all of my domain names, have now provided axfr with tinydns in case they decided to check SPF via a TCP query - exim is bound for outgoing SMTP to my secondary IP, which has reverse dns pointing back to the correct hostname, the hostname that the mailserver is reporting in its SMTP greeting etc. - there is literally nothing I can think of at all.

Microsoft claim that:

"We can see that there are connections coming from your IP 64.22.., but there are no data packets being submitted. Our logs confirm that your server is establishing a connection to mail.hotmail.com and submitting messages for delivery. It is after Hotmail agrees to deliver your messages that your server then fails to deliver any data packets."

However, here is a telnet session to hotmail server:

shaun@whisky:~$ telnet mx1.hotmail.com 25

Trying 65.54.244.8…

Connected to mx1.hotmail.com.

Escape character is '^]'.

220 bay0-mc2-f1.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Fri, 21 Sep 2007 10:55:07 -0700

helo rum..***

250 bay0-mc2-f1.bay0.hotmail.com (3.4.0.37) Hello [64.22..]

mail from: *@.co.uk

250 *@.co.uk….Sender OK

rcpt to: randomtestacct@hotmail.com

250 randomtestacct@hotmail.com

data

354 Start mail input; end with . Date: Fri, 21 Sep 2007

To: RandomTestAcct@Hotmail.com

From: *@.co.uk

Subject: Testing the Manual Telnet Session Data Transfer for SRX**ID

In order to determine whether the connection is accepting the data we must confirm that data is being sent. We can test this by manually entering the data. In this way we know that there is no server error which may be causing the mail to fail delivery due to improperly formatted messaging.

.

250 <BAY0-MC2-F1x4ZwzjnO0007e2db@bay0-mc2-f1.bay0.hotmail.com> Queued mail for delivery

QUIT

221 bay0-mc2-f1.bay0.hotmail.com Service closing transmission channel

Connection closed by foreign host.

This appears to be a successful SMTP session to me, despite microsofts claim - however, as with all other messages from my server to hotmail.com this never arrived - almost as if hotmail are blackholing the mail. This occurs on two IP addresses for my server.

Its not an SPF issue (as I have been in-depth with microsoft about) as all of my domains currently have SPF setup correctly and hotmail.com accepts mail for my domain from an unauthorised mail server, but not from my authorised server.

Any suggestions or ideas welcome, I may have missed some details off so feel free to ask if I have tried anything in particular as I have had a lot of correspondence with microsoft, and they keep coming back with the same 'please disabled antivirus and firewalls and try again, check your spf record'.

PS I should mention that every other mail server accept mail from me, including gmail who check the SPF and pass this.

Cheers,

Shaun

18 Replies

Their antispam solution is known to throw away messages. In particular the usually throw away messages from small business servers (it seems they don't care that small amounts of traffic end in a black hole).

In my cases, I could have my email delivered only a couple of days after I :

  • setup SPF,

  • sent a message to senderid@microsoft.com with the domain used in the Return-Path in the subject and body.

Now when you setup a new domain, you have to declare it to the MS Police, nice world…

Thanks for the info - I emailed my domain(s) to senderid@microsoft.com and guess what… it was rejected:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

senderid@microsoft.com

SMTP error from remote mail server after end of data:

host maila.microsoft.com [205.248.106.64]: 550 5.7.1 obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.>

The content of the email was simply the domain name - certainly not obscene, unless my name is somehow offensive nowadays ;)

It seems microsoft can't get anything right eh.

Any further suggestions?

Cheers,

Shaun

@tuux1598g:

Reasons for rejection may be:

obscene language, graphics, or spam-like characteristics.

Obscene language, eh… Hmmm, did the email you sent

have the letters l,i,n,u,and x in that order? Definitely

obscene to a Microsoft e-mail server or postmaster.

James

Maybe trying to implement Domainkeys would help?

http://en.wikipedia.org/wiki/Domainkeys

Some companies just want to dominate their customers at all costs, even at a cost of becoming irrelevant. I wouldn't bother with hotmail, it's not worth the trouble, unless your a spammer, in which case I think they sell some $400/year "whitelist" subscriptions, ensuring your mail gets thru. Oh, btw, their most important filter is that you use either some well known web mail account or MS Outlook as your client software, without it you never going to reach even junk folder.

I've been noticing the same problem. I noticed something that might be of use. I can't send an email from my linode-based account to hotmail. However, if I reply to an email sent from hotmail, it gets through no problem.

Since the SMTP transaction is essentially the same, MS can't sensibly argue that the problem is with your server - it must be due to their content filtering. You might want to try it.

I also filled in this form: https://support.msn.com/eform.aspx?prod … ct=eformts">https://support.msn.com/eform.aspx?productKey=senderid&page=supportsenderidoptionsformbyemail&ct=eformts (against my better judgement) as I had the same problem with mail sent to senderid@microsoft.com

Let me know if you get anywhere with this… its turning out to be a minor annoyance!

Hi there,

That is exactly the problem, you will also find that forwards are sent fine - I have searched around the net and found hundreds of reports of similar things - all of which come to the same conclusion, there is no way to configure your server/domain to send to hotmail as there does not seem to be any logic in their filtering methods - they just filter out any email that comes from IP addresses that they deem 'insignificant'.

The only way I have found to resolve this and allow us to send to hotmail.com is to setup a conditional smarthost in exim as follows, whereby any mail addressed to the domain names hotmail.com, hotmail.co.uk or msn.com are sent via the smarthost (with all other mail being processed as normal). The smarthost you use is entirely up to you and must be an SMTP server capable of sending to hotmail.com addresses (which is very hard to find as they filter so bloody much!). Gmail seems to work, but messages appear as From: [yourgmail address] on behalf of: [your email address]. Anyway, here is the filter, no idea if you can use this, depends on your setup but I thought it may help someone:

Under routers/200exim4-configprimary

deliver hotmail messages via gmail smarthost

hotmail_com:

driver = manualroute

domains = hotmail.com:hotmail.co.uk:msn.com

transport = remotesmtpsmarthost

self = pass

route_list = * smtp.gmail.com bydns

no_more

Under transport/30exim4-configremotesmtpsmarthost

remotesmtpsmarthost:

debugprint = "T: remotesmtpsmarthost for $localpart@$domain"

driver = smtp

hoststryauth = ${if exists{CONFDIR/passwd.client} \

{ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}} }\

{} \

}

port=587

tlstempfailtryclear = false

DEBCONFheaders_rewriteDEBCONF

DEBCONFreturn_pathDEBCONF

The port is required for gmail… other smtp hosts comment this out. Of course you will also need to enter your SMTP Authentication details into passwd.client in your exim config dir if required.

Cheers,

Shaun

tuux1598g, thanks for your suggestion - I had wondered about doing something like that.

However, having filled out the form I linked to in my previous post, I recieved an email from MS a few hours later, promising to add me to their SenderID program. To my utter amazment this morning I can deliver email to my hotmail account!

Its all a bit of a faff, but I'm just pleased to see it working at this point! Would be interested to hear if this works for other people…

Hi,

If possible, could you let me know what you stated to them in their online form - as I was in talks with them for over a week trying to sort this out and they just kept insisting it was my server not delivering messages and to try sending test messages to a random email account they held at hotmail.com

Cheers.

I just put in:

contact email address: postmaster@domain.com

doman name: domain.com

Does the domain have an SPF record?: Yes

SPF record: v=spf1 a:mail.domain.com ~all

form goes off, you get a reply some hours later from a MS representative who "understands your concern". A day or so after that, and I'm succesfully delivering mail.

Its probably worth noting that even though I've specified ~all soft-failed messages still seem to be going missing

Just set up qmail + qmail-spp + qmail-scanner + vpopmail + squirrelmail on my linode, and have run across this same hotmail issue.

Before I follow the advice, here, and submit Microsoft's silly "please let me join your crappy club" form, I'm hoping some mail experts can validate that all of my ducks are in a row.

Mail to/from /etc/passwd accounts uses charon.donsbox.com. vpopmail users use donsbox.com.

DNS:

$TTL 86400
@    IN  SOA ns1.linode.com. dfelicia.donsbox.com. (
                    2008052180
                    7200
                    7200
                    1209600
                    86400 
                )
@        NS  ns1.linode.com.
@        NS  ns2.linode.com.
@            MX  20  mail.donsbox.com.
@            MX  10  charon.donsbox.com.
@            TXT "v=spf1 a mx -all"
charon            TXT "v=spf1 a mx -all"
@            A   64.22.124.206
www            A   64.22.124.206
mail            A   64.22.124.206
pictures            A   64.22.124.206
charon            A   64.22.124.206

qmail:

$ cd /var/qmail/control/
$ cat me
charon.donsbox.com
$ cat defaultdomain
donsbox.com
$ cat plusdomain
donsbox.com
$ cat locals
charon.donsbox.com
$ cat rcpthosts
donsbox.com
charon.donsbox.com
$ cat virtualdomains
donsbox.com:donsbox.com

Sample header from a mail sent from local account:

Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154923rvi;
        Wed, 21 May 2008 17:10:03 -0700 (PDT)
Received: by 10.150.83.41 with SMTP id g41mr1121877ybb.190.1211415002447;
        Wed, 21 May 2008 17:10:02 -0700 (PDT)
Return-Path: <jdoe@charon.donsbox.com>Received: from charon.donsbox.com ([64.22.124.206])
        by mx.google.com with ESMTP id 9si3540901ywf.9.2008.05.21.17.09.55;
        Wed, 21 May 2008 17:10:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=jdoe@charon.donsbox.com
Received: (qmail 11018 invoked by uid 1000); 22 May 2008 00:08:55 -0000
Message-ID: <20080522000855.11017.qmail@charon.donsbox.com></jdoe@charon.donsbox.com> 

Sample header from a mail sent from a vpopmail account:

Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154754rvi;
        Wed, 21 May 2008 17:04:59 -0700 (PDT)
Received: by 10.150.49.2 with SMTP id w2mr1146434ybw.27.1211414698624;
        Wed, 21 May 2008 17:04:58 -0700 (PDT)
Return-Path: <john.doe@donsbox.com>Received: from charon.donsbox.com ([64.22.124.206])
        by mx.google.com with ESMTP id 7si3543433ywo.7.2008.05.21.17.04.54;
        Wed, 21 May 2008 17:04:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=john.doe@donsbox.com
Received: (qmail 11000 invoked from network); 22 May 2008 00:04:53 -0000
Received: from localhost (HELO www.donsbox.com) (127.0.0.1)
  by localhost with SMTP; 22 May 2008 00:04:53 -0000
Received: from 68.198.216.174
        (SquirrelMail authenticated user jdoe@donsbox.com)
        by www.donsbox.com with HTTP;
        Wed, 21 May 2008 20:04:53 -0400 (EDT)
Message-ID: <1694.68.198.216.174.1211414693.squirrel@www.donsbox.com></john.doe@donsbox.com> 

Something that I've found useful in the past is port25's verifier service (http://port25.com/domainkeys/).

From their page:

> To use our automated testing tool, send a sample of a marketing email or newsletter to get the summary results. Senders can choose where the results should be sent:

  • If you wish to receive the results at the address in the "mail_from," the sample message should be sent to check-auth@verifier.port25.com.

  • If you wish to receive the results at the address in the "from" header, the sample message should be sent to check-auth2@verifier.port25.com.

A reply email will be sent back to you with an analysis of the message's authentication status. The report will perform the following checks: SPF, SenderID, DomainKeys, DKIM and SpamAssassin.

That should at least let you know if your setup is functional.

Both checks pass for my local and vpopmail users:

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

So, i guess I'll move on to filling out Microsofts form. Will post-back, here, if it resolves my issue.

Hmm. So I filled out the form for Microsoft, and now have lots of these in my send-smtpd/current:

@400000004837697433f4aab4 tcpserver: status: 0/40
@40000000483769a20da9083c tcpserver: status: 1/40
@40000000483769a20da913f4 tcpserver: pid 22013 from 131.107.70.16
@40000000483769a20fee54bc tcpserver: ok 22013 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16621
@40000000483769a22fabfcb4 tcpserver: end 22013 status 256
@40000000483769a22fac086c tcpserver: status: 0/40
@40000000483769a22ff51b74 X-Qmail-Scanner-1.25st: Process 22016 closed, parent process died
@40000000483769a23747831c tcpserver: status: 1/40
@40000000483769a237478ed4 tcpserver: pid 22017 from 131.107.70.16
@40000000483769a237797c14 tcpserver: ok 22017 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16634
@40000000483769a30f301d6c tcpserver: end 22017 status 256
@40000000483769a30f302d0c tcpserver: status: 0/40
@40000000483769a30f6e2454 X-Qmail-Scanner-1.25st: Process 22020 closed, parent process died

Looking at this thread, wondering if it's Bare LF's issue? http://cr.yp.to/docs/smtplf.html

Microsoft can take SenderID and stick it…

So, I verified that the issue with receiving a reply from M$ was, indeed, do to their mailer sending bare LF's. I temporarily implemented fixcrio, but will want to turn that off b/c it breaks TLS.

Anyway, the mail thread is here if anyone is interested.

Oh, I'd love to here alternate solutions to fixcrio, if any, so I can receive mail from MSN and still use TLS.

Update: My messages are finally being let through. Why? Who knows.

According to your information, there may be something wrong with the SMTP settings. Maybe you can reset the SMTP settings and the try again sending mail to hotmail.com server. And below are the outgoing SMTP server settings for sending mail using Windows Live Hotmail from any email program, mobile device or another email service:

Hotmail SMTP Server: smtp.live.com

Hotmail SMTP User Name: Your complete Windows Live Hotmail email address (e.g. me@hotmail.com or me@live.com)

Hotmail SMTP Password: Your Windows Live Hotmail password

Hotmail SMTP Port: 587

Hotmail SMTP TLS/SSL Required: yes

![](https://www.cfone.net/Uploads/ueditor/p … 371398.jpg">https://www.cfone.net/Uploads/ueditor/php/upload/image/20171108/1510102815371398.jpg" />

My procedure for setting up mail servers for delivery to hotmail/live/outlook:

1) Verify that the IP is clean on RBLs, deal with it first or change the IP if it isn't before proceeding

2) rDNS, SPF + DKIM

3) Join JMRP, request authorization for the IP review, setup JMRP loop feed, sign the digital contract

A day or so after this mail begins flowing normally.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct