Delivering mail to hotmail.com servers
I'm having some problems and have been in extensive correspondence with microsoft regarding this issue with no luck - they insist that it is an issue with my mail server although they don't give any clues as to what so I thought I would ask to see if anybody had any ideas here.
Running:
Ubuntu 7.04, with Exim 4.63 Debian install, greylistd, tinydns
Every email I send (either via exim, or manuallt via a telnet session to port 25 from my server) is accepted by hotmail.com servers and queued for delivery (aparently), however the messages never reach the hotmail inbox that they are bound for. Hotmail currently have me going round in circles to satisfy their 'rules' that are all already satisfied, despite them asking me to disable all firewalls and antivirus (which I have done to please them for a test send). I have SPF on all of my domain names, have now provided axfr with tinydns in case they decided to check SPF via a TCP query - exim is bound for outgoing SMTP to my secondary IP, which has reverse dns pointing back to the correct hostname, the hostname that the mailserver is reporting in its SMTP greeting etc. - there is literally nothing I can think of at all.
Microsoft claim that:
"We can see that there are connections coming from your IP 64.22.., but there are no data packets being submitted. Our logs confirm that your server is establishing a connection to mail.hotmail.com and submitting messages for delivery. It is after Hotmail agrees to deliver your messages that your server then fails to deliver any data packets."
However, here is a telnet session to hotmail server:
shaun@whisky:~$ telnet mx1.hotmail.com 25
Trying 65.54.244.8…
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 bay0-mc2-f1.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at
helo rum..***
250 bay0-mc2-f1.bay0.hotmail.com (3.4.0.37) Hello [64.22..]
mail from: *@.co.uk
250 *@.co.uk….Sender OK
rcpt to:
250
data
354 Start mail input; end with
To:
From: *@.co.uk
Subject: Testing the Manual Telnet Session Data Transfer for SRX**ID
In order to determine whether the connection is accepting the data we must confirm that data is being sent. We can test this by manually entering the data. In this way we know that there is no server error which may be causing the mail to fail delivery due to improperly formatted messaging.
.
250 <
QUIT
221 bay0-mc2-f1.bay0.hotmail.com Service closing transmission channel
Connection closed by foreign host.
This appears to be a successful SMTP session to me, despite microsofts claim - however, as with all other messages from my server to hotmail.com this never arrived - almost as if hotmail are blackholing the mail. This occurs on two IP addresses for my server.
Its not an SPF issue (as I have been in-depth with microsoft about) as all of my domains currently have SPF setup correctly and hotmail.com accepts mail for my domain from an unauthorised mail server, but not from my authorised server.
Any suggestions or ideas welcome, I may have missed some details off so feel free to ask if I have tried anything in particular as I have had a lot of correspondence with microsoft, and they keep coming back with the same 'please disabled antivirus and firewalls and try again, check your spf record'.
PS I should mention that every other mail server accept mail from me, including gmail who check the SPF and pass this.
Cheers,
Shaun
18 Replies
In my cases, I could have my email delivered only a couple of days after I :
setup SPF,
sent a message to
senderid@microsoft.com with the domain used in the Return-Path in the subject and body.
Now when you setup a new domain, you have to declare it to the MS Police, nice world…
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mail server after end of data:
host maila.microsoft.com [205.248.106.64]: 550 5.7.1
The content of the email was simply the domain name - certainly not obscene, unless my name is somehow offensive nowadays
It seems microsoft can't get anything right eh.
Any further suggestions?
Cheers,
Shaun
@tuux1598g:
Reasons for rejection may be:
obscene language, graphics, or spam-like characteristics.
Obscene language, eh… Hmmm, did the email you sent
have the letters l,i,n,u,and x in that order? Definitely
obscene to a Microsoft e-mail server or postmaster.
James
Since the SMTP transaction is essentially the same, MS can't sensibly argue that the problem is with your server - it must be due to their content filtering. You might want to try it.
I also filled in this form:
Let me know if you get anywhere with this… its turning out to be a minor annoyance!
That is exactly the problem, you will also find that forwards are sent fine - I have searched around the net and found hundreds of reports of similar things - all of which come to the same conclusion, there is no way to configure your server/domain to send to hotmail as there does not seem to be any logic in their filtering methods - they just filter out any email that comes from IP addresses that they deem 'insignificant'.
The only way I have found to resolve this and allow us to send to hotmail.com is to setup a conditional smarthost in exim as follows, whereby any mail addressed to the domain names hotmail.com, hotmail.co.uk or msn.com are sent via the smarthost (with all other mail being processed as normal). The smarthost you use is entirely up to you and must be an SMTP server capable of sending to hotmail.com addresses (which is very hard to find as they filter so bloody much!). Gmail seems to work, but messages appear as From: [yourgmail address] on behalf of: [your email address]. Anyway, here is the filter, no idea if you can use this, depends on your setup but I thought it may help someone:
Under routers/200exim4-configprimary
deliver hotmail messages via gmail smarthost
hotmail_com:
driver = manualroute
domains = hotmail.com:hotmail.co.uk:msn.com
transport = remotesmtpsmarthost
self = pass
route_list = * smtp.gmail.com bydns
no_more
Under transport/30exim4-configremotesmtpsmarthost
remotesmtpsmarthost:
debugprint = "T: remotesmtpsmarthost for $localpart@$domain"
driver = smtp
hoststryauth = ${if exists{CONFDIR/passwd.client} \
{ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}} }\
{} \
}
port=587
tlstempfailtryclear = false
DEBCONFheaders_rewriteDEBCONF
DEBCONFreturn_pathDEBCONF
The port is required for gmail… other smtp hosts comment this out. Of course you will also need to enter your SMTP Authentication details into passwd.client in your exim config dir if required.
Cheers,
Shaun
However, having filled out the form I linked to in my previous post, I recieved an email from MS a few hours later, promising to add me to their SenderID program. To my utter amazment this morning I can deliver email to my hotmail account!
Its all a bit of a faff, but I'm just pleased to see it working at this point! Would be interested to hear if this works for other people…
If possible, could you let me know what you stated to them in their online form - as I was in talks with them for over a week trying to sort this out and they just kept insisting it was my server not delivering messages and to try sending test messages to a random email account they held at hotmail.com
Cheers.
contact email address:
doman name: domain.com
Does the domain have an SPF record?: Yes
SPF record: v=spf1 a:mail.domain.com ~all
form goes off, you get a reply some hours later from a MS representative who "understands your concern". A day or so after that, and I'm succesfully delivering mail.
Its probably worth noting that even though I've specified ~all soft-failed messages still seem to be going missing
Before I follow the advice, here, and submit Microsoft's silly "please let me join your crappy club" form, I'm hoping some mail experts can validate that all of my ducks are in a row.
Mail to/from /etc/passwd accounts uses charon.donsbox.com. vpopmail users use donsbox.com.
DNS:
$TTL 86400
@ IN SOA ns1.linode.com. dfelicia.donsbox.com. (
2008052180
7200
7200
1209600
86400
)
@ NS ns1.linode.com.
@ NS ns2.linode.com.
@ MX 20 mail.donsbox.com.
@ MX 10 charon.donsbox.com.
@ TXT "v=spf1 a mx -all"
charon TXT "v=spf1 a mx -all"
@ A 64.22.124.206
www A 64.22.124.206
mail A 64.22.124.206
pictures A 64.22.124.206
charon A 64.22.124.206
qmail:
$ cd /var/qmail/control/
$ cat me
charon.donsbox.com
$ cat defaultdomain
donsbox.com
$ cat plusdomain
donsbox.com
$ cat locals
charon.donsbox.com
$ cat rcpthosts
donsbox.com
charon.donsbox.com
$ cat virtualdomains
donsbox.com:donsbox.com
Sample header from a mail sent from local account:
Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154923rvi;
Wed, 21 May 2008 17:10:03 -0700 (PDT)
Received: by 10.150.83.41 with SMTP id g41mr1121877ybb.190.1211415002447;
Wed, 21 May 2008 17:10:02 -0700 (PDT)
Return-Path: <jdoe@charon.donsbox.com>Received: from charon.donsbox.com ([64.22.124.206])
by mx.google.com with ESMTP id 9si3540901ywf.9.2008.05.21.17.09.55;
Wed, 21 May 2008 17:10:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of jdoe@charon.donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=jdoe@charon.donsbox.com
Received: (qmail 11018 invoked by uid 1000); 22 May 2008 00:08:55 -0000
Message-ID: <20080522000855.11017.qmail@charon.donsbox.com></jdoe@charon.donsbox.com>
Sample header from a mail sent from a vpopmail account:
Delivered-To: john.doe@gmail.com
Received: by 10.141.21.10 with SMTP id y10cs154754rvi;
Wed, 21 May 2008 17:04:59 -0700 (PDT)
Received: by 10.150.49.2 with SMTP id w2mr1146434ybw.27.1211414698624;
Wed, 21 May 2008 17:04:58 -0700 (PDT)
Return-Path: <john.doe@donsbox.com>Received: from charon.donsbox.com ([64.22.124.206])
by mx.google.com with ESMTP id 7si3543433ywo.7.2008.05.21.17.04.54;
Wed, 21 May 2008 17:04:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) client-ip=64.22.124.206;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of john.doe@donsbox.com designates 64.22.124.206 as permitted sender) smtp.mail=john.doe@donsbox.com
Received: (qmail 11000 invoked from network); 22 May 2008 00:04:53 -0000
Received: from localhost (HELO www.donsbox.com) (127.0.0.1)
by localhost with SMTP; 22 May 2008 00:04:53 -0000
Received: from 68.198.216.174
(SquirrelMail authenticated user jdoe@donsbox.com)
by www.donsbox.com with HTTP;
Wed, 21 May 2008 20:04:53 -0400 (EDT)
Message-ID: <1694.68.198.216.174.1211414693.squirrel@www.donsbox.com></john.doe@donsbox.com>
From their page:
> To use our automated testing tool, send a sample of a marketing email or newsletter to get the summary results. Senders can choose where the results should be sent:
If you wish to receive the results at the address in the "mail_from," the sample message should be sent to
check-auth@verifier.port25.com .If you wish to receive the results at the address in the "from" header, the sample message should be sent to
check-auth2@verifier.port25.com .A reply email will be sent back to you with an analysis of the message's authentication status. The report will perform the following checks: SPF, SenderID, DomainKeys, DKIM and SpamAssassin.
That should at least let you know if your setup is functional.
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
So, i guess I'll move on to filling out Microsofts form. Will post-back, here, if it resolves my issue.
@400000004837697433f4aab4 tcpserver: status: 0/40
@40000000483769a20da9083c tcpserver: status: 1/40
@40000000483769a20da913f4 tcpserver: pid 22013 from 131.107.70.16
@40000000483769a20fee54bc tcpserver: ok 22013 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16621
@40000000483769a22fabfcb4 tcpserver: end 22013 status 256
@40000000483769a22fac086c tcpserver: status: 0/40
@40000000483769a22ff51b74 X-Qmail-Scanner-1.25st: Process 22016 closed, parent process died
@40000000483769a23747831c tcpserver: status: 1/40
@40000000483769a237478ed4 tcpserver: pid 22017 from 131.107.70.16
@40000000483769a237797c14 tcpserver: ok 22017 donsbox.com:64.22.124.206:25 mail3.mssupport.microsoft.com:131.107.70.16::16634
@40000000483769a30f301d6c tcpserver: end 22017 status 256
@40000000483769a30f302d0c tcpserver: status: 0/40
@40000000483769a30f6e2454 X-Qmail-Scanner-1.25st: Process 22020 closed, parent process died
Looking at this thread
So, I verified that the issue with receiving a reply from M$ was, indeed, do to their mailer sending bare LF's. I temporarily implemented fixcriobreaks TLS
Anyway, the mail thread is here
Oh, I'd love to here alternate solutions to fixcrio, if any, so I can receive mail from MSN and still use TLS.
hotmail.com
Hotmail SMTP Server: smtp.live.com
Hotmail SMTP User Name: Your complete Windows Live Hotmail email address (e.g.
Hotmail SMTP Password: Your Windows Live Hotmail password
Hotmail SMTP Port: 587
Hotmail SMTP TLS/SSL Required: yes
![](
1) Verify that the IP is clean on RBLs, deal with it first or change the IP if it isn't before proceeding
2) rDNS, SPF + DKIM
3) Join JMRP, request authorization for the IP review, setup JMRP loop feed, sign the digital contract
A day or so after this mail begins flowing normally.