Hotmail trying to send mail to my node
The domain in question is brianlance.com, and my node has never been responsible for accepting mail for this domain. Although it does accept mail for others.
Jul 20 09:26:06 wallace postfix/smtpd[18853]: connect from snt0-omc4-s23.snt0.hotmail.com[65.55.90.226]
Jul 20 09:26:06 wallace postfix/smtpd[18853]: NOQUEUE: reject: RCPT from snt0-omc4-s23.snt0.hotmail.com[65.55.90.226]: 554 5.7.1 <xxxxx@brianlance.com>: Relay access denied; from= <xxxxx@hotmail.com>to= <xxxxx@brianlance.com>proto=ESMTP helo= <snt0-omc4-s23.snt0.hotmail.com>Jul 20 09:26:06 wallace postfix/smtpd[18853]: disconnect from snt0-omc4-s23.snt0.hotmail.com[65.55.90.226]
Jul 20 09:28:39 wallace postfix/smtpd[18859]: connect from snt0-omc4-s23.snt0.hotmail.com[65.55.90.226]
Jul 20 09:28:39 wallace postfix/smtpd[18859]: NOQUEUE: reject: RCPT from snt0-omc4-s23.snt0.hotmail.com[65.55.90.226]: 554 5.7.1 <xxxxx@brianlance.com>: Relay access denied; from= <xxxxx@hotmail.com>to= <xxxxx@brianlance.com>proto=ESMTP helo= <snt0-omc4-s23.snt0.hotmail.com>Jul 20 09:28:39 wallace postfix/smtpd[18859]: disconnect from snt0-omc4-s23.snt0.hotmail.com[65.55.90.226]
Jul 20 09:31:59 wallace postfix/anvil[18855]: statistics: max connection rate 1/60s for (smtp:65.55.90.226) at Jul 20 09:26:06
Jul 20 09:31:59 wallace postfix/anvil[18855]: statistics: max connection count 1 for (smtp:65.55.90.226) at Jul 20 09:26:06
Jul 20 09:31:59 wallace postfix/anvil[18855]: statistics: max cache size 1 at Jul 20 09:26:06
Jul 20 16:02:58 wallace postfix/smtpd[23654]: connect from snt0-omc4-s4.snt0.hotmail.com[65.55.90.207]
Jul 20 16:02:58 wallace postfix/smtpd[23654]: NOQUEUE: reject: RCPT from snt0-omc4-s4.snt0.hotmail.com[65.55.90.207]: 554 5.7.1 <xxxxx@brianlance.com>: Relay access denied; from= <xxxxx@hotmail.com>to= <xxxxx@brianlance.com>proto=ESMTP helo= <snt0-omc4-s4.snt0.hotmail.com>Jul 20 16:02:58 wallace postfix/smtpd[23654]: disconnect from snt0-omc4-s4.snt0.hotmail.com[65.55.90.207]
Jul 20 16:06:18 wallace postfix/anvil[23657]: statistics: max connection rate 1/60s for (smtp:65.55.90.207) at Jul 20 16:02:58
Jul 20 16:06:18 wallace postfix/anvil[23657]: statistics: max connection count 1 for (smtp:65.55.90.207) at Jul 20 16:02:58
Jul 20 16:06:18 wallace postfix/anvil[23657]: statistics: max cache size 1 at Jul 20 16:02:58</snt0-omc4-s4.snt0.hotmail.com></xxxxx@brianlance.com></xxxxx@hotmail.com></xxxxx@brianlance.com></snt0-omc4-s23.snt0.hotmail.com></xxxxx@brianlance.com></xxxxx@hotmail.com></xxxxx@brianlance.com></snt0-omc4-s23.snt0.hotmail.com></xxxxx@brianlance.com></xxxxx@hotmail.com></xxxxx@brianlance.com>
7 Replies
$ dig brianlance.com mx
; <<>> DiG 9.3.2 <<>> brianlance.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10191
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;brianlance.com. IN MX
;; ANSWER SECTION:
brianlance.com. 300 IN MX 10 aspmx5.googlemail.com.
brianlance.com. 300 IN MX 0 aspmx.l.google.com.
brianlance.com. 300 IN MX 5 alt1.aspmx.l.google.com.
brianlance.com. 300 IN MX 5 alt2.aspmx.l.google.com.
brianlance.com. 300 IN MX 10 aspmx2.googlemail.com.
brianlance.com. 300 IN MX 10 aspmx3.googlemail.com.
brianlance.com. 300 IN MX 10 aspmx4.googlemail.com.
;; ADDITIONAL SECTION:
aspmx5.googlemail.com. 965 IN A 74.125.130.27
aspmx2.googlemail.com. 400 IN A 173.194.69.27
aspmx4.googlemail.com. 2047 IN A 173.194.78.27
;; Query time: 446 msec
;; SERVER: 205.133.7.2#53(205.133.7.2)
;; WHEN: Sat Jul 21 21:29:10 2012
;; MSG SIZE rcvd: 256
````
Looks like your MX records are set to use Google for incoming mail. Unless Hotmail is somehow getting a different DNS response, it should never
Postfix is doing the right thing by returning a 5xx (permanent) error code - does Hotmail send a bounce message to your wife?
Since Postfix needs to accept mail for other domains, you can't just firewall it off from the outside world. The only other option I can think of would be to have Postfix return a different error code to tell Hotmail to stop doing this, but I don't think there's one more appropriate.
Hotmail Postmaster
Here's a serverfault post from someone having the problem in 2010 (with some replies from earlier this year).
Since this appears to be going on for so long, I suspect waiting for Hotmail to fix it may be futile. I think Vance might be on the right path with the notion of providing a non-5xx error. Try sending a 4xx error code for any brianlance.com mail instead (which tells the sender there's a temporary error and it should try again later). It's possible that this will cause Hotmail to try your MX servers and deliver the mail properly.
One answer would be to accept the mail and just forward it yourself. I agree though that sending a 4xx response might help, especially with your 5 minute DNS TTL setting. That of course is assuming hotmail honors the TTL
I should probably increase that TTL.
@Stever:
As much as I like to bash hotmail, it seems like a little bit of this sort of thing is inevitable when your MX points somewhere different than the A record for the domain.
This is, in fact, the RFC-correct way of doing things. Trying all MX records and then failing back to A record is… wrong. Definitively.
> One answer would be to accept the mail and just forward it yourself. I agree though that sending a 4xx response might help, especially with your 5 minute DNS TTL setting. That of course is assuming hotmail honors the TTL
DNS TTLs are irrelevant to SMTP retry timings.
@bjl:
Thanks for the input everyone. Is falling back to the A record in cases of MX lookup failures a standard behavior?
It's a not-unheard-of broken behaviour. It's not standard and it's wrong. But it's not unheard of.
> I've thought about just relaying the messages, but I'm not sure where that would be configured.
Be careful about relaying; if google rejects your mail as spam at SMTP time then you'll either need to blackhole the message or will act as a back-scatter spam source in your own right.