andersonaraujo
asked on
Not receiving email from Hotmail
Hi guys! I'm with big problem I'm not receiving emails from Hotmail.com and others domains to my company domain. I've tested sending and soon after try to send it show following message:
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
The domain is not blocked on my antispam appliance or exchange.
What can I check to solve this? Please guys I'm trouble. Thanks.
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
The domain is not blocked on my antispam appliance or exchange.
What can I check to solve this? Please guys I'm trouble. Thanks.
ASKER
I'm getting problem only with few domains. I don't know if you remember but I had problems with an spammer and after that I got this problem. We use ISA Server 2004.
ASKER
Another symptom is that some messages stay on queue and are not delivered.
Weird! Do they get an Error number with the NDR message?
Not delivered internally, or not delivered externally?
ASKER
No there isn't any Error Number.
The messages that are stay on the queue are not delivered externally, it happens only with some domains. If try to telnet the target server it show Connection Lost.
The messages that are stay on the queue are not delivered externally, it happens only with some domains. If try to telnet the target server it show Connection Lost.
With the sending - it is probably because you are blacklisted.
Check on www.blacklistalert.org and www.mxtoolbox.com/blacklists.aspx
Check on www.blacklistalert.org and www.mxtoolbox.com/blacklists.aspx
ASKER
You're right. I'm blacklisted on Sorbs. But Shouldn't be delivered a message with this information? Because the messages keep on the queue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is someone trying to send to the .com.br domain? Is that a genuine recipient? Most .com.br addresses we would be rejecting as spam as Brazil is a hot-bed of spam mail!
ASKER
This is a valid recipient, I'm from Brazil.
Okay - sorry.
Well - trying to connect to their servers from my end results in the same problem, so I think they are having issues that you cannot do much about.
Well - trying to connect to their servers from my end results in the same problem, so I think they are having issues that you cannot do much about.
ASKER
alanhardisty Can you try this one please: malote.plataforma@safra.co m.br?
Unable to telnet to their server either!
Do you want me to try and send a test email to them both?
Do you want me to try and send a test email to them both?
ASKER
Ok, please. Thanks.
Okay - hold fire.
Test email sent to both addresses and delivery receipts received back.
Sounds like they may be using a blacklist that you are listed on.
Your options here are to setup a new SMTP Connector with the problem domains added to the Scope tab and send the email to a Smart Host (your ISP for example) to deliver until you clear off the blacklists.
Sounds like they may be using a blacklist that you are listed on.
Your options here are to setup a new SMTP Connector with the problem domains added to the Scope tab and send the email to a Smart Host (your ISP for example) to deliver until you clear off the blacklists.
ASKER
How can I do that?
Here is the MS way:
http://support.microsoft.com/kb/265293
Or an alternative article for the same thing:
http://www.msexchange.org/tutorials/configuring-smtp-connector.html
http://support.microsoft.com/kb/265293
Or an alternative article for the same thing:
http://www.msexchange.org/tutorials/configuring-smtp-connector.html
ASKER
This morning I had another spammer attack, on system manger I got these ip's connected, I terminated them and them remain again. I'm sure they are the reeason of these attacks, how can I block them?
ips.JPG
ips.JPG
Are they getting through - or just trying?
ASKER
Getting through.
Are you allowing Windows Based Authentication / Basic Authentication still?
If not - you have another RPC over HTTPS user (or the same one) who is infected.
The IP info for the IP Address above is as follows:
IP Information - 208.115.204.212
IP address: 208.115.204.212
Reverse DNS: 212-204-115-208.servebyte. net.
Reverse DNS authenticity: [Verified]
ASN: 46475
ASN Name: LIMESTONENETWORKS
IP range connectivity: 7
Registrar (per ASN): ARIN
Country (per IP registrar): US [United States]
Country Currency: USD [United States Dollars]
Country IP Range: 208.115.0.0 to 208.115.255.255
Country fraud profile: Normal
City (per outside source): Unknown
Country (per outside source): -- []
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 208.115.204.212
Any of your users use that ISP at home?
If not - you have another RPC over HTTPS user (or the same one) who is infected.
The IP info for the IP Address above is as follows:
IP Information - 208.115.204.212
IP address: 208.115.204.212
Reverse DNS: 212-204-115-208.servebyte.
Reverse DNS authenticity: [Verified]
ASN: 46475
ASN Name: LIMESTONENETWORKS
IP range connectivity: 7
Registrar (per ASN): ARIN
Country (per IP registrar): US [United States]
Country Currency: USD [United States Dollars]
Country IP Range: 208.115.0.0 to 208.115.255.255
Country fraud profile: Normal
City (per outside source): Unknown
Country (per outside source): -- []
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 208.115.204.212
Any of your users use that ISP at home?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I1m using aqadmcli do delete messages from test@test.com, but the messages doesn't stop to flood my Queue. How can I stop them?? I'm getting crazy!!!
Did you block the IP Addresses on your router / firewall?
ASKER
Yes I did. I've created a rule on ISA Server 2004, blocking SMTP, from that range to my internal network. Is it correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I've changed. Let's wait a little. Thanks by now!
No problems. Fingers crossed it stops the flood. If not - Let me know.
ASKER
Hello alanhardisty! Now it's everything ok, you have helped me a lot. Can I contact you directly? If so please send your contact to myname@mydomain.com. Thank you very very much.
If you click on my name - you should find my contact details :)
Glad all is well - fingers crossed it stays that way.
Glad all is well - fingers crossed it stays that way.
ASKER
No words to explain how useful Experts Exchange has been to me thanks a lot.
What hardware firewall / router do you have?
Alan