?
Solved

All mail sent to hotmail/msn.com accounts unsuccessfully delivery

Posted on 2008-02-06
6
Medium Priority
?
4,614 Views
Last Modified: 2008-08-24
All internal network users on our Exchange Server are unable to send email to hotmail or msn accounts.  Our Exchange logs show successful sends.  This is the error that we receive:

Delivery has failed to these recipients or distribution lists:

emailname@hotmail.com
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: bay0-mc5-f6.bay0.hotmail.com.

  _____  

Sent by Microsoft Exchange Server 2007


Diagnostic information for administrators:

Generating server: servername

emailname@hotmail.com
bay0-mc5-f6.bay0.hotmail.com #550 SC-002 Mail rejected by Windows Live Hotmail for policy reasons. The mail server IP connecting to Windows Live Hotmail has exhibited namespace mining behavior. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support ##


0
Comment
Question by:PROJHOPE
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:mdcsea
ID: 20837248
There are a number of possible reasons for this behavior.  Since it's Hotmail, some of the possibilities that first come to mind are that DNS is incorrectly configured for your domain.  Confirm that reverse record (PTR) and the SPF record for your mail server exist and are correct.  

The best place to start, to check the DNS config for your domain is to run a full DNS Report here:  www.dnsstuff.com.  Just enter your domain name in the DNSreport box and run the report.  
0
 
LVL 5

Expert Comment

by:Haddion
ID: 20837254
Well, the reason your mail isn't being delivered is because hotmail is bouncing it.  I suspect this is because your mail server does not have correct Reverse DNS - can you confirm your DNS details for the server and I'll check it out further for you.
0
 

Author Comment

by:PROJHOPE
ID: 20841549
mdcsea: The DNS information appears correct.  The DNS report showed no problems other than a Postmaster tweak.

Haddion: Here is the DNS information:

 
14.42.199.65.in-addr.arpa       name = hq-mail.projecthope.org.
11.53.119.63.in-addr.arpa       name = bo-mail.projecthope.org.
 
Those answers are from me at home and also from UUNet public DNS server:
# nslookup 63.119.53.11 198.6.1.2
Server:         198.6.1.2
Address:        198.6.1.2#53
 
Non-authoritative answer:
11.53.119.63.in-addr.arpa       name = bo-mail.projecthope.org.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 4

Expert Comment

by:mdcsea
ID: 20842273
There seems to be some confusion about the SPF record and your outbound mail servers (based on the DNSreport).

Your MX Records:

9 hq-homer.projecthope.org. [TTL=5400] IP=65.199.42.11 [TTL=5400] [US]
20 bo-homer.projecthope.org. [TTL=5400] IP=63.119.53.8 [TTL=5400] [US]


and your reverse DNS:

11.42.199.65.in-addr.arpa hq-homer.projecthope.org. [TTL=21600]
8.53.119.63.in-addr.arpa bethesda-3.projecthope.org. [TTL=21600]


are both correct but the SPF record contains the following:

"v=spf1 a:hq-mail.projecthope.org a:bo-mail.projecthope.org a:cable.projecthope.org ~all" [TTL=5400]


The servers listed here are:

hq-mail.projecthope.org     65.199.42.14
bo-mail.projecthope.org     63.119.53.11
cable.projecthope.org       74.94.210.225


none of these match your listed mail server IPs.  Essentially, the SFP record says that these three are the best servers to allow mail from.  You do have the entry "~all" but by default, this results in a SOFTFAIL result.  See these results:

SPF string used: v=spf1 a:hq-mail.projecthope.org a:bo-mail.projecthope.org a:cable.projecthope.org ~all.
Processing SPF string: v=spf1 a:hq-mail.projecthope.org a:bo-mail.projecthope.org a:cable.projecthope.org ~all.
Testing 'a:hq-mail.projecthope.org' on IP=206.80.108.41, target domain hq-mail.projecthope.org, CIDR 32, default=PASS.  No match.
Testing 'a:bo-mail.projecthope.org' on IP=206.80.108.41, target domain bo-mail.projecthope.org, CIDR 32, default=PASS.  No match.
Testing 'a:cable.projecthope.org' on IP=206.80.108.41, target domain cable.projecthope.org, CIDR 32, default=PASS.  No match.
Testing 'all' on IP=206.80.108.41, target domain example.com, CIDR 32, default=SOFTFAIL.  MATCH!

Result: SOFTFAIL


Possible Results:
Pass - This IP is authorized to send E-mail from this domain.
Fail - This IP is not authorized to send E-mail from this domain
SoftFail - This IP probably is not authorized to send E-mail from this domain, but the domain owners are not certain
Neutral - The domain does not know if the IP is allowed to send E-mail or not.
TempError - A temporary error occurred. The E-mail should be retried later.
PermError - A permanent error was encountered. The E-mail should be rejected.
None - No SPF record was found. It cannot be determined if the IP is allowed to send E-mail from this domain.
 
Since Hotmail does test the SPF record, your mails are probably being rejected because of the incorrect SPF.  Fix that up, allow it to propagate, and try again.




0
 

Author Comment

by:PROJHOPE
ID: 20842594
We have found that Hotmail feels that our email blasts are unsolicited.  We filled out a form from Microsoft to note our domain and mail IP addresses so it can take us off some blacklist...

Our users now are not having any problems we haven't adjusted anything on the Exchange server.
0
 
LVL 4

Accepted Solution

by:
mdcsea earned 2000 total points
ID: 20842858
Who would have guessed - censorship rather than a real, functional, content-based spam filter solution.

Glad you got it working.  Might want to look at that SPF record anyway.

Thanks for letting us know.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question