Solved

hotmail is blocking IP

Posted on 2008-10-08
44
1,654 Views
Last Modified: 2012-05-05
we were fine sending email to hotmail. but today i realized , hotmail is rejecting our email address.

I hve checked with dnsstuff , its not listed any  spam database, its clear.

Some one said to check http://ipremoval.sms.symantec.com/, and its blocked by this site

this small busienss server, and my server is not open realy.

so what i am trying to do is : checking all pc for spyware or others

but does any one have same problem with hotmail ??

my domain is receving by gmail,yahoo .

only hotmail is giving trouble.
please advise.
0
Comment
Question by:fosiul01
  • 18
  • 14
  • 6
  • +1
44 Comments
 
LVL 32

Accepted Solution

by:
gupnit earned 200 total points
ID: 22669950
Hi,
I think you got to look for SPF record. Goto http://www.mxtoolbox.com/spf.aspx  and verify your SPF record
Create SPF Record:
That should help
Thanks
Nitin
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22669955
Also, pleae give me exact error message that you arer getting
Thanks
Nitin
 
0
 
LVL 29

Assisted Solution

by:Michael W
Michael W earned 200 total points
ID: 22669962
I recommend checking to see if your site/domain name is black listed (even if you checked it elsewhere). MX Toolbox has a number of tools to also check the mail server and DNS to see if its setup correctly:

http://www.mxtoolbox.com
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22670094

      xxxx@hotmail.co.uk on 08/10/2008 13:54
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <sbs.xxxx.local #5.5.0 smtp;550 OU-002 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22670137
Check at http://www.spamhaus.org your IP Address.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22670142
http://www.mxtoolbox.com is saying, our ip is not in any block list
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22670155
I have checked http://www.spamhaus.org  before
its clear from there,
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22670171
Also see if you are blacklisted somewhere via www.mxtoolbox.com also
IF yes follow this guide : http://www.sembee.co.uk/archive/2008/03/13/73.aspx
Thanks
Nitin
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22670176
As gupnit pointed out, do you have a SPF record for your domain?

Also check out Sender ID as well (which is what Microsoft Live/Hotmail are based on now):
http://www.msexchange.org/tutorials/Configuring-enabling-Sender-ID-filtering-Exchange-2003-SP2.html
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22670190
Great...
Please contact Hotmail, maybe you are in one of their blocklists, it could happen. It happens, they will remove you from BL.
Also, verify ur MX records via www.mxtoolbox.com to see if things are fine.
Cheers
Nitin
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22670198
I am assuming that you have a SPF record, because you didnt respond to my very first post !
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22670200
0
 
LVL 6

Assisted Solution

by:D_Hartup
D_Hartup earned 100 total points
ID: 22670235
Best thing to do is find out the mail relay address for your ISP (for instance nildram is smtp.gotadsl.co.uk) and then set your Small Business SMTP Connector under connectors in Exchange System Manager to use that address as a smart host. It'll solve all mail delivery issues by then relaying all outbound email via your ISP's mail server.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22670248
Sapamhouse is cleared, my ip is not in their list


We dont have any SPF record, but we used sent email to hotmail Ok, we didnot face this problem before
its only recently we are having this problem
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22670302
D_Hartup solution is also a possible solution. For more details on using a smart host (which is what I use through a 3rd party), I recommend taking a look at this site for more information and a how-to:

Mail Relay Outbound Service Details:
http://www.dnsexit.com/Direct.sv?cmd=mailRelay

MS Exchange - Smart Host - SMTP Authentication Configuration for Mail Relay Outbound Service
http://www.dnsexit.com/support/mailrelay/exchange/setup.htm
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22670338
yes, i can use smart host, i can take this a solution

but any idea  what could be the reason suddently hotmail is not accepting our email ??
as i said, mxtoolbox , dnsstuff , none of them said , my ip is in block list
0
 
LVL 6

Expert Comment

by:D_Hartup
ID: 22670356
It happens - we look after about 40 SBS machines for clients, and if you're on ADSL or SDSL you generally have to use the smart host, as hotmail and other services won't accept email, or will begin accepting it and then suddenly stop. You'll never really find out why, but smart host fixes it, which is all that matters, particularly in the SBS sphere of operations.

Let me know how you get on.
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22671168
Wait Wait Wait...Smart Host would mean changing your IP Address ie MX Record. Are you ready to get into that change and wait for 48hrs for replication to happen, considering that only Hotmail is an issue.
See changing MX record and using Smart host would have been an ideal situation if your Exchange server would have been an open relay and only all sorts of Relay Block Lists (blacklisted), but you are not !!
So Smart Host is not required as of now. But yes Exchage should not be facing the internet, agreed and I always propse Smart Host, but that is only if you want to go ahead and change your MEssaging Flow.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22671235
hold on. Why i need to change mx record 4r smart host! Right now al email r going directly 4rm our smtp server. But if i use isp mail server ( which is smart host) instead of our why i need to change mx record?
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22671307
Well Well....
See Exchange is sending out mails right now....Is my understanding right here...!!!
If you go ahead and use Smart host (at ISP end) to send out mails, then...it means your outgoing IP address will change....ie the IP Address of Smart Host..>!!
Now your MX Record refers to Exchange server not the SMart Host. Now Reverse DNS issue will crop up, until you update your MX records !!
Hope I got your setup right !!
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22671379
ommm no if i reverse dns of my ip which actually blocked by hotmail. it will point to isp

its not pointing to our domain name
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22671467
No Comments on your comment ! But when a mail comes from a IP address that is not authoritative for the domain, it is considered Spoofed !
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 29

Author Comment

by:fosiul01
ID: 22671511
ommm yes, in that case i am agree with you.

but the Ip is blocked by hotmail its reverse dns is the name of the ISP

but as i said, its not always , suddently today i saw this problem occures

and also yahoo, gmail every one accepting my email without any problem

may be good idea is not use smart host

if change the smart host, i just need to add the isp mailserver address in my smtp right ?? or do i need to do any more thing??
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22671701
Well....
Since I am not sure of your exact MX records and how it is setup up, I should not give a comment and say thats it.
But, logically these would be steps...
  • But yes in SMTP Virtual Connector, give the Smart Host IP address
  • Make sure communication works fine between the 2
  • After this change, easiest option would be goto www.mxtoolbox.com and see what it says about your Domain. If it says some change needed in RDNS, then do it. It will be simple and self explanatory.
Hope this helps
Thanks
Nitin
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22671792
HI thanks
but what does this mean ??Make sure communication works fine between the 2
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22671807
I mean...communication ie no Firewall blocking ports or servers unable to talk on port 25 etc.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22671848
I just want to ask a question to mwecomputers

i dont have spf record as we are not responsible for dns management
so i can ask my isp for spf record

also : since we are not responsible for dns management is sender ID would be applicable for us ??
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22671930
See if you look at my very first comment, I had asked you about the SPF Record. Yes more and more people are moving towards it and it is better to get it done. I had also given links in my first Comment !! SenderID is Microsoft implementation of SPF record
Chers
Nitin
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22671980
Yes, your ISP can supply it or you can use that Sender ID wizard to create one for you. Then just e-mail your ISP and have them add that to your DNS stub entry.

Personally, I recommend getting an SPF record. It just makes life a lot easier, especially if your running your own e-mail server environment.

When it comes to DNS management, I handle all of my DNS activities via GoDaddy (where I registered my domain name) so it makes it easier for me to make changes and not have to wait on an ISP, etc.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22672020
haah sorry , for not reading comments properly

since , ISP is responsible for dns, so i will have to request them for creation spf , is  not it ??


now confusion of sender Id, do i have to do anything in exchange to create sender id ??
i just read http://www.msexchange.org/tutorials/Configuring-enabling-Sender-ID-filtering-Exchange-2003-SP2.html

if i follow that link till sender id , will it work ??( i am confused because spf record would not be in your dns server)

i
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22672040
ohh ok so i need to create the sender id then have to give that sender id to ISP so that they ISP can create spf ??

if its right then it does make sense.
and i will be happy for all these solution.
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22672705
Just follow the MSEXCHANGE article and you should be done with SenderID Filtering.
Also at the same time ask your ISP to create a SPF record.
Cheers
Nitin
0
 
LVL 6

Expert Comment

by:D_Hartup
ID: 22673019
Some notes from the conversation above:

1. Relaying *outbound* email via a smart host (ie your ISP's email smtp server) does *not* require any reverse DNS or MX record changes. Reverse DNS is simply a record that the Ripe provider of your external IP address (usually your ISP) has created to show who (ie you) is at the ip address. MX records are only for *incoming* email settings.

2. SPF - complete waste of time. Once you've set the Smart Host, you don't need SPF. SPF really is only for organizations who either don't have an available ISP relay to use, or who have special reasons for wanting to send email direct (usually due to security reasons - but even that's moot - you can set up many connectors and set the address spaces dealt with by each one, but that's usually way beyond most SBS environment requirements).

In short, I'd recommend that all SBS servers that are run on ADSL or SDSL are set to use the ISP's relay smtp server for outgoing email. This will ensure, with no further settings required, that all email will be delivered without failure.

However, if your domain gets entered onto spam lists for genuine reasons (ie spam is eminating from your server) then it won't matter about smart hosts or SPF records or what not. But that's a whole different story.
0
 
LVL 6

Expert Comment

by:D_Hartup
ID: 22673037
Oh finally - ISP's don't create SPF records - the owner of the Domain name does - ie you, as the domain administrator. You use the SPF tool on the micvrosoft website to create the magic code and then copy that into the appropriate place on your domain admin tool that your domain hosting provider gives you (such as reg-123 or similar).
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22673157
No denying the logic of your statement, true very true....!! But -  in his case everything is being handled by ISP...!!!!!! Also have given him the link to creating SPF record already !!!!!
Cheers
Nitin
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22673191
what D_Hartup said, its true.  in my case domain tag holder is my ISP

yes i am clear now what to do. and will follow as you guys said to me

i will just go through this all comments tomorrow as its night here. then i will close this question,
hope this allright

thanks again to stay with me
0
 
LVL 6

Expert Comment

by:D_Hartup
ID: 22673217
that's cool - I don't care a fig about points - I'm a paid subscriber - I just do this whenever I get bored ;)

Hope it all works!
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22673240
Well I didnt read second last comment from D_Hartup. With all due respect (not want to make it look ugly) I would say that....try what you said in your setup....ie first using ur exchange server for all outboud and proper MX/RDNS records then all of a sudden choosing SMArt host and not making any changes....if you do not start getting NDRs let me know.
Cheers
Nitin
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22673258
Hahahahaha....I am not a paid expert....I do it in my free time! I am also not getting paid. And what benefits will these points give me hahhaa some T-Shirt ;-) !!!!
0
 
LVL 6

Expert Comment

by:D_Hartup
ID: 22673279
I can say with 100% guarantee, that changing to a smart host makes no difference in terms of NDRs. As stated earlier, I look after a LOT of SBS servers (We're a SME specialist in London) and 95% of them run on smart hosts, and we don't do anything with SPF's or MX records to enable them to use a smart host. Once MX points to the client server, another to our backup mx server. Don't even bother with SPF's for those sites using Smart Hosts, there's zero point.
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22673364
Thats what I said Gentleman...Smart host is a good option, you gave the answer yourself......You setup the Domain MX with RDNS saying that your Smart Host IP is linked to a Particular domain....!!! SPF is catching up, not many people have implemented yet, Microsoft is pushing hard. So it will take time.
I am also working for largest IT Services providor as a SME (mentoring as Architect) in Messaging domain....majorly into planning and designing....!! So at times I go out of touch in terms of troubleshooting
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22673375
Anyways...Cheers....the point is to get a solution ;-) !! Lets not torture fosiul01over things...I think I got to back out !!
Cheers
Nitin
(over and out)
0
 
LVL 29

Expert Comment

by:Michael W
ID: 22673771
If your ISP doesn't like you using them as the Smart Host (some commercial ISPs are like this), I will recommend the one I use and they even supply the 'how-to' for setting up a smart host on Exchange.

Mail Relay Outbound Service
http://www.dnsexit.com/Direct.sv?cmd=mailRelay

MS Exchange - Smart Host - SMTP Authentication Configuration for Mail Relay Outbound Service
http://www.dnsexit.com/support/mailrelay/exchange/setup.htm
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22681506
HI experts, i know its my duty to close the quesiton i will do that soon
but can you please please check my this question out..
its making me mad

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_23802091.html
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now