[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Emails to Hotmail / MSN being bounced back as not meetng policy.

Posted on 2009-12-19
42
Medium Priority
?
1,069 Views
Last Modified: 2013-11-30
Hello,

Up to 2 days ago emails to hotmail and msn accounts went through without a problem.  However today they are being bounced back with the message shown below.

I have contacted Microsoft through their email support page and am awaiting an answer back.  In the mean time is there anything I can do or is it as I am thinking an internal MS thing?

Thanks!

Your message did not reach some or all of the intended recipients.

 Subject:      RE: test
Sent:      12/19/2009 11:11 AM

The following recipient(s) could not be reached:

  kxcrazy@hotmail.com on 12/19/2009 11:12 AM
  There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
  <smtp.atechdelivers.com #5.5.0 smtp;550 OU-002 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>
0
Comment
Question by:kxcrazy
  • 20
  • 17
  • 3
  • +1
41 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26087588
Please have a read of my FAQ and check your domain / server is setup properly:
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=2
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26087593
This could be down to a few reasons the most common of which are:

> missing SPF record, follow this wizard: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ then contact whoever is responsible for your external DNS and ask them to setup a TXT record with the details the wizard producesa
> missing Reverse DNS, contact your ISP and ensure
you have a reverse DNS configured that matches your MX host record.  Find out what A record your MX uses by going to http://www.mxtoolbox.com and putting your domain name in.
0
 
LVL 21

Expert Comment

by:farazhkhan
ID: 26087606
Hi,

Well, go to http://whatismyipaddress.com/staticpages/index.php/is-my-ip-address-blacklisted and check whether your mail server IP is blacklisted by any authority? if yes, then contact o that authority to unlist your IP from blacklist(before asking them you will have to make sure that your mail server is not vulnerable to any kind of problem).

Second thing is to make sure that you have correct PTR records configured against your mail server, if not ask your ISP to create PTR records for you. Also you have to add SPF record, because this is also checked by Microsoft mail servers.

Regards,
Faraz H. Khan
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:kxcrazy
ID: 26087672
All SPF, reverse DNS, A records etc are set up and have been for a long time.

I just checked them again using the sites and tools that everyone has and everything is still good.

We are not listed on any blacklists.

What is strange is that it was working up to Thursday and then now is not.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26087736
Did you check the reputation using the site in alan's FAQ?
0
 

Author Comment

by:kxcrazy
ID: 26087757
It is neutral.  I am thinking that after a bit we should be in the positive as we had some relaying, NDR issues that resulted in some blacklisting issues last month which have been corrected and now we are staying off the blacklists.  

Maybe this has caused the MSN issue after some delay?

I think I may have to wait to hear back from MS as I think it may have to be corrected at their end?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26087767
There is often a delay in these sorts of things and it can take a while to be rectified.

Chances are you will have to wait for MS to resolve it.

They probably (I don't know for sure) only update their reputation database every few weeks or something.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26087809
Can you please send a test message to alan @ it-eye.co.uk - my anti-spam software will reject you and give a good reason if you are not setup properly.
0
 

Author Comment

by:kxcrazy
ID: 26087921
Alan.

Just set you a test message per your request.

I will let you know if it bounces back.
0
 

Author Comment

by:kxcrazy
ID: 26088378
Alan,

Never received and NDR so I assume it went through to you.

I also just tested from my domain to my hotmail account and it went through so maybe MS was having issues internally.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26088845
Yes - I got it, which says to me that your domain is setup properly or you would have been rejected.
This is the page that is referenced when you click on the link in your rejection message:
http://postmaster.live.com/Troubleshooting.aspx
What sort of Anti-Virus software are you using?
0
 

Author Comment

by:kxcrazy
ID: 26088916
Using AVG Corporate Anti-Virus.  We run all emails through a server in our DMZ on which we use GFI Mail Security and Mail Essentials.
One thing I noticed was a large number of emails in the queue on this server which were all SPAM from emails outside of our organization.

I have verified we are not an open relay and I am using recipient filitering so I have put SMTP logging to maximum to try and capture any events that may tell me if one of the email accounts is being used.
0
 

Author Comment

by:kxcrazy
ID: 26098041
Well I spoke to soon.  Emails to the hotmail domain are failing again today.

There us also a large number of outbound emails in the queue of our DMZ server that are spam. I  also have not seen any results from the smtp and authentication logging to determine if I have an email account which is be used to spam.  Is there a seperate log then the ones that appear in event viwer where I would need to see this?

Any help on either of these issues woiuld be greatly appreciatted!

Thank you.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26098109
Okay - if you have spam in your outbound queues that are spam and you are not an open relay, you have to be an authenticated relay.
What version of Exchange are you running?
0
 

Author Comment

by:kxcrazy
ID: 26098519
We are running Exchange 2003
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26098650
Thanks - In that case, please have a read of my FAQ and see who is abusing your system:
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=4
Once you have cleaned up - you may find that your problems with Hotmail / MSN clear up of their own accord as you must be flagged as a spammer somewhere.
0
 

Author Comment

by:kxcrazy
ID: 26098760
I have set the logging levels to maximum on the weekend however there are no relevant events listed when I check the application event logs.

As all of our users use either their local Outlook client, the OWA app or RPC over HTTPS for our remote users then maybe I should do this?

Disable Authenticated Relaying

If you would like to disable the ability for any users, even authenticated ones, to relay through your server, then you need to disable access. This does not affect the ability of your Outlook users to send email, nor the ability to receive email.

Expand ESM, Admin Groups, <your admin group>, Servers, <your server>, Protocols, SMTP.
Right click on "Default SMTP Virtual Server" and choose Properties.
Click on the "Access Tab" and then the "Relay" button at the bottom.
Ensure that "Only the list below" is enabled and there are no servers list.
Deselect the next option "Allows all computers which successfully authenticate to relay, regardless of the list above."
Click Apply/OK to exit from this option.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26098775
Yes - if no-one uses SMTP then you should disable it.
Once done, please check the sender of the spam in your queues.  Is it from postmaster@ or random people?
0
 

Author Comment

by:kxcrazy
ID: 26098961
Our RPC over HTTP authenticates against POP3.atechdelivers.com so will this be affected if I disable the SMTP?

The mail in the queue of our SPAM and Security server in our DMZ is from random people.  Looks like it is all from email addresses in Italy.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26099023
No - RPC over HTTP uses HTTPS and not SMTP.
Radmon people would suggest an authenticated relay / direct server abuse.
0
 

Author Comment

by:kxcrazy
ID: 26099188
yes I am starting to think maybe I have a user who has been affected by malware and is unaware?

Disabling the authenticated relay should correct this yes without affecting the outlook, OWA or RPC over HTTP users?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 26099244
It won't necessarily affect internal users or stop the abuse, but we do need to identify which machine has a problem.

Can you download malwarebytes and scan your machines after downloading the updates www.malwarebytes.org 
0
 

Author Comment

by:kxcrazy
ID: 26099804
So not much point in disabling authenticated relay then?

I will download and scan all machines ASAP.

Any thoughts on what I can check for in the case of direct server abuse?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26099943
If you don't need authenticated relaying, then disable it.  It may stop the spam but there are other possibilities such as an infected machine.
0
 

Author Comment

by:kxcrazy
ID: 26100200
I do not beleive we do.  We have no POP3 users.  Everyone is either internal through outlook client, remote through OWA, outlook client via VPN or using rpc over http.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26101077
Okay - then please disable it.  If people start to complain, at least you will know why!
Check all your machines (make sure they update and show today's date in the Update Tab) and remove anything found using the basic scan.
Have you checked yourself again to make sure you have not popped up on any Blacklists?
http://www.mxtoolbox.com/blacklists.aspx 
0
 

Author Comment

by:kxcrazy
ID: 26101213
I have disabled it and tested successfully from OWA as well as RPC over HTTP.

I am in the process of checking all machines.

I just checked again and am listed 0 times with 4 timeouts.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26101220
Blacklists sound good - hopefully the machines will come up clean, but that will leave some confusion as to where the spam is originating from!
0
 

Author Comment

by:kxcrazy
ID: 26101292
I am almost hoping a machine comes up dirty so I know for sure.

Really strange is I just sent a test email to my hotmail account and it went through successfully.

I almost wonder if my ISP is having some issues resolving reverse DNS which I believe can cause emails to hotmail to fail?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26101317
Hotmail use multiple servers and it could be that you just happen to hit a mail server that is either having problems or is not configured properly and thus the mail vanishes.
Their servers should not have problems obtaining Reverse DNS details - they remain static and your ISP should have multiple DNS servers so should be able to cope with some outages.
Have you tried sending out Hotmail mail directly via your ISP's mail servers?
You just need to setup a new SMTP Connector and set the Scope to hotmail.com and add your ISP's smarthost (mail server details):
http://technet.microsoft.com/en-us/library/aa996625(EXCHG.65).aspx 
0
 

Author Comment

by:kxcrazy
ID: 26101352
Would we get the reply as shown below if the mail was simply disappearing in a bad server at hotmail?


Your message did not reach some or all of the intended recipients.

 Subject:      RE: test
Sent:      12/19/2009 11:11 AM

The following recipient(s) could not be reached:

  kxcrazy@hotmail.com on 12/19/2009 11:12 AM
  There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
  <smtp.atechdelivers.com #5.5.0 smtp;550 OU-002 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>

0
 

Author Comment

by:kxcrazy
ID: 26104377
Alan,

I actually do require relay for 3 machines within the organiztion.

The backup exec application on 2 servers sends me a txt message to my cell phone and my main battery backup sends me both an email and txt message when the power is interrupted.

Without authenticated relay enabled these functions do no work.  Any thoughts?

Thanks!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26106317
You can allow it but setup restrictions to only allow it from certain IP's.  This should allow the messages from the backup through.
In answer to your last wuestion - No - you would not.
What firewall do you have in place?
0
 

Author Comment

by:kxcrazy
ID: 26106752
We use a Juniper SSG20.

Today emails to the hotmail domain appear to be going through without any problems.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26108699
Great news - but let's leave it a day or so before opening the champagne!
0
 

Author Comment

by:kxcrazy
ID: 26108931
LOL...I agree.

Have completed some malwarebytes scans on a few machines so far and most come through clean.  Some have toolbar adware reported but a couple of machines report some nasty stuff like vundo etc.

So here's hoping that once all machines are clean my SPAM issues go away.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26108965
For now (at least) ;-)
If not - I'll be back here for more!
0
 

Author Comment

by:kxcrazy
ID: 26198612
Alan,

Everything was working great until yesterday and now I as postmaster am receiving the NDR for incoming  emails sent to people who are no longer work here and no longer have an email address.  Before I only received the NDR for outgoing mail that failed.

Any thoughts?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26198665
The only reason you should be receiving NDR's is is you have mailed the recipient that no longer exists!
Can you please post an NDR message for review.
Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26198713
You could be a victim of a Reverse NDR attack:
http://www.cryer.co.uk/glossary/r/reverse_ndr.htm
To resolve this issue, you need to disable the creation of NDR's on your server or change the recipient:
Change Recipient - http://support.microsoft.com/kb/294757
Disable NDR's - Open up Exchange System Manager> Global Settings> Internet Message Format.  Double click on Default in the right-hand pane> Advanced tab> Uncheck Allow non-delivery reports.
0
 

Author Comment

by:kxcrazy
ID: 26198888
Here is a sample of one for a user who is no longer here.

It appears valid as I have unsubscribed users from mailing lists from a few other NDR I have received.

Your message did not reach some or all of the intended recipients.

      Subject:      Get Ready&Snow & Cold Weather Alert
      Sent:      1/7/2010 6:07 AM

The following recipient(s) cannot be reached:

      jcady@atechdelivers.com on 1/7/2010 6:09 AM
            The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
            <smtp.atechdelivers.com #5.1.1 smtp;550 5.1.1 User unknown>


I have already disabled NDR generaion except to user postmaster so I can review any outgoing ones that I need to inform the sender of.

Maybe GFI software is allowing the others through now?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month18 days, 11 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question