suddendly can't send to hotmail addresses

You are blacklisted.

http://windowslivehelp.com/community/t/26023.aspx?PageIndex=5

Go to the link and ask to have your domain removed.

Go to mxtoolbox.com and check your MX records there to make sure you haven't been blacklisted anywhere.  Also, go to http://www.kitterman.com/spf/validate.html to check your SPF records.

Even though your SPF records might be correct, it's possible that someone complained about mail from your servers and you got blacklisted with hotmail.  If you're SURE you aren't sending spam, I would ask them to remove you.

Make sure you don't have any customers sending highly spammy message either.  Take a look at your queues and see what the content is like.

Worst case scenario:  If you are absolutely sure you don't have a problem, you can relay your mail for hotmail through another server while hotmail fixes the issue.  To do this, you need a trusting mailserver admin at another host to open up relaying for your site.  Then create an SMTP connecter to route mail destined for hotmail.com through the remote mailserver.

Be warned:  If you DO have a problem, you will end up blacklisting the site of your trusting admin too!

I cannot stress enough, the importance of making sure you don't have a problem before you ask to be delisted.

If they delist you and you get relisted, It's a lot harder to get delisted again.

more things to check
 - content of customer emails
 - volume of customer emails (sheer volume will sometimes trigger a listing.
 - outbound smtp: only your mailserver should be able to send traffic from your network on port25.  Otherwise a virus infected pc could be sending mail around your mail server.
 - relay security:  Make absolutely certain that you don't allow relaying without authentication.

There are more, but those are the big ones.

Please amend you mail greeting as currently I get this back when running a domain report:
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

spam.disecurityco.com claims to be invalid hostname 'Welcome': <br />   220 Welcome <br />
This will most likely fail the Hotmail checks.
'Welcome' is not a correctly setup mail server name!

Thanks alanhardisty.  i changed the SMTP greeting per instructions I found here: http://www.vladville.com/wiki/doku.php?id=change-exchange-smtp-greeting

but no fix

Thanks to Enphyniti, I have checked blacklists, and we are not listed (actually, started there this morning).  Anyway, still not listed.

thanks tomjohanson, i have validated our spf record; it is okay. On MXToolbox, it says our MX record failed reverse DNS, but I checked our DNS server and can't find where the error is.  PTR entries are there and correct as best i can see

can someone help me understand exactly what this means:

session transcript:
HELO please-read-policy.mxtoolbox.com
250 mailgates1.disecurityco.com Hello recover.mxtoolbox.com [64.20.227.133], pleased to meet you [16 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 Ok [78 ms]
RCPT TO: <test@example.com>
550 No such domain at this location (test@example.com) [94 ms]
QUIT
221 Bye [31 ms]

I tried to change the FQDN of the virtual SMTP server to mailgates1.disecurityco.com (from email1.emailarc.com), but the test says it's not a valid DNS name.  I have an A and PTR record for this name in our DNS servers.

Can you send me a quick test email to alan @ it-eye.co.uk - I use Vamsoft ORF which will reject you if you are not configured properly and can tell you why very quickly!

Thanks alan,  I sent you a test message.

Also, since my last message, i have:

changed the virtual smtp serve fqdn to mailgates1.disecurityco.com
changed the dns entry for mailgates1.disecurityco.com to the outside address of our firewall - which is the address outbound mail will have; this address change allowed the dns test in the virtual smtp server to return a valid test on the name

Now, when I send to my hotmail test address, it doesn't bounce.  But, it doesn't arrive in the recipient inbox either.  Progress.

-

Okay - so far I temporarily rejected you!  Won't be long to find out if it gets through.  Thanks for sending one.

thanks for the help!  (in the middle of your night?)

Got it - no problems as far as my server checks are concerned - and it is very fussy!
Your sending IP has got a Reverse DNS of iron2.emailxyzabc.com which resolves back to the same IP Address.
That IP is not Blacklisted - but then we already know that.
Your MX record is mxyourdomain.yourdomain.com and your server responds as "Welcome" still.
Presumably you have some sort of Firewall / Anti-Spam appliance receiving your mail.  That is what may be causing the problem and needs changing.
It also is restricting the ESMTP command set - so it may have either SMTP fixup enabled or the equivalent.  What is your device / firewall?
If I telnet to your IP I get the initial Welcome as the host name and then if I issue ehlo mydomain.com I get:
250-mailgatexyzabc.disecurityxyzabc.com Hello mail.mydomain.com [My IP Address], pleased to meet you
250-PIPELINING
250-SIZE 20000000
250-8BITMIME
250 HELP
I should be seeing something more like:
250-mail.mydomain.com Hello [My IP Address]
250-TURN
250-SIZE 10485760
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

It's nearly 11pm - still a few hours to go before I turn in ;-)
I tried to reply to your email and got this:
you@yourdomain.com
A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
 
Diagnostic information for administrators:
 
Generating server: mailgatexyzabc.disecurityxyzabc.com (domain name disguised by me)
 
you@yourdomain.com
#< #5.0.0 X-Spam-&-Virus-Firewall; mail for [172.25.125.175]:25 loops back to myself> #SMTP#
What is going on at your end?

*eesh*  you work hours like i do.  (that'll make you old soon ;)

not sure what's happening here.  inbound mail goes through a Barracuda Spam filter, but we have no reports of problems on inbound mail.
 
the generating server you reference (thanks for the disguise) is what was in the diags from mxtoolbox and I recently changed the virtual smtp server's fqdn to this as well as setting the A and PTR records for this to match the firewall outside interface, which gets assigned to all outbound traffic.

thoughts?

please try again.  the changes i made ultimately broke evrything.  changed back to before i messed around

I am at home - work is in the garden - but the commute is great!  Self-employed too and I love what I do - could I be any happier ;-)  Grey hairs already kicking in and that's just from the kids!
The mail for [172.25.125.175]:25 loops back to myself part is weird.  What is going on with the Barracuda and 172.25.125.175?  Are they one and the same?
Presumably you have Internet > Barracuda > Exchange / Mail Server?  Is this correct?

2nd attempt on it's way - hopefully.

sounds like a good life.


you are correct.  Barracuda is between Internet and Exchange.

FYI - this is the 2nd EE question about problems with Hotmail in 2 days - the other is happier now - but nothing exciting changed other than disabling authenticated relaying.
I am wondering if they screwed something up and are slowly fixing the problem.

Did you click on the link in the rejection and follow it to :
http://postmaster.live.com/Troubleshooting.aspx 
Are you using Symantec Anti-Virus Corporate v9 ?

now there's a thought.  All was okay far as I was aware until this morning.  Got IM from one of our support techs (working from home today myself) that two customers had called in with trouble getting mail to the hotweenies.
I've been reasearching, adjusting and testing for nearly 6hrs now without any progress to speak of.

Short-term you could setup a new SMTP connector using your ISP's smart host and just set the Address Space to hotmail.com.
What flavour of Exchange have you got?

not sure what host to use.  Our ISP is Qwest, but I don't have account info quickly available.

We're running Exchange 2003

Are you able to call them?  You should be able to just add their mail server name and not need authentication as you are on their connection.
FYI - Create a connector in Exchange 2003: http://technet.microsoft.com/en-us/library/aa996625(EXCHG.65).aspx

Any joy with the connector or calling Hotmail?

yes, thanks.  It was hotmail's blacklist all along.  they cleared us and all is well.

Gracias to all