We help IT Professionals succeed at work.

Unable to send mail to some domains

Tim
Tim asked
on
We are unable to send mail to some domains (including but not limited to msn, hotmail and live).  This problem began about a week ago with no changes to our configuration.

Messages sit in the smtp queue until they expire and I receive smtp 4.4.7 responses:

The following recipient(s) cannot be reached:

      name@hotmail.com on 6/11/2010 3:06 AM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <ebmail1.eastbrooknt.eastbrookhomes.com #4.4.7>

We appear to be receiving all inbound mail without difficulty.

Our configuration is as follows:

Single Exchange Server 2003 (mail.eastbrookhomes.com 12.229.68.25) routing to a Postini SmartHost (outbounds7.obsmtp.com)
Mx records point to Postini servers:
10      eastbrookhomes.com.s7a1.psmtp.com            64.18.6.14
20      eastbrookhomes.com.s7a2.psmtp.com            64.18.6.13  
30      eastbrookhomes.com.s7b1.psmtp.com      64.18.6.11
40      eastbrookhomes.com.s7b2.psmtp.com      64.18.6.10


I have used several tools to verify that we are not on any known blacklists

I was able to send a message successfully via telnet to live.com from the mail server

I tried removing postini as the outgoing smarthost with no change.

Please advise.
Comment
Watch Question

Commented:
Smart host configuration?
I have had this similar issue where I was not able to send emails to hotmail
What we tried adding smart host for our ISP and it didnt work
It coming back with message saying it rejected the email
So in order to test we tried sending through our servers and it went OK
Luckily We had to change ISP after couple of weeks and with new ISP everything went smoothly

Hope this information helps

Regards
Munish
TimIT Director

Author

Commented:
dexIT:  Not very many options to set on the postini side of things.  It is configured to accepted SMTP from our server's ip (12.229.68.25) which is also the reinjection server.  It is also configured for smtp only (no tls settings).  Is this what you meant?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Please have a read through my article about problems sending mail to one or more domains, check
you are not blacklisted, not badly configured and if you are, rectify the situation and your mail
should flow:

http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Problems-sending-mail-to-one-or-more-external-domains.html
TimIT Director

Author

Commented:
alanhardisty:
Great article - I bookmarked it for future reference.  It appears, however, that I have everything configured correctly.  The part that I am not sure of relates to the ptr records.  We use postini for filtering inbound mail so we fall into the category of having separate inbound/outbound ip's.  The ptr for my server address (12.229.68.25) does exist and points to mail.eastbrookhomes.com.  The mx record can be seen in my original post and points to the postini servers.

What about the FQDN?  On the exchange box the FQDN is set to the the specific server name on our network (ebmail1.eastbrooknt.eastbrookhomes.com).  Is this correct?  Please see attached image.

Thank you for your help.

outbound.JPG
Alan HardistyCo-Owner
Top Expert 2011

Commented:
It sounds like you need to change the FQDN of your mail server to mail.yourdomain.com from ebmail1.eastbrooknt.domain.com.

Change that and try sending to the problem domains.
TimIT Director

Author

Commented:
What do you make of this?

This is the response I received back from Microsoft Hotmail support:

Hello Tim,
Thank you for writing to Windows Live Hotmail Domain Support. My name is Imee and I will be assisting you today.
Messages from your IP (12.229.68.25) are being filtered based on the recommendations of the SmartScreen filter. This is the spam filtering technology developed and operated by Microsoft.
Enrolling your IP address to our Junk Mail Reporting Program (JMRP) should help avoid common deliverability issues. This program is in place to help legitimate companies deliver their email messages to Hotmail users.
I would strongly suggest for you to enroll to our JMRP - Enrollment with this free program will benefit you as a sender as it will keep your email lists updated and populated with interested Windows Live Hotmail Customers. This program will help you to remove those Windows Live Hotmail Customers who do not want to receive emails from your company. Please visit http://support.msn.com/eform.aspx?productKey=edfsjmrpp&page=support_home_options_form_byemail&ct=eformts
After you have taken steps to enroll in JMRP, please contact us again so we can assist you further. Please include the SRX number you were given after you complete the enrollment.
For more detailed information about best practices delivering to Live Hotmail, please review the following white paper: http://download.microsoft.com/download/e/3/3/e3397e7c-17a6-497d-9693-78f80be272fb/enhance_deliver.pdf 
I hope that the information that I have provided to you has been helpful. You may also be able to find additional information on common delivery questions at the Hotmail Postmaster Site found at http://postmaster.msn.com/
Sincerely,
Imee
Windows Live Hotmail Domain Support
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Hmmmm - do you send out bulk mailings from your server?
TimIT Director

Author

Commented:
We do not, however, I am sure that some of our employees use there own distribution lists for mailings they send.  We use a service (iContact or MailChimp) for subscription-based mail (which are not frequent).
TimIT Director

Author

Commented:
I have since received this message after submitting my spf record to Microsoft to receive a SenderID.  Look at the suggestion about not recommending a ptr.  I thought you were supposed to have a ptr - this seems to go against everything else I have read.  Does anyone have any insight on this?

Hello,

Thank you for writing to the Sender ID Management Team. This is Shiony and I am responding to your request for the enrollment to the Sender ID program. I appreciate your interest in joining this program.
We have added your domain to the Sender ID program.  This may take up to 2 business days to be fully replicated in our systems.  If you have any questions regarding this please let me know.
We reviewed your SPF record and note that it includes the "ptr" or reverse DNS lookup mechanism.  The specification for SPF records (RFC 4408) discourages use of "ptr" for performance and reliability reasons.  This is especially important for Windows Live Mail, Hotmail and other large ISPs as a result of the very high volume of mail we receive each day.   We highly recommend you remove the "ptr" mechanism from your SPF record and, if necessary, replace it with other SPF mechanisms that do not require a reverse DNS lookup, such as "a", "mx", "ip4" and "include."  This will help ensure that Sender ID validation is performed as accurately as possible, maximizing your email deliverability while protecting your domain from spoofing.  
You do not need to notify us when you make this or any revision to your SPF record since we will automatically pull the current record from the DNS daily.  Thanks again for your support in improving online trust and confidence.
You can find technical information on the Sender ID program at
http://www.microsoft.com/senderid 

Regards,

Shiony
Sender ID Management Team

Thank you all for your help thus far!
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Any reason why you contacted Microsoft for SPF?
You can use the tool at:
http://old.openspf.org/wizard.html
That should ask all the right questions and provide you with a suitable SPF record.
TimIT Director

Author

Commented:
I am still struggling with this issue when sending to many different domains.  Microsoft placed me (finally) on their mitigation list and supposedly I am able to send successfully to their domains but this seems to have set off a firestorm of other domains that are problematic.

There are two things that I can see as potential problems.  1) The AHBL is waging war on GoDaddy which is where our website is hosted.  See this article for more info:  http://www.godaddyignoresabuse.com/  there is nothing I can do about this and it is only my web hosted there.  2) My SMTP banners do not match my rdns.  This is because I use postini for spam/virus filtering.  Should this be a problem?  Is there any way I can get around this and still use a third party for filtering?

Alan, I didn't contact Microsoft for spf.  They made recommendations to me during this whole process including submitting my spf to them for approval and inclusion on their mitigation list.  I actually did use the spf wizard to make check my settings.

DOES ANYONE SEE SOMETHING THAT I HAVE MISSED???

Thanks.
IT Director
Commented:
The problem appears to be solved.  Thank you all for your suggestions and interaction but we were barking up the wrong tree.  It seems that the problem was with EHLO vs HELO on the exchange server.  Here is a kb article that provided a work around http://support.microsoft.com/kb/818222/  I have no idea how or why it became an issue all of a sudden but by using HELO instead I am able to send to all domains.  Thanks again.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Very Random - but glad it is resolved.