On Tue, May 10, 2016 at 10:08:27AM +0000, Mutschlechner, Andreas wrote:
My client and me can send email to everyone, ONLY OUTLOOK.IT and HOTMAIL.COM do NOT accept email from my server, because MS believes it can impose their strandads over anyon. Just because of MS, my client can't send emails to some of his clients and I am loosing (unpaid) time fiddling around how to configure SPF with tinydns.(ok, at least I learn something new)
You know, I'd try to keep your rants at a technical level. At this pace your obsession with Microsoft as the only evil guy in the room, is weakening every single post of yours.
In any case, this is pretty standard stuff that happens all the time if you administered a mail server long enough. Folks block you, you make sure you are setup correctly and are able to prove it and you tell it to said folks. Being a little fish you will be in a weakened position. News at 11.
I have done this with multiple servers and you just follow the procedure with Microsoft to unblock you (make sure you describe your setup) and they unblock you in a very short time. I have never been blocked again. And if you think about it, their position is completely reasonable given that your server is @ Hetzner which provides cheap hosting. I am sure that more than the occasional spammer took a server there from time to time.
ps. Once you manage a mail server for long enough you will realize that this happens with quite a few providers (especially the less clued ones) and that Microsoft is not particularly special in this case.
On 2016-05-10 11:38, Mutschlechner, Andreas wrote:
Remote host said: 550 SC-001 (BLU004-MC1F4) Unfortunately, messages from 5.9.79.211 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
Your IP doesn't seem to be listed at public black lists, http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a5.9.79.211 Your domain proteus.otetto.org resolves nicely (and back), and as far as I could see, SPF is fine too.
It appears that they have blacklisted your IP address or a netblock containing your address. How long have you had this address? Is it possible that the previous owner was a spammer (or had his server taken over by spammers)?
I'm afraid there is not much you can do apart from asking Microsoft nicely to unlist your IP or you need to change IP address altogether... Failing that, could you try connecting over IPv6 to that server and see if this works? If that works and you fancy the extra configuration you could manually force a IPv6 connection for certain domains (not even sure this is configurable).
Thomas
On Tue, May 10, 2016 at 01:24:40PM +0000, Mutschlechner, Andreas wrote:
@Michele Baldessari: Hetzner might be cheap, but I get a technical infrastructure and service I don't know where to get elsewhere in Europe, or do you know I an ISP I can have an own server, and, if I fail to configure firewall rules and lock me out, I can reboot my server in rescue mode, login as root, mount the harddisks and fix the errors. You were true, the MS reacts quickly, and here's their response, which a lot of technical details and helpful hints how to proceed, seriously?
Please don't reply to my mail in another mail. That's bad netiquette
The point here has nothing to do with cheapness or not of the service. It has to do with the fact given that it is an ISP with a fairly low entry barrier, it is more likely to be the source of spam hosts, so it is hardly a call for "Life could be so easy without MS". As a matter of fact I run one of my mailservers @ hetzner.
Getting this server off the blacklist was a matter of a one step procedure which was resolved within a day.
On Tue, May 10, 2016 at 04:26:17PM +0000, Mutschlechner, Andreas wrote:
On 05/10/16 16:09, Michele Baldessari wrote:
Getting this server off the blacklist was a matter of a one step procedure which was resolved within a day.
well then, sharing a link How To Do would be helpful, not? or do you mean, now I have to register on live.com and/or make a Return Path certification?
Second google hit: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&am...
NB.: The more clear proof you bring to the table, the better.
What will be the impact of free, unobserved email communication, if mail providers start to use proprietary third party databases for spam checking? greylisting, isn't a well working solution?
No greylisting does not always cut it, you do need to blacklist certain IPs from time to time. Some folks use third party lists, which have problems on their own as you're effectively delegating the decision about receiving your mail to others, some manage their own list. Point being, if you send enough mail from your server, chances are this will happen again and you'll need to work on it no matter who is blocking you.
On Wed, May 11, 2016 at 09:56:00AM +0000, Mutschlechner, Andreas wrote:
On 05/11/16 06:29, Michele Baldessari wrote:
On Tue, May 10, 2016 at 04:26:17PM +0000, Mutschlechner, Andreas wrote:
On 05/10/16 16:09, Michele Baldessari wrote:
Getting this server off the blacklist was a matter of a one step procedure which was resolved within a day.
well then, sharing a link How To Do would be helpful, not? or do you mean, now I have to register on live.com and/or make a Return Path certification?
Second google hit: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&am...
Michele? Do you really think I don't know how to google and that I get the same results from google as you? I rarely use google, but http://duckduckgo.com or http://ixquick.com
You asked a question, I answered how I solved it when it happened to me. Feel free to use it or feel free to ignore it.
sorry, can't resist to bash on the Linux community, that nobody shouts, that Linux isn"t running under windows, but just the gnu userland utilities (but most Linux users probably don't know the difference between a kernel and a operating system ;) )
-ENOPARSE here sorry.
On Wed, May 11, 2016 at 01:51:05PM +0000, Mutschlechner, Andreas wrote:
On 05/11/16 12:18, Michele Baldessari wrote:
You asked a question, I answered how I solved it when it happened to me. Feel free to use it or feel free to ignore it.
Compare your answer with the answers Thomas gave and guess from whom I learned more?
I'll repeat, feel free to ignore some answers. I showed you how I solved the very same issue you made a fuss about. Not sure what you complain about here, really.
sorry, can't resist to bash on the Linux community, that nobody shouts, that Linux isn"t running under windows, but just the gnu userland utilities (but most Linux users probably don't know the difference between a kernel and a operating system ;) )
-ENOPARSE here sorry.
Instead of an ENOPARSE, I'd answer:
I can't answer a phrase that makes little sense in English. But since it seems now to me that it is some rant of yours, we can just skip ahead and leave it at this.
On 2016-05-10 14:24, Mutschlechner, Andreas wrote:
It is true, that I quite recently switched servers, still, the problem so far is only with the MS mailservers, which even on a technical level is for un-understandable for me, since DNS, MX, A records all point to 5.9.79.211 sa
There many ways to set the DNS up. When sending mail, the SMTP server should announce itself with a fully-qualified domain name, which ideally is the same as the reverse look-up of its IP. This appears to be the case for your server. The only (slightly confusing) thing is that the MX name is a completely different name, but that should not cause any problem.
You might want to consider to use the 'a' or 'mx' setting in your SPF record instead of a hard coded IPv4 address. If you enable IPv6 in future or get a new IP address assigned then you don't have to update SPF.
If MS anti-spam gets upset 'coz, of my letsencrypt certificates, or that the mailservername != mx name, then I can only say, Goodby, free and reliable, best effort Internet.
Does it? I'm using a Let's Encrypt certificate for SMTP and never had any problems sending to a @hotmail.fr address, for example. FWIW, your SMTP server does not use a Let's Encrypt certificate, it uses a self-signed certificate which does obviously fail validation. Don't know if some mail servers reject incoming mails because of that.
As mentiond above, mailservername != mx name should not be a problem. But mailservername != reverse IP look-up might be.
Cheers Thomas
On 2016-05-10 20:32, Mutschlechner, Andreas wrote:
I am using tinydns as DNS server software, which defaults to a.ns.DOMAIN a.mx.DOMAIN and configuring spf entries is a bit..uhm
I don't bother running a DNS server and let the registrar do this for me, but then again I'm only controlling a handful of domains with even fewer email users.
Sites like https://www.senderscore.org/ requiring registration I do not like much, as I don't like the idea that (not only a) third party controls email flow even through hubs.
This service sounds a bit like snake oil to me. I guess if you have a working postmaster@ address and keep an eye on the mailer log (e.g. via one of the many log monitors/analysers) then you'll go a long way.
If you want feed-back, have a look at DMARC. This allows you to get regular summary emails from most big email providers about accepted and rejected mails from your domain (from your server and from spammers trying to impersonate your server). But you'll need to post-process the reports: the reports are too many, in XML format and a pain to read.
Thomas
-
Michele Baldessari -
Thomas Pircher