1

We are having issues with our maling list, we are using MailMan, a piece of log that i thought it might help in tracking the issue,

Multiple lines like the following:

(lost connection with mx1.hotmail.com[65.54.188.110] while sending MAIL FROM

Then at the end the following is received:

(host mx1.hotmail.com[65.55.92.136] said: 550 SC-002 (SNT0-MC1-F20)

Checking that error message means: 

SNT0-MC1-F20

Mail rejected by Outlook for policy reasons. The mail server IP connecting
to Outlook has exhibited namespace mining behavior.

I have tried to check if there is something wrong with our dns record, one thing i have noticed is that:

mail.example.com is a CNAME to example.com and example.com 
is an A record to server ip.

I have mentioned here hotmail as an example of the servers we are trying to connect, some of these servers succeed, unfortunately most of them fails [i guess the ones that checks well before the receiving an email.]

Please suggest any idea that you might thing could be the cause, Could be the DNS record issue i mentioned be the cause? Also please note that we already have a PTR rescod for the mail server IP.

Other logs:

 Dec 18 10:15:44 mail postfix/smtp[688]: D9FC3E000E0: to=<info@example.org>, relay=none,
 delay=319639, delays=319597/0.28/42/0, dsn=4.4.1, status=deferred (connect to
 mailbk.example.org[x.x.x.x]:25: Connection timed out)

 Dec 18 10:15:44 mail postfix/error[846]: 87571E000D7: to=<info@example.org>,
 relay=none, delay=332315, delays=332272/43/0/0.13, dsn=4.4.1, status=deferred
 (delivery temporarily suspended: connect to mailbk.example.org[x.x.x.x]:25:
 Connection timed out)
MohyedeenN
  • 1,035
  • 1
  • 12
  • 14
  • It will be easier to answer this if you tell us your source IP, as well as the destination one, so we can run it past the many RBL checkers in case one of them has any light to shed on why their outlook thinks this. It may not be a decision they've reached themselves. – MadHatter Dec 18 '13 at 08:44
  • If you don't want to post the source IP here, you can check it against various blacklists at http://www.spamhaus.org/ . They also have information about how to get removed. – Jenny D Dec 18 '13 at 17:01
  • yes i guess it's not a good idea to expose private server ip. – MohyedeenN Dec 18 '13 at 18:51

1 Answers1

3

Your DNS records have nothing to do with it. The error message talks about "mining behaviour" - this is a method used by spammers trying to verify recipient addresses by making a lot of simultaneous connections, or by sending a mail to a lot of different users and then collecting the responses from the mail server. So what happens is that when you send a mailinglist mail that has a lot of hotmail recipients, then hotmail can't distinguish it from actual spam and so they reject the mail.

I'd advise you to start by contacting hotmail directly; a web search for "hotmail deliverability support" should point you in the right direction.

You could also take a look at queue shaping to limit the number of concurrent delivery attempts specifically to hotmail. There are instructions for how to do that at the postfix documentation site; while it talks about backlogs, it's equally useful to this situation. The basic steps for postfix 2.5 are:

In master.cf you set up a separate service for hotmail, like this:

# service type  private unpriv  chroot  wakeup  maxproc command
hotmail   unix     -       -       n       -      5    smtp

Add that transport to the domain hotmail.com in /etc/postfix/transport:

hotmail.com  hotmail:

In main.cf, configure the transport map and set cohort limits:

transport_maps = hash:/etc/postfix/transport
hotmail_destination_concurrency_failed_cohort_limit = 100
hotmail_destination_concurrency_limit = 5

For more information, and for the configuration for previous postfix versions, please look at the postfix documentation site.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • Thanks, i thought it's related cause it does not only happen to hotmail, it happens to other mail servers and most of them return 550 error. I will try to contact hotmail support now. Thanks again. – MohyedeenN Dec 18 '13 at 08:45
  • Are the other mail servers also part of Microsoft's email services? If so, I'd just add them to the transport map with the same setting, i.e. `othersite.com hotmail:` If not, there may be different reasons for the rejection; it would help if you'd post the log lines for those rejections as well. – Jenny D Dec 18 '13 at 08:50
  • i have added other logs at the end of the question, most logs are the same, connection time out. – MohyedeenN Dec 18 '13 at 09:01
  • A timeout is an entirely different thing. It means that the server you're trying to send to isn't answering at all, and your server will try to send the email again later. I think it would be useful for you to read a little about how email connections and error messages work - a good place to start is http://email.about.com/cs/standards/a/smtp_error_code.htm – Jenny D Dec 18 '13 at 13:41