I've written some software that operates a non-commerical contact list for clubs, where the server sends out admin mails to the entire club. The emails are received Ok on Yahoo, gmail, and AOL, but are silently thrown away by hotmail and outlook. They don't end up in the recipient's spam folder, and they're not bounced - they're literally just dumped.
I've spent hours on this, and I'm getting nowhere fast. Any suggestions on how to proceed, and what to look at next? What I know so far is:
- The emails pass SPF
- The emails pass DKIM
- The hostname of the sending machine is
griffon.foo.org, and this
ends up as theReturn-Pathin the headers below (presumably
sendmail sets the envelope sender to the hostname). The originating
IP is identified as1.2.3.4, and a DNS PTR lookup on1.2.3.4
returnsgriffon.foo.org - There's no A record for
griffon.foo.org, and the A record forfoo.orgreturns2.3.4.5, not1.2.3.4. Is this the problem? - There's a slight mismatch between the email body
Fromheader, and
theReturn-Path:Fromis, in general,me@baz.foo.org This is a new server, sending out occasional low-volume mails, and I
can guarantee that no-one has ever marked an incoming mail as spam.
mxtoolbox.com doesn't show1.2.3.4on any blacklists, and shows2.3.4.5on one list out of 88 (both are on the same machine)The Microsoft servers accept the emails from sendmail, and responds
that they are queued for delivery. It then just ignores them.
So it looks like it might be (4), but the MX records for foo.org must point to 2.3.4.5, for complex reasons. Any ideas? I've attached a set of headers received at Yahoo below. Thanks.
From me@foo.org Wed Mar 25 17:28:23 2015
X-Apparently-To: a.a@yahoo.co.uk; Wed, 25 Mar 2015 17:28:32 +0000
Return-Path:
Received-SPF: pass (domain of griffon.foo.org designates 1.2.3.4 as permitted sender)
X-YMailISG:
X-Originating-IP: [1.2.3.4]
Authentication-Results: mta1045.mail.ir2.yahoo.com from=foo.org; domainkeys=neutral (no sig); from=foo.org; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO griffon.bar.com) (1.2.3.4)
by mta1045.mail.ir2.yahoo.com with SMTPS; Wed, 25 Mar 2015 17:28:32 +0000
Received: from griffon.foo.org (localhost.localdomain [127.0.0.1])
by griffon.bar.com (8.13.8/8.13.8) with ESMTP id t2PHSNVN016920;
Wed, 25 Mar 2015 17:28:24 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=foo.org;
s=default; t=1427304504;
bh=0TWfPqbvd2nyKtZkN+npokT1bvLtCD0MomG/Bd1zU8g=;
h=Date:To:From:Subject;
b=ZcSVHGuzxcBk8He2hzjT6t8gl9hT0cxUsGf7vNcsnF8S+OfNmZ+XuE240+v7JDNe+
IArMT87aIuLNIp8A1CMOelWvEm7KKdYWKoCy/CDfbe4mcEfu2kWNteai4/5yExPewv
gFV6OOYAv7uKYd44UjMhuWCZ8qqxD2WZROUeoN2E=
Received: (from me@localhost)
by griffon.foo.org (8.13.8/8.13.8/Submit) id t2PHSNSu016919;
Wed, 25 Mar 2015 17:28:23 GMT
Date: Wed, 25 Mar 2015 17:28:23 GMT
Message-Id: <201503251728.t2PHSNSu016919@griffon.foo.org>
To: f.a@outlook.com, a.a@yahoo.co.uk, b.a@aol.co.uk,
l.b@gmail.com, l.b@hotmail.com
From: me@foo.org
Subject: Test all (31)
Content-Length: 14
Answer
I fixed this by adding a new high-cost MX record for the domain at 1.2.3.4, which pointed to the mail server for 2.3.4.5. This ensures that the reverse DNS matches the forward DNS. This is basically a quick fix to get around the sendmail issue below.
I did find out some useful stuff about Hotmail and Outlook along the way, and what causes mails to be dumped. In my case, the underlying problem was related to how sendmail identifies itself, but this may be useful to anyone else coming this way. Note that DKIM is irrelevant (you can be delivered and get through spam testing without DKIM), and I didn't have to register with Microsoft.
1 - sendmail sets the SMTP 'MAIL FROM' to the user at the current
hostname; ie. me@griffon.foo.org (this is what you see in the Return-Path)
2 - hotmail and outlook will then do a reverse/PTR lookup on the connected IP address, and will silently dump the mail if it doesn't get back to the MAIL FROM domain name
3 - hotmail/outlook will then do an MX lookup on the 'From' server
named in the last 'Received' header. If this doesn't match the MAIL FROM domain, the email is dumped
That seems to be it. (3) was causing my problem. sendmail uses gethostbyname to set the 'From' name, although it uses the current hostname to set MAIL FROM. I would have expected gethostbyname just to do a PTR lookup and get the right answer, but it was returning an old FQDN. Don't know why - possibly cacheing issues - but the new MX record fixes it for the moment.
No comments:
Post a Comment