Failed E-mails

[Mark_S]

Hi,
I'm still trying to work out what's actually changed or causing my server e-mail addresses to bounce back when sending to a msn / hotmail account.

Ive had some issues with my server from the install,
but i'm not sure if this is software or my server admin has a port blocked ?

My knowledge is limited,

Looking in the Exim Main Log file i can find these.

2007-06-14 13:15:48 1HyoEu-0005m2-MW <= [email protected] H=spc1-birk3-0-0-cust769.bagu.broadband.ntl.com (ak79d400max) [81.xxx.xxx.2] P=esmtpa A=login:[email protected] S=1534 id=008b01c7ae7d$927a92c0$55b2fea9@ak79d400max T="RE: [email protected] Contact Form - General" from <[email protected]> for [email protected]

2007-06-14 13:15:49 1HyoEu-0005m2-MW ** [email protected] F=<[email protected]> R=lookuphost T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=2611: host mx1.hotmail.com [65.54.244.8]: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to http://postmaster.msn.com. Please note: if you are an end-user please contact your E-mail/Internet Service Provider for assistance.

2007-06-14 13:15:49 1HyoEv-0005m5-Md <= <> R=1HyoEu-0005m2-MW U=mail P=local S=2907 T="Mail delivery failed: returning message to sender" from <> for [email protected]

2007-06-14 13:15:49 1HyoEu-0005m2-MW Completed

Going backwards in those logs it starts on the 12th (2 days ago)
That's the first refrence i can find.

If you can guide me how i can get more informtion.

Any idea's to its cause?
Or how to fix this ?

Centos 4.3
Exim 4.60

You can see that the e-mails are being sent from a local machine,
but if the same e-mail is sent via my ISP it arrives as expected.
Only the e-mail accounts on my server are effected / with at least 1 other user too.

Summary
e-mails sent from a server e-mail account are being bounced back as failed from MSN. Ive not idea how or why this may have begain?
From the same Local machine sending the e-mail to a msn account from my ISP e-mail account, woks fine. Only my server e-mail accounts are effected.

Help ?

 

[Mark_S]

If i'm in the wrong forum please move me.

Could my subnet be blocked for 2 days ?
I'm sending e-mails to datacentre etc awaiting replies.

 

[Mark_S]

Ive just sent off a support form to msn

http://support.msn.com/eform.aspx?p...=support_home_options_form_byemail&ct=eformts

awaiting a reply.

 

[Mark_S]

Seems my server IP was blocked as SPAM ?

Windows Live Hotmail because the traffic/e-mail originating from your IP matched characteristics of recent spam attacks from compromised, or 'zombie' infected, machines.



After reviewing the information you provided, we have taken steps to remove the block. This change should take effect within the next 24-48 hours.



In order to prevent this and future exploits of this nature, please verify that your MTA's are under your full control, the MTA has not been compromised, and that you are not unwittingly sending any spam.



We also suggest that you scan your computer to verify that there is no malicious software installed. You can obtain a free Windows Server or client PC scan by visiting: http://safety.live.com (or) http://www.microsoft.com/athome/security/downloads/default.mspx



More information about this exploit can be found here: http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm



Additional information on common deliverability issues and best practices can be found on the Windows Live/Hotmail Postmaster Site found at: http://postmaster.live.com/. You may also want to review our "Improving E-mail Deliverability into MSN Hotmail and Windows Live Mail" downloadable document available at: http://www.microsoft.com/safety/postmaster.

Hopfully help someone else too.

I asked for the header information so it could be checked,
but they dont keep it

I'm sorry but we do not keep a record of the zombie infected machines emails. Even if we wanted to the volume of mail we receive is too large to keep on file.

 

[nobaloney]

Yeah, this means you have to check your logs to see if it looks like it's sending spam, and check for rootkits, because if a server is rooted, you won't see anything in the logs.

Most often it's not anyone's fault. You should try to educate your users that if they forward email from their address on your server to their address on hotmail, then once it arrives at hotmail they must look for it and make sure it's marked as not spam even if it is because if they then start marking it as spam, hotmail looks at the headers and decides that spam is coming from your server.

Jeff

 

[Mark_S]

How could / would i check for rootkits?

The guy that hardened my server said (Root kits) there awaste of time,
and he's done it a better way ?

At $95 per hour it should be serving me tea also. (I was ripped off i think)

 

[rohit]

Mark, U can install rootkit for urself, its not hard

http://www.directadmin.com/forum/showthread.php?t=14500&highlight=install+rootkit