6

I have my website hosted at one location, on a server that also accepts email, and I use Google Apps for mail as my email provider. I've had no problems in the last 18 months, and no reports of email being lost.

This week however, someone using Hotmail has tried emailing me. 25-50% of the emails they send are returned to them, with a "550 relay not permitted" message.

My MX records are correct, and checking the Exim logs on my web server I see that Hotmail is trying to send emails to the A record, because this server can accept email. This appears to be a known problem with Hotmail.

As I can't disable the webserver from accepting mail from Hotmail (since other people use the web server as their email hosting), is there a solution?

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
PeterB
  • 619
  • 1
  • 8
  • 13

4 Answers4

16

Hotmail fails to use proper DNS rules. Hotmail will always try to deliver to the domain's A-record first and will ignore MX-records. If the domain A-record accepts a connection (eg. it runs a mailserver) it will try to deliver the email, which in most cases will not be an issue if the webserver and mail server are the same box.

However, if an domain uses a different mailserver Hotmail will still try to deliver mail to the domain's A-record. If the machine gives a 550 Relay denied Hotmail will fail to deliver the mail. It does NOT try the domain's MX-record.

THe only work around is to firewall port 25, so Hotmail is unable to connect to your port 25. If that fails hotmail will try to resolve the MX-records.

This has been an issue for years, but Hotmail is ignorant.

Tozz
  • 176
  • 1
  • 2
  • 3
    Do you have any references for this? It doesn't sound right at all. – Dan Jan 13 '12 at 13:26
  • 1
    @Dan http://www.windowslivehelp.com/thread.aspx?threadid=54f5abf2-d598-4704-a9a8-57095bd53896 Doesn't sound right, but that's what they do. –  Jan 13 '12 at 15:05
  • 1
    @Dan also here https://groups.google.com/a/googleproductforums.com/forum/#!category-topic/apps/mail-settings/Yd0JG0jRn7M –  Jan 13 '12 at 15:06
  • @sam the windowslivehelp link is bad. Would you search it out again and update the link please? Or try searching 'permitted to relay through this server' and see how many people are having trouble. – rleir Apr 26 '12 at 13:53
  • Blocking port 25 doesn't work for me, I'm on a shared hosting (Dreamhost) for the main site. Any other ideas? I removed my root A record and that works for mail, but now my root address doesn't resolve. Not sure which is worse to have. – James Hollister Jun 21 '12 at 03:48
3

Are you sure that your MX records themselves work consistently?

If for some reason Hotmail can't look up your MX records but can look up your A records, they'll try the latter.

Alnitak
  • 21,191
  • 3
  • 52
  • 82
  • Hmm, all the online services I tested were correct. However, pinging my nameservers, it turns out that the first server had disappeared offline and was no longer resolving - looks like I need a more reliable DNS provider. I've updated this and suspect it'll now work as expected. – PeterB Aug 04 '10 at 09:00
3

I highly recommend Google's CheckMX tool.

I've always wondered why some e-mails sent through Hotmail bounced, but this tool showed me an open port 25 on my Web server was what confused Hotmail. So even though it's Hotmail who is to blame, I closed the port and had no issues ever since.

Ruben Verborgh
  • 171
  • 1
  • 10
  • Just to be clear, the issue is with *hotmail*, NOT with opening your port 25. Mail servers that are configured by competent staff should not have this issue. – gparent Feb 05 '13 at 19:31
  • I understand, but I do want to receive mail from Hotmail users too, so closing that port on my Web server finally fixed those problems. – Ruben Verborgh Feb 05 '13 at 22:42
  • That's alright, I just found your post slightly misleading in that someone could believe the port caused the issue and not Hotmail's bad handling of MX records. – gparent Feb 06 '13 at 02:51
1

We had this problem too, with Hotmail ignoring MX records. But it seems that the failure was inconsistent. The servers listed below sometimes show up in our logs showing successful delivery, and other times show up in errors returned to senders.

  • blu0-omc2-s9.blu0.hotmail.com [65.55.111.84]
  • blu0-omc1-s12.blu0.hotmail.com[65.55.116.23]
  • bay0-omc4-s24.bay0.hotmail.com[65.54.190.226]
  • blu0-omc4-s25.blu0.hotmail.com[65.55.111.164]

We have solved the problems. They were due to a DNS server which was often not responding. (though it was at a large web hosting company). When we started using our own DNS service, the problem went away, and we have not seen any errors for a month now.

The 'accepted' answer above is incorrect: Hotmail does make correct use of MX records.

rleir
  • 372
  • 1
  • 7