All mail to hotmail / outlook.com blocked from main IP

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
Very recently my user's have been getting bounces from all mail sent to any hotmail.com or outlook.com email address. Seems the server's main IP is on their block list for some reason.

Below is an example of the bounce messages being received. I have tried figuring out what the issue is but it is going over my head (even though the bounce is probably telling me exactly what to do). I was thinking that it might be a RDNS issue (and it still may be) but I am totally at a loss.

Can someone please point me in the right direction in DFU terms?

Thanks!

__________________________________________________________________________

Code:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

[email protected]
host hotmail-com.olc.protection.outlook.com [104.47.14.33]
SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=101791:
550 5.7.1 Unfortunately, messages from [my.server.main.ip] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to Troubleshooting. [VI1EUR04FT030. eop-eur04.prod.protection.outlook.com]
__________________________________________________________________________
 
Last edited by a moderator:

HostSane

Member
Nov 26, 2018
17
4
3
Mumbai
cPanel Access Level
Root Administrator
The error message clearly states that the part of the server provider's network is on Hostmail's block list and hence the emails are not getting delivered.

Make sure you have created RDNS for the mail server's hostname , Domain keys and SPF records are there.
 

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
I AM the service provider. The bounced emails are some that one of my hosting clients is getting.
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
I AM the service provider. The bounced emails are some that one of my hosting clients is getting.
You need to open a ticket with Microsoft. https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

As much of a pain in the ass it is, they are pretty good about handling it. You should also have a Live account and sign up for SNDS (Smart Network Data Service) and JMRP (Junk Mail Reporting Program). I'm pretty sure that once you open a ticket and they follow up with you, they will mention those things.

Mike
 
  • Like
Reactions: cPanelMichael

baronn

Member
Dec 27, 2017
24
6
3
manchester
cPanel Access Level
Root Administrator
As much of a pain in the ass it is, they are pretty good about handling it. You should also have a Live account and sign up for SNDS (Smart Network Data Service) and JMRP (Junk Mail Reporting Program). I'm pretty sure that once you open a ticket and they follow up with you, they will mention those things.
FYI here is the URL to the SNDS network: Smart Network Data Services you can also try proofpoint which is normally used with the 360 services to ensure your not blocked there either: Home | Proofpoint Dynamic Reputation - IP Lookup
 

baronn

Member
Dec 27, 2017
24
6
3
manchester
cPanel Access Level
Root Administrator
@PCZero,

Id also further add that you ensure your SPF and DKIM records are setup correctly and test those with any of the following:
DKIM record Checker | Test your DKIM record - DMARC Analyzer
DKIM, SPF, and Spam Assassin Validator - dkimvalidator.com
DKIM Inspector - dmarcian

then test an email using: Tools - mail-tester.com

id also implement the DMARC tag in your dns so that you can monitor whats going on with your emails and enable reporting. You can create your tag manually Build Your DMARC Record in 15 Minutes | Return Path OR using this service: DMARC | Proofpoint

as a last step whiclst your at it have you added your domains to Google's postmaster tools: Postmaster Tools - Gmail Help

All that will give you the most comprehensive analysis on what external providers are doing with your emails.

@cPanelMichael apologies if i have covered some stuff referenced in the link you provided...
 
  • Like
Reactions: cPanelMichael

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
LOL I don't think I have ever had so much info provided for an issue I am having., Thanks for all the help. Let me digest all of this and get rolling on it. I have already opened the ticket with Microsoft and received the reply that appears to indicate they are working on this.

FYI proofpoint returns this:


Dynamic Reputation IP Lookup
Not Blocked
This IP address is not blocked.

So that looks good. Thanks for all the help so far. Hopefully this will get resolved quickly.
 
  • Like
Reactions: cPanelMichael

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
I have opened a case with Microsoft. Hopefully they will look into this and contact me with the steps to resolve the issue.

In the mean time, I do have two unused IPs assigned to this box. Is it possible to reconfigure the server to use one of those IPs as the main server IP? If so what are the steps to do so and would that at least temporarily address the issue since it is tied to the current server main IP?

Thanks everyone for the feedback.
 

webhostuk

Well-Known Member
Sep 11, 2013
150
16
68
UK
cPanel Access Level
Website Owner
Twitter
Setting up few things like SPF record, RDNS and DKIM should help you sent emails to Hotmail, incase your IP is not blocked at there end.

You can also change the email IP for your domain, if you have 2 IPS in /etc/mailips file.
 
Last edited by a moderator:

keat63

Well-Known Member
Nov 20, 2014
1,793
204
93
cPanel Access Level
Root Administrator
I went through something similar.
MS did after a few hours release my IP, but couldn't tell me what triggered it.
I did say that being the server owner, I need to know so I could put a process in place to prevent a future blacklist.
However, I just got the answer "we don't know"

Not much help really.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
In the mean time, I do have two unused IPs assigned to this box. Is it possible to reconfigure the server to use one of those IPs as the main server IP? If so what are the steps to do so and would that at least temporarily address the issue since it is tied to the current server main IP?
Hi @PCZero,

It might, depending on what policies Microsoft uses for detecting a blacklisted mail server. Instructions on how to do this are documented at:

How to Configure the Exim Outgoing IP Address - cPanel Knowledge Base - cPanel Documentation

See this note under the /etc/mailips section of the above document:

In the example above, the system uses the asterisk (*) entry to direct outbound mail for domains without entries within this file. In this case, this is your server's main shared IPv4 address. You can set this value to another IP address if you ensure that the asterisk entry in the /etc/mailhelo file uses the appropriate domain name.
Thank you.
 
  • Like
Reactions: PCZero

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
Setting up few things like SPF record, RDNS and DKIM should help you sent emails to Hotmail, incase your IP is not blocked at there end.

You can also change the email IP for your domain, if you have 2 IPS in /etc/mailips file.

1) Is this under WHM - Edit a DNS zone? Is the zone for the server hostname.doman.com the zone I want to look at?

I see the following there...

hostname. domain.com NS NS1.xxx.xxx
hostname. domain.com NS NS2.xxx.xxx
hostname. domain.com A main server ip
localhost A 127.0.0.1
hostname. domain.com MX hostname.domain.com.
mail CNAME hostname.domain.com.
www CNAME hostname.domain.com.
ftp CNAME hostname.domain.com.


In the zone for the actual domain that is bouncing I see all of those (for that domain) plus the following...
domain.com. TXT "v=spf1 +a +mx +ip4:184.172.200.131 -all"
default._domainkey TXT "v=DKIM1; k=rsa; p=Very/Long/Random/String;"


2) Let me ask this. I notice that under WHM - DNS Functions there is an option called Enable DKIM/SPF Globally. Reading the description this looks to perform a clean up of SPF and DKIM on any accounts that were built pre v62. Is this something that I should do and if so is there anything I should look (to ensure it is set correctly) at before performing this function?


Once again thank you for the patience and assistance. This is one area of my server where my knowledge is (at least) slightly lacking. I am doing my best to follow along and learn as I go.
 

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
Hi @PCZero,

It might, depending on what policies Microsoft uses for detecting a blacklisted mail server. Instructions on how to do this are documented at:

How to Configure the Exim Outgoing IP Address - cPanel Knowledge Base - cPanel Documentation

See this note under the /etc/mailips section of the above document:



Thank you.

Michael thank you for the reference. I think for now I am go to leave the IP assignment as is. I'd much rather fix the issue than cover it up (even if it does take a little more time and effort). As time progresses, if the situation changes and the IP change seems appropriate I will move forward.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
In the zone for the actual domain that is bouncing I see all of those (for that domain) plus the following...
domain.com. TXT "v=spf1 +a +mx +ip4:1.2.3.4 -all"
default._domainkey TXT "v=DKIM1; k=rsa; p=Very/Long/Random/String;"
This looks good. Those are the SPF and DKIM entries in the DNS zone for that particular domain. It shows DKIM/SPF are setup correctly, assuming the DNS for the domain name is hosted on the cPanel server.

2) Let me ask this. I notice that under WHM - DNS Functions there is an option called Enable DKIM/SPF Globally. Reading the description this looks to perform a clean up of SPF and DKIM on any accounts that were built pre v62. Is this something that I should do and if so is there anything I should look (to ensure it is set correctly) at before performing this function?
I recommend enabling DKIM/SPF globally for all accounts. This option will automatically configure DKIM and SPF for you, including the addition of the TXT entries in the DNS zones. No additional actions are required once you use this feature, unless the DNS for the domain name is handled by a remote DNS server.

An additional action you can take is to ensure a DKIM record is setup for the server's hostname. To setup DKIM for the server's hostname, see this thread. Also, make sure RDNS is setup for the server's main IP address pointing to the server's hostname. You'll need to have your provider/data center setup the RDNS record for you, as it's generally not possible to configure that on the individual server.

Thank you.
 

PCZero

Well-Known Member
Dec 13, 2003
695
85
178
Earth
Thanks Michael. I just started the global DKIM/SPF process. On a box with only about 35 accounts (all with just one domain otehr than a very few that have 2 or 3) how long does that process take to complete? I want to wait for it to finish before making any additional changes.

BTW I do want to thank you publicaly once again for the level of help you have given me since I have been here. I realize that some of the topics I needed help with were not even specifically cPanel related, but you have always gone out of you way to not only help me get the underlying issue resolved but also to make sure I have a comprehension of what the cause and the resolution were. "Teach a man to fish..." Thanks!
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Thanks Michael. I just started the global DKIM/SPF process. On a box with only about 35 accounts (all with just one domain otehr than a very few that have 2 or 3) how long does that process take to complete? I want to wait for it to finish before making any additional changes.
It should complete in under a minute. The process runs in the background, so you won't see a status update in the UI.

BTW I do want to thank you publicaly once again for the level of help you have given me since I have been here. I realize that some of the topics I needed help with were not even specifically cPanel related, but you have always gone out of you way to not only help me get the underlying issue resolved but also to make sure I have a comprehension of what the cause and the resolution were. "Teach a man to fish..." Thanks!
You're very welcome!