admin needed


We're trying to resolve some delivery issues reported by hotmail users.
Started happening a few weeks ago. Getting immediate NDRs, and the
server that is supposed to receive the email has no records of
attempts. The messages also don't match what the receiving server
should be sending. The server(s) listed in the MX should receive all
email without authentication, since it's a mail filtering service (Maxmail)


check the mail logs of your web-server, your domain might have a primary
A-record pointing to something different than MX-records. When the MX
servers do something like greylisting and bounce with a temp-code (4xx)
hotmail servers will try alternative records (like @ IN A) and might find a
listening mail-daemon at your webserver.

Falling back to A when there is an MX (especially after receiving any kind
of SMTP response from the MX) is an RFC violation by the way (rfc 5321
section 5.1)

Even then - this doesn't appear to be the case. The bounce below was
generated entirely within Hotmail. From SNT133-WS53 (a hotmail webserver)
to - which I believe is part of their
outbound mail farm. That's where the bounce was generated.

"Requires authentication" might be because whatever domain is being sent to
was originally hosted on hotmail, and set to require authentication to
relay out through hotmail's servers.



The affected domains have never been on hotmail, etc. We've actually
held this domain/hosting for the past 14+ years on this particular
domain. Yes, there is an RFC violation, and it's apparently due to the
greylisting feature from the spam filtering.

Carlos M. Perez
Runcentral, LLC


I think this is exactly what is going on. The domains that are having
issues have greylisting on with the spam filtering service and are
hosted on a farm of hosting servers. We have blocked port 25 on the
main hosting IP of the web server, and moved the built in mail server to
listen on another IP. This appears to be working, or at least has been
for almost 12 hours.

The real question is why is hotmail/live the only system that apparently
does this; which seems to be in contradiction to RFC, and how everyone
else does it. The one thing that MS chooses to be different with...


Carlos M. Perez
Runcentral, LLC

"authentication required" is a bizzarre error to return.

Does it go away if you actually turn off graylisting for hotmail?

As mentioned before, check the mail-logs at your webserver, you'll find this
"authentication required" message logged there as response to the hotmail
servers trying to relay mail to that webserver.

It's fairly normal error from an Exchange server when the client is trying
to relay to a domain that the server doesn't host and when the server
doesn't allow the client to relay. Sounds like an internal
misconfiguration in this case.




We're trying to resolve some delivery issues reported by hotmail users.
Started happening a few weeks ago.


Reporting-MTA: dns;
Received-From-MTA: dns;SNT133-W53
Arrival-Date: Mon, 22 Oct 2012 14:09:49 -0700

Final-Recipient: rfc822;
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550 authentication required

Just to be sure, have you checked the error code you are receiving
against the list at and, if
you are following the policy on that page and have a correctly
configured server, filled in the postmaster contact form at
MSN Explorer help - Microsoft Support ?

As the site says "If automation can determine [the IP range] to be
eligible, the IPs may be mitigated. If not, the response will provide
information about the status of the IPs and a link to report this to
our Deliverability Support Staff who can than further investigate your
issue. This team is available 24 x 7."