From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal@2rosenthals.com HELO [192.168.100.19]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 12901341 for ecs-isp@2rosenthals.com; Thu, 24 Apr 2025 14:37:13 -0400 Subject: Re: [eCS-ISP] Trouble getting mail delivered to Office365 (outlook.com), ProofPoint, and Barracuda protected domains To: eCS ISP Mailing List References: Organization: Rosenthal & Rosenthal, LLC Message-ID: <680A84D5.7010805@2rosenthals.com> Date: Thu, 24 Apr 2025 14:37:09 -0400 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Max... On 04/24/25 03:17 am, Massimo S. wrote: > > > Il 23/04/2025 21:03, Lewis G Rosenthal ha scritto: >> Hi, Max... >> >> On 04/23/25 01:28 pm, Massimo S. wrote: >>> Il 22/04/2025 22:50, Lewis G Rosenthal ha scritto: >>>> Hi, all... >>>> >>>> For the past few days, I've been dealing with an issue of mail from >>>> 2rosenthals.com apparenly getting blackholed by certain providers. We >>>> do not receive any kind of DSN. From all accounts, the email is going >>>> out for delivery and that's that. However, on the other end, recipients >>>> aren't seeing the messages, nor are they getting any kind of spam >>>> notification or other warning that a message could not be delivered. >>>> >>>> Affected domains seem to be hosted with a handful of providers, >>>> Office365 among them, which uses outlook.com. Naturally, I've checked >>>> both the outlook.com and live.com internal lists, and both show that >>>> neither of our IPs is listed. >>>> >>>> Other MXs which seem to be behaving similarly are: >>>> >>>> gpphosted.com (ProofPoint) >>>> barracudanetworks.com >>>> >>>> Multiple multiple-RBL checks come up clean for both IPs and our domain. >>>> SPF, DKIM, and DMARC configurations all look fine (read: pass specific >>>> checks by various third parties, including mxtoolbox.com). >>>> >>>> Mail flows without incident to gmail.com and yahoo.com. >>>> >>>> Is anyone else seeing anything like this? >>>> >>>> TIA >>> >>> Hi Lewis, >>> >>> yes, since i use Weasel as MTA and some european domain is start to >>> refusing SMTP plain, >>> they only accept STARTTLS. >>> >>> Anyway Peter plans to add TLS in the next months. >>> >>> Here i had to use external SMPTs as intermediary SMTP to keep on >>> receiving emails >>> from this domain. >>> >> >> STARTTLS has been enabled at the firewall for years, requiring a minimum >> of TLS v1. I just bumped that up to 1.2, in case that was some cause for >> concern (though I don't see why; negotiation always takes place at the >> highest level agreed upon by both parties). >> >> I've also disabled outbound AV and spam scanning (I already added >> affected domains to the list to skip adding the "Scanned by..." footer), >> just to exclude any additional headers which may be misconstrued. >> >> So far, no positive results sending to domains hosted behind outlook.com >> (and I have not re-tested the others, as yet, except to confirm that we >> are getting through Barracuda's scanners). > > that's strange > > here my emails sent to my outlook account or to other ppl/firms emails > using 365 > arrive directly into the inbox folder > > i had an issue in the past that they were being put in the spam folder > since i had a problem the reverse zone on bind > > anyway there is an MS website to test this kind of issues that may help you > > https://testconnectivity.microsoft.com/tests/O365InboundSmtp/input > That's an interesting link, however, I think what it wants to test is an email address from a domain hosted behind Microsoft's servers. My 2rosenthals.com address failed with the following explanation about my MX: MX Records don't exist or aren't correctly configured for your domain in Microsoft 365. The MX value 'secmgr-va.2rosenthals.com' doesn't match one of the allowed values: mail.eo.outlook.com, mail.protection.outlook.com, mail.messaging.microsoft.com, invalid.outlook.com, mx.microsoft Clearly, my MX will never be any of those "allowed values." I don't see another tool there which would let me test an outside sender's address against a recipient on Office365 for Business (i.e., one of their hosted domains). I'll add the link to my bookmarks, though. Thanks for that. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------