From: "Massimo S." <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] Trouble getting mail delivered to Office365
 (outlook.com), ProofPoint, and Barracuda protected domains
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-12871091@2rosenthals.com> <list-12900064@2rosenthals.com>
 <list-12900221@2rosenthals.com> <list-12900724@2rosenthals.com>
 <list-12901342@2rosenthals.com>
Organization: Massimo S.
Message-ID: <a43dae51-95f8-6da1-6882-d04d64cd15c5@ecomstation.it>
Date: Thu, 24 Apr 2025 20:52:57 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-12901342@2rosenthals.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: it
Content-Transfer-Encoding: 8bit



Il 24/04/2025 20:37, Lewis G Rosenthal ha scritto:
> Hi, Max...
> 
> On 04/24/25 03:17 am, Massimo S. wrote:
>>
>>
>> Il 23/04/2025 21:03, Lewis G Rosenthal ha scritto:
>>> Hi, Max...
>>>
>>> On 04/23/25 01:28 pm, Massimo S. wrote:
>>>> Il 22/04/2025 22:50, Lewis G Rosenthal ha scritto:
>>>>> Hi, all...
>>>>>
>>>>> For the past few days, I've been dealing with an issue of mail from 2rosenthals.com apparenly getting 
>>>>> blackholed by certain providers. We do not receive any kind of DSN. From all accounts, the email is going 
>>>>> out for delivery and that's that. However, on the other end, recipients aren't seeing the messages, nor 
>>>>> are they getting any kind of spam notification or other warning that a message could not be delivered.
>>>>>
>>>>> Affected domains seem to be hosted with a handful of providers, Office365 among them, which uses 
>>>>> outlook.com. Naturally, I've checked both the outlook.com and live.com internal lists, and both show that 
>>>>> neither of our IPs is listed.
>>>>>
>>>>> Other MXs which seem to be behaving similarly are:
>>>>>
>>>>> gpphosted.com (ProofPoint)
>>>>> barracudanetworks.com
>>>>>
>>>>> Multiple multiple-RBL checks come up clean for both IPs and our domain. SPF, DKIM, and DMARC 
>>>>> configurations all look fine (read: pass specific checks by various third parties, including mxtoolbox.com).
>>>>>
>>>>> Mail flows without incident to gmail.com and yahoo.com.
>>>>>
>>>>> Is anyone else seeing anything like this?
>>>>>
>>>>> TIA
>>>>
>>>> Hi Lewis,
>>>>
>>>> yes, since i use Weasel as MTA and some european domain is start to refusing SMTP plain,
>>>> they only accept STARTTLS.
>>>>
>>>> Anyway Peter plans to add TLS in the next months.
>>>>
>>>> Here i had to use external SMPTs as intermediary SMTP to keep on receiving emails
>>>> from this domain.
>>>>
>>>
>>> STARTTLS has been enabled at the firewall for years, requiring a minimum of TLS v1. I just bumped that up 
>>> to 1.2, in case that was some cause for concern (though I don't see why; negotiation always takes place at 
>>> the highest level agreed upon by both parties).
>>>
>>> I've also disabled outbound AV and spam scanning (I already added affected domains to the list to skip 
>>> adding the "Scanned by..." footer), just to exclude any additional headers which may be misconstrued.
>>>
>>> So far, no positive results sending to domains hosted behind outlook.com (and I have not re-tested the 
>>> others, as yet, except to confirm that we are getting through Barracuda's scanners).
>>
>> that's strange
>>
>> here my emails sent to my outlook account or to other ppl/firms emails using 365
>> arrive directly into the inbox folder
>>
>> i had an issue in the past that they were being put in the spam folder
>> since i had a problem the reverse zone on bind
>>
>> anyway there is an MS website to test this kind of issues that may help you
>>
>> https://testconnectivity.microsoft.com/tests/O365InboundSmtp/input
>>
> 
> That's an interesting link, however, I think what it wants to test is an email address from a domain hosted 
> behind Microsoft's servers. My 2rosenthals.com address failed with the following explanation about my MX:
> 
>     MX Records don't exist or aren't correctly configured for your domain in
>     Microsoft 365. The MX value 'secmgr-va.2rosenthals.com' doesn't match
>     one of the allowed values: mail.eo.outlook.com,
>     mail.protection.outlook.com, mail.messaging.microsoft.com,
>     invalid.outlook.com, mx.microsoft
> 
> 
> Clearly, my MX will never be any of those "allowed values." I don't see another tool there which would let me 
> test an outside sender's address against a recipient on Office365 for Business (i.e., one of their hosted 
> domains).
> 
> I'll add the link to my bookmarks, though. Thanks for that.

there are a number of tests

https://testconnectivity.microsoft.com/tests/exo

there is also incoming SMTP that it test if you are "compatible" with 365/Exchange online

massimo