Re: outlook.com outgoing blacklists?

2015-09-10 Thread Matthew Petach 
On Wed, Sep 9, 2015 at 9:49 AM, Todd K Grand  wrote:
> I have an email server which hosts 3 domains.
> I have reason to believe that microsoft maintains an outgoing blacklist and 
> would like confirmation on this.
>
> I have had many a report that people on domains hosted on hotmail/outlook are 
> getting messages bounced back stating that our server was unreachable.
> This only happens for one of the three domains hosted on our server.
>
> I went to outlook.com and setup an account.
> When I create a new message and enter the recipient at that affected domain, 
> the address immediately turns red, and when I hover over it states that
> the address may not be valid.
> This happens without ever sending a packet to our servers.
> The affected domain can send emails to hotmail/outlook accounts just fine.
>
> Anybody have some recommendations on how I resolve this, as Microsoft support 
> seems to be under technical.
>
> Thanks,
>
> Todd K. Grand
>

Certainly looks to be broken to me:

mpetach@hinotori:~> nslookup -q=any gkstream.com
Server: 8.8.8.8
Address:8.8.8.8#53

Non-authoritative answer:
Name:   gkstream.com
Address: 185.53.179.7
gkstream.comnameserver = ns1.parkingcrew.net.
gkstream.comtext = "v=spf1 ip6:fd1b:212c:a5f9::/48 -all"
gkstream.comnameserver = ns2.parkingcrew.net.
gkstream.com
origin = ns1.parkingcrew.net
mail addr = hostmaster.gkstream.com
serial = 144189
refresh = 28800
retry = 7200
expire = 604800
minimum = 86400

Authoritative answers can be found from:

mpetach@hinotori:~>


mpetach@hinotori:~> traceroute gkstream.com
traceroute to gkstream.com (185.53.179.7), 64 hops max, 40 byte packets
 1  ws1 (69.36.244.130)  1 ms  1 ms  1 ms
 2  s0-0-0-2.core1.sjc.layer42.net (69.36.238.33)  4 ms  4 ms  4 ms
 3  ge2-48.core1.sv1.layer42.net (65.50.198.5)  4 ms  4 ms  4 ms
 4  te0-0-0-18.ccr21.sjc04.atlas.cogentco.com (38.104.141.145)  6 ms
41 ms  73 ms
 5  be2015.ccr21.sfo01.atlas.cogentco.com (154.54.7.173)  47 ms
(TOS=40!)  7 ms  7 ms
 6  be2132.ccr21.mci01.atlas.cogentco.com (154.54.30.54)  57 ms  57 ms  57 ms
 7  be2156.ccr41.ord01.atlas.cogentco.com (154.54.6.86)  57 ms  70 ms  57 ms
 8  be2351.ccr21.cle04.atlas.cogentco.com (154.54.44.86)  75 ms  64 ms  67 ms
 9  be2596.ccr21.yyz02.atlas.cogentco.com (154.54.31.54)  71 ms  71 ms  71 ms
10  be2090.ccr21.ymq02.atlas.cogentco.com (154.54.30.206)  84 ms  121 ms  161 ms
11  be2384.ccr21.lpl01.atlas.cogentco.com (154.54.44.138)  150 ms  150
ms  151 ms
12  be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)  170 ms  170
ms  169 ms
13  be2261.ccr41.fra03.atlas.cogentco.com (154.54.37.30)  164 ms  164 ms  164 ms
14  be2228.ccr21.muc03.atlas.cogentco.com (154.54.38.50)  174 ms  174 ms  174 ms
15  te0-0-0-2.agr12.muc03.atlas.cogentco.com (154.54.56.222)  173 ms
te0-0-0-2.agr11.muc03.atlas.cogentco.com (154.54.56.206)  191 ms
te0-0-0-2.agr12.muc03.atlas.cogentco.com (154.54.56.222)  174 ms
16  154.25.8.26 (154.25.8.26)  170 ms 154.25.8.22 (154.25.8.22)  175
ms 154.25.8.26 (154.25.8.26)  170 ms
17  149.6.156.195 (149.6.156.195)  175 ms 149.6.156.202
(149.6.156.202)  173 ms  174 ms
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  *^C *
26 ^C
mpetach@hinotori:~>
mpetach@hinotori:~> telnet gkstream.com 25
Trying 185.53.179.7...

telnet: Unable to connect to remote host: Connection timed out
mpetach@hinotori:~>


Matt

RE: outlook.com outgoing blacklists?

2015-09-10 Thread David Hofstee 
Hi Matthew,

I'm pretty sure your 'gkstream.com' is wrong and that he means qkstream.com 
(see https://www.robtex.com/en/advisory/ip/66/171/128/130/ ). That does not 
seem broken. 

I do wonder if this domain qkstream.com used to be squatted? 


David Hofstee

Deliverability Management
MailPlus B.V. Netherlands (ESP)


-Oorspronkelijk bericht-
Van: NANOG [mailto:nanog-boun...@nanog.org] Namens Matthew Petach
Verzonden: Thursday, September 10, 2015 3:20 PM
Aan: Todd K Grand
CC: nanog@nanog.org
Onderwerp: Re: outlook.com outgoing blacklists?

On Wed, Sep 9, 2015 at 9:49 AM, Todd K Grand <tgr...@tgrand.com> wrote:
> I have an email server which hosts 3 domains.
> I have reason to believe that microsoft maintains an outgoing blacklist and 
> would like confirmation on this.
>
> I have had many a report that people on domains hosted on hotmail/outlook are 
> getting messages bounced back stating that our server was unreachable.
> This only happens for one of the three domains hosted on our server.
>
> I went to outlook.com and setup an account.
> When I create a new message and enter the recipient at that affected 
> domain, the address immediately turns red, and when I hover over it states 
> that the address may not be valid.
> This happens without ever sending a packet to our servers.
> The affected domain can send emails to hotmail/outlook accounts just fine.
>
> Anybody have some recommendations on how I resolve this, as Microsoft support 
> seems to be under technical.
>
> Thanks,
>
> Todd K. Grand
>

Certainly looks to be broken to me:

mpetach@hinotori:~> nslookup -q=any gkstream.com
Server: 8.8.8.8
Address:8.8.8.8#53

Non-authoritative answer:
Name:   gkstream.com
Address: 185.53.179.7
gkstream.comnameserver = ns1.parkingcrew.net.
gkstream.comtext = "v=spf1 ip6:fd1b:212c:a5f9::/48 -all"
gkstream.comnameserver = ns2.parkingcrew.net.
gkstream.com
origin = ns1.parkingcrew.net
mail addr = hostmaster.gkstream.com
serial = 144189
refresh = 28800
retry = 7200
expire = 604800
minimum = 86400

Authoritative answers can be found from:

mpetach@hinotori:~>


mpetach@hinotori:~> traceroute gkstream.com traceroute to gkstream.com 
(185.53.179.7), 64 hops max, 40 byte packets
 1  ws1 (69.36.244.130)  1 ms  1 ms  1 ms
 2  s0-0-0-2.core1.sjc.layer42.net (69.36.238.33)  4 ms  4 ms  4 ms
 3  ge2-48.core1.sv1.layer42.net (65.50.198.5)  4 ms  4 ms  4 ms
 4  te0-0-0-18.ccr21.sjc04.atlas.cogentco.com (38.104.141.145)  6 ms
41 ms  73 ms
 5  be2015.ccr21.sfo01.atlas.cogentco.com (154.54.7.173)  47 ms
(TOS=40!)  7 ms  7 ms
 6  be2132.ccr21.mci01.atlas.cogentco.com (154.54.30.54)  57 ms  57 ms  57 ms
 7  be2156.ccr41.ord01.atlas.cogentco.com (154.54.6.86)  57 ms  70 ms  57 ms
 8  be2351.ccr21.cle04.atlas.cogentco.com (154.54.44.86)  75 ms  64 ms  67 ms
 9  be2596.ccr21.yyz02.atlas.cogentco.com (154.54.31.54)  71 ms  71 ms  71 ms
10  be2090.ccr21.ymq02.atlas.cogentco.com (154.54.30.206)  84 ms  121 ms  161 ms
11  be2384.ccr21.lpl01.atlas.cogentco.com (154.54.44.138)  150 ms  150 ms  151 
ms
12  be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)  170 ms  170 ms  169 
ms
13  be2261.ccr41.fra03.atlas.cogentco.com (154.54.37.30)  164 ms  164 ms  164 ms
14  be2228.ccr21.muc03.atlas.cogentco.com (154.54.38.50)  174 ms  174 ms  174 ms
15  te0-0-0-2.agr12.muc03.atlas.cogentco.com (154.54.56.222)  173 ms 
te0-0-0-2.agr11.muc03.atlas.cogentco.com (154.54.56.206)  191 ms 
te0-0-0-2.agr12.muc03.atlas.cogentco.com (154.54.56.222)  174 ms
16  154.25.8.26 (154.25.8.26)  170 ms 154.25.8.22 (154.25.8.22)  175 ms 
154.25.8.26 (154.25.8.26)  170 ms
17  149.6.156.195 (149.6.156.195)  175 ms 149.6.156.202
(149.6.156.202)  173 ms  174 ms
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  *^C *
26 ^C
mpetach@hinotori:~>
mpetach@hinotori:~> telnet gkstream.com 25 Trying 185.53.179.7...

telnet: Unable to connect to remote host: Connection timed out 
mpetach@hinotori:~>


Matt

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Todd K Grand 
Interesting, however those ipv6 addresses were dropped from our dns almost 2 
weeks ago.

No quad A records should exist anylonger, as it has been more than 48 hours.

-Original Message- 
From: Tony Finch

Sent: Thursday, September 10, 2015 9:24 AM
To: Todd K Grand
Cc: Steve Atkins ; nanog list
Subject: Re: outlook.com outgoing blacklists?

Todd K Grand <tgr...@tgrand.com> wrote:


Content-Type: message/delivery-status

Reporting-MTA: dns;COL004-OMC2S2.hotmail.com
Received-From-MTA: dns;COL129-W41
Arrival-Date: Wed, 9 Sep 2015 02:13:28 -0700

Final-Recipient: rfc822;supp...@qkstream.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 The mail could not be delivered to the recipient 
because the domain is not reachable. Please check the domain and try again 
(-744508417:308:-2147467259)


Looks like there are some IPv6 and TCP problems with the DNS

http://dnsviz.net/d/qkstream.com/dnssec/

Tony.
--
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Tony Finch 
Todd K Grand  wrote:

> Interesting, however those ipv6 addresses were dropped from our dns
> almost 2 weeks ago. No quad A records should exist anylonger, as it has
> been more than 48 hours.

You need to update the glue in your delegation.

; <<>> DiG 9.11.0pre-alpha <<>> +norec qkstream.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17274
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qkstream.com.  IN  A

;; AUTHORITY SECTION:
qkstream.com.   172800  IN  NS  ns1.quickwisp.com.
qkstream.com.   172800  IN  NS  ns2.quickwisp.com.
qkstream.com.   172800  IN  NS  ns3.quickwisp.com.

;; ADDITIONAL SECTION:
ns1.quickwisp.com.  172800  IN  2001:470:b:4bb::25
ns1.quickwisp.com.  172800  IN  A   206.220.196.115
ns2.quickwisp.com.  172800  IN  2001:470:b:4bb::22
ns2.quickwisp.com.  172800  IN  A   206.220.193.189
ns3.quickwisp.com.  172800  IN  A   66.171.143.250

;; Query time: 14 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Thu Sep 10 15:56:31 BST 2015
;; MSG SIZE  rcvd: 209

Tony.
-- 
f.anthony.n.finch    http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Todd K Grand 

Definitely something I need to address, I agree.
However with that said the tgrand.com domain has the same problem yet 
hotmail/outlook.com sends fine to these.



-Original Message- 
From: Tony Finch

Sent: Thursday, September 10, 2015 9:57 AM
To: Todd K Grand
Cc: Steve Atkins ; nanog list
Subject: Re: outlook.com outgoing blacklists?

Todd K Grand <tgr...@tgrand.com> wrote:


Interesting, however those ipv6 addresses were dropped from our dns
almost 2 weeks ago. No quad A records should exist anylonger, as it has
been more than 48 hours.


You need to update the glue in your delegation.

; <<>> DiG 9.11.0pre-alpha <<>> +norec qkstream.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17274
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qkstream.com.  IN  A

;; AUTHORITY SECTION:
qkstream.com.   172800  IN  NS  ns1.quickwisp.com.
qkstream.com.   172800  IN  NS  ns2.quickwisp.com.
qkstream.com.   172800  IN  NS  ns3.quickwisp.com.

;; ADDITIONAL SECTION:
ns1.quickwisp.com.  172800  IN  2001:470:b:4bb::25
ns1.quickwisp.com.  172800  IN  A   206.220.196.115
ns2.quickwisp.com.  172800  IN  2001:470:b:4bb::22
ns2.quickwisp.com.  172800  IN  A   206.220.193.189
ns3.quickwisp.com.  172800  IN  A   66.171.143.250

;; Query time: 14 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Thu Sep 10 15:56:31 BST 2015
;; MSG SIZE  rcvd: 209

Tony.
--
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Tony Finch 
Todd K Grand  wrote:

> Content-Type: message/delivery-status
>
> Reporting-MTA: dns;COL004-OMC2S2.hotmail.com
> Received-From-MTA: dns;COL129-W41
> Arrival-Date: Wed, 9 Sep 2015 02:13:28 -0700
>
> Final-Recipient: rfc822;supp...@qkstream.com
> Action: failed
> Status: 5.5.0
> Diagnostic-Code: smtp;554 The mail could not be delivered to the recipient 
> because the domain is not reachable. Please check the domain and try again 
> (-744508417:308:-2147467259)

Looks like there are some IPv6 and TCP problems with the DNS

http://dnsviz.net/d/qkstream.com/dnssec/

Tony.
-- 
f.anthony.n.finch    http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Todd K Grand 

IPV6 Glue is gone.
and no the domain is qkstream.com not gkstream.com
The domain I have owned for 8 or so years.
The problem started within the past 3-4 weeks.

-Original Message- 
From: Todd K Grand 
Sent: Thursday, September 10, 2015 10:03 AM 
To: Tony Finch 
Cc: Steve Atkins ; nanog list 
Subject: Re: outlook.com outgoing blacklists? 


Definitely something I need to address, I agree.
However with that said the tgrand.com domain has the same problem yet 
hotmail/outlook.com sends fine to these.



-Original Message- 
From: Tony Finch

Sent: Thursday, September 10, 2015 9:57 AM
To: Todd K Grand
Cc: Steve Atkins ; nanog list
Subject: Re: outlook.com outgoing blacklists?

Todd K Grand <tgr...@tgrand.com> wrote:


Interesting, however those ipv6 addresses were dropped from our dns
almost 2 weeks ago. No quad A records should exist anylonger, as it has
been more than 48 hours.


You need to update the glue in your delegation.

; <<>> DiG 9.11.0pre-alpha <<>> +norec qkstream.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17274
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qkstream.com.  IN  A

;; AUTHORITY SECTION:
qkstream.com.   172800  IN  NS  ns1.quickwisp.com.
qkstream.com.   172800  IN  NS  ns2.quickwisp.com.
qkstream.com.   172800  IN  NS  ns3.quickwisp.com.

;; ADDITIONAL SECTION:
ns1.quickwisp.com.  172800  IN  2001:470:b:4bb::25
ns1.quickwisp.com.  172800  IN  A   206.220.196.115
ns2.quickwisp.com.  172800  IN  2001:470:b:4bb::22
ns2.quickwisp.com.  172800  IN  A   206.220.193.189
ns3.quickwisp.com.  172800  IN  A   66.171.143.250

;; Query time: 14 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Thu Sep 10 15:56:31 BST 2015
;; MSG SIZE  rcvd: 209

Tony.
--
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Todd K Grand 

The problem has been resolved.
Thanks to everybody that contributed.

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Keith Stokes 
Well now you have to share the answer.

On Sep 10, 2015, at 3:06 PM, Todd K Grand 
> wrote:

The problem has been resolved.
Thanks to everybody that contributed.



---

Keith Stokes

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Marcin Cieslak 
On Thu, 10 Sep 2015, Todd K Grand wrote:

> The problem has been resolved.
> Thanks to everybody that contributed.

And the issue was...?

~Marcin

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Todd K Grand 

Turns out that there is in fact a list of sorts.
There were some days that the server was unavailable, and the domain was 
added to this list.

The point of the list is unclear, but there is a list.

-Original Message- 
From: Marcin Cieslak

Sent: Thursday, September 10, 2015 3:11 PM
To: Todd K Grand
Cc: nanog list
Subject: Re: outlook.com outgoing blacklists?

On Thu, 10 Sep 2015, Todd K Grand wrote:


The problem has been resolved.
Thanks to everybody that contributed.


And the issue was...?

~Marcin

Re: outlook.com outgoing blacklists?

2015-09-10 Thread Michael J Wise 

> Turns out that there is in fact a list of sorts.
> There were some days that the server was unavailable, and the domain was
> added to this list.
> The point of the list is unclear, but there is a list.

I am not partial to the exact details, but it does appear that some action
was taken and the issue was resolved. Past that, I don't have any further
details that I can share.

Main take-away: Don't have all of a domain's MXen be unavailable for more
than a day...?

> -Original Message-
> From: Marcin Cieslak
> Sent: Thursday, September 10, 2015 3:11 PM
> To: Todd K Grand
> Cc: nanog list
> Subject: Re: outlook.com outgoing blacklists?
>
> On Thu, 10 Sep 2015, Todd K Grand wrote:
>
>> The problem has been resolved.
>> Thanks to everybody that contributed.
>
> And the issue was...?
>
> ~Marcin
>
>


Aloha mai Nai`a.
-- 
" So this is how Liberty dies ...  http://kapu.net/~mjwise/
" To Thunderous Applause.

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Steve Atkins 

> 
> Anybody have some recommendations on how I resolve this

The most likely explanation is a configuration error at your end, so the first 
step is to share what the domain is.

Cheers,
  Steve

RE: outlook.com outgoing blacklists?

2015-09-09 Thread eric-list 
The only example I could come up with is an IDN, which Todd already said
wasn't the case.
At least I know Unicode domains didn't work on Exchange 2013 OWA, but worked
when changed to ASCII.
It may have changed by now though.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Steve Atkins
Sent: Wednesday, September 09, 2015 2:44 PM
To: nanog list
Subject: Re: outlook.com outgoing blacklists?


> 
> Anybody have some recommendations on how I resolve this

The most likely explanation is a configuration error at your end, so the
first step is to share what the domain is.

Cheers,
  Steve

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Todd K Grand 
Almost seems like something corrupt at Outlook/Hotmail or a blacklist of 
some type.


-Original Message- 
From: eric-l...@truenet.com

Sent: Wednesday, September 9, 2015 2:00 PM
To: 'nanog list'
Subject: RE: outlook.com outgoing blacklists?

The only example I could come up with is an IDN, which Todd already said
wasn't the case.
At least I know Unicode domains didn't work on Exchange 2013 OWA, but worked
when changed to ASCII.
It may have changed by now though.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Steve Atkins
Sent: Wednesday, September 09, 2015 2:44 PM
To: nanog list
Subject: Re: outlook.com outgoing blacklists?




Anybody have some recommendations on how I resolve this


The most likely explanation is a configuration error at your end, so the
first step is to share what the domain is.

Cheers,
 Steve

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Steve Atkins 

> On Sep 9, 2015, at 11:43 AM, Steve Atkins  wrote:
> 
> 
>> 
>> Anybody have some recommendations on how I resolve this
> 
> The most likely explanation is a configuration error at your end, so the 
> first step is to share what the domain is.

Todd shared the domain with me privately.

The DNS configuration (and SMTP and TLS) looks fine, with nothing out of the 
ordinary, to me too.

So the next thing to look at would be the rejection message.

Cheers,
  Steve

outlook.com outgoing blacklists?

2015-09-09 Thread Todd K Grand 
I have an email server which hosts 3 domains.
I have reason to believe that microsoft maintains an outgoing blacklist and 
would like confirmation on this.

I have had many a report that people on domains hosted on hotmail/outlook are 
getting messages bounced back stating that our server was unreachable.
This only happens for one of the three domains hosted on our server.

I went to outlook.com and setup an account.
When I create a new message and enter the recipient at that affected domain, 
the address immediately turns red, and when I hover over it states that
the address may not be valid.
This happens without ever sending a packet to our servers.
The affected domain can send emails to hotmail/outlook accounts just fine.

Anybody have some recommendations on how I resolve this, as Microsoft support 
seems to be under technical.

Thanks,

Todd K. Grand

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Valdis . Kletnieks 
On Wed, 09 Sep 2015 11:49:30 -0500, "Todd K Grand" said:

> This happens without ever sending a packet to our servers.
> The affected domain can send emails to hotmail/outlook accounts just fine.

Step 0:  Verify that the DNS has the appropriate MX, A, and other records
for the failing domain.


pgp8UVWkFMQZN.pgp
Description: PGP signature

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Todd K Grand 

DNS has been confirmed to be valid.

-Original Message- 
From: valdis.kletni...@vt.edu

Sent: Wednesday, September 9, 2015 1:22 PM
To: Todd K Grand
Cc: nanog@nanog.org
Subject: Re: outlook.com outgoing blacklists?

On Wed, 09 Sep 2015 11:49:30 -0500, "Todd K Grand" said:


This happens without ever sending a packet to our servers.
The affected domain can send emails to hotmail/outlook accounts just 
fine.


Step 0:  Verify that the DNS has the appropriate MX, A, and other records
for the failing domain.

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Michael J Wise 

>> Anybody have some recommendations on how I resolve this
>
> The most likely explanation is a configuration error at your end, so the
> first step is to share what the domain is.

That's the 0th Step, actually.

If people are going to ask for help, *PLEASE* provide us enough details to
be able to guess without consulting Carnak the Magnificent to figure out
what the actual details might be. :(

Aloha mai Nai`a.
-- 
" So this is how Liberty dies ...  http://kapu.net/~mjwise/
" To Thunderous Applause.

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Todd K Grand 

Content-Type: message/delivery-status

Reporting-MTA: dns;COL004-OMC2S2.hotmail.com
Received-From-MTA: dns;COL129-W41
Arrival-Date: Wed, 9 Sep 2015 02:13:28 -0700

Final-Recipient: rfc822;supp...@qkstream.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 The mail could not be delivered to the recipient 
because the domain is not reachable. Please check the domain and try again 
(-744508417:308:-2147467259)



Keep in mind that the address has a failed status even before sending on 
outlook.com webmail site.



-Original Message- 
From: Steve Atkins

Sent: Wednesday, September 9, 2015 2:09 PM
To: nanog list
Subject: Re: outlook.com outgoing blacklists?



On Sep 9, 2015, at 11:43 AM, Steve Atkins <st...@blighty.com> wrote:




Anybody have some recommendations on how I resolve this


The most likely explanation is a configuration error at your end, so the 
first step is to share what the domain is.


Todd shared the domain with me privately.

The DNS configuration (and SMTP and TLS) looks fine, with nothing out of the 
ordinary, to me too.


So the next thing to look at would be the rejection message.

Cheers,
 Steve=

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Todd K Grand 

another email domain hosted on the same server is tgr...@tgrand.com.
Hotmail/Outlook can send fine to this domain.

-Original Message- 
From: Todd K Grand

Sent: Wednesday, September 9, 2015 2:19 PM
To: Steve Atkins ; nanog list
Subject: Re: outlook.com outgoing blacklists?

Content-Type: message/delivery-status

Reporting-MTA: dns;COL004-OMC2S2.hotmail.com
Received-From-MTA: dns;COL129-W41
Arrival-Date: Wed, 9 Sep 2015 02:13:28 -0700

Final-Recipient: rfc822;supp...@qkstream.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 The mail could not be delivered to the recipient
because the domain is not reachable. Please check the domain and try again
(-744508417:308:-2147467259)


Keep in mind that the address has a failed status even before sending on
outlook.com webmail site.


-Original Message- 
From: Steve Atkins

Sent: Wednesday, September 9, 2015 2:09 PM
To: nanog list
Subject: Re: outlook.com outgoing blacklists?



On Sep 9, 2015, at 11:43 AM, Steve Atkins <st...@blighty.com> wrote:




Anybody have some recommendations on how I resolve this


The most likely explanation is a configuration error at your end, so the 
first step is to share what the domain is.


Todd shared the domain with me privately.

The DNS configuration (and SMTP and TLS) looks fine, with nothing out of the
ordinary, to me too.

So the next thing to look at would be the rejection message.

Cheers,
 Steve=

Re: outlook.com outgoing blacklists?

2015-09-09 Thread Todd K Grand 
When I send from outlook.com to qkstream.com packets never arrive from 
microsofts outbound ip addresses.

Yet I can see the packets fine if I send from outlook.com to tgrand.com

-Original Message- 
From: Nate Itkin

Sent: Wednesday, September 9, 2015 2:38 PM
To: Todd K Grand
Subject: Re: outlook.com outgoing blacklists?

Server response to rcpt to:<supp...@qkstream.com> was a little slow.
Maybe LookOut.com has a very short timeout?

You might want to fire-up tcpdump on your end and see what transpires when 
you try to send from LookOut.com.


On Wed, Sep 09, 2015 at 02:24:12PM -0500, Todd K Grand wrote:

another email domain hosted on the same server is tgr...@tgrand.com.
Hotmail/Outlook can send fine to this domain.

-Original Message- From: Todd K Grand
Sent: Wednesday, September 9, 2015 2:19 PM
To: Steve Atkins ; nanog list
Subject: Re: outlook.com outgoing blacklists?

Content-Type: message/delivery-status

Reporting-MTA: dns;COL004-OMC2S2.hotmail.com
Received-From-MTA: dns;COL129-W41
Arrival-Date: Wed, 9 Sep 2015 02:13:28 -0700

Final-Recipient: rfc822;supp...@qkstream.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 The mail could not be delivered to the recipient
because the domain is not reachable. Please check the domain and try again
(-744508417:308:-2147467259)


Keep in mind that the address has a failed status even before sending on
outlook.com webmail site.


-Original Message- From: Steve Atkins
Sent: Wednesday, September 9, 2015 2:09 PM
To: nanog list
Subject: Re: outlook.com outgoing blacklists?


>On Sep 9, 2015, at 11:43 AM, Steve Atkins <st...@blighty.com> wrote:
>
>
>>
>>Anybody have some recommendations on how I resolve this
>
>The most likely explanation is a configuration error at your end,
>so the first step is to share what the domain is.

Todd shared the domain with me privately.

The DNS configuration (and SMTP and TLS) looks fine, with nothing out of 
the

ordinary, to me too.

So the next thing to look at would be the rejection message.

Cheers,
 Steve=