My mail server IP was blacklisted by hotmail! This post tells you how it happened and how I managed to work around it.

HOW IT HAPPENED
I run a small e-business, and back on Jan. 13-14 a "contact us" perl CGI script of mine with a security hole was exploited by a web bot to send spam to hotmail addresses.

I knew this script was insecure, and wasn't using it, but it (and the html form that called it) got copied to my Rimuhosting server from my old shared hosting server. During the migration of files the CGI script's permissions accidentally got set executable (700).

I realized the problem on the morning of the 14th, when I saw the bounces from non-existent email addresses in my inbox. I detained the exploited script immediately. The event lasted about 12 hours, I believe.

On Jan 31, 2 weeks after the event, MSN Hotmail blacklisted my IP. There was no warning or contact from MSN.

Suddenly my mail server could not delivery email to hotmail addresses. It seems that about 1/3 or more of my customers use hotmail! Order acknowledgements, e-invoices, and requests to be included on my mailing list all bounced. :(

I filled out an MSN online contact form to report delivery trouble. In subsequent correspondence I explained the problem, and in an email on Monday (Feb. 5) they promised to remove the block as soon as I explained what I am doing to prevent future exploits. They assume the problem is a Windows virus, and they assume I am running Windows Server, even though I specified on the original contact form that I run a Linux mail server. They even offered me a free Windows virus scan! :)

I gave them details on the exploit on Monday, but they have not responded, and my IP is still blacklisted.

THE WORKAROUND
Before I got in contact with MSN I was already working on a temporary fix. Suppose MSN drags their feet for weeks and leaves my IP blacklisted?

What I did was to write a perl mailing script that uses my gmail account to send email to hotmail addresses (only).

Gmail uses TLS encryption. On CPAN (http://www.cpan.org) I found a module to allow TLS (encrypted) data transfer. (Net::SMTP::TLS). If you know any perl the code will be obvious. ($to_ holds the recipient email address. 'emailmessage' must include the mail headers and the body. This code does not construct the actual email.)

if ($msnhack and $to_ =~ /\@hotmail\./)
{
use Net::SMTP::TLS;
my %smtpopts;
my $server= 'smtp.gmail.com';
$smtpopts{'Hello'}= 'carao.org';
$smtpopts{'Port'}= 587;
$smtpopts{'User'}= 'username@gmail.com';
$smtpopts{'Password'}= 'yourgmailpassword';
$smtpopts{'Timeout'}= 10;
my $smtp = Net::SMTP::TLS->new($server,%smtpopts);
$smtp->mail('senderemailaddress');
$smtp->to($to_);
$smtp->data;
$smtp->datasend('emailmessage');
$smtp->dataend;
$smtp->quit;
}
else
{
<code to send email using your own mail server>
}

Note that you should use a gmail server only as a temporary workaround, for personal email only (never for mailing list mailings). Gmail offers a generous and excellent service; don't abuse it. If your system needs to send a large volume of email to hotmail addresses, this is not for you.

Conclusion: Don't leave exploitable scripts on your server! It is not enough to set the permissions 600. Better to remove such files completely.

MSN (hotmail) did eventually remove my IP from their blacklist. However, I find that hotmail still marks all my small business's emails to customers as "spam", so they always go into hotmail spam folders. In correspondence with MSN about this, they say I use words that trigger the spam filter. For example:

"Dear Customer,
Thank you for your order. Your order will be shipped on May 30..."

That's enough to get all my order system mails classed as spam. In order to avoid that, the wording would have to be something like this, I guess:

Hey Man,

Glad to see you liked it, thanks. I think it will be getting out to you on May 30."
:)

Thanks for your notes, lloyd.

Here is my own experience of late :

Emails to hotmail contacts stopped appearing at all about 3 weeks ago. Not even in the spam folder: just nothing.

The apparent fix was to implement domainkeys.

As well as my hotmail problems Yahoo was delaying delivery of my emails, until I had domainkeys message signing up and working.

Emails still go in to spam folders, but at least the recipients get them, and get them immediately.

A tip :

If implementing the Postfix domainkeys filter, 'dkfilter', the filter's init file under centos5 gives a wrong parameter.

Here are the relevant lines with correction (in /etc/init.d/dkfilter) :

HOSTNAME=`hostname -f`
DOMAIN=`hostname -d`#results in 'com', which is no good
CORRECTEDDOMAIN=`hostname` #I added this
DKFILTER_IN_ARGS="--hostname=$CORRECTEDDOMAIN 127.0.0.1:10025 127.0.0.1:10026"
DKFILTER_OUT_ARGS="--keyfile=$DKFILTERDIR/private.pem --selector=test2 --domain=$CORRECTEDDOMAIN --method=nofws --children=16 --headers 127.0.0.1:10027 127.0.0.1:10028"

Also --method must be 'nofws' and not 'simple' as yahoo doesn't understand 'simple'.

DNS TXT entries seem to be enough without even the need to properly 'create' the domainkey subdomains. However, that may also be the reason my emails still get marked as spam. Should do something about that sometime.

I also noticed that including a url in your messages with a '?' in the url makes it more likely to be rejected. Keep your urls simple.

Just wanted to say thank you for the info. I don't know what Domain Keys are, and I will now go get educated about them.

I had trouble earlier this summer with *.hotmail.com addresses - nothing would get delivered, and there was no bounce message to indicate that I was blacklisted.

I filled out the request form to get un-blocked with Micro$oft, and after a few weeks, it was lifted and my emails were getting through. Yahoo still places certain of my emails in users' Spam folders.

I don't know - it sure seems like a handy excuse for the big guys to make conducting business difficult for the little guys. :rolleyes:

John