550 SC-001 (SNT0-MC4-F42) Hotmail reject delivering our emails

We are using Icewarp and recently our users are unable to send email on any hotmail/Live account, on the other hand no problem appears in receiving email from hotmail ID.
 
Below is the returned mail response error
550 SC-001 (SNT0-MC4-F42) Unfortunately, messages from 174.12.x.x weren't sent. Please contact your Internet service provider since part of their network is on our block list

 
Any idea how to unblock our mail server IP ?

Use the following link to provide additional information and an hotmail agent will contact you via email. https://support.msn.com/default.aspx?productkey=edfsesc&mkt=en-us
We have once fixed same problem using above link.
Good luck :) 

Guys,
 
Thats tough, if theyre blocking entire ranges. Do check icewarp forum and faqs, because IF the spam came from your server, surely you want to follow the best practices to avoid such problems (have per dar limits in accounts, dont use pop before smtp and so on, avoid adding user IP's in trusted IPs, create a content filter to add what account is authenticating  using this variable -> %%auth_email%%), etc.

And remember IceWarp has a feature to redirect emails via other SMTP which can be a life saver.
 
All the best,
Flávio

Why option "Pop before SMTP" must not be enabled, is there any security problem with it ?
And what is Per dar limit on account ? is it limit of user to send email per day ? If yes then how can we set it globally so by then whenever mailbox add in the HC panel it applies this rule on it too ?

Following security setting I have set in the Icewarp (see in the attach pics), let me know what you think about it.
Thanks

Hi,

To set a daily limit in accounts, you can go to your domain (or all of them using shift or TOOL.exe or templates), LIMITS tab and set in the Users section Max msgs out per day to 500 lets say. That means each user can end 500 msgs per day. BTW if this option is greyed out, enable use user limits in global settings.
 
If limit is reached and they did not send all that email you can be sure a virus did and change their pwd... The error when limit reaches is "we do not relay, account limits apply". 

ALSO I do recommend you add a filter that adds X-auth: %%auth_email%% in header. This way, in case of abuse, you can simply double click the message and see who authenticated (usually will be same as sender since you use reject if SMTP AUTH different then sender...). Filter is here: https://suporte.icewarp.c...abecalho-das-mensagens

POP before SMTP is really dangerous. Because user downloaded mail then has x minutes to send. If he has a virus that sends mail, it will be able to. Much better to rely on SMTP AUTHENTICATION where each time you send a message, it uses POP/IMAP password to send. And still there are viruses that authenticate to send spam (botnets, etc). And this is why very important you set a limit on # of emails per day on each account in icewarp...
 
There are ways to be even more rigid, such as the new 587 submission port (see icewarp f1 help) where you force users to connect ONLY to port 587 and having to authenticate.
 
See: http://esupport.icewarp.c...ying-through-my-server
 
Our FAQ in portuguese, you can run it in google translator: https://suporte.icewarp.c...pam-ocorridos-via-smtp
 
Some tips:
 
1) Disable POP before SMTP. Reject if local and not authorized is up to you. I dislike it. It avoids only forged SENDER not forged FROM in header (for that you need a filter). So for example, an employee is travelling, its very common for hotels, etc. to block port 25 or force them to use the Hotel's SMTP. In that case Icewarp would refuse email as it came from a local sender that did NOT auth via icewarp. So I prefer it off, although you can always set a bypass if it happens.
 
2) DNSBLs - I also add barracuda blacklist (bl.barracudacentral.org) but you have to register to it and also use bl.spamcop.net. Both really good lists.
 
Dont use more then 4 lists total (considering here + in spamassassin/DNSBLs). I use none there.
 
3) Intrusion: I like to use it in a way to avoid my customers being tarpitted... actually, nowadays I use it as a spam trap system :) See http://forum.icewarp.com/...mp;highlight=intrusion
 
Anyways if users authenticate SMTP, most of these thing dont occur to legit users, EXCEPT # of connections per minute and RSET (as many clients keep forcing RSETs if for example they get some error).
 
So if you wanna be safe, do something like the image in this faq: https://suporte.icewarp.c...-ler-logs-do-anti-spam
 
So:
 
- Your connections per min is too low. Id put 100 or higher.
- Failed attempts 30 is good. I dont use this, if I would, I would keep high value. because this blocks an IP in case of x failed attempts, so imagine, you can block an entire company if they use same OUT IP because of 1 user putting wrong pwd...
- Your delivery count is high, Id put 5 or so. Thats 1 of the main feature, it blocks dictionary attachs, if over x invalid receipients, block for x minutes and enable cross session and close connections.
- Block size 15 MB - too low. The idea with this feature is to avoid people sending HUGE files to yoru customers. So put like 150 MB. ITs because SMTP (not ESMTP) has to receive entire message before knowing size. So if your system is receiving (from out to IN) a msg over x megabytes, block user's IP.

Hope it helps.

Regards,
Flavio
 
PS - if you want we can move this discussion over to icewarp forum :)