I don't have any problems receiving email from Gmail, or any of the mailing lists that I've signed up for, but for some reason Outlook refuses to send any email to my mailserver.
_handle_client readline: b'EHLO NAM02-BN1-obe.outbound.protection.outlook.com\r\n' │
('52.100.160.208', 55618) >> b'EHLO NAM02-BN1-obe.outbound.protection.outlook.com' │
('52.100.160.208', 55618) << b'250-0.0.0.0' │
('52.100.160.208', 55618) << b'250-SIZE 33554432' │
('52.100.160.208', 55618) << b'250-8BITMIME' │
EHLO from 'NAM02-BN1-obe.outbound.protection.outlook.com' │
('52.100.160.208', 55618) << b'250-AUTH PLAIN\n250-MAIL\n250 HELP'
Initially I thought it might be because outlook was pulling some sort of shenanigans with TLS - but completely removing STARTTLS from the response doesn't help. With or without STARTTLS, Outook connects to my mailserver, issues EHLO, and then just... gives up? I don't actually know.
But it does tell me a lie:
1/29/2022 4:39:30 PM - Server at BYAPR05MB6069.namprd05.prod.outlook.com returned '550 5.4.317 Message expired, cannot connect to remote server(451 4.4.0
Socket error SocketError)'
1/29/2022 4:27:02 PM - Server at waynewerner.com (104.236.246.170) returned '450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 Socket error
SocketError] [LastAttemptedServerName=waynewerner.com] [LastAttemptedIP=104.236.246.170:25] [BN7NAM10FT066.eop-nam10.prod.protection.outlook.com](451 4.4.0
Socket error SocketError)'
My server didn't return any 450 4.4.317
that I can see in my logs. I don't even see anywhere in my server source code that response is even supported. Outlook provides https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-worldwide in the failure email, but the following information:
Error code: 450 4.4.317 Cannot connect to remote server
Typically, this error means Microsoft 365 connected to the destination email server, but the server responded with an immediate error, or doesn't meet the connection requirements. The error details will explain the problem. For example:
The destination email server responded with a "Service not available" error, which indicates the server is unable to maintain communication with Microsoft 365.
The connector is configured to require TLS, but the destination email server doesn't support TLS.
Also seems like Outlook is doing something incorrect. Compare that with Google's perfectly reasonable approach:
_handle_client readline: b'EHLO mail-vk1-f175.google.com\r\n'
('209.85.221.175', 42948) >> b'EHLO mail-vk1-f175.google.com'
('209.85.221.175', 42948) << b'250-0.0.0.0'
('209.85.221.175', 42948) << b'250-SIZE 33554432'
('209.85.221.175', 42948) << b'250-8BITMIME'
('209.85.221.175', 42948) << b'250-STARTTLS'
EHLO from 'mail-vk1-f175.google.com'
('209.85.221.175', 42948) << b'250-AUTH PLAIN\n250-STARTTLS\n250 HELP'
_handle_client readline: b'STARTTLS\r\n'
('209.85.221.175', 42948) >> b'STARTTLS'
('209.85.221.175', 42948) << b'220 Ready to start TLS'
_handle_client readline: b'EHLO mail-vk1-f175.google.com\r\n'
('209.85.221.175', 42948) >> b'EHLO mail-vk1-f175.google.com'
('209.85.221.175', 42948) << b'250-0.0.0.0'
('209.85.221.175', 42948) << b'250-SIZE 33554432'
('209.85.221.175', 42948) << b'250-8BITMIME'
('209.85.221.175', 42948) << b'250-AUTH LOGIN PLAIN'
EHLO from 'mail-vk1-f175.google.com'
('209.85.221.175', 42948) << b'250-AUTH PLAIN\n250-STARTTLS\n250-MAIL\n250 HELP'
_handle_client readline: b'MAIL FROM:<[email protected]> SIZE=3159\r\n'
Here we see that Gmail:
- EHLO's
- Gets the response, including STARTTLS
- STARTTLS's
- Starts sending mail
Compared to Outlook that just:
- EHLO's
- Nothing else
I've even double checked and it doesn't look like Outlook is even sending one more byte of data after that.
After a couple of minutes the connection looks to timeout waiting for Outlook to send data:
[2022-01-31 18:04:54,355][mail.log][INFO] ('40.107.93.71', 64992) >> b'EHLO NAM10-DM6-obe.outbound.protection.outlook.com'
[2022-01-31 18:04:54,356][mail.log][DEBUG] ('40.107.93.71', 64992) << b'250-0.0.0.0'
[2022-01-31 18:04:54,356][mail.log][DEBUG] ('40.107.93.71', 64992) << b'250-SIZE 33554432'
[2022-01-31 18:04:54,357][mail.log][DEBUG] ('40.107.93.71', 64992) << b'250-8BITMIME'
[2022-01-31 18:04:54,358][mail.log][DEBUG] ('40.107.93.71', 64992) << b'250-STARTTLS'
[2022-01-31 18:04:54,359][mail.log][DEBUG] ('40.107.93.71', 64992) << b'250-AUTH PLAIN\n250-MAIL\n250 HELP'
[2022-01-31 18:04:54,359][mail.log][DEBUG] ('40.107.93.71', 64992) reading data...
[2022-01-31 18:04:54,360][mail.log][DEBUG] ('40.107.93.71', 64992) peeking
[2022-01-31 18:09:54,356][mail.log][INFO] ('40.107.93.71', 64992) connection timeout
[2022-01-31 18:09:54,358][mail.log][INFO] ('40.107.93.71', 64992) connection lost
Any clue what Outlook could be looking for here that I'm not providing?
Well, as it turns out, the answer was in front of me all along:
Outlook rigorously enforces
'\r\n'
between response bits.That solved my problem