SORBS Blocking Hotmail Email

I had two instances where users on the system were unable to receive email from correspondents sending email from either or addresses. When I asked the senders to tell me the reason for their email being rejected, which is normally displayed in bounced messages, they told me that they didn't see any reason listed. So I tried sending email to myself using a test account I created for myself.

The message I sent from my hotmail account bounced as well. But the bounced message I saw did not list a reason for the rejection only "Delivery to the following recipients failed" followed by the address to which I had sent the message.

With the default Hotmail account settings, you won't see the reason the mesage bounced listed. To see the reason for the message rejection, you have to take the following steps while logged into your Hotmail account.

  1. While checking your inbox, click on "Options", which is next to "Help" at the top of the Hotmail webpage.
  2. Click on "Mail Display Settings".
  3. Change the "Message Headers" setting from "Basic" to "Advanced".
  4. Click on "OK".
  5. Go back to your inbox and hit the Refresh button in your browser to reload the message for which you wished to determine the cause of the message being rejected.
  6. Within the message you will now see a "View E-mail Message Source" link. Click on it.

You should now see something akin to the following in the message.

Final-Recipient: rfc822;
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;550 5.7.1 <>... Mail from refused - see

Look for the "Status" and "Diagnostic-Code" values to determine why the message was rejected. In this case, I see the message was rejected by SORBS, a blocklist I use on the system to cut down on the amount of spam reaching users of the system. I have the following line in the /etc/ file on the system, which results in sendmail querying the SORBS blocklist each time a message arrives on the system.

FEATURE(`dnsbl', `', `"550 Mail from " $`'&{client_addr} " refused - see"')dnl

If the IP address of the system attempting to send the email is listed in the SORBS blocklist, then the mesage is rejected with the message Mail from xx.xx.xx.xx refused - see with xx.xx.xx.xx being the IP address of the sending system.

I looked up the IP address of the sending server, which in this case was The SORBS system reported the following for that IP address.

Database of servers sending to spamtrap addresses
Record Created:Thu Oct 6 23:58:40 2005 GMT
Record Updated:Sat Feb 4 02:39:46 2006 GMT
Additional Information:Received: from ( []) by (Postfix) with ESMTP id E9BF611436 for <[email]>; Sat, 4 Feb 2006 12:39:41 +1000 (EST)
Currently active and flagged to be published in DNS
If you wish to request a delisting please do so through the Support System.

I tried sending another message to myself from the Hotmail account a couple of hours later. It too was rejected because it was on the SORBS list, but the address of the Hotmail email server the second time was

I didn't want to stop using the SORBS list, but I also didn't want to make it impossible for any user on the system to receive email from a address.

An alternative is to continue to use the SORBS blacklist, but to "whitelist" specific and email addresses. Email sent from addresses will also come to your server from servers.

If you are using sendmail to process incoming email, you can specify email addresses from which you will accept email that would otherwise be rejected by listing the sender in /etc/mail/access. You can add a line like the following to that file. Use tabs (as many as you wish) and not spaces when separating the address and the "OK".           OK

The line above specifies that any email from will be accepted. If a message originates from that address, then the system won't check the IP address of the sending server in blocklists used by the system. If you wish to add a comment to the file regarding any address you are adding, simply start a line with the "#" symbol and put any comment you want after it on the line.

After you add an address to /etc/mail/access, you will need to regenerate the access.db file, presuming that you have specified that you are using that type of database in /etc/, which is normally the default for Linux systems. If it is the case, you will have a line similar to the following in your file.

FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl

To regenerate the .db file, use the command below. You don't have to restart sendmail afterwards.

makemap hash /etc/mail/access </etc/mail/access

Once you have run the makemap command, then anyone with a address that you have added to the access file should be able to send email to users on the system.

Note, you may also need to have delay_checks specified in to delay checking the blocklists until after other checks have been made to determine whether the message should be accepted. I also have the following line in /etc/mail/ before the spot where I do the blocklist checks, so that the normal blocklist checks won't be done in all cases, e.g. when the sender has authenticated, etc. Note, if you modify, you will need to regenerate from it using m4 /etc/mail/ > /etc/mail/ and then restart sendmail with /etc/init.d/sendmail restart.


After I had added my address to the file and run makemap, I sent another message to myself from the account. This time it got through. The address of the sending server was [], which I verified was also on the SORBS blocklist.


  1. The /etc/mail/access and access.db files
  2. Sendmail cf/README - Anti-Spam Configuration Control