I am having problems with customers whom use MS Outlook when sending outbound email thru our mail server due to Outlooks behavior and the customers are getting blocked by our server's multiple protections from spammers.
The first issue is that Outlook is creating traffic that resembles a spammer when sending a single email message that is addressed to multiple recipients in that it is not sending a single email message to the server that is addressed to multiple recipients but rather sending a separate email message for each of the addressed recipients. From the mail server's logs, an email sent by Outlook that is addressed to 25 recipients is being received at the server, from the client's PC and Outlook as 25 separate email messages rather than a single email message.
Why is this? Is this a bug/flaw? Can this behavior be changed via a program option or registry change?
Here is what a mail log of other Non-MS email client programs looks like when sending a single email message that is addressed to multiple recipients: (Email and IP Addresses have been sanitized)
Mar 27 13:48:47 mydomain postfix/smtpd[21676]: connect from host30.static.mydomain.com[10.10.10.10]
Mar 27 13:48:47 mydomain postfix/smtpd[21676]: setting up TLS connection from host30.static.mydomain.com[10.10.10.10]
Mar 27 13:48:47 mydomain postfix/smtpd[21676]: TLS connection established from host30.static.mydomain.com[10.10.10.10]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 27 13:48:47 mydomain postfix/smtpd[21676]: 9F5664338334: client=host30.static.mydomain.com[10.10.10.10], sasl_method=PLAIN, sasl_username=user@mail.mydomain.com
Mar 27 13:48:49 mydomain postfix/cleanup[17644]: 9F5664338334: message-id=<51533101.3010409@mydomain.com>
Mar 27 13:48:50 mydomain postfix/smtpd[21676]: disconnect from host30.static.mydomain.com[10.10.10.10]
Mar 27 13:48:50 mydomain postfix/qmgr[18891]: 9F5664338334: from=<user@mydomain.com>, size=5073, nrcpt=3 (queue active)
Mar 27 13:48:51 mydomain postfix/local[18140]: 9F5664338334: to=<recipient1@mail.mydomain.com>, orig_to=<recipient1@mydomain.com>, relay=local, delay=3.4, delays=3.4/0/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Mar 27 13:48:51 mydomain postfix/local[18138]: 9F5664338334: to=<recipient2@mail.mydomain.com>, orig_to=<recipient2@mydomain.com>, relay=local, delay=3.4, delays=3.4/0/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Mar 27 13:48:58 mydomain postfix/smtp[21237]: 9F5664338334: to=<recipien3@mail.mydomain.com>, orig_to=<recipient3@mydomain.com>, relay=local, delay=3.4, delays=3.4/0/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Mar 27 13:48:59 mydomain postfix/qmgr[18891]: 9F5664338334: removed
Here is what a MS Outlook's log looks like in my mail server when sending a single message to multiple recipients (7 in this example). Notice the multiple connections, multiple message-ids and multiple queue id strings:
Mar 26 19:35:15 mydomain postfix/smtpd[8663]: connect from cpeX.otherdomain.com[10.20.20.20]
Mar 26 19:35:15 mydomain postfix/smtpd[8663]: 7E00E43382E2: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:16 mydomain postfix/cleanup[8329]: 7E00E43382E2: message-id=<086001ce2a7a$87c78660$97569320$@com>
Mar 26 19:35:16 mydomain postfix/qmgr[18891]: 7E00E43382E2: from=<user@mydomain.com>, size=1993, nrcpt=1 (queue active)
Mar 26 19:35:16 mydomain postfix/local[8338]: 7E00E43382E2: to=<recipient1@mail.mydomain.com>, orig_to=<user@mydomain.com>, relay=local, delay=1.2, delays=1.1/0/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Mar 26 19:35:16 mydomain postfix/qmgr[18891]: 7E00E43382E2: removed
Mar 26 19:35:17 mydomain postfix/smtpd[8663]: AC63043382F6: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:18 mydomain postfix/cleanup[8329]: AC63043382F6: message-id=<086101ce2a7a$891255e0$9b3701a0$@com>
Mar 26 19:35:18 mydomain postfix/qmgr[18891]: AC63043382F6: from=<user@mydomain.com>, size=1953, nrcpt=1 (queue active)
Mar 26 19:35:19 mydomain postfix/smtp[8574]: AC63043382F6: to=<recipient2@otherdomain.com>, relay=mx1.otherdomain.com[192.168.1.1]:25, delay=2.8, delays=2.2/0/0.01/0.58, dsn=2.0.0, status=sent (250 ok dirdel)
Mar 26 19:35:19 mydomain postfix/qmgr[18891]: AC63043382F6: removed
Mar 26 19:35:19 mydomain postfix/smtpd[8663]: DC76F43382F6: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:20 mydomain postfix/cleanup[4547]: DC76F43382F6: message-id=<086201ce2a7a$8a620760$9f261620$@com>
Mar 26 19:35:20 mydomain postfix/qmgr[18891]: DC76F43382F6: from=<user@mydomain.com>, size=2082, nrcpt=1 (queue active)
Mar 26 19:35:21 mydomain postfix/smtp[8574]: DC76F43382F6: to=<recipient3@otherdomain.com>, relay=mx1.otherdomain.com[192.168.1.1]:25, delay=3, delays=2.1/0/0.15/0.75, dsn=2.0.0, status=sent (250 ok dirdel)
Mar 26 19:35:21 mydomain postfix/qmgr[18891]: DC76F43382F6: removed
Mar 26 19:35:22 mydomain postfix/smtpd[8663]: 13FAA43382F6: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:23 mydomain postfix/cleanup[4547]: 13FAA43382F6: message-id=<086301ce2a7a$8baf47e0$a30dd7a0$@com>
Mar 26 19:35:23 mydomain postfix/qmgr[18891]: 13FAA43382F6: from=<user@mydomain.com>, size=1904, nrcpt=1 (queue active)
Mar 26 19:35:23 mydomain postfix/local[8338]: 13FAA43382F6: to=<recipient4@mail.mydomain.com>, orig_to=<recipient1@mydomain.com>, relay=local, delay=2.2, delays=2.1/0/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Mar 26 19:35:23 mydomain postfix/qmgr[18891]: 13FAA43382F6: removed
Mar 26 19:35:24 mydomain postfix/smtpd[8663]: 3D23F43382F6: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:25 mydomain postfix/cleanup[4546]: 3D23F43382F6: message-id=<!&!AAAAAAAAAAAYAAAAAAAAAHVwZmVhym1MvyRRBpH1ZtDCgAAAEAAAAPzjByTmd8FMv3MRW0nrBDMBAAAAAA==@mydomain.com>
Mar 26 19:35:25 mydomain postfix/qmgr[18891]: 3D23F43382F6: from=<user@mydomain.com>, size=2179, nrcpt=1 (queue active)
Mar 26 19:35:25 mydomain postfix/local[7325]: 3D23F43382F6: to=<recipient5@mail.mydomain.com>, orig_to=<user@mydomain.com>, relay=local, delay=2.1, delays=2.1/0/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Mar 26 19:35:25 mydomain postfix/qmgr[18891]: 3D23F43382F6: removed
Mar 26 19:35:26 mydomain postfix/smtpd[8663]: 6242543382F6: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:27 mydomain postfix/cleanup[4542]: 6242543382F6: message-id=<086401ce2a7a$8e429cf0$aac7d6d0$@com>
Mar 26 19:35:27 mydomain postfix/qmgr[18891]: 6242543382F6: from=<user@mydomain.com>, size=2005, nrcpt=1 (queue active)
Mar 26 19:35:27 mydomain postfix/smtp[8574]: 6242543382F6: to=<recipient6@otherdomain2.com>, relay=mx3.otherdomain2.com[192.168.2.1]:25, delay=2.4, delays=2.1/0/0.03/0.23, dsn=2.0.0, status=sent (250 <086401ce2a7a$8e429cf0$aac7d6d0$@com> Queued
mail for delivery)
Mar 26 19:35:27 mydomain postfix/qmgr[18891]: 6242543382F6: removed
Mar 26 19:35:28 mydomain postfix/smtpd[8663]: 8B66143382F6: client=cpeX.otherdomain.com[10.20.20.20], sasl_method=LOGIN, sasl_username=user@mail.mydomain.com
Mar 26 19:35:29 mydomain postfix/cleanup[8329]: 8B66143382F6: message-id=<!&!AAAAAAAAAAAYAAAAAAAAAHVwZmVhym1MvyRRBpH1ZtDCgAAAEAAAAJOXEZBQj7NDguvvTtOUO4QBAAAAAA==@mydomain.com>
Mar 26 19:35:29 mydomain postfix/qmgr[18891]: 8B66143382F6: from=<user@mydomain.com>, size=2443, nrcpt=1 (queue active)
Mar 26 19:35:29 mydomain postfix/local[8338]: 8B66143382F6: to=<recipient7@mail.mydomain.com>, orig_to=<user@mydomain.com>, relay=local, delay=2.2, delays=2.1/0/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
Mar 26 19:35:29 mydomain postfix/qmgr[18891]: 8B66143382F6: removed
This abnormal behavior is getting caught by one of my Policyd filters that limits outbound message from a single user@ to 10 individual email message per minute or less, which should be a good filter considering I don't know of any person that can send a new email message out every 6 seconds and the only email client programs that I have found so far that are having a problem with this filter are Microsoft email clients. I believe that this is definitely a problem with both Outlook 2007 and 2010. I have not specifically tested Live Mail yet. I do know that THIS IS NOT AN ISSUE with Outlook 2003, it operates normally as other mail clients do.
My second issue is that Microsoft seems to be ignoring Email RFC 2821 which clearly states that in a HELO/EHLO with a mail server that a client or other server must identify itself with a FQDN, anaddress literal (IP) is also acceptable. Microsoft Outlook 2007, 2010 and even Live Mail are all Non-Compliant with RFC 2821 and are sending the computer's NETBIOS name instead. This is an important specification that Microsoft should not be ignoring and needs to comply with as the HELO check is an important and proven effective Anti-Spam technique and is part of the recommended SMTP Server configuration for most mail servers including Postfix. Older MS mail clients seem to comply with RFC 2821 perfectly. What is going on with Microsoft's newer programs?
Can these problems be fixed? Will Microsoft fix them? Or should I just start explaining what the technical functionality problems of MS Email Programs are to my customers, proving to them that the MS Email Programs are Junk. Convincing the world to stop using them and switch to other competitor's and even free email client programs that operate under properly and comply with all the email RFC's.