Has anyone successfully removed a blocked IP from Yahoo?

SoftDux

Well-Known Member
May 27, 2006
1,025
5
168
Johannesburg, South Africa
cPanel Access Level
Root Administrator
One of our Linux cPanel servers have been blacklisted by Yahoo. I followed their recommended.

I see a lot of these errors in /var/log/exim_mainlog:


2011-02-14 11:23:54 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host e.mx.mail.yahoo.com [67.195.168.230]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See 421 4.7.1 [TS03] All messages from x.x.x.x permanently deferred | Yahoo! Postmaster Help
2011-02-14 11:23:54 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host b.mx.mail.yahoo.com [74.6.136.65]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See 421 4.7.1 [TS03] All messages from x.x.x.x permanently deferred | Yahoo! Postmaster Help
2011-02-14 11:23:54 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host m.mx.mail.yahoo.com [66.94.238.147]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See 421 4.7.1 [TS03] All messages from x.x.x.x permanently deferred | Yahoo! Postmaster Help
2011-02-14 11:23:54 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host h.mx.mail.yahoo.com [66.94.236.34]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:54 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host k.mx.mail.yahoo.com [98.139.54.60]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:54 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host i.mx.mail.yahoo.com [74.6.140.64]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host j.mx.mail.yahoo.com [66.94.237.64]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host d.mx.mail.yahoo.com [209.191.88.254]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host g.mx.mail.yahoo.com [98.137.54.238]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host l.mx.mail.yahoo.com [74.6.136.244]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host f.mx.mail.yahoo.com [98.137.54.237]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host c.mx.mail.yahoo.com [206.190.54.127]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk SMTP error from remote mail server after initial connection: host a.mx.mail.yahoo.com [67.195.168.31]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html
2011-02-14 11:23:55 1Pouer-0005le-Fk == [email protected] R=dk_lookuphost T=dk_remote_smtp defer (0): SMTP error from remote mail server after initial connection: host a.mx.mail.yahoo.com [67.195.168.31]: 421 4.7.1 [TS03] All messages from 66.197.167.227 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html


So, following the suggestions here: What are some best practices when sending to Yahoo! Mail? | Yahoo! Postmaster Help
I can safely say that, from a hosting side:

  1. We don't use DKIM, since cPanel doesn't officially support it, but we have SPF & DomainKeys installed on all domains.
  2. PTR records for the server is setup properly.
  3. The mail server is secure, and not an open relay


Many of the other options on that list is the responsibility of our clients, and I honestly don't know how to check and see if all clients follow those practices w.r.t. mailing lists (i.e. using opt-in / opt-out, pay attention to email content, etc).

So, does anyone know how we can clear the Yahoo blacklist, and keep a better tab on clients? It's a shared server, so it's a bit tricky to know if / when a client sets up a mailing list, and if they do follow the correct procedures.



Any pointers or help with this would be appreciated.

I have spoked to Yahoo about this a few times but always just get their crappy canned response telling me to follow the recommended guidelines, but then nothing more from them.
 

Cindu

Well-Known Member
Feb 7, 2011
46
0
56
Hello,

You can change the mail interface IP of the server for sending mails. Some times the whole range may have blocked. If you have a spare IP in the server it can be tested by assigning that IP.

This is the quickest solution.
 

SoftDux

Well-Known Member
May 27, 2006
1,025
5
168
Johannesburg, South Africa
cPanel Access Level
Root Administrator
Hello,

You can change the mail interface IP of the server for sending mails. Some times the whole range may have blocked. If you have a spare IP in the server it can be tested by assigning that IP.

This is the quickest solution.
That's not really going to fix the problem. It will merely shift the issue to another IP, until it's blocked again. I need to know / find out how this IP got blocked, and how to clear it.
 

Cindu

Well-Known Member
Feb 7, 2011
46
0
56
Hello,

I was just suggesting a quick solution because it will take time to delist the IP from yahoo. To find out the spammer you need to scan the mail queue and also can do an entire scanning of the server to find out mailing scripts, if any.

Another reason for the blocking of the server IP is, if there are large number of forwarders set to yahoo. You can grep such forwarders in /etc/valiases.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello,

If you have some users on their own dedicated IP, you can shift those accounts to using their dedicated IP to primarily send emails (of note, sendmail and PHP mail() scripts will still send using the server's IP). To switch any accounts with dedicated IPs to send email using those, you would go to WHM > Exim Configuration Editor and enable this option to "On":

Automatically send outgoing mail from the account’s IP address instead of the main IP address. Warning: If you turn this setting on you should make sure reverse DNS entries match the ones in /etc/mail_reverse_dns.
By changing some accounts that have dedicated IPs to their own IP, you might at least minimize the risk for the server, since if one of those accounts starts spamming, you will then only have that IP blocked or be easier able to track down that user.

When it comes down to it, though, you'll have to check for emails bouncing back to your machine from anyone trying to send out spam emails. They could either be doing it via an existing email account or using an insecure formmail. Once you find any such emails being sent and want advice on how to track down the account, please feel free to post the headers to the email here.

Thanks.
 

Cindu

Well-Known Member
Feb 7, 2011
46
0
56
Hello,

If we use a dedicated IP, then also the domains will be only using main server IP / interface IP for sending mails !
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
I do not understand your comment, since the option I mentioned in WHM > Exim Configuration Editor will change each account with a dedicated IP to send from that IP rather than the shared server IP. Thus, please clarify.
 

LinuxTechie

Well-Known Member
Jan 22, 2011
502
10
68
cPanel Access Level
Root Administrator
Hello,

I agrees with Cindu. If the domain uses the dedicated IP, then also all the domains will be using the IP which is specified in exim.conf and not the dedicated IP assigned to them.

If you wants to change the interface IP, it can be changed in the exim's conf file.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
12
313
Houston, TX
cPanel Access Level
Root Administrator
Hello,

I agrees with Cindu. If the domain uses the dedicated IP, then also all the domains will be using the IP which is specified in exim.conf and not the dedicated IP assigned to them.

If you wants to change the interface IP, it can be changed in the exim's conf file.
Your statement is inconsistent with the tested functionality of the setting "Automatically send outgoing mail from the account’s IP address instead of the main IP address. Warning: If you turn this setting on you should make sure reverse DNS entries match the ones in /etc/mail_reverse_dns"

If, when this setting is enabled, and reverse DNS entries match those in /etc/mail_reverse_dns, email is still being sent from the main IP address instead of that domain's email address, please consider it a bug and report it as such: http://go.cPanel.net/bugs
 

Sparrow-Sean

Member
Jul 15, 2008
9
0
51
Queanbeyan, Australia
Depends on where it is being blocked. We had one of ours blocked via Microsoft's Internal Monitor, took us 3 days to have it removed and it was quite annoying as customers could not send e-mails to specific locations.

Sometimes removing IP's are easy and other times they can take time and be ultimately a pain in the groin!

It really comes down to the cause and the service that has blocked your IP.

Changing into Dedicated IP's is not always the best option as the whole set could be blocked as well.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Ho do I change the main IP from which mail gets delivered, for everyone?
If you edit /etc/mailips file and put the following:

Code:
*: IP#
Where IP# is the IP you want to use for the emails to route. At that point, any domains on the machine will use that IP as the default gateway IP for mail provided you don't have any domains in /etc/mailips that have a dedicated IP and use it instead. You would probably want to enable these two options in WHM > Exim Configuration Editor so that the file doesn't get overwritten and does get used:

** Send HELO based on the domain name in /etc/mailhelo (*: HELONAME can be added to the file to change the default helo name)

** Send outgoing mail from the IP that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)
 

LinuxTechie

Well-Known Member
Jan 22, 2011
502
10
68
cPanel Access Level
Root Administrator
Your statement is inconsistent with the tested functionality of the setting "Automatically send outgoing mail from the account’s IP address instead of the main IP address. Warning: If you turn this setting on you should make sure reverse DNS entries match the ones in /etc/mail_reverse_dns"

If, when this setting is enabled, and reverse DNS entries match those in /etc/mail_reverse_dns, email is still being sent from the main IP address instead of that domain's email address, please consider it a bug and report it as such: http://go.cPanel.net/bugs
Hello Tristan,

I have never tried it. Let me have a try on it. Thanks for the info . Cheers!
 

NaveenKapur

Member
Mar 1, 2007
5
0
151
India
Ok, here is another post on Yahoo Mail Block and I am really looking for someone to help me.

--------------------------------------------------------
\"SMTP error from remote mail server after initial connection: host in32.mxauth.yahoo.com [202.86.5.24]: 421 4.7.1 [TS03] All messages from xxx.xxx.xxx.xxx will be permanently deferred; Retrying will NOT succeed.\"
--------------------------------------------------------
Sample Response from Yahoo!:
--------------------------------------------------------
\"Thank you for contacting Yahoo! Mail.

We cannot systematically exempt your mailings from our SpamGuard technology since the IP address of the server appears to be a shared domain mail host and have multiple clients sending email. We will maintain the current information in our database as it is configured.\"
--------------------------------------------------------
Unfortunately, if a server is shared between multiple users, Yahoo! has the right to defer mail from it on the basis that it is a shared server environment. This is affecting servers on multiple virtual hosting platforms in all datacenters. It is not a blacklisting issue.
--------------------------------------------------------------

This is a new Dedicated server and probably the Rdns was established a bit late. Before the propogation could occur many of the users were already sending mails to Yahoo for 2 days and by the time RDNs was established, the server IP was permanently blocked by yahoo.


Any solution to this would be helpful.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Ask your host for a new IP for the server and ensure it has the right rDNS entry to begin with, preferably an IP in a new C-block from what you have right now, then use that IP for mail. If Yahoo isn't going to un-blacklist it, that's the only recourse you would have.