RE: contact at yahoo mail? (they think we're an open relay :< )

Its a very confusing page to read, we are listed as 127.0.0.2 and
that is NERD-CA.

The other entries like:

ARIXDICTSTALE Sender has a history of dictionary spamming:
stale.dict.rbl.arix.com -> 127.0.0.1

I think indicate what that RBL is for and what the value indicates,
we are NOT in there:

host smtp.easydns.comstale.dict.rbl.arix.com

and the txt record looks like a wildcard for all of the lists.

In fact, several of the people who emailed me off list saying
"you're in no-more-funn" were ALSO listed in "no-more-funn"
in the same manner.

So that, combined with the number of "same here" posts wrt yahoo
lead me to believe that that's not the reason.

-mark

I have seen yahoo block based on excessive mail sent to non-existent addresses. If you are bouncing mail with a return-path set to yahoo, that can be a problem.

Thus spake Kee Hinckley (nazgul@somewhere.com) [09/10/03 22:30]:

I have seen yahoo block based on excessive mail sent to non-existent
addresses. If you are bouncing mail with a return-path set to yahoo,
that can be a problem.

Out of curiousity, can those who have had their mail blocked by Yahoo!
report back on their abuse complaints lately? What I'm looking for is
either an increased volume of complaints, or a certain volume of complaints
that the end user has seemingly been infected by a trojan of some sort.

Please keep replies off-list.

I've received an email offlist that this problem should be back to
"pre-yesterday" conditions. It looks better on our end, as it should for
all else affected I would think.

Thanks to all who replied, compared notes and emailed offlist with
suggestions or ideas.

-mark

Mark Jeftovic [10/10/03 08:33 -0400]:

I've received an email offlist that this problem should be back to
"pre-yesterday" conditions. It looks better on our end, as it should for
all else affected I would think.

Our problem looks considerably larger than pre yesterday conditions now :frowning:

I'd appreciate a contact there if you have one.

As would I.

They are blocking only the server where we put undergraduate accounts,
over 60% of which have forwarding set, most frequently to Hotmail, Yahoo
and AOL accounts. When the spam volume coming in here gets too high, our
server *appears* to be an open relay (which it is not).

The bounced messages contain a pointer to a web page which claims they
only block after running a relay test on the suspect IP, this being done
"after that IP address has been identified as source of significant suspicious
inbound traffic".

I'm wondering it they aren't bothering with the test anymore.

AOL did the same thing to us about ago. It took several days to
get that resolved.

- SLS

In a message written on Fri, Oct 10, 2003 at 11:59:56AM -0400, Scott Stursa wrote:

They are blocking only the server where we put undergraduate accounts,
over 60% of which have forwarding set, most frequently to Hotmail, Yahoo
and AOL accounts. When the spam volume coming in here gets too high, our
server *appears* to be an open relay (which it is not).

This happens to my server a couple of times a week, but I've noticed
a slightly different pattern.

I also run a mail forwarding service. What I notice is Yahoo seems
to delete a few accounts (not sure if this is an inactive deletion,
suspension, user closing, or what, all I know is it delivers right
before, and then gets "user unknown" right after). About 10-30
minutes later, typically from a few spams to the user-unknown
addresses, the server gets blocked with "too many attempts to unknown
addresses".

Now, here's the problem, it now returns that for every yahoo e-mail.
So all the other people with forwards break, and more importantly
there is _NO_ way to tell what userid's are valid or not, short of
going back through the logs and finding the 10-30 minute window
where you got user unknown. It can be a large amount of work. It also
of course backs up mail queues since they are returning temporary
errors for everything.

I have never had a similar problem with AOL or hotmail.

I submitted requests for help via their web form and they were just
ignored.