Topic: Yahoo Recipient

[Kuripip]

Hi,

Im Having trouble lately with email being delayed for a day when sending and receiving from yahoo mail client. here is the log from qmail. other email domains are ok.

deferral: TLS_connect_failed:_timed_out;_connected_to_98.136.96.74./STARTTLS_proto=TLSv1.2;_cipher=(NONE);/

port 25 is open on my server

SME Server 9.2
ClamAV and db versions   
0.100.2/25755/Wed Mar 18 21:14:00 2020

[Kuripip]

here is a log from my qpsmtpd, but still unable to receive the mail from yahoo

020-04-28 22:14:30.598433500 21950 dispatching MAIL FROM:<xxxxx@yahoo.com>
2020-04-28 22:14:30.605434500 21950 (mail) resolvable_fromhost: pass, yahoo.com has MX at mta7.am0.yahoodns.net
2020-04-28 22:14:30.641201500 21950 (mail) sender_permitted_from: fail, tolerated, neutral, yahoo.com ... _spf.mail.yahoo.com: Domain does not state whether sender is authorized to use 'xxxxx@yahoo.com' in 'mfrom' identity (mechanism '?all' matched)
2020-04-28 22:14:30.641324500 21950 (mail) naughty: pass
2020-04-28 22:14:30.641652500 21950 250 <xxxxx@yahoo.com>, sender OK - how exciting to get mail from you!
2020-04-28 22:14:30.824959500 21950 dispatching RCPT TO:<john.dough@mydomain.com>
2020-04-28 22:14:30.825665500 21950 (rcpt) badrcptto: pass
2020-04-28 22:14:30.825759500 21950 (rcpt) check_goodrcptto: stripping '-' extensions
2020-04-28 22:14:30.826201500 21950 (rcpt) rcpt_ok: pass: mydomain.com in rcpthosts
2020-04-28 22:14:30.826303500 21950 250 <john.dough@mydomain.com>, recipient ok
2020-04-28 22:14:31.009608500 21950 dispatching DATA
2020-04-28 22:14:31.009871500 21950 354 go ahead

[mmccarn]

Can you connect to the yahoo mail server from your message manually?

When I run this command from my SME server at home it never connects:

Code: [Select]

openssl s_client -starttls smtp -tls1_2 -connect 98.136.96.74:25
socket: Connection timed out
connect:errno=110
When I run the same command from the commercial IP at the office it connects successfully:

Code: [Select]

openssl s_client -starttls smtp -tls1_2 -connect 98.136.96.74:25
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL RSA CA 2018
verify return:1
depth=0 CN = *.aicr.org
verify return:1
---
Certificate chain

...certificate removed...

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL RSA CA 2018

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 5267 bytes and written 545 bytes
Verification: OK
---
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 270707327A9E29F5ACBBC2EF9DF6ADE784226AE206D45BAB787F527AB2406F1D
    Session-ID-ctx:
    Master-Key: 73E65927A7107C9966D2C3E0FE73286F4F3E585297891BA32732E871A941FCA6DFA9BC9595AB67B2FB8680AF72498A56
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 200 (seconds)
    TLS session ticket:
    0000 - e7 e0 35 02 54 a9 2a c3-37 3e da 4f e6 c9 d7 7f   ..5.T.*.7>.O....
    0010 - f7 24 2a d6 21 e5 aa 68-64 9f b5 79 74 40 e9 ec   .$*.!..hd..yt@..
    0020 - 35 11 48 59 f7 ac 4d d2-53 52 57 93 2b ca 25 a9   5.HY..M.SRW.+.%.
    0030 - 30 c7 43 22 ab b3 41 58-d1 a1 eb 93 d0 13 03 dc   0.C"..AX........
    0040 - 9f 34 23 93 4b 9b de 9d-6c 0d 2e 37 9c 16 da c7   .4#.K...l..7....
    0050 - 8c cd 32 91 7b 59 ba 27-fa ed f7 c2 ca f1 92 35   ..2.{Y.'.......5
    0060 - fe c2 d7 92 6e 80 9d ec-ce 3c 6a f3 17 fc 43 ec   ....n....<j...C.
    0070 - 32 97 75 db 04 06 57 58-be 37 72 45 b7 ae 88 41   2.u...WX.7rE...A
    0080 - 35 b8 fc fe ed ee 48 d0-ea 0b 8d 45 6c ef c8 c1   5.....H....El...
    0090 - d5 d3 f4 b4 9b 59 41 a6-27 64 ca a2 02 9a 4d ba   .....YA.'d....M.

    Start Time: 1588161360
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
250 HELP
This is not that surprising since my ISP blocks outbound traffic on port 25 in order to coerce use of their smtp relay.

However, I get the same behavior when I switch the port from 25 to 587 (openssl s_client -starttls smtp -tls1_2 -connect 98.136.96.74:587), which means that yahoo may be blocking connections from my home IP because it is a home ip.

I *can* connect to my office SMTP server using port 587 - so that port is not being blocked by my ISP.


[edit]
* I removed my office server's certificate details


also, I found links for help with email issues related to yahoo:

Yahoo "Bulk email industry standards and best practices"
* always use DKIM
* make sure you have a PTR record that does not look like a residential IP

Yahoo "Email a specialist"
* Send an email to yahoo support asking why your server is having problems.

And I found this page claiming that Yahoo restricts you to 100 emails or recipients per hour:
http://emailaddressmanager.com/tips/email-address-limit.html

[Kuripip]

@mmccarn

Im able to connect my server,

[root@mail ~]# openssl s_client -starttls smtp -tls1_2 -connect 98.136.96.74:25
CONNECTED(00000003)

the yahoo recipient receives email after 12 hours or so.