Solved

Yahoo Returning 421 response

Posted on 2009-05-12
6
1,377 Views
Last Modified: 2013-11-30
Hi All,
I'm trying to get to the bottom of why emails sent from my mail server invariably (but not always) returns the following message:

MailEnable: Message delivery has been delayed.
Message is waiting at home for delivery to a.mx.mail.yahoo.com.
The message will be retried for another 30 hours.
Reason: Mail Server for yahoo.com could not accept your email at this time. MailEnable will keep trying to deliver this message and will notify you of any progress.

The remote mail server returned the error:
421 Message temporarily deferred - 4.16.51. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html

Needless to say I've contacted Yahoo several times with only automated responses.

I really need a solution as I have a client with a Yahoo address who receives email copies of form submission made from the site.

My mail server is running on a VPS at webfusion on the same server and IP as the main website.  I'm assuming that there is some configuration issue which is causing Yahoo to score my emails as spam.  I do not bulk mail or carry out any activity that might make Yahoo greylist my IP.  What I'm hoping for is some advice an a way to check the integrity of the mail servers set up to see if I can isolate Yahoo's problem with it.

So far I've done the followig:

1.  I've checked and the mail server IP does not appear on any spam blacklists

2.  Using information in a previos post I telnet'd the Yahoo mail records and I got a 250 OK response from the A record but a 421 response (as above) from the B record.  Perhaps this is why the issue is intermittent.

3.  If I run a DNS test using www.intodns.com it warns me that my name servers are running on the same IP as my domain and that both NS records point to the same IP, both of which are true.  Do you think this may cause Yahoo some problems?

4.  The reverse DNS lookup is wvps[my IP address].vps.webfusion.co.uk rather than "mail.[my domain]".  I'm assuming that this is a function of the VPS and controlled by webfusion so I may not be able to change it.  Do you think that Yahoo may have a problem with this?

5.  The only other issue listed by www.intodns.com is "Your SOA serial number is: 1237299768. That is NOT OK".  To be honest I've no idea of the purpose of an SOA record or why the serial number should be a problem.

The mail does usually (but not always) arrive at Yahoo and if it does is usually classified as Spam.

I'd be grateful for any suggestions on how to track this down.
0
Comment
Question by:TonyMK9
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:jar3817
ID: 24364007
"3.  If I run a DNS test using www.intodns.com it warns me that my name servers are running on the same IP as my domain and that both NS records point to the same IP, both of which are true.  Do you think this may cause Yahoo some problems?

4.  The reverse DNS lookup is wvps[my IP address].vps.webfusion.co.uk rather than "mail.[my domain]".  I'm assuming that this is a function of the VPS and controlled by webfusion so I may not be able to change it.  Do you think that Yahoo may have a problem with this?"

Those two things right there are definitely part of your problem.

#3 makes you look like a spammer. A ton of spam now is generated from zombie residential computers. They register a random domain, set both name servers to the IP of that zombie and have the name resolve to that IP also (sound familiar?). I don't know if Yahoo checks things like that, but if I saw that, I'd reject your mail too.

#4 you can't change, but generic looking dns also can contribute. Almost all hosting companies provide you with an email relay. You should be using that rather than sending mail out directly from your server. That way the mail looks like it's coming from the hosting company's relay which will be setup correctly with DNS like hostingrelay.isp.com. I'm not sure what software you're using, but hopefully you can set a smarthost or specifiy the SMTP to relay to.

A 4xx error is a tempfail, meaning the server didn't permanently reject you, do the messages eventually get accepted at yahoo, or does it keep tempfailing until if finally gives up days later?
0
 

Author Comment

by:TonyMK9
ID: 24364241
Thanks for the advice.

The reason I'm using a name server hosted on the same IP is because the domain name hosting company (fasthosts) reserve the subdomain "webmail" for their own webmail service.  But I can try switching back to the FastHost name server to see if it makes any difference to Yahoo.  If that's the case I could use an external service such as ZoneEdit for the future.

I'll check to see if webfusion offer a email relay but I haven't seen any mention of one.  With the Webfusion VPS you can set up any number of domains using a Plesk back end control panel each with it's own MX record.  The MX record does respond correctly with mail.[my domain].  

It's difficult to tell if all the mail gets through.  Generally it does seem to after a delay.  However at least once I sent an email to a Yahoo test account that I set up and it never arrived.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 24364283
If it does eventually get there, you're just being graylisted, and that isn't anything to worry about.

As for the NS issue, you can't run the only nameserver for a domain on 1 server. I'm actually VERY surprised your registrar allowed you to type in either just one NS record or have two of them pointing to the same IP. You really need at least 2 separate servers for DNS (ideally on separate networks).
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:TonyMK9
ID: 24368879
I've been running some tests today.  Having sent 5 test emails to a Yahoo acount two have still not arrived 6 hours later.  I've looked through the SMTP activity and debug files but it doesn't seem to offer any explanation for the delay other than to reiterate that it's been delayed.  Would it help to cut out the relevant parts ans post them here?

I tried changing the name server without any change the only thing left to try is altering the RDNS resolution.  However this is controlled by Webfusion who as of yet are unable to tell me how or even if I can set to to something more meaningful.  I could try sending emails via my domain hosts email service but this would mean paying an extra monthly charge for a service that should work on my own server.

Can you offer any futher advice?
0
 
LVL 26

Expert Comment

by:jar3817
ID: 24373746
Doesn't your hosting company provide you with an email relay to use? If so, try sending all your outgoing mail to that server to deliver.
0
 

Accepted Solution

by:
TonyMK9 earned 0 total points
ID: 24402958
OK, I think I've fixed it.

For the record I set up separate name servers and an SPF record neither of which made any difference. Webfusion support told me that they are unable to change the RDNS on a VPS.

However during my webtrawling I came across a resouce whereby you can send an email to check-auth@verifier.port25.com and they send back a very useful report analysing the email and the mail server that sent it.  Part of the report is a Spam Assasin score on the email.  In my case it classed the test email as spam with the following reference being the main cause:

3.7 HELO_LH_HOME           HELO_LH_HOME

3.7 is the score (above 5 is spam) the HELO_LH_HOME indicates that the server name is malformed.  On checking I found that Webfusion who provide my VPS system give their mail servers a generic name something like "VPS367883.home" which is not acceptable as it should be a proper domain.  After having changed the mail server name my Spam score dropped to 0.1 and I was able to send emails to my test account at Yahoo, some appear immediately wheras others can be delayed by 10 or 15 minutes.  I put this down to automated white listing which accumulates a spam score from previous emails which were classified as spam and should improve with time.

Thank you for your advice, I hope the infomation here will be of help to others.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now