Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server? 405
New submitter hawkbug writes For the past 15 years, I have hosted my own email server at home and it's been pretty painless. I had always used a local Denver ISP on a single static IP. Approximately two years ago, I switched to a faster connection, which now is hosted on Comcast. They provide me 5 static IPs and much faster speeds. It's a business connection with no ports blocked, etc. It has been mostly fine these last two years, with the occasional outage due to typical Comcast issues. About two weeks ago, I came across a serious issue. The following email services started rejecting all email from my server: Hotmail, Yahoo, and Gmail. I checked, and my IP is not on any real time blacklists for spammers, and I don't have any security issues. My mail server is not set as an open relay, and I use SPF records and pass all SPF tests. It appears that all three of those major email services started rejecting email from me based on a single condition: Comcast. I can understand the desire to limit spam — but here is the big problem: I have no way to combat this. With Gmail, I can instruct users to flag my emails as "not spam" because the emails actually go through, but simply end up in the spam folder. Yahoo and Hotmail on the other hand, just flat out reject the traffic at lower level. They send rejection notices back to my server that contain "tips" on how to make sure I'm not an open relay, causing spam, etc. Since I am not doing any of those things, I would expect some sort of option to have my IP whitelisted or verified. However, I can not find a single option to do so. The part that bugs me is that this happened two weeks ago with multiple major email services. Obviously, they are getting anti-spam policies from a central location of some kind. I don't know where. If I did, I could possibly go after the source and try to get my IP whitelisted. When I ask my other tech friends what they would do, they simply suggest changing ISPs. Nobody likes Comcast, but I don't have a choice here. I'm two years into a three-year contract. So, moving is not an option. Is there anything I can do to remedy this situation?
Call Comcast? (Score:5, Insightful)
It's a business account, you should have a business support line.
Re:Call Comcast? (Score:4, Interesting)
And say what exactly? They are not the problem. It's the other email providers blocking me simply because I'm on a Comcast IP.
Re:Call Comcast? (Score:4, Insightful)
There's likely someone else on a nearby IP address with a misbehaving mail server, and your IP address is collateral damage. While they might not be able to fix your problem, the reputation of the IP addresses that they hand out is at least partially your ISP's responsibility.
Re:Call Comcast? (Score:4, Informative)
Unfortunately this is not the case. I tracked it down. The anti spam service blocks all cable company ip address blocks by default.
No, they don't. I send e-mail just fine through a cable company IP address. You have to make sure you're not on a residential IP block, and that you request removals from lists like Spamhaus PBL.
Re: (Score:3)
I have verified. I am not on any RBLs as I mentioned in my original question. As for whether or not my IP range is residential, I was told when I signed up that it was not. However, I have no way that I know of to verify that.
Re: (Score:3)
The reason why big email providers would be blocking business IP ranges from big ISPs like Comcast as well as residential is probably because they have seen too many people with a "Comcast Business Grade" connection, and no knowledge of whats going on get infected with the same spam-bots as residential connections.
Re:Call Comcast? (Score:4, Informative)
I'm using Comcast Business with 5 static IPs like yourself, I also run my own email services like you. I just sent an email to my gmail account from my domain and it was passed through cleanly, not spam filtered.
Your IP is likely blacklisted somewhere, that you are flagged in multiple providers says you're on a list somewhere whether that's an RBL (there are literally hundreds of RBLs) or one of the others or you have a configuration issue that is triggering the flag. What have you changed recently or applied security updates to? I had an update at one point that toggled a configuration overwrite and took ages to find because I didn't think the configuration had changed.
Re:Call Comcast? (Score:4, Interesting)
One thing I forgot to mention, in reading the other replies people are claiming that google at least requires DKIM in that they reject all mail without a valid DKIM. My server is setup to use both SPF and DKIM and I'm not having problems.
Re: (Score:3)
Re: (Score:3)
This is big.
Even if they don't let you set it, you need to make sure it's not pointing at their dynamic residential DNS pool.
Re:Call Comcast? (Score:5, Insightful)
Their IP is their management problem. If they were on a spam blocklist, you'd expect to move to another.
You tell them if you can't send mail from your business account, it's pointless having it.
Then you terminate the contract because it's now useless and the conditions you can use it under have changed - you can NO LONGER SEND EMAIL.
Then it's in their court. They can either fix it, or let you out of the contract. If they do neither, you terminate the contract and let them chase you.
First step is to collect data. (Score:5, Insightful)
He's having problems with 3 services.
1. GMAIL - messages accepted but marked as spam.
2. YAHOO - messages rejected (what do the logs say?)
3. HOTMAIL - messages rejected (what do the logs say?)
So the first step is to look at the logs and see if the rejection message has any information in it. Do the rejection messages at YAHOO and HOTMAIL have the same code?
The next step is to check with a service like http://www.dnsgoodies.com/ [dnsgoodies.com] to make sure that Comcast has configured their side correctly. The reverse DNS should point to your domain. You DO have a domain, right?
The more information you have before you contact Comcast, the better. Because the first 2 levels won't know anything about anything. They will be reading off of a script.
Re: (Score:2)
messages rejected (what do the logs say?)
Hypothetical: Let's just suppose for a moment that the logs say "Connection refused" or "Connection timed out". This would mean that an MTA on Comcast can't even connect to port 25. (MUAs are instead supposed to connect on the MSA port, port 587.) What's the next step to troubleshoot after that?
Re: (Score:3)
The code is what matters. Here's a site with a bit more info:
http://tools.ietf.org/html/rfc3463 [ietf.org]
If HOTMAIL is rejecting with one code but YAHOO is rejecting with a different code then there may be THREE issues for him to deal with.
And since he is running a server he will most likely be using port 25. Encryption may change that. But for initial testing purposes he should skip encryption for HOTMAIL and YAHOO until he can determine why his messages are being rejected.
Re:First step is to collect data. (Score:4, Informative)
Thanks for the reply, I appreciate it. To answer your questions:
1) Yes, I have a domain. The reverse DNS is correct and I have SPF records for the domain. Also, I'm not running an open relay and my mail server and IP address are not on any RBLs.
2) Each mail service I listed above provides different results. First, Google doesn't send me an email back notifying of an issue. They simply dump the email into the spam folder of whomever I email. Yahoo spits out several messages:
Deferred: 421 4.7.1 [TS03] All messages from XXX.XXX.XXX.XXX will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/42... [yahoo.com]
Deferred: 421 4.7.0 [TS01] Messages from XXX.XXX.XXX.XXX temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/42... [yahoo.com]
Hotmail spits back this message:
Deferred: 421 RP-001 (BAY004-MC5F24) Unfortunately, some messages from XXX.XXX.XXX.XXX weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/trou... [live.com].
Re:First step is to collect data. (Score:5, Insightful)
That seems to indicate that at least one of your recipients at YAHOO is actively flagging your messages as spam. Maybe they have incorrectly written a rule that is doing so.
And that one seems to be saying that your IP address is sending too many messages.
How many messages per day are you sending?
Re: (Score:3, Interesting)
Re:First step is to collect data. (Score:4, Informative)
They are similar messages from two different services. It is very unlikely that they are both claiming the same problem ... incorrectly.
You've had those IP addresses for 2 years without problems so it probably is not a pre-existing issue with the IP addresses.
Do you have a firewall that you can configure to monitor outbound port 25 attempts from your network? Or do you know how to use a sniffer such as Wireshark to do so?
Or can you move your email server to one of the other IP addresses you have? And see if it is still blocked?
Right now it is looking like the problem is on your network. Not Comcast and not GMAIL or YAHOO or HOTMAIL. I might be wrong. But if it were me, I'd test my network first. Otherwise, even if you do get through to YAHOO or HOTMAIL they'll look at the logs and say the same thing.
Re: (Score:3)
Yes, before I brought this question to Slashdot, I did my homework first. I've scoured logs, check RBLs, used wireshark, etc. It's definitely not a misconfiguration on my end or an issue with complaints resulting from spam. The traffic coming from my server is so ridiculously small, that I was shocked to begin getting messages like these from those email providers.
The only conclusion that I can draw is that these major providers all use the same dynamic, or what they interpret as dynamic anyhow, IP lists an
Re:First step is to collect data. (Score:5, Informative)
Not your server.
Your network.
Monitor the traffic going into or out-of your cable modem to see what is happening on outbound port 25 for that IP address. Do this for 24 hours.
Move your mail server to a different IP address if that is possible. You have 5 addresses, right?
The rejection messages are saying that YAHOO and HOTMAIL are seeing too many messages from your specific IP address.
GMAIL is accepting the messages but flagging them as spam.
It is extremely unlikely that three competing services are all using the same SMTP-blacklist (that they refuse to identify) to reject messages.
Re: (Score:3)
the part that I have an issue with is that I have no recourse to have my IP reevaluated.
Ah, you just came here to bitch about it because you are helpless. That's why you are rejecting all the help offered.
Re: (Score:3)
Yes, I have 5 IPs. It's a pain, but yes, I can try one of the others. In regards to the cable modem - it's set up in a manner that the single outgoing IP for my mail server is directly linked to it. So, when I say I ran wireshark on the traffic, I did so for that IP. It is the only machine on the network that uses that IP. The results were well within what I expected for email traffic. Most of the traffic is incoming spam, and the only outgoing messages are being sent by valid users - and not many of them a
Re: (Score:3)
ON A WIRED WORKSTATION ON THAT NETWORK, go to http://www.whatismyip.com/ [whatismyip.com] and see if the IP address it reports ends in .157.
ON A WIRELESS DEVICE ON THAT NETWORK, do the same.
This will tell you whether a machine on your network may be sending spam from the same address as your email server.
Re: (Score:3)
Re: (Score:3)
Exactly. I would love to know what centralized IP blacklist that those 3 providers use.
Re: (Score:3)
Re: (Score:3)
Gmail at least doesn't use blacklists. They have custom spam filtering built off their huge position in email.
Re: (Score:3)
Yes, it requires authentication. It is definitely not an open relay or being used for spam, even by a legitimate user who may have had their password hacked or something.
Re: (Score:2, Interesting)
Same issue... just relayed all outgoing mail (Score:5, Informative)
I have had the same problem, and this is regardless of providers. Lists of dynamic IP ranges (be it cable, DSL, or other providers) wind up on DUL (dial-up lists), and those are often part of blackhole lists. Since most botnet clients are from DUL-based IPs, E-mail providers just block those as a matter of course.
What I did was have my private E-mail server use the SMTP server of my ISP for relaying. Problem fixed. However, if you don't have a SMTP server available that allows for different domains, there are commercial services which can relay your outgoing E-mail, which provides "legitimacy" to your messages.
The exception were direct Exchange connectors. Those were established from Exchange server to Exchange server, so mail would go directly via a secure pipe, and not be relayed.
Re:Same issue... just relayed all outgoing mail (Score:5, Insightful)
Ditto! I had the same issue and solved it the same way. Comcast has an SMTP relay that will blanket allow all internal ip's. I simply pointed mine to there smtp relay and it was allowed.
Re:Same issue... just relayed all outgoing mail (Score:4, Informative)
You can't use that on a Comcast Business account (or at least my Comcast Business account couldn't). After 4 phone calls, they finally confirmed that their mail server won't send mail for anyone else's domain. Ie, if you own example.com, Comcast's server won't relay mail for foo@example.com only for foo@comcast.net.
Now.... My information is about 7 months old so maybe they changed this without telling anyone? If your information is newer I should probably revisit my mail configuration.
Meantime, I just tried from my domain (email server sends directly from a Comcast Business IP) and had no problems sending to Yahoo Mail so they aren't blocking *ALL* Comcast Business IP's. I also have (hopefully) correct reverse DNS on my email server and SPF records in my DNS.
Re: (Score:3)
A Comcast residential account can be used to send emails through Comcast's servers with any "from" address (using my Comcast login and smtp auth). I just tried this and it worked. I suggest that you try it with your business account.
Re:Same issue... just relayed all outgoing mail (Score:4, Informative)
Re: (Score:2)
They are likely to use some kind of block list service. So if you can find out which service that they are using you can get on.
There is also a possibility that Comcast do a "man in the middle" intervention on your mail traffic that you aren't aware of yet. Check the IP addresses that can be involved, and if you have account on servers elsewhere it might help.
But often whole net blocks are marked as dynamic addresses in anti-spam services even though they aren't.
Comment removed (Score:5, Informative)
Re: (Score:2)
And say, exactly, "Hi, I have a business account. I can't email my customers who use Yahoo, Hotmail, and Gmail, apparently because those providers are blocking mail originating within Comcast's IP space. This needs to be fixed or your business account is worthless to me and I'll consider it a breach of contract." Work with them. The answer might be to move you to a different block of IP addresses. Or, it might be to forward mail through their servers. There is undoubtedly a solution.
Also, talk to Yahoo, H
Re: (Score:3)
Also, talk to Yahoo, Hotmail, and Gmail about being blocked.
For the first time every I'm going to use this expression....
ROTFLMAO
Unless you have some kind of super squirrel secret agent phone number, or your company is worth billions, please explain how to call any of these companies and actually talk to somebody that can _accurately_ answer your questions and just as importantly has the power to make a change.
Re: (Score:3)
Re: (Score:2)
They are not the problem. It's the other email providers blocking me simply because I'm on a Comcast IP.
Most businesses would be interested and willing to advocate for their customers. Particularly in a situation that's unlikely to be isolated to a single customer's account. Comcast's bureaucracy may obscure their interest in helping their customer get this issue resolved, but there is certainly business value to Comcast in a resolution that favors the customer being able to continue operating their mail server via their Comcast connection.
Re: (Score:2)
Do you have a PTR record set with them? If you don't this kind of block is common. Make sure you get one established right away.
They've been screwing me too. (Score:2)
Smarthosts, how do they work? (Score:2)
I used gmail as my smarthost when I had Verizon FiOS
Something like:
https://alimanfoo.wordpress.co... [wordpress.com]
(generate a dedicated gmail password for this instead of using your "main" one)
Re: (Score:2)
Host your email somewhere else (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
I had the same problem and solution. I went with google apps to host my domain. Painless, great spam filtering, and integrates with other google services like the Android play store, G+ and hangouts.
Ditto, though I did it when it was free. It's not any more, and depending on how many users you have on your domain (I've got around 30), it can get quite expensive.
Re: (Score:2)
Me too, except Charter and not free.
I miss the good old days of hosting my domain, but I don't miss configuring sendmail.
tl;dr (Score:3)
call Comcast, it sounds like it's a "their problem" problem.
Re:tl;dr (Score:5, Funny)
The Comcast phone slaves won't have a page on their script to fix his problem. Might I suggest pulling the power plug from the router and rebooting the PC, though.
I use a virtual host as an MX relay.. (Score:3)
When the entire RoadRunner residential IP spaces were blocked, I just got a virtual server (now a Linode) and simply run that as my MX. Helps on inbound mail as well for any times my home connection goes down.. it'll queue up there. I use trusted certs for relaying from home and send mail via authenticated SMTP (TLS required) for mobile devices, via the same virtual host avoiding issues with connectivity to home (which was rare, but now I don't have to worry). I also have the connections between the VM and home box use a port other than 25 to avoid any blocking of port 25 by my ISP (which, for San Diego at least, hasn't happened in years).
It comes down to $20 a month for the size of vm I got (I also started using it for a few other things too). I also do my greylisting and other anti-spam measure there before it even tries to deliver to my server at home.
Re: (Score:2)
I use a mail forwarding service so the mail seems to come from them rather than me. Nicely gets around the problem of dynamic IPs being banned by a lot of mail servers for inbound traffic.
Probably tagged as DHCP (Score:3)
I'm guessing that even though you have static IPs Comcast has tagged the /24 (or higher) as DHCP. Most providers are now blocking consumer/business DHCP IP classes.
Re: (Score:2)
is there an easy way to check if the static ip one has is flagged as static`or dynamic?
Re: (Score:2)
Re: (Score:2)
^^ this.
Your likely options are:
1) relay all of your email through Comcast's SMTP gateway (this is what I do w/ TWC)
2) host your mail server elsewhere (extra $$/mo)
VPS (Score:2)
http://lowendbox.com/ [lowendbox.com]
should be able to find something cost effective that will resolve your issue.
SmartHost Setting (Score:2, Informative)
Set Comcast's mail server as your outgoing smart relay in your MTA's config. The other mail systems will accept your mail if it comes through Comcast's server.
Mandrill (Score:3)
Use Mandrill [mandrill.com] as a mail relay.
I'd reject your email too. (Score:2)
My mail server is set to reject anything without a FQDN (a fully qualified domain name). Do you have one of those?
You've set up SPF, but have you set up DKIM? If not, do so. DMARC too while you're at it.
Re: (Score:2)
Fully Qualified Domain Name.
A lot of people leave their servers with default hostname and that is usually going to cause issues with mail if you don't manually configure it.
Google Apps for Business? (Score:2)
Re: (Score:2)
Unkind people might say that Google is holding his mail hostage until he pays up and gets an account with them. Unkind people might regard this as evil.
Network neutrality demands that things work, without having to pay for extra services that should not be needed, or jumping through hoops.
Use a Relay (Score:2)
Route through comcast's mail servers. (Score:2)
Try having your mail server send all mail to the comcast mail server for delivery instead of trying to send it directly. That's what you usually have to do if they block the port, may try it without the block anyway.
Speaking as a Comcast victim (Score:2)
I too am a Comcast victim, business class, and I have a mail server on their static IPs. This has been the case for years and while I have seen occasional blocking during inter-company spats, nothing blaket like you are seeing. It could just be the range you are on or it could be something else. What I am trying to say is that it is not those big three blanket blocking Comcast IPs.
I would see if Comcast can give you another set of statics in another range. That may help.
Use a relay. (Score:2, Insightful)
Stop trying to "fix" comcast. You can't. Find a provider that will act as a relay, which may even be Comcast. Then setup your mail server to relay the mail through that provider.
You can fix this problem in less than half a day.
Have you tried spamhaus? (Score:2)
Check here:
http://www.spamhaus.org/pbl/ [spamhaus.org]
I've operated my own mail server on a VPS for years. Rackspace voluntarily lists their IP spaces to prevent spammers from just buying a vps for a few hrs, sending out spam and then trashing it. Occasionally I need to remove my IP from the blacklist.
Get rid of your home datacenter (Score:2)
Then the price of virtual private servers became so cheap, I couldn't rationally keep hosting stuff out of my house.
Check my sig. Five bucks a month for a 512mb linux server with 150gb of storage and 2TB of bandwidth a month. You'r
Not so fast (Score:2)
Before you say such things, you might want to look up the legal morass surrounging mail servers under your direct control and those not. Start with Megaupload and then follow links to the less public ones. There are DAMN good reason to keep your mail server on premises be it home or business, if you don't understand why you might want to educate yourself before giving advice.
-Charlie
Re: (Score:2)
There are DAMN good reason to keep your mail server on premises be it home or business, if you don't understand why you might want to educate yourself before giving advice.
Correct. Get a $0.99/mo VPS, set up OpenVPN, and relay out over that connection.
VPN to VPS (Score:3)
I would get a VPS somewhere (e.g. linode) and install OpenVPN on it. Then VPN between there and your local machine, set up your incoming and outgoing connections to route through there, and update your DNS to point to the VPS. Net effect: you're still on Comcast, but the world sees you as being in some datacenter.
Smarthost setup (Score:2)
I'm in the same boat and I've found that just sending all of my domain's email through Comcast's servers works well enough. I hate doing this on principle, but it has saved me so much hassle that it's not worth fighting.
Depending on your MTA, the configuration will be different, but the arrangement is generally referred to a using a Smart Host [wikipedia.org]. Basically, your MTA directly connects to the ISP's SMTP server and sends the mail from there. Comcast requires authentication to use their servers, but they don't do
Testing and config verification (Score:5, Informative)
1. Do you have a PTR/reverse DNS record set up? This has to be done by your ISP, and is not something that you generally do on your own. You generally want it to match the host name for your mail server, but it doesn't have to be a match (but it does look better). Be sure to have an A record for that hostname as well.
2. Are your MX records pointing to hostnames and not an IP address? Again, you probably are, but we are covering basics here.
3. Have you checked to see if you are on any blacklists? mxtoolbox.com and dnsstuff.com have some very good tools for checking these things. If you are on one, they often have pretty good instructions on how/why you are listed and what you need to do to get off of it.
FYI backscatterererererererererer is generally a pain to deal with, good luck if you have to deal with them, you will need it.
4. Are you(or any other users) forwarding any email to external mail services? We (unfortunately) have several of our clients who are forwarding email from their custom domain name to a yahoo/hotmail/aol (yes, it still exists) email account. The problem with this, is that when they get spam (that they signed up for, like newsletters and bargain alerts), and they forwards to their external account, it looks like our mail server is the one sending the spam, so we get the black mark.
5. This is the tough one.. are you absolutely sure you are not sending spam? You may need to go so far as to slap a sniffer on your network and see if you are sending out any other email. You may be infected with a virus, or you have an account with compromised credentials that are sending out email.
6. Are you running SSL/TLS (even though SSL 3 and TLS 1.0 are now dead) with a real (non self signed SSL cert) on your server? SSL certs can be gotten very cheap, $10 year, or possibly even cheaper. They are a minor pain to set up as they need intermediary certs set up, but helps to define that you are a legitimate email sender, rather than a PC with a virus.
You may be all of these steps, especially if you have been running your own mail sever for 15 years, but I posted these suggestions in the hopes that it may jar something loose.
Good Luck
Re: (Score:3)
I bet the answer for 1) and 2) is NO
3) is what maybe prompted to get SPF
4) inevitable but won't force a block on your IP unless it's 1000's of mails daily
5) you have to protect yourself against password guessing and installing outbound antispam/antivirus for your own mails. it's 2014 ffs.
6) probably it's a NO, or MAYBE for a self signed certificate.
Yikes, we could fix the submiter's server for a fee.
Re:Testing and config verification (Score:4, Informative)
You guys crack me up. To answer the questions:
1) Absolutely. The first thing I did when I moved to this net block on comcast is have them create my associated pointer records, so reverse DNS is correct.
2) Yes, MX records are correct.
3) I've checked every blacklist using sites like mentioned above. My IP does not exist on a single one.
4) No forwarding.
5) Yes, I monitor my network traffic in various ways - and no, I am not sending spam. If I was, it would be a matter of hours before I would show up on an RBL anyway, which I'm not on.
6) Absolutely. I have paid for a cert that matches my domain. It's not self signed.
I think some others have brought up some things that I'm not doing:
1) DKIM. I've read about this, but I didn't realize a lot of people were using it yet. Sounds like they are and that I'm behind the curve here.
2) DMARC. Same here. I've read about it, but not using it yet.
I'm also using SPF.
Re: (Score:3)
Owwww CMON!
"3) I've checked every blacklist using sites like mentioned above. My IP does not exist on a single one."
REALLY??? Senderbase it's just a basic check, if your are talking about the email you use on your slashdot profile:
http://www.senderbase.org/lookup/?search_string=23.31.69.157
Whooha:
"IP Address 23.31.69.126 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2014-11-05 04:00 GMT (+/- 30 minutes), approximately 9
Consumer IP ranges (Score:2)
When your server is running on a comcast owned ip block, and the block is used to assign dynamic ips, then your IP is -to everybody else in the internet- dynamic. Even if comcast is giving those dynamic ips statically to you.
Those 3 big name companies and almost every sysadmin who is tired of spam has been blocking dynamic ip ranges for years.
You don't need slashdot for this, you can figure out the problem and the solution just searching google in 5 minutes: rent a dedicated server
Re: (Score:2)
does comcast business let you control/change/update your reverse DNS for your fixed IPs?
I've been running servers in south america for 15 years. Local network blocks have been pretty abused by spammers. I know there are professional spammers close to my ips (same subnet plus 1 or 2) and never had my server denied by yahoo, gmail or hotmail.
What's our secret then?
DKIM, DMARC, SPF, good reputation, reverse DNS matching our server name, SSL for outbound smtp, antispam and antivirus for outbound mail.
For those
Blacklist (Score:2)
Relay Host (Score:2)
My Domain Registrar provides SMTP relaying (TLS & authentication required), so I can configure my MTA to use that as its "smarthost" to get around this particular problem.
Very common, tweak your SPF record (Score:2)
domain.com. IN TXT "v=spf1 +a +mx +ip4:x.x.x.x +ipv6:x:x::x:x/128 -all"
mailer.domain.com. IN TXT "v=spf1 ip4:x.x.x.x a:mailer.domain.com ipv6:x:x::x:x/128 -all"
Relay to upstream provider (Score:2)
OK, I had a very similar setup with AT&T ADSL some years ago, and basically I had the same problem, most other SMTP hosts were bouncing my emails and/or flat refusing to even communicate with my server.
In my case, the solution was to relay all my email through my internet provider's SMTP, authenticating with my ADSL login. Once I handed off all my email to the upstream SMTP, things worked perfectly.
Most customer assigned IP's are pretty much blocked out from relaying any email these days. If I were in
Check for backscatter (Score:2)
Re: (Score:2)
Act like a business, not a consumer.... (Score:2)
Make this Comcast's problem, as if things are as you describe, it obviously is. DEMAND (politely, through your business support channels) that they resolve it, and demand a resolution deadline. If they do not meet it, terminate (or threaten to) the service.
In the mean time, I suggest you investigate VPN services which support static IPs on their end. Use comcast as your last mile connection if you must, but poke out on the Internet somewhere more fri
I have had emails rejected by hotmail (Score:2)
Hello,
I am in a data center and I had email rejected by hotmail for no reasons (not on any rbl blacklist etc.). I solved it by masquerading outgoing mail for hotmail on another IP on a different subnet I own on my datacenter connection. I would try this first. You can also try to contact hotmail so they whitelist your IPs.
If your 5 IPs are on the same subnet and blacklisted by hotmail, I don't see any other solutions than routing your mail through an intermediate mail server. Have you tried relaying it thro
Third party smarthost (Score:2)
I subscribe to a service called Dyn Standard SMTP. My home email machine uses this as its smarthost, and all outgoing mail passes through Dyn's server before going out to the internet at large. Problem solved.
I'm sure other hosting companies will offer a similar service.
Professional Mass Emailer (Score:3)
At the company I work at, I run several large high volume mass mailing servers that send million of messages a month (50 million last month). Here is what I recommend you do:
1) Get forward and reverse DNS setup and most importantly, the forward and reverse DNS information must match.
2) Set up and use DKIM for all outbound traffic.
3) Have the SPF information in your DNS records. Don't put your block of IP's in SPF record, just the one IP that you use for sending email. Make sure there is a "-all" in the records so that it makes it clear that all other email claiming to be you is discarded by other server.
4) You will need to setup Feed Back Loops and proper SWIP (If possible) contact information. You will need to go to the big 10 ISP's and submit the FBL information to them and get put on their White Lists. Don't lie to them, just tell them your personal email server that is having issues sending mail to them and you want to get on their White List. FBL's are usually for people who send high volumes of mail, include Newsletters and some "spammy" mail, but I find it helps regular mail servers if you set up FBL information.
Aren't Yahoo and Hotmail the same thing? (Score:2)
I know Yahoo and Bing use the same data for search. Stands to reason they'd share technical data and policies for other services too.
Comcast Business User With Own Mail Servers Here (Score:5, Interesting)
Greetings.
I have a Comcast Xfiniti Business line, 5 static IP addresses, etc. It sounds like our mutual set ups are equivalent. I've been running my email servers in my own domains since 1998, through some gone ISP, PacBell/AT&T, and Comcast without issues.
Contact the Comcast business line. Have your actual account ready -- you can get that from the Comcast Business web page for your account. Those numbers changed in the last 12 months to a shorter, simpler format. Request technical support and discuss the issue.
One thing that you MUST do if you want to run your own email: request that Comcast set reverse DNS to point at your servers for the non-authoritative request. A reverse DNS request to your IP address must return the name you use for your primary (and secondary, and so on) MX records. If that's set up, then you've solved 90% of the issues with Gmail and Yahoo!.
As far as Hotmail: they've been rejecting my email unless users white list my address(es) in their individual accounts. This has happened since Microsoft bought them. No way around that, and no appeals; every time I tried to contact them I might as well have sent the emails/requests through a black hole.
Source: 8+ years with Comcast Business, and I moved to a new location (with new IP addresses and new routers) 12 days ago. It took them 10 minutes to set the rDNS and propagate. Within an hour it was resolving fine and any lagging email issues were resolved (36 hours of some undelivered messages).
Google my name "Eugene Ciurana" and ping me through my contact page if you want some assistance with your set up and/or other tips w/dealing with Comcast. I've been a very happy customer with them (they fixed my lines, including physical cable modem replacement due to physical failure, while I was out of the country last January and coordinating with someone who could open the door to them and so on), and in general found that, if you explain what you need and why, their tech guys do work with you to solve issues. The key is understanding that *you* may know more about networking/server set up than their tech guys, so if you aren't specific about what you want they may not grok what you need.
Dear admins: WTF is a lameness filter? What is it filtering? I couldn't offer complete information to this guy because of the Comcast support number and/or IP addresses I listed. With my Karma level and the number of years I've been around, your system ought to be configured to let stuff through w/o issue. Look at my user ID. Thanks.
Cheers!
Comment removed (Score:3)
Re: (Score:2)
No, it doesn't sound like that if you actually read their post.
With Gmail, I can instruct users to flag my emails as "not spam" because the emails actually go through, but simply end up in the spam folder.
Yahoo and Hotmail on the other hand, just flat out reject the traffic at lower level. They send rejection notices back to my server that contain "tips" on how to make sure I'm not an open relay, causing spam, etc.
Reading comprehension FTW.
Re: (Score:2)
Re: (Score:2)
I agree with your comment about data privacy, but what do you mean by flexible mail aliases? I have about a dozen email aliases linked to each email address on Google Apps Premier/Business, they all seem to work just fine. The filtering and dot notation also seem to work well.
Re: (Score:2)
So I take it you are not in favor of net neutrality?
Ok with things costing more simply because corporations fear no consequences for their actions?
Re: (Score:3)
If possible, I'd definitely host E-mail myself if I were running something bigger than a SOHO where hosted Exchange is my best bet.
First, I keep physical control of my Exchange mailboxes. Mail might be intercepted, but internal users that send and receive at the same domain are not going to be at the mercy of some nosy (or hacked) provider.
Second, I know how redundant and secure my E-mail system is. Ideally, I have an edge instance of Exchange for incoming stuff, which gets scanned and then passed to the
Re: (Score:3)
Yeah fuck that. I can host my own mail just fine, thanks. Google owns enough of the world.
Re: (Score:2)
Re: (Score:2)
Google blocks guys from you to get you to switch to Google Apps. They make money parsing your emails and showing advertising content. Then they make money again if you're one of those poor suckers who pays full price for Google Apps.