So we have hundreds of shared and dedicated cPanel servers that use the same domain for the base hostname i.e. server.validns.com, server2.validns.com etc.
We started to get complaints from users across multiple servers that yahoo mail was being rejected with: SMTP error from remote mail server after end of data: 554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120] This is happening across many servers on different IPs regardless of the sending domain, dkim/spf etc. It's basically happening to anyone sending mail to @yahoo.com on any server that is using the validns.com. We have multiple other servers on different base hostnames on the same IP block that don't seem to be affected. So I did some looking in to this and eventually I found a complaint about a phishing attempt on our hostname coming from serverX.validns.com. A clients site got hacked and phishing scripts uploaded to it and they were being called using the server hostname i.e. serverX.validns.com/~cpaneluser/hack -- this somehow led to the entire validns.com being listed on SURBL multi. I have no idea why they listed the entire domain VS the full hostname the source was coming from I.e. instead of listing serverX.validns.com they listed validns.com. Fast forward, I cleaned up the phishing and submitted a removal request to SURBL mutli and the domain was delisted over 2 days ago and shows good status in their lookup. Ever since Yahoo seems to have not dropped the listing or whatever they are using internally that is causing them to reject all messages from any server using this hostname. Is it possible that yahoo.com picked up on the SURBL listing and are blocking our entire hostname based on it? I was hoping if so they'd drop it by now seeing as the listing was removed over 2 days ago, but so far no such luck. Or is it possible that our validns.com could be listed in some other URBL that yahoo could be picking up on? So far I've got it off SURBL multi, checked it on spamhaus DBL and uribl.com and it's not listed on either of those. There may be others I'm not aware of. Right now we have hundreds of servers and thousands of users on them that are unable to mail to yahoo.com and it's causing a huge support mess. It almost seems impossible to get hold of anyone that can actually help with the problem at yahoo, I've send emails and forms, everything I can find but no response back yet. If whatever block yahoo has on our hostname continues I don't know what else to do if I can't get a hold of them short of changing the hostnames (which would be a huge disaster) or trying to find a way to configure exim to route mail destined to yahoo.com through another mail server (I'd have to setup one on a different hostname and allow relaying through it) then configure all the servers to relay yahoo through it. I'm sure it'd work but it's also quite a bit of work as well. Has anyone ever dealt with a problem like this? I've been in hosting since '96 and I can't recall a case where I've ever seen a main hostname get listed like this while the source of the problem was on a sub-domain. Thanks! James
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
