Slashdot Mirror
Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?
New submitter hawkbug writes For the past 15 years, I have hosted my own email server at home and it's been pretty painless. I had always used a local Denver ISP on a single static IP. Approximately two years ago, I switched to a faster connection, which now is hosted on Comcast. They provide me 5 static IPs and much faster speeds. It's a business connection with no ports blocked, etc. It has been mostly fine these last two years, with the occasional outage due to typical Comcast issues. About two weeks ago, I came across a serious issue. The following email services started rejecting all email from my server: Hotmail, Yahoo, and Gmail. I checked, and my IP is not on any real time blacklists for spammers, and I don't have any security issues. My mail server is not set as an open relay, and I use SPF records and pass all SPF tests. It appears that all three of those major email services started rejecting email from me based on a single condition: Comcast. I can understand the desire to limit spam — but here is the big problem: I have no way to combat this. With Gmail, I can instruct users to flag my emails as "not spam" because the emails actually go through, but simply end up in the spam folder. Yahoo and Hotmail on the other hand, just flat out reject the traffic at lower level. They send rejection notices back to my server that contain "tips" on how to make sure I'm not an open relay, causing spam, etc. Since I am not doing any of those things, I would expect some sort of option to have my IP whitelisted or verified. However, I can not find a single option to do so. The part that bugs me is that this happened two weeks ago with multiple major email services. Obviously, they are getting anti-spam policies from a central location of some kind. I don't know where. If I did, I could possibly go after the source and try to get my IP whitelisted. When I ask my other tech friends what they would do, they simply suggest changing ISPs. Nobody likes Comcast, but I don't have a choice here. I'm two years into a three-year contract. So, moving is not an option. Is there anything I can do to remedy this situation?
It's a business account, you should have a business support line.
It doesn't mean much now, it's built for the future.
I'm not hosted by them either. They reject silently all emails from my qmail based servers and don't even tell me WHY they've been rejected either.
UPS Sucks
I gave up trying to do this on Comcast and now host my email at Zoho. It's free for the few accounts I need. I now it may not work for everyone, but I got weary fighting those battles.
get a cheap Linux VPS to run as a smart host
I hate to say it but your best bet it just to proxy over an encrypted channel to a machine inside a friendly hosting environment.
Go buy a VPS that allows sending outbound mail (check up front) and then configure your server to route through the VPS first.
Tada: you are no longer appearing to come from Comcast, yet you still have the contract and everything set up.
call Comcast, it sounds like it's a "their problem" problem.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
When the entire RoadRunner residential IP spaces were blocked, I just got a virtual server (now a Linode) and simply run that as my MX. Helps on inbound mail as well for any times my home connection goes down.. it'll queue up there. I use trusted certs for relaying from home and send mail via authenticated SMTP (TLS required) for mobile devices, via the same virtual host avoiding issues with connectivity to home (which was rare, but now I don't have to worry). I also have the connections between the VM and home box use a port other than 25 to avoid any blocking of port 25 by my ISP (which, for San Diego at least, hasn't happened in years).
It comes down to $20 a month for the size of vm I got (I also started using it for a few other things too). I also do my greylisting and other anti-spam measure there before it even tries to deliver to my server at home.
- My favorite error message: xscreensaver, running on an old Sparc 5 w/ 8bit color: bsod: Couldn't allocate color Blue
Obviously if this continues it will hurt their commercial sales.
Sounds like a little Corporate to Corporate (yahoo, hotmail) needs to be involved.
Talk to Bennet Hasselton. He's fought the same issue.
I'm guessing that even though you have static IPs Comcast has tagged the /24 (or higher) as DHCP. Most providers are now blocking consumer/business DHCP IP classes.
It's better to burn out than to fade away
Doctor: Then don't do that.
Get another connection dedicated to email in/out and keep your comcast for surfing and downloading stuff.
All the "Virtual Private Server" VPS suggestions seem to be AC so may not make the viewing cut. I'd recommend taking a look at:
http://lowendbox.com/
should be able to find something cost effective that will resolve your issue.
I'd buy a cheap virtual private server, set up a vpn tunnel (openvpn or similar) and forward traffic (I guess NAT + port forwarding) between your VPS and your home email server. Then mail would appear to come from the VPS provider.
Sounds like you might be blocked on port 25 by Comcast. They do this to people who send out a lot of mail. When I worked there, fix was to tell user to switch to port 587 (or other secure outbound email port) and setup authentication/etc.
-On Your Mom Like White On Rice
Set Comcast's mail server as your outgoing smart relay in your MTA's config. The other mail systems will accept your mail if it comes through Comcast's server.
You seem like a do it yourself kind of person so I'm not sure you'll like this advice. It is good advice though so I'll give it anyway and hope for the best.
Stop trying to host everything yourself. Unless you are a defense contractor or otherwise dealing with extremely sensitive data there is no reason in the year 2014 to run your own mail server. I get that you want to. Just stop.
Google is a great provider, has competitive pricing, and great reliability. Their competitors are worth looking at as well.
Use Mandrill as a mail relay.
Have had the exact same issue for months now... In my case, Gmail and Microsoft services (hotmail and the office 365 hosted exchange services of some of my clients) both put the mail in spam ... I contacted MS (afaik. they have 2 different anti-spam teams and ways to report false positives), got a reply that it's been taken care of, but still my mails end up in spam. Had one of my clients report me as false positive. No effect.
Have SPF, use encryption and am not an open relay.
I really don't know what else to do.
My mail server is set to reject anything without a FQDN (a fully qualified domain name). Do you have one of those?
You've set up SPF, but have you set up DKIM? If not, do so. DMARC too while you're at it.
stop using comcast and get google apps for business.
I got mine setup through what is now Google Apps for Business while the bottom tier was still free. Their current cheapest pricing isn't bad if you don't have a lot of email addresses for what you're getting.
I fought this battle for years. Eventually I wouldn't even get reject messages - the servers would accept the incoming email and then just silently drop it. Looking back I wonder now how many business opportunities I missed, friends I lost, job interviews I didn't get, dates I didn't get, etc.
Drink the cool-aid and use Gmail/Yahoo/whatever. Or Facebook. Most people don't even read their email anymore.
You will need to get a business-class connection with reverse DNS and all that before you can expect to not be banned by consumer IP address ranges. Unfortunately, typical consumer-level internet service does not provide what you need. I am in the same boat, but realized the problem several years ago and gave up on running my own SMTP server.
I see no mention of your reverse DNS record, matching the name your host gives during the SMTP greeting. That alone will cause GMail to block you.
We turned on Reverse DNS checking and ran into a HUGE stack of domains on Comcast Business who had missing pointer records.
Check your static IP address for both forward and reverse DNS.
Hard to belive nobody posted this yet.
For many years Comcast has been declaring that other ISPs are sources of spam and blocked all traffic from them. This goes on for a few days or weeks, until the ISP can get Comcast to correct things. Maybe the other ISPs just got tired of this and decided to fight fire with fire.
Get another email account externally, and configure your email server to send all your outgoing email via that account (using POP3/SMTP authentication). Comcast might already provide an email account/server you can use like that...
Cheap VPS.. host your mail there
Try having your mail server send all mail to the comcast mail server for delivery instead of trying to send it directly. That's what you usually have to do if they block the port, may try it without the block anyway.
Trusting software vendors is no smarter than trus
This happened to me with a static IP for my VPS. It had been blocked for producing spam in it's past life. It's worth a shot to contact the ISPs and ask them to unblock you. If you let them know you've purchased the IP addresses recently they may be willing to unblock them now.
I too am a Comcast victim, business class, and I have a mail server on their static IPs. This has been the case for years and while I have seen occasional blocking during inter-company spats, nothing blaket like you are seeing. It could just be the range you are on or it could be something else. What I am trying to say is that it is not those big three blanket blocking Comcast IPs.
I would see if Comcast can give you another set of statics in another range. That may help.
-Charlie
I moved from Comcast to FIOS because of this. Fortunately, I live in the small fraction of the country with two high-speed Internet service providers.
In the interim, you need an SMTP relay. You can set one up on a commercial virtual machine host, contract for one from the many providers out there, or just use Amazon Simple Email Service (aws.amazon.com/ses/). Your server can make a secure, authenticated connection to the relay and pump your mail out. The relay does the same thing, only without the stigma of a Comcast IP.
Viva net neutrality, where providers like GMail can't persecrte traffic just because of the source! Oops, not this Internet.
Stop trying to "fix" comcast. You can't. Find a provider that will act as a relay, which may even be Comcast. Then setup your mail server to relay the mail through that provider.
You can fix this problem in less than half a day.
Check here:
http://www.spamhaus.org/pbl/
I've operated my own mail server on a VPS for years. Rackspace voluntarily lists their IP spaces to prevent spammers from just buying a vps for a few hrs, sending out spam and then trashing it. Occasionally I need to remove my IP from the blacklist.
Why aren't you encrypting your e-mail?
I have had the same problem, and this is regardless of providers. Lists of dynamic IP ranges (be it cable, DSL, or other providers) wind up on DUL (dial-up lists), and those are often part of blackhole lists. Since most botnet clients are from DUL-based IPs, E-mail providers just block those as a matter of course.
What I did was have my private E-mail server use the SMTP server of my ISP for relaying. Problem fixed. However, if you don't have a SMTP server available that allows for different domains, there are commercial services which can relay your outgoing E-mail, which provides "legitimacy" to your messages.
The exception were direct Exchange connectors. Those were established from Exchange server to Exchange server, so mail would go directly via a secure pipe, and not be relayed.
Spamhaus' RBL has a permanent block on Comcast's residential prefixes. You can't petition them to change it, so you're always going to be blocked. Sorry. Aside from that, Comcast blocks outbound SMTP, for spam reasons. It is absolutely possible to get Comcast to unblock your traffic -- I know, because I've done it. (I have the phone number and name of the guy I talked to taped to my modem... but that's not with me, at the moment. Sorry.) If you do get them to unblock the traffic (they'll ask you why you need to, etc. It's a very personal process.), it'll be good until you reboot your modem. If that happens (let's hope the power never goes out), you'll have to call back and have them unblock it. So, yeah: you can absolutely get Comcast to unblock it. The problem comes down to getting other mail servers to accept the email as NOT spam (thanks Spamhaus!).
I did the same thing described by the OP for many years. Suffered through hardware failures and soradic ISP service interruptions that caused me MANY hours of unnecessary work and lost productivity. I also shouldered the expense of electricity, noise, and replacing hard drives.
Then the price of virtual private servers became so cheap, I couldn't rationally keep hosting stuff out of my house.
Check my sig. Five bucks a month for a 512mb linux server with 150gb of storage and 2TB of bandwidth a month. You're root on your own box and don't have to deal with all the crap mentioned above.
$5 / month hosted VPS on linux = awesome!
I would get a VPS somewhere (e.g. linode) and install OpenVPN on it. Then VPN between there and your local machine, set up your incoming and outgoing connections to route through there, and update your DNS to point to the VPS. Net effect: you're still on Comcast, but the world sees you as being in some datacenter.
"Believe me!" -- Donald Trump
"When I ask my other tech friends what they would do, they simply suggest changing ISPs. Nobody likes Comcast, but I don't have a choice here. I'm two years into a three-year contract. So, moving is not an option"
Moving is always an option. But you have to eat the cost of one year of Comcast. Sorry, but that's your solution.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Ask Comcast to put in a PTR record on the static IP address that resolves to the same name as your mail server.
http://ipremoval.sms.symantec.... Turns out there is something in addition to the standard lists I was familiar with, these 'nice guys' of brightmail acquired by symantec) are used by hotmail. If you email hotmail, they will send it to symantec on your behalf thats it, they will email you canned answers telling you to do the same things over and over again, they never bother to read the history of the ticket etc as for contacting symantec, not even a canned answer may be you will get a better answer if thats the source of your problems
and forget your issues. They are hands down the best email host I can name. I'm not affiliated with them, just a happy user for over a decade. These guys take email hosting really seriously and give you so many options and tools.
I know it isn't the answer you're looking for, but i would suggest to move the mail server to Linode or similar.
I have have been through a similar story, trying to avoid being blocked as spam. If you fix this problem, new ones will appear again and again. It just isn't worth the fight IMO.
Moving to the cloud won't solve all your problems, but it will be easier.
In 2000 I used to do what you're doing... I ran a static IP block on my home ADSL line which was only under 1Mbps. Ever since Google Apps, I switched and have been happy since.
I imagine working with the listed providers is almost zero results because you wouldn't know where to begin and even if you got to speak to their right person, it would still change nothing.
If the blocks occur all at the same time, I do agree that your IP was obtained from the same source... if you can find that source... you can reason with them... working with the big corps won't be a good idea.
I'm in the same boat and I've found that just sending all of my domain's email through Comcast's servers works well enough. I hate doing this on principle, but it has saved me so much hassle that it's not worth fighting.
Depending on your MTA, the configuration will be different, but the arrangement is generally referred to a using a Smart Host. Basically, your MTA directly connects to the ISP's SMTP server and sends the mail from there. Comcast requires authentication to use their servers, but they don't do anything funky to the mail they pass on. All of the headers remain intact except for the DKIM-Signature, which is replaced(?) when Comcast signs the message. I've never had a bounced message that I rerouted through their servers and they support TLS and IPv6, so it's not the worst setup.
I'm sure that if you share your MTA details, someone can help you with the configuration.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Trust me, this only happens when you actually are sending out spam. I would strongly suggest that you checked your server for malicious files on it (maybe if you are hosting a joomla/drupal/wordpress site on it, it might be hacked already and using the server to send out spam). Also, keep in mind that if you send out spam, it will still have valid SPF records, so, SPF doesn't help you enough at this. So check your access_log for POST requests, check your maillog for outgoing emails, and/or block outgoing connections to port 25 unless the uid is root or the mail account so that hacked files running as different users, can't bypass the local mta. Also try to register with some feedback loops (hotmail and yahoo have their own, google does not believe in feedback loops :P) so that you can see the emails reported as spam that were sent out from your mailserver.
Also keep in mind that yahoo wants your emails to be signed with DKIM.
I am probably going to repeat things that you already know, but lets start at the basics.
1. Do you have a PTR/reverse DNS record set up? This has to be done by your ISP, and is not something that you generally do on your own. You generally want it to match the host name for your mail server, but it doesn't have to be a match (but it does look better). Be sure to have an A record for that hostname as well.
2. Are your MX records pointing to hostnames and not an IP address? Again, you probably are, but we are covering basics here.
3. Have you checked to see if you are on any blacklists? mxtoolbox.com and dnsstuff.com have some very good tools for checking these things. If you are on one, they often have pretty good instructions on how/why you are listed and what you need to do to get off of it.
FYI backscatterererererererererer is generally a pain to deal with, good luck if you have to deal with them, you will need it.
4. Are you(or any other users) forwarding any email to external mail services? We (unfortunately) have several of our clients who are forwarding email from their custom domain name to a yahoo/hotmail/aol (yes, it still exists) email account. The problem with this, is that when they get spam (that they signed up for, like newsletters and bargain alerts), and they forwards to their external account, it looks like our mail server is the one sending the spam, so we get the black mark.
5. This is the tough one.. are you absolutely sure you are not sending spam? You may need to go so far as to slap a sniffer on your network and see if you are sending out any other email. You may be infected with a virus, or you have an account with compromised credentials that are sending out email.
6. Are you running SSL/TLS (even though SSL 3 and TLS 1.0 are now dead) with a real (non self signed SSL cert) on your server? SSL certs can be gotten very cheap, $10 year, or possibly even cheaper. They are a minor pain to set up as they need intermediary certs set up, but helps to define that you are a legitimate email sender, rather than a PC with a virus.
You may be all of these steps, especially if you have been running your own mail sever for 15 years, but I posted these suggestions in the hopes that it may jar something loose.
Good Luck
When your server is running on a comcast owned ip block, and the block is used to assign dynamic ips, then your IP is -to everybody else in the internet- dynamic. Even if comcast is giving those dynamic ips statically to you.
Those 3 big name companies and almost every sysadmin who is tired of spam has been blocking dynamic ip ranges for years.
You don't need slashdot for this, you can figure out the problem and the solution just searching google in 5 minutes: rent a dedicated server
Your IP is likely listed on a Blacklist. My company firewall checks a half-dozen or so blacklists and automatically compares them to all incoming email. You need to find out which blacklist is listing your server public IP and contact the blacklist service directly. They can, after some verification process, remove you from the list. I just had this problem with emails coming from a vendor...turns out their IP(s) were blacklisted by one of my blacklist providers. It was mistaken, but it happened nonetheless. My vendor had to get themselves unlisted. I also removed that blacklist provider from my settings.
The correct answer is 42.
I used gmail as my smarthost when I had Verizon FiOS
Something like:
https://alimanfoo.wordpress.co...
(generate a dedicated gmail password for this instead of using your "main" one)
Spin up a cloud server and configure your Postfix/Exchange to route outgoing mail through that instead. Worked for me when ProofPoint decided to block my server for 3 weeks then shrugged when I asked them for an explicit whitelist. Fascist fucks.
My Domain Registrar provides SMTP relaying (TLS & authentication required), so I can configure my MTA to use that as its "smarthost" to get around this particular problem.
----
Not to be confused with Col.
Verify that your mail server DKIM signs your message. More than likely they are being blocked due to that.
Checkout https://support.google.com/a/answer/174124?hl=en
https://support.google.com/a/answer/174124?hl=en
Anti-spammers finished it off. Find a "smart host", i.e. a relay operated by a reputable source. Email is a managed service now.
He's having problems with 3 services.
1. GMAIL - messages accepted but marked as spam.
2. YAHOO - messages rejected (what do the logs say?)
3. HOTMAIL - messages rejected (what do the logs say?)
So the first step is to look at the logs and see if the rejection message has any information in it. Do the rejection messages at YAHOO and HOTMAIL have the same code?
The next step is to check with a service like http://www.dnsgoodies.com/ to make sure that Comcast has configured their side correctly. The reverse DNS should point to your domain. You DO have a domain, right?
The more information you have before you contact Comcast, the better. Because the first 2 levels won't know anything about anything. They will be reading off of a script.
You have the option of using a smart host. You can read a brief description here: http://en.wikipedia.org/wiki/S... Some have a free tier, some don't. I've usually use a smarthost by default so that my smtp server's IP address is not directly associated with the message by default and instead I can opt to bypass the smarthost if the smarthost gets blocked for any reason. Here is one that I found but have never used: http://www.socketlabs.com/sign...
By rejecting email from private email servers, they are in fact interfering with the way SMTP and Internet mail is set up. Email should be delivered non-discriminately, but by Gmail and Hotmail blocking stuff, they are actually trying to force people who use third party services to use their services to send and receive mail. "Either switch, or have your mail go undelivered."
The SMTP specification was not set up to allow companies to monopolize off the traffic but that's how it's being done today.
Also, I myself host my own mail server. I host it in a VPS, a server in Seattle, WA, w/ static IPs. The server is set up w/ proper SPF records. Most mail goes through, but I do get a lot of rejections by a large amount of providers who automatically flag it as "SPAM" or it's blocked by "Content filtering". AOL seems to block most of my messages exclusively. As does many super aggressive spam filtering set ups..
Gmail puts it right in the inbox half the time, Yahoo sent it to spam box the first receipt, then sent it to inbox after I flagged one message as not spam.
Overall the system is borked. By that, I mean there is no way to guarantee any message is not marked as spam, and the filters seem to be arbitrary and mark many non-spam messages as spam OFF and ON regardless of where the message is sent from.
On my Gmail and Yahoo! account I notice this the most. It's also why I think all anti-spam measures are broken, because it's easy to get bounced messages and messages sent to SPAM folder ..
What I do know is that there is no solution other than to get these providers of anti-spam services and these large email providers to fix their stupid services, perhaps implementing a system that only flags actual SPAM messages as SPAM and is set to never bounce or reject any message at all.
http://www.obamasweapon.com/
On Comcast residential service. My outgoing emails were also rejected by other mail servers. The easiest solution is to use Comcast email servers as a SmartHost and relay your outgoing emails through them.
You should also adjust your SPF record to show that you are relaying through the Comcast server.
Example DNS SPF
example.com. IN TXT "v=spf1 mx a:smtp.comcast.net"
Many mail servers will blacklist your emails based upon your IP address as being in the Comcast IP range. They expect email coming from any IP that is not an actual Comcast email server IP as being spam.
Try using an upstream smtp smarthost that will relay the outbound mail for you.
Either set one up on a cloud platform outside of Comcast (make sure the relay is secured to only your mail server's IP!!!) or pay someone like Dyn.com to use theirs (they call it Email Delivery Express).
Use a smarthost......Comcast's smtp server or purchase the service from elsewhere (it's not that expensive).
I have been through this before many times for many clients. A lot of servers out there either flat out block IP addresses that belong to consumer accesisible ISP (Comcast, TimeWarmer, Bell, Telus, etc)....or flag as spam all emails coming from those addresses pools....
Even if you manage to solve this one, it will not be long before you run into similar issues. At least when you use a smarthost, it becomes their problem.
I recently went through this on our Comcast business to Verizon e-mail servers. I really wish I could tell you it was easy but I fought Comcast for 2 weeks with ridiculous support to finally get it resolved. You just have to keep pushing the issue with support because they will not believe that they are getting blocked. It was frustrating and they all pretty much tell you to call the other company. I just dug through my e-mails and these were on the chain involving the engineering team that was helping. God speed!
help4u@verizonbusiness.com
inengineering@core.verizon.com
Laura_Jorgenson@cable.comcast.com
domain.com. IN TXT "v=spf1 +a +mx +ip4:x.x.x.x +ipv6:x:x::x:x/128 -all"
mailer.domain.com. IN TXT "v=spf1 ip4:x.x.x.x a:mailer.domain.com ipv6:x:x::x:x/128 -all"
Being a spelling & grammar Nazi is a sign you do not poses the intelligence to contribute to the conversation
I really think you shouldn't have to use one of these, but it would solve your problem: Sendgrid, Mandril, or Amazon SES.
Use IPv6 from tunnelBroker.net, that will get you in most places.
SPF records are not sufficient anymore. More spammers use them than legitimate sites. As others have suggested, check your PTR record. Since Comcast owns that, they may not have set it up for you, and sign all of your messages with DKIM. It works amazingly well for helping you bypass blockages. I know your pain, and I wish you the best of luck in beating poorly engineered antispam systems.
OK, I had a very similar setup with AT&T ADSL some years ago, and basically I had the same problem, most other SMTP hosts were bouncing my emails and/or flat refusing to even communicate with my server.
In my case, the solution was to relay all my email through my internet provider's SMTP, authenticating with my ADSL login. Once I handed off all my email to the upstream SMTP, things worked perfectly.
Most customer assigned IP's are pretty much blocked out from relaying any email these days. If I were in your position, I'd try to setup to relay to your upstream SMTP so you can relay mail effectively. Having your own SMTP talk to everyone else's SMTP for outbound just doesn't really work very well anymore. Contact Comcast and find out the details on setting up to relay to their SMTP.
echo $TITLE
like SES
Have you checked to see if you are sending unintended backscatter? You can get blacklisted by many hosts very fast if you are sending non-delivery reports (NDRs). In this day and age, you need to either reject the email while the connection is active (eg, user not found) or silently drop mail (eg spam that is filtered after the connection is ended). If you send NDRs after the email is acknowledged as received and ok, you are contributing to a significant backscatter problem.
Bingo. He's on the Spamhaus PBL. His IP range was either added recently or he was given a new IP. Either way this sounds to be a case of being mixed in with the residential customers, who should not be connecting to remote MXes directly.
The PBL it the king of lists for this kind of thing. If he is on it and can get off, he should be fine in a few days.
Make this Comcast's problem, as if things are as you describe, it obviously is. DEMAND (politely, through your business support channels) that they resolve it, and demand a resolution deadline. If they do not meet it, terminate (or threaten to) the service.
In the mean time, I suggest you investigate VPN services which support static IPs on their end. Use comcast as your last mile connection if you must, but poke out on the Internet somewhere more friendly. If you have to do this, reduce your IPs from comcast to one, make it dynamic, citing their failure to provide the service contracted. Your VPN provider should handle the rest, and your comcast bill should go down.
Hope this helps.....
Red
Hello,
I am in a data center and I had email rejected by hotmail for no reasons (not on any rbl blacklist etc.). I solved it by masquerading outgoing mail for hotmail on another IP on a different subnet I own on my datacenter connection. I would try this first. You can also try to contact hotmail so they whitelist your IPs.
If your 5 IPs are on the same subnet and blacklisted by hotmail, I don't see any other solutions than routing your mail through an intermediate mail server. Have you tried relaying it through comcast MX? I can't imagine hotmail rejecting emails from all comcast subscribers.
Also, you probably have somebody sending spam on the same subnet as yours and hotmail seem to like to block /24 subnets. They should eventually unblock you if your subnet stop sending spam.
Everything I write is lies, read between the lines.
I subscribe to a service called Dyn Standard SMTP. My home email machine uses this as its smarthost, and all outgoing mail passes through Dyn's server before going out to the internet at large. Problem solved.
I'm sure other hosting companies will offer a similar service.
Before you say such things, you might want to look up the legal morass surrounging mail servers under your direct control and those not. Start with Megaupload and then follow links to the less public ones. There are DAMN good reason to keep your mail server on premises be it home or business, if you don't understand why you might want to educate yourself before giving advice.
-Charlie
If your connection comes from anyone remotely connected to plain old end-user internet service don't even bother trying to send SMTP mail from any IP they provide.
They will all be blacklisted in RBLS (And for good reason) You will never be able to get service reliable enough. Save yourself some pain and get a smarthost service or setup a secured SMTP relay on a VPS or something.
The issues you will encounter:
1. The IP pools will be default blacklisted in all of the RBLS by virtue of being connected to a provider that provides generic internet service to consumers. Getting them un-listed is an exercise in futility. You won't get un-listing in all of them, and you'll probably end up back in the pools when those services update their records.
2. Most Cable/DSL providers cannot or will not provide you with the ability to set proper reverse DNS records for your IPs. They won't delegate you authority and getting them to make entries for you is always a clusterfuck. Not having proper rDNS will get your IPs blacklisted in RBLs
3. The Cable/DSL providers don't care that you can't run a proper email server. They won't help you, or they'll be clueless as to how to help you.
Today we just use a hosted Exchange service. I don't miss running email servers at all. Spam filtering, managing exchange servers, dealing with reputation services and fucking with rDNS is someone else's problem now. Not saying that's the right choice for everyone, but in our case it was cheaper to pay someone else to deal with it.
As much as I hate Comcast, the issue is on the receiving side - Hotmail, Yahoo, and Gmail are flagging you as spam.
You have to contact Hotmail, Yahoo, and Gmail and ask nicely to be taken off their spam list. Good luck with their automated systems and low-paid overseas staff.
My company currently has an issue with hotmail in that they nearly always flag our email as spam, even replying to a customer inquiry.
We can't find anyone to talk to at hotmail, and their automated systems to request whitelisting don't work.
It has reached the point that if a customer calls, we ask them please don't use hotmail.
At the company I work at, I run several large high volume mass mailing servers that send million of messages a month (50 million last month). Here is what I recommend you do:
1) Get forward and reverse DNS setup and most importantly, the forward and reverse DNS information must match.
2) Set up and use DKIM for all outbound traffic.
3) Have the SPF information in your DNS records. Don't put your block of IP's in SPF record, just the one IP that you use for sending email. Make sure there is a "-all" in the records so that it makes it clear that all other email claiming to be you is discarded by other server.
4) You will need to setup Feed Back Loops and proper SWIP (If possible) contact information. You will need to go to the big 10 ISP's and submit the FBL information to them and get put on their White Lists. Don't lie to them, just tell them your personal email server that is having issues sending mail to them and you want to get on their White List. FBL's are usually for people who send high volumes of mail, include Newsletters and some "spammy" mail, but I find it helps regular mail servers if you set up FBL information.
Linux O Muerte!
I know Yahoo and Bing use the same data for search. Stands to reason they'd share technical data and policies for other services too.
A VPS that will relay mail just for you should do it already.
I had a similar issue years ago with email from my domain to craigslist being blocked.
The problem turned out to be the Reverse DNS (PTR record) for the IP address.
Call Comcast and ask them to change the PTR record for your mail server's IP to "mail.yourdomain.com" (or whatever you actually use). Having the A record and PTR record be perfect matches of each other will likely solve your problem.
A good read from the folks at mailchimp: http://mailchimp.com/resources... There are a couple sections that might be of use.
Had the same problem until I started signing my email with DKIM. Suddenly google and friends were accepting it without problems.
I am not on comcast, so it may not help you.
Get a new additional ISP connection just for email, or host somewhere.
You might be able to make the argument that Comcast is in breach of their service agreement with you. Firstly, and as painful as it will probably be, try to resolve the issue with their technical support. If you get sent into an endless loop without any kind of resolution, you might get out of your contract by simply making the argument that Comcast is failing to provide services as advertised.
Your kinda screwed. A lot of the big providers (and small) use blocklists garnered from a bunch of companies who may or may not be responsive - and more often than not simply dont care about the small guy... amongst those companies ive had the most grief with SORBS for my various clients. Some lists you can get off of, others are essentially impossible... amongst which are the "Dynamic IP" and "home user" lists.
When people set up which block lists to use, there are a couple that are not for specific offenders, but are instead simply full lists of all the known IPs in an ISP's block - such as all DSL / cable modem users. the thought being that you can block all email originating from peoples home connections, etc... which is under the presumption that legitimate emails will never come from cheap consumer grade connections which to be fair are largely spam. Problem is there are tons of small businesses with essentially "home" connections... even under business accounts they get lumped into the same IP ranges.
The real issue is that in the last few years - particularly since gmail came about... email itself has begun to concentrate in only a few major providers hands... namely intermedia, office365 and gmail. As less and less small/medium sized businesses have their own mail servers the big boys have less concern for keeping things more flexibly acceptable - very few outfits have their own exchange servers anymore, i dropped my last internally maintained client mail server a few years ago, even bigger companies dont want to run exchange in house anymore - its just not worth it in most situations that dont have regulatory or legal requirements. The less companies that run their own mail servers the greater the liklihood that legitimate mail will only come from the major providers (and the less likely wholesale blocking of IP's is going to cause the sales team to freak out when their clients arent getting emails - which is honestly the only way ive ever seen IT departments actually lower their filter strength - usually after being yelled at by the sales execs).
In order to deal with this problem we have found the best lasting solution is to use a store and forward relay service such as spamstopshere or setup your own via a micro instance in amazon. Postifx and Mailenable (windows) are two great programs that do the trick quite well. By setting up your own instance with a public IP which is more "trsuted" (comming from a major source of servers which have other large mail hosts running in the same IP block) you avoid all sorts of problems... you will have to do the normal MX, SPF and rDNS things as well for full compliance.
In general this is better anyways, as you probably also want an inbound store and forward for those outages you memntioned (no lost emails!), and youll get the probably unneeded benefit of masking your real world address (one of my clients got a detailed direct bomb threat from a guy who found their address using an IP lookup - their address was otherwise unlisted).
a micro instance on amazon is VERY cheap, and can be used for other things - like a simple website, a connection monitor etc..
good luck
--Idiots, Every single one of YOU, A flaming mass of conglomerated morons, hey wait a second, isnt that how RAID works?
Hi there, I think you need my assistance in setting up a PTR. I work for Comcast's corporate customer service team. Could you please email me at Cassie_Hart@comcast.com so that we can assist? Thanks, Comcast Cassie
I had pretty much the same issue, only a different provider (TWC). I wound up just getting a $20/month Linode virtual server, and haven't had any issues since, and I don't have to host any physical hardware at my house.
640YB ought to be enough for anybody.
1. Check out Cloudmark (https://csi.cloudmark.com/en/reset/) - see if you are on their list.
2. Make sure that your website (yes, website) has not been hacked. If someone is sending out spam that contains a link to your website, then services may mark you as spam. I had a customer who's wordpress install was hacked, and the 404 page was set up as a redirect to a shady pharmacy site. Once the problem was identified and corrected, the blacklist problems went away.
Lets start refering to The War Against Terror by it's initials. . .
If you don't care to 'win' the fight w/ comcast, then go get a budget ($1/month) VPS running CentOS like from somewhere cheap like Crissic or Ramnode and use it to route your outbound email. It'll cost you less in actual dollars than your time investment in fighting comcast to date at minimum wage or that you'll spend reading the comments on this 'ask me anything' I figure :)
Just an option!
Yep. Anyone who is not saying the word "relay" shouldn't be giving advice. Anyone who says "VPS" is a fucking moron.
I didn't read all of the comments, there were far too many and my time is worth too much to spend all day reading all of the asshole comments. Here is what you should do: Go download Scrollout F1. Set it up on a $10 Linode, set your email server to relay all outbound email through it, and alternatively, set the Scrollout F1 as your MX record and tell it to forward all incoming email to your existing email server on what ever port you can get access to. Setup DMARC and SPF records on the Scrollout F1. Be happy!
...is trying to crowdsource a solution here on slashdot so he can get up and running again. Keep on selling the herbal viagra, it's God's Work you're doing.
You do realize the guy is sending out unencrypted email over comcast's pipes in plain text. If privacy was his priority in choosing a home hosting solution, then you might want to awake the OP from his delusion of security by telling him he'll never see the court order that enables reading of all his inbound and outbound email messages.
$5 / month hosted VPS on linux = awesome!
I did this a long time ago but gave up MANY years ago when I set up google docs/mail for my domain. I forget t he details, but I believe you can receive email to your MX and send it through comcast mail servers as a smart host of something. you'd be able to connect to them being on comcasts network; meanwhile they'll off and send your mail to world+dog and should be allowed since I highly doubt gmail, etc. are block email from Comcast mail servers themselves; probably just the masses of addresses reserved for clients. It might circumvent most of your problems while allowing you to still host your own mail. Good luck.
Your PTR record probably doesn't match your MX record, you dumb little faggot.
Without seeing detailed headers it's hard to say for sure but this sounds more like an authentication failure. Are you falling afoul of their SPF, DKIM or DMARC authentication requirements by not using the Comcast smarthost for deployment?
That would far more likely explain the widespread blocking rather than it just being "because I'm using Comcast".
First I'd like to say, I'm bookmarking this set of responses. There's a lot of excellent information here. One of the most informative discussions on Slashdot in recent memory.
I suspect that there is so much animosity against Comcast that you may not ever get this resolved. The advice to "get another ISP" is indicated, but there may not be another viable solution in your neighborhood. (Which is what we as a country should *really* be addressing before we even talk about net neutrality.)
If you have Comcast, you probably have already switched your land line to cable. That's unfortunate, because it makes this solution more difficult to implement: Consider that email is very low traffic (I think you said it was only a few messages a month) and the bandwidth you're getting from Comcast isn't really helping. One solution would be to get a business DSL account with an alternate ISP and use that for email only. This would allow you to scale back Comcast to a consumer account, which might mitigate some of the cost of having two ISPs.
At one time I had Comcast cable modem and a static IP with Speakeasy DSL at the same time. I had to keep my copper wire phone service in order to do this. Comcast gave me high download speeds, Speakeasy gave me a circuit that I could basically do anything with. The DSL speed was what you'd expect for DSL, but that doesn't really matter for email.
Later I dropped Comcast because I got so tired of trying to deal with them, and I'd gouge out my eyeballs rather than go back to them, but that's another story. I went back to DSL only for awhile, and then picked up FIOS when it became available. Running both side by side, I didn't see any limitations to the FIOS circuit so with a tinge of sadness, let the Speakeasy account go. (And before a bunch of anonymous cowards jump on this, yes, I'm aware that some people have had bad experiences with FIOS. I haven't, really. The circuit has been dead nuts reliable. I went through four routers until I got one that worked correctly, but that's not necessarily the ISPs fault, and they were always quick to overnight a replacement when necessary.)
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
But my ISP provides an SMTP relay. I configured postfix to use my ISP relay. This doesn't really impact my mail service or how it's stored or how it may be addressed/migrated in the future, but it gets me past the common blackhole filtering.
SMTP has just not scaled well and the mitigations have impaired the openness of the network somewhat, but SMTP relay facilities are usually available.
XML is like violence. If it doesn't solve the problem, use more.
most of the big emails giants will block email that has a generic host name. even thow you have a domain name the host name will return what every the host name of the box comcast gave you. Have them set up a Reverse DNS entry and moslike problem solved
i setup email servers for clients all the time and its a big problem
Linux modi 2.6.26-2-parisc
I found a while back that GMail started flagging e-mails from my server as spam, even for a business customer who had explicitly white-listed my server in their configuration. Setting up DKIM message signing cured that.
Yahoo on the other hand are complete fuck-wits when it comes to spam detection. I've tried in the past to follow up random spam flagging, and they just give you the runaround. I filled in a complicated form with full details of the erroneous spam flagging, and they responded with a request to send all the same information again to an e-mail address, and then when I did the notification bounced because the e-mail address didn't exist.
The only thing you can do with people who use Yahoo for e-mail is teach them how to look in their spam folders. When they do they'll find lots of other non-spam there too. That's the moment to suggest they move to a proper e-mail provider.
Awesome information. I was looking for that. Thanks for sharing:) http://www.posicionamiento-seo...
Have you tried configuring your server to relay all outgoing mail through Comcast's own server(s)? You can declare it as "smarthost" (in sendmail-speak), or have custom rules (through "mailertable" — sendmail-speak again) for using Comcast's box only for those destinations, which would not talk to you directly... Either way, it may solve your problem and even make life a little easier for your box...
I've never used Comcast myself — they may have some idiots operating their mail-server (RCN and Verizon FiOS both do, why should Comcast be better?). But it may work...
In Soviet Washington the swamp drains you.
Rent a VPS and use it as a mail relay.
Why the fuck use comcast, go get a vps for 20 a year. fucking christ NEXT
Due to the tactics Comcast uses, a lot of sites have taken to completely blocking anything that comes from under the comcast domain (which I do). Your best option is to get off of comcast (which you shouldn't have joined in the first place). Other than that, I suggest you setup asome kind of VPN to a forwarding site under a different domain.
Stay away from
Comcast and GoDaddy
First off, it's ridiculou to run your own Email server today. If you really insist, do it in a data center with a VPS and your own domain with proper DNS records including PTR.
Beyond that, it's common for big, low-cost/free email hosts to reject mail coming from dynamic IP pools used for consumer accounts. It has nothing to do with Comcast per se - they will block Comcast, Cox, ATT, whatever. It's an easy way to block a lot of undesirable sources at low cost. It saves them the support cost of dealing with complaints by reducing their spam volume significantly.
You are not going to get your IP unblocked. You will just waste your time trying to get dozens or hundreds of email hosts to unblock you. Maybe a few of them might.
If you look at your Comcast agreement you will almost certainly find that - like most consumer broadband - your intended use violates the TOS. This is not why your mail is being blocked, though. It's because others realize that there's no good reason to run a mail server in your home, and plenty of bad ones.
Wake up and realize it's not 1995.
Good luck!
He is obviously a spammer. Stop helping him.
There may be some way to actually clear up the whole situation, and that's probably going to be the best solution. It will probably also be free.
However, failing that, one solution comes to mind which is pretty obvious and very likely to solve your problem. Unfortunately, it's not free, but if you're running a business, it may be of benefit.
The suggestion is: get a smart-host. Essentially, it's a service where you route your email through an email provider first, and then they send it out. You can also set your MX records to direct incoming traffic to the smart-host, which can serve the purpose of a backup MX record (in case your server goes offline). Also, they'll often do spam filtering on their end, which means a lot of spam (and the associated traffic) never gets to your network. Sometimes they'll even offer email archiving, if you're interested in that.
Of course, if you're going to go with a smart host, it raises the question: does it make more sense to just go with a fully hosted solution? Office 365 and Google Apps are both pretty compelling solutions. I assume you're not interested in that, though, since you seem to want to keep your email onsite.
This is a problem without a permanent solution, and ultimately why I stopped hosting my own outgoing SMTP. Tracking down these types of issues is a huge time sink, and better left to people getting paid to do it IMO. That said, you could try routing all outgoing messages through Comcast's mail server if they allow it. It's business service, they may provide this functionality.
Browsing through all the comments I didn't see anything about setting up a VPN. You can always setup a static IP VPN and have the web server / email server hosting from that IP address. There are tons of VPN hosts that are 1) Free, 2) stable, 3) support full DNS (including IPv6) and 4) have excellent documentation for help setting it up.
I had the same issue and it did take quite a bit of digging to nail down. Comcast Business with 5 static IPs, same setup as yours.
1. Make sure your reverse DNS entries are correctly configured such that the domain of your reverse DNS lookup will match the domain your messages are claiming to be from. dashed-ip.sea.wa.comcast.net will generate spam warnings on many mail servers if your server claims to be mail.joecorp.com. Call Support and they will update it for you on the phone within a couple of minutes. Also make sure you're not in a residential IP block.
2. Make sure you're not actually an open relay or otherwise allowing unauthenticated senders to generate outbound messages. I was using MailEnable, and had it misconfigured such that it wasn't actually doing the authentication I had selected. This got me blacklisted quickly. A few bounce messages had links to the blacklists themselves to submit appeals; they'd dutifully take me off each time but I'd get re-added automatically. It took a few weeks of trial and error to get this one fixed. I know you say you're not...and I thought I wasn't either, having specifically taken steps to disable open relaying. But it turns out I didn't quite get it the first time, and was still relaying messages without authentication.
I'd imagine issue (1) may be a big contributor to your problems, personally.
The don't give a Flying-F*** about your SPF if your DKIM is wrong or if you are using an @yahoo.com email address.
What they care about is that they've updated their DMARC record to reject @yahoo.com emails in the From: address if they aren't sent by yahoo.com servers.
You should have googled this.
https://help.yahoo.com/kb/mail...
You don't have to "use Comcast's mail service" - they just want to use Comcast as a way of providing some accountability as to where the email is coming from - as a way of limiting spam.
Chances are you're in a DUL/dynamic list on SORBS or another service. What you need to do is work your way up past the first level grunt at Comcrap and speak to an actual engineer, and they need to submit updated lists of dynamic vs. static IP lists to the various blacklists and also key email providers (gmail, yahoo, notHotmail, etc.) and other providers (time warner, etc.) so that they acknowledge your block as a static block of IPs.
What happened is some grunt at Comcast probably fat-fingered when updating these lists.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
The main reason peers block Comcast by deafult is the number of vunerable XP machines that get hijacked to send spam. Dropping mail from home users has almost no false positives. Mail if permitted by peers would increase the number of botnet attempts to send bulk spam. The fact the mail is blocked makes compromised Comcast user's machines much less valuable.
Even home configured business accounts on static IP addresses do not have a super good IT department to prevent compromised machines becoming part of a spam botnet, which is a good reason to not accept mail from home IP blocks.
The truth shall set you free!
most likely not whitelist or blacklist issue. most likely has to do with perfect forward security.
So you'd call and they could switch you to an unblocked IP, or initiate deblacklisting on your behalf? I'm literally laughing so hard I gotta wipe my eyes.
THIS IS COMCAST! Go look up their position in the "most hated companies in America" list. They earned that status. I spent over four hours on the phone with them over the weekend persuading them to make a 2-minute fix to their own MPLS network that they caused with an ill-considered routing change.
You lie down with dogs, you'll get up with fleas.
>Nobody likes Comcast, but I don't have a choice here. I'm two years into a three-year contract. So, moving is not an option.
Yes you do have a choice. If it's that important to you, break the contract and pay the ETF.
Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
I had similar issues, though on a machine hosted outside my home network.
The solution was to implement SPF, pointing to the PTR of machine (i.e. what a reverse IP lookup will resolve to), and DKIM.
In your case, doing a PTR will be hard, since dynamic DHCP may change what the PTR is, but the rest does apply.
I wrote the following detailing what I did: Setting up SPF and DKIM on Postfix.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
If you want to win this, either as a technical challenge or a test of wills between you and Comcast (or Goolge/Yahoo/Microsoft), good luck. Maybe you'll resolve things in a satisfying way eventually. If you do, you will definitely feel like a champ, but it's going to take you a lot of time and frustration to get there.
If you simply want your email server working, then you probably ought to consider sidestepping the fight and just solve the problem instead. You could move the server from a machine hosted in your closet to a VM running on a cloud service. Done right, you can probably increase performance and availability while lowering cost (that 24/7/365 electricity isn't free).
Greetings.
I have a Comcast Xfiniti Business line, 5 static IP addresses, etc. It sounds like our mutual set ups are equivalent. I've been running my email servers in my own domains since 1998, through some gone ISP, PacBell/AT&T, and Comcast without issues.
Contact the Comcast business line. Have your actual account ready -- you can get that from the Comcast Business web page for your account. Those numbers changed in the last 12 months to a shorter, simpler format. Request technical support and discuss the issue.
One thing that you MUST do if you want to run your own email: request that Comcast set reverse DNS to point at your servers for the non-authoritative request. A reverse DNS request to your IP address must return the name you use for your primary (and secondary, and so on) MX records. If that's set up, then you've solved 90% of the issues with Gmail and Yahoo!.
As far as Hotmail: they've been rejecting my email unless users white list my address(es) in their individual accounts. This has happened since Microsoft bought them. No way around that, and no appeals; every time I tried to contact them I might as well have sent the emails/requests through a black hole.
Source: 8+ years with Comcast Business, and I moved to a new location (with new IP addresses and new routers) 12 days ago. It took them 10 minutes to set the rDNS and propagate. Within an hour it was resolving fine and any lagging email issues were resolved (36 hours of some undelivered messages).
Google my name "Eugene Ciurana" and ping me through my contact page if you want some assistance with your set up and/or other tips w/dealing with Comcast. I've been a very happy customer with them (they fixed my lines, including physical cable modem replacement due to physical failure, while I was out of the country last January and coordinating with someone who could open the door to them and so on), and in general found that, if you explain what you need and why, their tech guys do work with you to solve issues. The key is understanding that *you* may know more about networking/server set up than their tech guys, so if you aren't specific about what you want they may not grok what you need.
Dear admins: WTF is a lameness filter? What is it filtering? I couldn't offer complete information to this guy because of the Comcast support number and/or IP addresses I listed. With my Karma level and the number of years I've been around, your system ought to be configured to let stuff through w/o issue. Look at my user ID. Thanks.
Cheers!
http://eugeneciurana.com | http://ciurana.eu
You're being blocked because any mail leaving Comcast's IP spaces is expected to come from Comcast's mailservers only.
Configure your mailserver with a "smarthost" option, have it deliver using Authenticated SMTP (with your Comcast account's username and password hardcoded, yes) over SSL on 465, or if you can't do SSL, use 587.
Source: Am currently running Postfix on Comcast successfully delivering to Yahoo Mail with no spamfolder problem via this method. (Am using SPF, no DomainKeys yet.)
More from Comcast on this: http://corporate.comcast.com/c...
o/~ Join us now and share the software
Vint Cerf warned about about this years ago. Basicly if your not a huge providers you were going to get blocked. No one would ever block gmail no matter how much spam they sent.
Not sure but do you have a point of record with Comcast to point to your mail server? You may have been under the limit send wise and hit the cap with a change they made. This would add you as a trusted mail server and off of black lists.
Sex sells; we all know.
However, often you can't simply put it out front because that degrades your message. You need to slip it in. I clicked on the article in the hope of seeing a tit shot. I did, but it really wasn't that good. In any case, I read much of the article for no good reason. I now plan to use this audience-getting technique in my presentations in the future.
(||) Nehmo (||)
Comcast business subscriber here and have what appears to be a very similar config to yours. No problems with mail, checked mxtoolbox anyway and all is green. As many others have said, it's probably something your network did. I've had folks get into mine over the years and cause similar problems for me.
/ip-log/karma.log.11:virus 23.31.69.157 fimble.com NOTQUIT [S=5 - FakeMX NoQuit] X=tarbaby H=mail.fimble.com [23.31.69.157] HELO=[fimble.fimble.com] F=[lollypop@fimble.com] T=[terrydw@mkl.com] S=[Feeling adventurous tonight? Multiple mega hot lasses, free access!]
Hostkarma still had it in the logs.
You sent junk mail; you got blacklisted. Nothing more to see here.
It's an asshole comment.
It little behooves the best of us to comment on the rest of us.
I used to smarthost out thru comcast servers, but Ive discovered that the no-hassle option is to pick up an smtp-outbound contract. It is cheap, easy, you can use it on all your mobile equipment and hassle free. And if you set up SPF records you will not have any more trouble. I use DnsMadeEasy.com
You can apply for bulk sender whitelisting from Yahoo!. http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulkv2.html
Deltron 3030 - Virus (music video)
Can't speak to this particular problem, but having dealt with them not too long ago on an issue of blocked email, I can say that Gmail can very much block you completely prior to the spam folder, and there's no way to contact them or appeal, while Hotmail was very responsive in trying to resolve our blocking issue. Never dealt with Yahoo, though.
See https://en.wikipedia.org/wiki/...
Sign up for an antispam service like edgewave that allows Outbound filtering and use them as an SMTP relay.
Can you give me some way to contact you, so I can see if I can help?
Facing a similar problem a couple of years ago, I discovered that yahoo provides email filters not only for its webmail users, but also for several other companies. They have a procedure for requesting an exemption from their filters. It took a couple of tries, but I eventually got my server accepted. Here's the form:
http://help.yahoo.com/l/us/yah...
You expect a $8/hr Customer service rep to be able to do anything?
And on a weekend?
All the FT ENgineers and support staff work 9-5 M-F.
And even then, they are considered only after direct contact with Tier 5 support.
Meaning, you were curtious, described the problem, and managed to get it escalated through 5 levels of support to get to the Engineering side of things.
With each level trying their best to fix the problem (no one ever likes to go to their manager and say -- I don't know how to fix this)
And at the Engineering phase, the problem needs to be addresses, scheduled, tested, and all reliability and legal sign-offs need to happen;
Bugs happen, sometimes a Business Rule comes down the pipes for a given product/service that didn't take into account the 100+ other teams services and groups that it affects. And thus it makes it to the wild and breaks. These usally get escalated quickly as internal support teams start to debug their own services, narrow it down to XXX and strat the internal escalation process (with 1000s of engineers worldwide, you can't just go across the office and talk); and if enough internal teams finger one problematic team -- they usually can't reschedule it into their next Sprint; and will have to drop everything and fix it.
But, to call a CSR (Customer Service Rep) and expect a teenager who's trying their best to solve your problem by googling other support cases to see if anyhing matches your problem (and they have limitetd access; to protect unskilled teens from making changes withut fully realising the consequences in some cases; legally mandated restricted access in some cases -- if you want to give them more power, have politicians get the corresponding laws changed. Or figure out how to get people with full Engineering or CS Degrees to want to work in a Call Center.
No, not really. Most mail services are smart enough to parse through the mail headers and figure out what the original MTA was.
Had my site running since the latter 90's. In about 1998 someone hacked my mail server and sent out a slew of spam emails from my @ address. Luckily it was not one of my accounts but a new one they created and my host (small local business) caught it in about 48hrs. However, Comcast and Flagstar bank both got spam hits and my server has been on high alert ever since. I've had countless people jump through the "official" hoops since then to verify the server as being bot free, etc etc etc. And, admittedly it has helped. I still get a substantial amount of filtering on Comcast if I send email to anyone using their mail services. I run a check with friends about 2x a year. Even if I am on someone's contact list, there's a long list of things I've noted that will get me slammed to the spam bin.
Get an AWS instance.
Dear Hawkbug, I'm apologize for my fellow posters spewing forth knee-jerk postings. I have examined your situation and I must say I am puzzled. Your MX and rDNS records are all in order. The domain in question passes the generic email server tests. Your system can obviously communicate out via port 25 or you would not be getting deferred errors from servers and it does not "look like" it is being altered by any proxy. So... Comcast is not blocking your port, nor is your email server defunct. Everything seems in order. What can we conclude? You say the email server was working up until two weeks ago. What has changed? Either the servers offering up the deferred messages have implemented a new policy against you, or Comcast is altering your outgoing port 25 (to test the proxy/manipulation theory, find a friend who has an SMTP server and examine the SMTP logs). Whatever the case, it is something that has changed recently. Did you changed anything on the server? SMTP Banner? FQDN response? Any modifications to your DKIM or SPF? The "Deferred Errors" to me say greylisting. What would get you greylisted? Someone you sent an email to marked it as spam perhaps. Were any sent to the wrong person? Were any profane? Would anyone have mistakenly reported it as spam? Examine the emails you sent right before it stopped working, they may contain clues. My experience says follow the trail of "what changed when it stopped working." Good luck.
I don't recommend using your own private server on a IP that is served by a company that owns residential blocks.
Your IP address can be close to another spammer from comcast and you'll get a very basic response as to why it was blocked. They won't tell you that your entire /24 or anything like that has been blocked due to other people abusing it.
It might not even be a residential client that is doing this but another comcast business user.
If you get a dedicated server in a datacenter, they take reports for spam quite seriously and will disconnect peoples servers much faster than Comcast will disconnect a clients internet.
This is in part that many people using dedicated servers with an email server either as a webhost, company mail server or otherwise. If they get entire subnets blocked, they get a lot of really upset clients /very/ quickly.
So they are a lot more responsible in that regards.
I use eSecureData for my servers and have seen their responses.
Assuming your MTA is flexible enough, you could configure routing for the affected domains to go via Comcast's SMTP. It isn't a fix but it would get you over the problem while you investigate more fully.
As someone whose ISP uses Yahoo for mail, I can report that they appear to block mailing-list messages that are marked as Bulk. As a product tester for Opera and also a moderator on their user forums, I am supposed to be on several of their mailing lists - but never receive any of them. However, mail from that server sent by individual Opera employees comes through just fine. Likewise mailing lists that do not mark there messages as Bulk (from other servers) come through fine - though several (not all) of those lists are actually on Yahoo's servers. (I've had Opera send messages I need to get to a webmail service.)
The server is not blacklisted as I do get mail from it, they are not blocking all mailing lists (other than their own) either, so it appears to be the fact the messages are listed as Priority: Bulk.
There are many reasons for running your own mail server, having control of your spam filtering is just one reason, another is not sharing everything you do with a datamining corporation.
Also being a Comcast customer (I know: shoot me now), I too have faced this obstacle. My solution is to have my outbound SMTP server use Comcast's SMTP server(s) as a relay, authentication required. Another option would be an external (outside Comcast's network) relay service, so long as they accept incoming connections on something other than port 25, which Comcast will block here and there (and not tell you in advance).
This approach worked fine for me for over a year.
Here's a forum post that has some info and settings:
http://forums.comcast.com/t5/E-Mail-and-Xfinity-Connect-Help/Using-SMTP-mail-server-and-SMTP-relay/td-p/2053255
Sign your outgoing emails. If it's in the remote user's Spam folder, then it's not blocked, it's filtered. And since your IP is coming from a known poor reputation provider, you already have an uphill battle.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
if your VPS is in the same netblock as a spammer you fall into the same traps
I was under the impression that because the VPS market is more competitive than the home and small business last mile Internet access market. So if one VPS provider is doing a bad job of keeping spammers off its network, you can switch to another.
Hotmail did this to me too, sending from my VPS at 1 and 1. The explanation in their bounce was that it was due to other hosts from the same provider being spammers, etc, but that after my host's reputation was established it would be naturally un-blocked.
That does seem to be what's happened. As I consistently generate non-spam mail toward hotmail/outlook.com accounts, it has been un-blocked and now works without issues.
I'm particularly interested in your case however, since I plan to migrate to Comcast business myself. I'd prefer not to relay through their servers if possible, what with the shenanigans large ISPs seem to want to pull recently re: STARTTLS downgrade attacks, etc.
I like music
I'm running postfix, and i was sending mail directly from my system. I have found that other sites started blocking mail that came from Comcast subscriber addresses. I changed my postfix configuration to route through Comcast. I set this line in my postfix main.cf file:
relayhost = smtp.comcast.net
all my mail has been getting through since...
Sign up for SendGrid.com. They have free accounts that you can send up to 200 emails a day for free.
Nathan
I went through this issue as a Comcast customer and feel your pain. Do you have an abuse@yourdomain.com registered with WHOIS? I found this was a requirement as domains started using subscriptions similar to Spamhaus. The alternative is to get the whitelist options as required by RFC from the technical administrator listed in THEIR whois. :)
I run all of the domain services for our corporation on a Bell fibre internet connection. Bell simply provides us with a pipe, and 13 dynamic ip addresses.
We maintain all of our own web, dns, mail, etc. servers on-site.
On October 1, all email sent to anyone who used Shaw as their internet/email provider, were being rejected. I thought maybe our server was blacklisted, but it wasn't. It didn't affect just @shaw customers, but also the City Police that we are required to email to daily for all of the transactions we do with the public (second-hand purchases). The City has their own TLD, but I discovered through some investigation that their email was going through Shaw.
I contacted Shaw, who said there was nothing wrong on their side, that it was MY ISP that was rejecting the emails. However, I know better, and I knew that wasn't true. So, I contacted Bell support, who said they had already heard of the issue, and 13 other large corporations were also having the same problem with Shaw.
After a few days of emails and contact, nothing was being done. It wasn't until I sent an email to Bell to forward to Shaw to inform them that according to the City By-Law, if we did not email our transactions daily by midnight, we would be subjected to a fine of $5,000 per transaction per day the emails were not sent. I informed them that our lawyers were pretty good, and we had the proof we needed to prove that Shaw was purposely blocking our emails. I said that any charges laid to us (which by now after 6-7 days of being blocked would have amounted to several hundred thousand dollars), would be refiled against Shaw.
Our email was unblocked within 12 hours, with no explanation. Bell informed me that Shaw simply "fixed" the issue, that Shaw claimed it was a "routing" problem. However, I know it can't be a routing problem when your mail servers reject email specifically based on source ISP.
More and more companies are blocking based on the reverse DNS of your email server. You can call Comcast to have them resolve the issue, by pointing the reverse DNS to your actual domain name.