Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3732
Views
25
Helpful
8
Replies

CISCO ESA Blocked by Yahoo

atpascua09
Level 1
Level 1

‎10-13-2019 06:49 PM - edited ‎10-13-2019 07:02 PM

Hello,

 

Just want to ask assistance who are facing issue in sending email to Yahoo domain.

Message 151397183 to email@yahoo.com delayed. Reason: 4.3.2 - Not accepting messages at this time ('421', ['4.7.0 [TSS04] Messages from "Server IP Address" temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html']) []

 

I already set limit on the ESA based on the recommended on this KBA https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118573-technote-esa-00.html but still we got same error.  

 

Hope you can help me to figure this out.

Labels:
0 Helpful
8 Replies 8

Mathew Huynh
Cisco Employee
Cisco Employee

‎10-13-2019 09:18 PM

Hey Atpascua09,

If your device had already sent excessive amounts of emails and got itself on yahoo's limits, after the change it will still take time to get it delivered off and won't be alleviated immediately.

You will need to give it time to slowly drain out if the issue was too many emails.

However looking at the error message itself it could be a range of things; either rate limits or they're checking other bits of the email such as resolvable mail server information within the source of the emails, DKIM signatures being added, SPF passing (if applicable) and more.

https://help.yahoo.com/kb/postmaster/recommended-guidelines-bulk-mail-senders-postmasters-sln3435.html

Regards,
Mathew

atpascua09
Level 1
Level 1
In response to Mathew Huynh

‎10-14-2019 01:05 AM

Hi,

Thank you for the reply. Please correct my understanding on the attached screenshot.

Is that means we have different domains using 1 IP address to sent it Yahoo.com.

 

With this how we can fixed this on ESA or how we can assign separate IP Address to the different domain?

Preview file
15 KB
0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to atpascua09

‎10-14-2019 02:18 PM

Hey Atpascua09,
The screenshot shares that Yahoo has slowed down deliveries due to complaints - I wouldn't put it down to multiple domains going to Yahoo but typically yahoo (and gmail) are quite strict on servers adhering to email standards for clean emails.
This means the source mail servers should have a resolvable hostname, SPF should be made available, emails should be DKIM signed and so on..

Regards,
Mathew

atpascua09
Level 1
Level 1
In response to Mathew Huynh

‎10-28-2019 02:35 AM

Hi,

 

Having said that regarding on the DKIM and SPF I tried to check the email header on yahoo and the result is PASS.

 

Can you please help me to understand better best value.

Preview file
10 KB
0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to atpascua09

‎10-28-2019 04:28 PM

Hey atpascua09,

You have SPF which is fine and DMARC.
But no DKIM configured - if your ESA is sending a lot of emails to Yahoo this can also add to the issues.
Especially if some of the emails are going to non-existent mail addresses, they may treat emails from your IP and domain as probable spam.

DKIM is something i saw on Yahoo that they also check so this could also help them trust emails more, but if there's an underlying issue of sending to invalid recipients and in turn generating bounce backs as you shared in : https://community.cisco.com/t5/email-security/blank-envelope-and-summary/m-p/3949044

Then that needs to be rectified.

Regards,
Mathew

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Mathew Huynh

‎10-28-2019 04:31 PM

Just also looked at the other message tracking - these bounces are generated by your ESA as the yahoo servers are not accepting emails - so it wouldn't be a case of your ESA sending to invalid recipients but Yahoo not completely trusting your emails.

I would first suggest looking at getting DKIM implemented.
watching the rate limits and ensuring emails are not spamming yahoo.

On the ESAs -> showrecipients -> by recipient host -> yahoo.com
Verify these emails if you're seeing some bad or spammy emails, find the culprit and rectify + remove the emails in question.

atpascua09
Level 1
Level 1
In response to Mathew Huynh

‎10-29-2019 12:45 AM

Hi,

 

With regards on your DKIM recommendation, what should be the value of the DKIM and also where we will implement the DKIM?

Hoping you understand me because honestly i'm not familiar on using DKIM DMARC and SPF.

 

Thank you for your response appreciate it.

0 Helpful

marc.luescherFRE
Spotlight
Spotlight
In response to atpascua09

‎10-29-2019 12:54 AM

Happy to write a smaller best practices document if I find the time next week.

 

DKIM means that every outgoing email form your domain will have an additional signature (DKIM public key) which can be validated by any 3rd party to make sure  that the email is really coming from you. Yahoo, comcast , hotmail and outlook are known domains which gibe you a higher rating if a message is DKIM signed.

 

To get started just follow the following instruction:

 

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/213939-esa-configure-dkim-signing.html

 

I hope that helps

 

-Marc

Customers Also Viewed These Support Documents