Yahoo SMTP Server: Delivery Temporarily Suspended

Recently the outgoing messages to Yahoo from my Linux boxes are all deferred. The linux box hosts a website which contains a webform, which sends about 200 mails to 100 subscribed accounts, which is about 20K messages per day. About 13 accounts are Yahoo addresses. I use Postfix and below is the results from “mailq”.
7AE4531F83EE 1895 Fri Apr 5 22:08:17 apache@myhostname
(delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[66.196.118.35] while performing the HELO handshake)
xxxx@yahoo.com

 

Tried to telnet to port 25 of Yahoo’s SMTP server, and this is the message:
421 4.7.0 [TS02] Messages from xx.xx.xx.xxx temporarily deferred – 4.16.56.1; see http://postmaster.yahoo.com/errors/421-ts02.html
Connection closed by foreign host.
Contacted Yahoo using two online forms:

1. Yahoo! Mail Delivery Issues Form

2. Yahoo! Mail Bulk Sender Form

I submitted the form On Sunday, got reply from Yahoo for the second form on following Tuesday. Here is the response:

Thank you for contacting Yahoo! Mail.

The information you have sent us has been updated in our system. Feel free to test things out and let us know if you experience any problems, so we may assist you further to resolve your issue.

Your patience during this process is greatly appreciated.

Thank you again for contacting Yahoo! Mail.

Regards,

Yahoo! Customer Care

Checked the server, the mails are still deferred and total number of mails in the mailq is still rising.

So I followed up with Yahoo using the first form again, with the incident ID I got earlier. Got response within 3 hours:

Thank you for contacting Yahoo! Mail.

We have reviewed the IP information you have provided and made the appropriate changes in our database. As a result, the recent deferrals you have referenced in your report should now be resolved.

If you need further assistance or to see the latest information with regard to delivery to Yahoo! Mail, please visit:
Your patience during this process is greatly appreciated.

Thank you again for contacting Yahoo! Mail.

Regards,
Yahoo! Customer Care

After getting this mail, I checked the server and half of the queue has been cleared (about 3500 messages were sent).

 

Read More

Force iptables to log messages to a different log file

http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html

According to man page:
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.

By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks.

Iptables default log file

For example, if you type the following command, it will display current iptables log from /var/log/messages file:
# tail -f /var/log/messages
Output:

Oct  4 00:44:28 debian gconfd (vivek-4435): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Oct  4 01:14:19 debian kernel: IN=ra0 OUT= MAC=00:17:9a:0a:f6:44:00:08:5c:00:00:01:08:00 SRC=200.142.84.36 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=18374 DF PROTO=TCP SPT=46040 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Oct  4 00:13:55 debian kernel: IN=ra0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:18:de:55:0a:56:08:00 SRC=192.168.1.30 DST=192.168.1.255LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=13461 PROTO=UDP SPT=137 DPT=137 LEN=58

Procedure to log the iptables messages to a different log file

Open your /etc/syslog.conf file:
# vi /etc/syslog.conf
Append following line
kern.warning /var/log/iptables.log
Save and close the file.

Restart the syslogd (Debian / Ubuntu Linux):# /etc/init.d/sysklogd restartOn the other hand, use following command to restart syslogd under Red Hat/Cent OS/Fedora Core Linux:# /etc/init.d/syslog restart

Now make sure you pass the log-level 4 option with log-prefix to iptables. For example:
# DROP everything and Log it
iptables -A INPUT -j LOG --log-level 4
iptables -A INPUT -j DROP

For example, drop and log all connections from IP address 64.55.11.2 to your /var/log/iptables.log file:
iptables -A INPUT -s 64.55.11.2 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix '** HACKERS **'--log-level 4
iptables -A INPUT -s 64.55.11.2 -j DROP

Where,

  • –log-level 4: Level of logging. The level # 4 is for warning.
  • –log-prefix ‘*** TEXT ***’: Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs.

You can now see all iptables message logged to /var/log/iptables.log file:
# tail -f /var/log/iptables.log

Updated for accuracy.

Read More