Not able to send to verizon.net

[GXX]

All of a sudden, all my boxes are now unable to send to verizon.net addresses. Everywhere is fine. I am getting this error:

2007-02-10 15:54:38 1HFzEM-0005Pb-68 == [email protected] R=lookuphost T=remote_smtp defer (-45): SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1904: host relay.verizon.net [206.46.232.11]: 450 Requested mail action not taken-Try later:sv1pub.verizon.net

After much googling, it sounds like this isn't an isolated incident. I've tried the numerous ident timeout fixes, but still nothing. Anyone else on here experience this as well?

 

[GXX]

no one has this issue too?

 

[quackweb]

I would contact verizon to see what the problem is, it looks like the remote host is producing some error when you send the email to them, possibly because it is rejecting the email. Can you provide the full header information? That way we can be sure. I am having no problems sending emails to verizon.net so the problem is probably related to your server and verizon.net (again possibly due to it rejecting the email, maybe because of spam?)

 

[philmcdonnell]

All of a sudden, all my boxes are now unable to send to verizon.net addresses. Everywhere is fine. I am getting this error:



After much googling, it sounds like this isn't an isolated incident. I've tried the numerous ident timeout fixes, but still nothing. Anyone else on here experience this as well?

I am having this same issue for about a week or so now. I am not sure what to do or what the solution is. I have read that Verizon does some type of verification process where they pause the smtp connection on our server and then timeout for some reason.

Could it be a bad RBL lookup from our Spam Checks that is causing this?

Any help would be GREAT!!!

Thanks,
Phil

 

[AM54]

I've been having this problem with Verizon for months, and I finally have fixed it. The problem is that Verizon will not accept email without first verifying the sender through a separate SMTP connection, but that Verizon's own servers are misconfigured so that they do not pass a reverse DNS RFC931 check. I had a TCP Wrapper that was rejecting SMTP connections that failed the check - hence the problem.

So it works like this:

An email is sent to Verizon. Before accepting the email, Verizon attempts a SMTP connection with the sending server:

<XX>Mar 06 16:54:12 sendmail[32045]: l26NsCRo032045: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, relay=sv4pub.verizon.net [206.46.252.140]

However, Verizon fails the reverse DNS check:

Mar 6 23:54:12 www iservd[32045]: warning: /etc/hosts.allow, line 46: host name/name mismatch: sv4pub.verizon.net != vms140pub.verizon.net

My hosts.allow file had this line:

ALL : PARANOID : RFC931 20 : deny

Once I commented that out, the Verizon mail got through.

Of course that line was there for a reason -- Verizon's anti-spam measures coupled with their own misconfiguration of their reverse DNS requires me to abandon my own mechanisms to protect against abuse of my mail server.

But at least I've solved the mystery.

It's possible that this only happens with email that Verizon suspects is spoofed -- this seems to be a problem with one particular server of mine that sends automated emails with a reply-to that is from a domain with mail handled on a different server. I have configured SPF to make it clear that mail from mydomain.com should be allowed from either IP, but it looks like Verizon is doing its own checking. In other words, the email comes from domain1 at server A; Verizon's reverse check shows that domain1's MX resolves to server B - so Verizon initiates an SMTP call to server A as a second check. But... as noted .. Verizon's connection to server A fails because of the fail the RFC931 check.

 

[nobaloney]

Verizon manages to break everything email every few month.

They need to hire someone with clue to run their mail servers.
[/end rant]

Jeff

 

[philmcdonnell]

I've been having this problem with Verizon for months, and I finally have fixed it. The problem is that Verizon will not accept email without first verifying the sender through a separate SMTP connection, but that Verizon's own servers are misconfigured so that they do not pass a reverse DNS RFC931 check. I had a TCP Wrapper that was rejecting SMTP connections that failed the check - hence the problem.

So it works like this:

An email is sent to Verizon. Before accepting the email, Verizon attempts a SMTP connection with the sending server:

However, Verizon fails the reverse DNS check:

My hosts.allow file had this line:


Once I commented that out, the Verizon mail got through.

Of course that line was there for a reason -- Verizon's anti-spam measures coupled with their own misconfiguration of their reverse DNS requires me to abandon my own mechanisms to protect against abuse of my mail server.

But at least I've solved the mystery.

It's possible that this only happens with email that Verizon suspects is spoofed -- this seems to be a problem with one particular server of mine that sends automated emails with a reply-to that is from a domain with mail handled on a different server. I have configured SPF to make it clear that mail from mydomain.com should be allowed from either IP, but it looks like Verizon is doing its own checking. In other words, the email comes from domain1 at server A; Verizon's reverse check shows that domain1's MX resolves to server B - so Verizon initiates an SMTP call to server A as a second check. But... as noted .. Verizon's connection to server A fails because of the fail the RFC931 check.

This is not the issue with our servers since we don't have anything in the hosts.allow file. Verizon still rejects any mail sent to them. I have no idea what the heck they are doing over there. I do agree they don't have a clue!

Thanks,
Phil