MikeStammer
No prison can hold me
Premium
join:2002-12-26
Aurora, IL
1 edit | Warning: SBC Yahoo SMTP Auth possibly broken
(I post this here since its, in my case, postfix related)
seems they changed something recently.
I think SBC just broke SMTP AUTH again in things like sendmail and postfix. this morning I had errors at 2 sites.
Seems they changed the IP that smtp-sbc-v1.mail.vip.sc5.yahoo.com resolves to. I had to hard code the IP of what smtp-sbc-v1.mail.vip.sc5.yahoo used to resolve to to get it working again. The old IP (the one that works) is 63.230.177.41. If you resolve the IP based on the hostname now and try to SMTP auth (at least with sasl) it doesnt work. it complains that authentication is needed, etc.
anyone else seeing this and/or have info on how to fix this to NOT use IP addresses? |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| I can't help you with postfix. I use sendmail.
I can comment for sendmail users.
I just tried sending mail, and it worked fine the first try. But it would not have worked if I had a default configuration.
I am supposed to send email to "smtp.ameritech.yahoo.com". That used to be a CNAME for "smtp-sbc-v1.mail.vip.sc5.yahoo.com" or something similar. Incidently, I just copied that name from MikeStammer  's post, since it looked familiar.
With a standard sendmail configuration, my authentication table entry would have needed to specify authentication for "smtp-sbc-v1.mail.vip.sc5.yahoo.com", or just for "yahoo.com" since it applies to abbreviations.
What has changed, is that now, "smtp.ameritech.yahoo.com" appears to be a CNAME for "smtp-sbc.mail.yahoo.com" which, in turn, is a CNAME for "smtp.sbc.mail.yahoo4.akadns.net". So my authentication table entry would need to specify "smtp.sbc.mail.yahoo4.akadns.net" as the host, or just "akadns.net" would do.
However, I have configured
define(`confDONT_EXPAND_CNAMES', `True')
and, as a result, sendmail does not expand CNAMEs. This way my authentication table entry should be for "smtp.ameritech.yahoo.com" or for just "yahoo.com". And that's likely to not change, even when they alter the CNAME. Or at least it is not likely to change without prior notification to SBC users.
I don't know if this will help you with postfix, but perhaps it at least helps explain part of what is going on. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ | reply to MikeStammer
Just curious, on the one that does not work, is smtp-auth advertised when you say "EHLO"?
ie: 250-AUTH LOGIN PLAIN XYMCOOKIE |
|
MikeStammer
No prison can hold me
Premium
join:2002-12-26
Aurora, IL | reply to MikeStammer
ill check out the stuff you guys mention and let you know. good info!!! |
|
MikeStammer
No prison can hold me
Premium
join:2002-12-26
Aurora, IL
| reply to MikeStammer
ok here is what i came up with.
in my saslpass file i have the following:
smtp.sbc.mail.yahoo4.akadns.net MyUsername@sbcglobal.net:MyPassWord
in my transport file i have this:
mikestammer.com :
* smtp:[smtp.sbc.mail.yahoo4.akadns.net]
once i put these in everything worked without needing the IP addresses (which is a good thing).
nwrickert, you are the man! Thanks for the info. |
|
MikeStammer
No prison can hold me
Premium
join:2002-12-26
Aurora, IL
| reply to sporkme
said by sporkme :Just curious, on the one that does not work, is smtp-auth advertised when you say "EHLO"? ie: 250-AUTH LOGIN PLAIN XYMCOOKIE here is what i got:
Sun Jun 26 12:36:09> telnet smtp-sbc-v1.mail.vip.sc5.yahoo.com 25
Trying 66.163.171.137...
Connected to smtp-sbc-v1.mail.vip.sc5.yahoo.com.
Escape character is '^]'.
220 smtp827.mail.sc5.yahoo.com ESMTP
EHLO foo.com
250-smtp827.mail.sc5.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
quit
221 smtp827.mail.sc5.yahoo.com
Connection closed by foreign host.
i think it was the whole name resolving thing and the fact that i didnt have a matching entry in saslpass to use against the server |
|
badams
join:2005-07-03
San Jose, CA
| reply to MikeStammer
Thank you sirs. I was on vacation when this happened. I opened a ticket with Yahoo saying they broke my sendmail, and was asked what email client I run.
I used define(`confDONT_EXPAND_CNAMES', `True') and advised SBC Yahoo of the resolution. I hope my followup serves other SBC customers well.
Bill |
|
Crypto
Premium
join:2001-01-07
Saint Charles, MO | Yeah, they dont support running your own MTA at home. I wouldnt ever expect tech support to either know, or care, about our mail server problems.
--
I may not agree with what you say, but I'll defend your right to encrypt it. |
|
