Yahoo - optimal settings

Unanswered Question
Oct 1st, 2007
User Badges:


Yahoo is continuously deferring messages. Has anyone any experience of tuning ironports delivery parameters so that they work well with yahoo smtp servers.

Here is a good article that explains the problem

The typical message returned is

Remote host said: 421 Message from( temporarily deferred - 4.16.50. Please refer to

Any ideas / suggestions gratefully received

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbivens_ironport Mon, 10/01/2007 - 13:16
User Badges:


The article wasn't really that insightful, but the one thing that I did get out of it was that you might want to configure Domain Key signing on your IronPort appliance if you are not already doing so.

With that said I have other customers that send high volume of messages and it came to my attention that Yahoo only accepts 5 messages per TCP connection. However by default the IronPort attempts to send 50 messages per TCP connection which is a global setting.

So there is a CLI command called "setmsgperconnect" which allows you to change the global behavior of the IronPort appliance with regards to the number of messages per TCP connection and this will "clean up the statistics" for your Yahoo deliveries if you reduce this to 5, however this will create more TCP work for the IronPort which might increase CPU utilization a little bit.

The plan is to change this setting from a global setting to a per domain setting some time in Q1 of 2008.

Hope this helps.


Jay Bivens
IronPort Systems

jbivens_ironport Mon, 10/01/2007 - 13:55
User Badges:


Unfortunately that's the extent of my knowledge with regards to the Yahoo behavior. I doubt there is anything wrong or sub-optimal for the Default Bounce Profile.

Destination Controls is set to 500 TCP connections (which in my opinion has always been way too big of a number). Personally might lower it down to 50 but I don't want to mislead you into thinking that it's Yahoo optimal.

Sorry I can't provide more value, maybe someone else offer up insight.


Jay Bivens
IronPort Systems

tomw00_ironport Mon, 10/01/2007 - 13:41
User Badges:

Hi Jay,

Thanks for the quick reply !!!
I have setup domain keys - that hasn't really made a difference yet.

I made the change re messages per tcp connections, I'll monitor it to see what happens.

Could you comment on or do you know about:-

o The number of concurrent connections that works well with yahoo
o Maximum number of retries

Thank for you help


JeromeG_ironport Tue, 04/29/2008 - 14:33
User Badges:

The plan is to change this setting from a global setting to a per domain setting some time in Q1 of 2008.

Hello Jay,

Does Ironport plan to set this global setting to a per domain setting ?

Donald Nash Fri, 05/09/2008 - 17:00
User Badges:

Here's the link to the Y! help page which explains this limit:

It explains it only in the sense of documenting the behavior. It does not explain the rationale behind the limit. It's pretty stupid behavior, if you ask me. This wonderful tidbit says it all:

When this limit is reached, no further messages will be accepted for delivery as our server automatically terminates the connection (without giving an error code).

In other words, "We blatantly violate RFC 2821 and we don't care."

wmchurch_ironport Sun, 06/15/2008 - 03:52
User Badges:

Well this post is almost a year old and it looks like Yahoo is still doing funny stuff...

I'm not sure how many messages to you're dealing with, it could be you're just a couple over the 5 per TCP connection limit. If that's the case, you could "hack" around it by creating a Destination Control for and limit your recipients to 5 every 1 minute. And then "Apply Limits Per Destination" for "Each Mail Exchanger (MX Record) IP Address.

It should resolve those dropped connection issues, but if they're still greylisting you'll always see some 451/421 errors. The messages should be resent fairly quickly though after the initial 4xx error.

Greylisting was a neat idea in the beginning, but I think the spammers are catching on, and now I think it only succeeds in delaying your message getting in.

If you’re doing anything over 100 users a day to, however, I'd experiment with this but keep an eye on it since it could cause your queue to grow pretty quick.

Some people have reported success getting whitelisted with, but getting to that point seems to be a trial. If your traffic to Yahoo warrants that, it might be a good idea to get started on that now.

SPF will help a bit, but be careful if you're using CRES, there's a KB article (Answer ID 882 - Cisco Registered Envelope Service (CRES): SPF verification failure). This really only affects those sending mail from inside the CRES portal via a Secure Reply/Forward or other methods, however it could come up.


This Discussion