The article wasn't really that insightful, but the one thing that I did get out of it was that you might want to configure Domain Key signing on your IronPort appliance if you are not already doing so.
With that said I have other customers that send high volume of messages and it came to my attention that Yahoo only accepts 5 messages per TCP connection. However by default the IronPort attempts to send 50 messages per TCP connection which is a global setting.
So there is a CLI command called "setmsgperconnect" which allows you to change the global behavior of the IronPort appliance with regards to the number of messages per TCP connection and this will "clean up the statistics" for your Yahoo deliveries if you reduce this to 5, however this will create more TCP work for the IronPort which might increase CPU utilization a little bit.
The plan is to change this setting from a global setting to a per domain setting some time in Q1 of 2008.
Unfortunately that's the extent of my knowledge with regards to the Yahoo behavior. I doubt there is anything wrong or sub-optimal for the Default Bounce Profile.
Destination Controls is set to 500 TCP connections (which in my opinion has always been way too big of a number). Personally might lower it down to 50 but I don't want to mislead you into thinking that it's Yahoo optimal.
Sorry I can't provide more value, maybe someone else offer up insight.
Well this post is almost a year old and it looks like Yahoo is still doing funny stuff...
I'm not sure how many messages to yahoo.com you're dealing with, it could be you're just a couple over the 5 per TCP connection limit. If that's the case, you could "hack" around it by creating a Destination Control for Yahoo.com and limit your recipients to 5 every 1 minute. And then "Apply Limits Per Destination" for "Each Mail Exchanger (MX Record) IP Address.
It should resolve those dropped connection issues, but if they're still greylisting you'll always see some 451/421 errors. The messages should be resent fairly quickly though after the initial 4xx error.
Greylisting was a neat idea in the beginning, but I think the spammers are catching on, and now I think it only succeeds in delaying your message getting in.
If you’re doing anything over 100 users a day to yahoo.com, however, I'd experiment with this but keep an eye on it since it could cause your Yahoo.com queue to grow pretty quick.
Some people have reported success getting whitelisted with Yahoo.com, but getting to that point seems to be a trial. If your traffic to Yahoo warrants that, it might be a good idea to get started on that now.
SPF will help a bit, but be careful if you're using CRES, there's a KB article (Answer ID 882 - Cisco Registered Envelope Service (CRES): SPF verification failure). This really only affects those sending mail from inside the CRES portal via a Secure Reply/Forward or other methods, however it could come up.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...