SMTP to Comcast mail servers

November 3, 2018 1.8k views
Email

I run a mail server on a DO droplet (postfix MTA). A few days ago, Comcast stopped accepting mail from my mail server. It appears that my server is not on their block list (I've tried to remove it from their block list, but they tell me it is not on it). Instead, I get the following error when sending to any Comcast address:

Action: failed
Status: 5.1.0
Remote-MTA: dns; mx1.comcast.net
Diagnostic-Code: smtp; 550 5.1.0 Connection is not being accepted at this time.

This seems to fail after Comcast receives the FROM (my actual domain and IP address removed):

[root@mydomain postfix]# telnet mx1.comcast.net 25
Trying 96.114.157.80...
Connected to mx1.comcast.net.
Escape character is '^]'.
220 resimta-po-26v.sys.comcast.net resimta-po-26v.sys.comcast.net ESMTP server ready
EHLO mydomain.com
250-resimta-po-26v.sys.comcast.net hello [MYIPADDRESS], pleased to meet you
250-HELP
250-SIZE 36700160
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-STARTTLS
250 OK
MAIL FROM: chad@mydomain.com
550 5.1.0 Connection is not being accepted at this time.
Connection closed by foreign host.

A web search shows that I am not the only one having this problem:

https://www.reddit.com/r/digital_ocean/comments/9rypsh/anyone_else_having_issues_sending_email_to/

All of us using Digital Ocean for our mail servers. The OP there even tried creating 2 extra droplets and found the same problem at all of them.

It appears that Comcast is refusing connections if the domain of the FROM address resolves to a Digital Ocean IP address.

Are others seeing this? Does anyone have a good work around other than taking my mail server away from Digital Ocean? Does anyone know of a way to contact Comcast to complain? As I said, I've tried submitting their block list form, and they just tell me my IP address is not on the block list.

5 Answers

I'm having the same issue. My SPF, DKIM, and DMARC settings all seem fine. I tried that webform as well and got the same response of not being blocked.

Yep, same issue here, but I have a second server which is also on a DO droplet which is still sending to Comcast just fine.

The server being bounced by Comcast is in NYC3 in this NetBlock:
CIDR: 45.55.0.0/16
NetName: DIGITALOCEAN-11

This one, in NYC1, can still send to Comcast:
CIDR: 198.199.64.0/18
NetName: DIGITALOCEAN-5

<shrug>

Interesting. So it's not all of DO, just some of it. My server that is being bounced is in NYC1 - 208.68.39.0/24.

FYI, mail seems to now be going through to Comcast for me from my DO mail server. I tried submitting for help to their block form 3 times, and contacting @comcastcares on Twitter with no success. I was about to give up, and it just started working.

Have another answer? Share your knowledge.