Yahoo Imap servers blocked

ADeclue
Conversationalist

Yahoo Imap servers blocked

Recently purchased some new Meraki MR42s for our office. Since we have installed and configured them anyone who has a Yahoo account configured on their computer/phone does not receive email while on our wireless connection. The only rules we have in place is to block P2P on layer 7. Does anyone have any suggestion on what could be going on?

21 REPLIES 21
JRH
Here to help

Have you tried removing the rule to see if that resolves the issue?
ADeclue
Conversationalist

Yes I have tried removing the rule and no it did not resolve the issue.

I assume you have also check the L3 rules? Have you check the flow logs/syslog to see if that shows anything?
ADeclue
Conversationalist

Yes checked both Layer 3 rules we have. Both are set to allow all traffic on this particular SSID so I didn't think it would block anything at all. I have not removed them so maybe I will try that just in case.

 

No I have not checked many logs either. As I am new to the Meraki's I figured it was some sort of setting. I will try to find these logs and go through them to see what I can find.

 

Thank you.

Ok, let us know how you get on.

Perhaps this is Meraki doing your users a favor, every single Yahoo email account / user has been compromised.  🙂 

 

http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html

 

In all seriousness, there may be something in your Firewall and Traffic Shaping rules if not I would look towards the logs.  

 

We have a deployment for 20 or so MR42s covering about 800 users, I have not received a complaint regarding Yahoo mail and I assume there are users still using it on our campus.  

 

 

Hello @ADeclue

 

I created a dummy Yahoo account and set this account up on my mac using Mail connected to Yahoo IMAP servers.

 

We are running MR42s with MS switching along with an MX security appliance.  We are running all the latest stable firmware with the exception of the MX, its on MX 14.15.  

 

Our WLAN clients are part of the network (bridge mode) and we do not use Meraki DHCP.  

 

We are blocking L7 P2P, we have AMP turned on and we are also running IDS. 

 

All in all, given all of the above I was not able to replicate the issue.  Is there something upstream if the MRs that could be responsible? 

 

Ryan 

PhilipDAth
Kind of a big deal
Kind of a big deal

If you removed the rules and it was still blocked is is unlikely to be the rules.

 

If the same user then connects their notebook with a wired cable it works?

 

Is the WiFi bridged to your local LAN, or using Meraki DHCP on the access point?

Yes wired cable works. Even wireless it will work as long as you tether off of a phone. We are using the Meraki DHCP

Can you set up a test SSID, same settings but run it in bridged mode and see if that resolves the issue.
ADeclue
Conversationalist

Made a separate SSID named Testmail, kept all settings the same but did change it to be bridged, still unable to connect.

PhilipDAth
Kind of a big deal
Kind of a big deal

Are these APs plugging into the same place as the test wired machine that works?

Yes. Everything goes back to central switches in our server room.

What about a very simple bridged Network onto the same VLAN as a wired client. Test, assuming it works start adding back in your settings until it stops working.

Are you sure there’s no firewall causing an issue?
PhilipDAth
Kind of a big deal
Kind of a big deal

Does anything appear under "Network-Wide/Event Log"?

The only thing showing there are Authentication and association/disassociation events.

ADeclue
Conversationalist

I guess this would solve it as of now. This would almost have to mean that it is something  else on my end since you are able to get through. I'm going to double check some other stuff and will let you all know what I find out.

 

Thank you all for your help, it's really appreciated!

Aurelien
New here

Hi,

This is very simple, if your SSID use "Layer 3 roaming with a concentrator"

You need to create new rule in your MX to allow TCP traffic on WLAN ip's to Dst port 80,443,465,587,993.

Best regards

K-Danger
Here to help

Any answer to this? Same thing for me- Meraki cloud blocks all yahoo and hotmail servers.

I am also having this same issue. We block very little and yet all email services work with the exception of BT/Yahoo. 

I am also having this same issue. We block very little and yet all email services work with the exception of BT Yahoo. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels