Paul via Mailman-users writes:
Iam getting alot of such from my mail server mail queue lately 4d08rT4xMHzMCD6S 2393 Mon Nov 3 01:43:21 list-bounces+makeupbymichelle=aol.com@lists.mydomain (host mx-aol.mail.gm0.yahoodns.net[67.195.228.84] said: 421 4.7.0 [TSS04] Messages from my-mail-server-IP temporarily deferred due to unexpected volume or user complaints - 4.16.55.1
If "my-mail-server-IP" is in fact your mail server's IP, then you may have a problem: spammers may be using your server as a relay for spoofed emails.
Are these the only entries for those messages in your logs when your system contacts the Yahoo MTAs? It may be useful to increase the verbosity of the MTA's logging if so. Also double-check whether these events seem to be correlated with any entries in the Mailman logs.
This is becoming problematic because am currently being blocked on Yahoo domains.
This is the natural result if your server is being abused in that way.
Are you seeing similar events for non-Yahoo-managed recipients? If not that's pretty strange.
My setup is as follows: I host mailman3 list server which uses our mail server as a relay.
Do you manage the mail server itself? What software do you use for your MTA (Postfix, Exim4, Sendmail, qmail are common MTAs).
Does your MTA allow relaying from other hosts? This includes accepting submissions from remote logged-in users (usually port 587, the submission service, but sometimes port 465, smpts/ssmtp)? (Mailman is *not* a relay according to the definition used in the email system. It involves accepting the message, processing it locally, and *reinjecting* the message into the Internet mail system. In a relay, the message gets no local processing outside the MTA itself, and is immediately forwarded on to the "next hop".)
Try to correlate these bounces with incoming messages, including from logged-in users (either local shell users or remote via authenticated mail). Perhaps you can block their sources, although spammers usually use botnets to frustrate that kind of defense. If you can't find the source, that's a big problem.
What kind of user accounts with shell login access are present on your mail server? (Generally we advise limiting these to root and a small number of personal accounts for host admins.) Shell access should be SSH-only, using public key authentication. Are there any suspicious logins around the times the spam messages are known to have been sent to Yahoo?
For future reference, answers to the below may be helpful in deciding what you can do to frustrate the spammers.
Is Mailman used for business communication, or are these messages within a discussion group? What other mail flows does your server handle (ie, personal to/from for members of your organization, business marketing, business transactions including customer support, other)?
Do you have SPF set up for your server's IP?
Do you have DKIM set up for your server's domain(s)?
Steve
-- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan