Client issue:
======================================================================================
pluto unable to send email to yahoo network Jun21
Result: SMTP error from remote mail server after pipelined MAIL FROM:test@volgaagency.com SIZE=1630: 421 4.7.0 [TSS04] Messages from 95.216.21.180 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.verizonmedia.com/error-codes
2021-06-23 10:55:40 1lvv0M-0004jj-RL == gayatrirefrigeration@yahoo.com R=dkim_lookuphost T=dkim_remote_smtp defer (-45) H=mta7.am0.yahoodns.net [67.195.204.72]: SMTP error from remote mail server after pipelined MAIL FROM:<info@volgaagency.com> SIZE=104994: 421 4.7.0 [TSS04] Messages from 95.216.21.180 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.verizonmedia.com/error-codes
======================================================================================
Solutions:
1) Check the /var/log/exim_mainlog
# grep TSS04 /var/log/exim_mainlog
# grep EMAIL-ID /var/log/exim_mainlog
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2021-06-23 10:55:40 1lvv0M-0004jj-RL == gayatrirefrigeration@yahoo.com R=dkim_lookuphost T=dkim_remote_smtp defer (-45) H=mta7.am0.yahoodns.net [67.195.204.72]: SMTP error from remote mail server after pipelined MAIL FROM:<info@volgaagency.com> SIZE=104994: 421 4.7.0 [TSS04] Messages from 95.216.21.180 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.verizonmedia.com/error-codes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE: The Bulk emails were sent to the yahoo network from the domain, so the server IP was blocked temporarily.
NOTE: The sum of all attached files in a single message, both for incoming and outgoing email, must not exceed 25MB in total file size.
https://forums.cpanel.net/threads/yahoo-defers-mail-from-cpanel.675909/
Typical behavior that leads to blacklisting issues is:
– Compromised user accounts used to send spam.
– Bulk emailing from mailing lists, newsletters, forums, and blogs (even if they are opt-in).
– Bulk emailing to unconfirmed subscribers.
– Bulk forwarding of spam emails to Yahoo! users.
2) Request Removal from Yahoo!’s Blacklist. Before contacting Yahoo! for Request Removal from the Yahoo!’s Blacklist make sure that your DNS settings are in order, in particular:
- Reverse DNS resolves to a hostname.
# nslookup <IP-address>
- SPF is valid.
Mx toolbox - https://mxtoolbox.com/SuperTool.aspx
- DKIM is working properly.
# dig txt _dmarc.volgaagency.com +short
"v=DMARC1;p=quarantine;pct=100;"
Mx toolbox - https://mxtoolbox.com/DMARC.aspx
- The hostname has an "A" record.
# dig A volgaagency.com +short
3) Yahoo! uses Spamhaus. Make sure your IP is not listed there. If it is, then you need to request removal from Spamhaus before you contact Yahoo!.
4) Checked the IP reputation
https://talosintelligence.com/reputation_center/
https://www.cyren.com/security-center/cyren-ip-reputation-check
NOTE: If the mail IP has a poor reputation, then follow the below KB link.
https://clients.assistanz.com/admin/supportkb.php?action=edit&id=35
5) Run the following command to find the most mailing script’s location from the Exim mail log
# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
NOTE: If you see more deliveries coming from /home/<user-name>/public_html and browse to the folder and look for any mail sending scripts.
6) Follow the below KB to find out the dovecot login issues:
https://clients.assistanz.com/admin/supportkb.php?action=edit&id=72
7) please advise the client to check and follow the below steps regularly to avoid these types of issues.
Steps to prevent spamming:
- Change the email account password with a strong one.
- set a strong password for the email account and change the password regularly.
- Don't save the password in any mail client or in the browser.
- Scan the local machine(email configured system) for any malware or viruses.
- Keep updating the operating system and the antivirus program with the latest patches.
To avoid IP blocking follow the below steps :
– Upgrade your CMS version, themes, and plugins to the latest version to secure the websites from known vulnerabilities.
– Set strong website admin panel password.
– Do not store unnecessary files online
– Avoid having directory/files with 0777 permission.
– Scan your local system with a good antivirus.
- Change the email account password immediately.
- set a strong password for the email account and change the password regularly.
- Don't save the password in any mail client or in the browser.
- Scan the local machine(email configured system) for any malware or viruses.
- Keep updating the operating system and the antivirus program with the latest patches.
======================================================================================
- SURESH KUMAR S. ( JUNIOR SYSTEM ENGINEER )