>> I was watching my log files now looking for deferred errors, and >> for my surprise, we got temporary blocked by Yahoo on some SMTPs >> (ips), as shown: >> >> Jan 9 13:20:52 mxcluster yahoo/smtp[8593]: 6731A13A2D956: host >> mta5.am0.yahoodns.net[98.136.216.25] refused to talk to me: 421 4.7.0 [TS02] >> Messages from X.X.X.X temporarily deferred - 4.16.56.1; see >> http://postmaster.yahoo.com/errors/421-ts02.html > > Postfix already treats this as a don't send signal. Enough of these > back to back and transmission stops. This is a 421 during HELO, > not a 4XX during RCPT TO.
So please, tell me what am I doing wrong because my postfix servers keep trying even after this failure. At this moment I have over 30k emails to yahoo on deferred queue based on the same error. > Yahoo's filters are NOT simple rate limits. They delay delivery when > their reputation system wants more time to assess the source. They > typically will permit delayed message when they're retried, unless > of course they believe the source to be spamming, in which case they > may reject, or quarantine… I agree with that. >> So guess what, I still have another 44k messages on active queue >> (a lot of them are probably to yahoo) and postfix is wasting its >> time and cpu trying to deliver to Yahoo when there's an active >> block. > >> Yahoo suggests to try delivering in few hours, but we'll never >> get rid from the block if we keep trying while the block is active. > > This is false. Postfix does not "keep trying" under the above > conditions, and Yahoo does not rate-limit in the naive manner you > imagine. My postfix does keep trying. Any idea about why this is happening? > >> This doesn't happens only with bulk senders. Many people use >> their hosting company to send few hundreds emails together with >> many other users sending legitimate mails from their mail clients? >> Eventually, one user will compromise all infrastructure and many >> people may have problem delivering their messages. > > This is rarely a problem, and when it is, any blocking is usually > transient, and one can request to be unblocked, at most providers. "Most" in this case might not be enough. > >> There's gotta be a solution for this. > > Yes, but not the one you're asking for. It is I think possible to > design and implement a useful dynamic rate delay algorithm, I am > not sure that spending the effort to optimize Postfix for unwhitelisted > bulk email is a good use of developer effort. I'm 100% sure that this doesn't happened only with bulk senders. Legitimate mails are also subject to be blocked because of bad emails. Last week a customer's server got compromised, somebody uploaded a bulk-php-script that started sending thousands of emails in a very small time frame, blocking all legitimate emails from that time on up to few hours. - Rafael
