• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Google is blocking my mail server for some unknown reason

One of the things we have found is that users who forward to their gmail tend to forward a lot of spam. We wound up on lots of blacklists that way. One of the things we did that seems to have made a big difference is to run outgoing mail through spamassassin. The recipe I found wasn't for a plesk server, so after moving things around, this is what we do:

install spamassassin using plesk autoinstaller

yum -y install clamd clamav-db clamav amavisd-new perl-Error

Set Amavisd-new to start after reboot and start Amavisd-new:

chkconfig amavisd on
service amavisd start

Set ClamAV to start after reboot and start ClamAV:

chkconfig clamd.amavisd on
service clamd.amavisd start


Set Postfix to use amavids on port 10024:

edit /etc/postfix/main.cf

add after other parameters add:

#use amavisd as filter on port 10024
content_filter=amavisfeed:[127.0.0.1]:10024

Edit Postfix configuration file:

edit /etc/postfix/master.cf

Add the following lines at the bottom of the file to connect Postfix to Amavisd-new (explanation and updates found in /usr/share/doc/amavisd-new-2.6.4/README_FILES/README.postfix):

amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o lmtp_tls_note_starttls_offer=no

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=

reload postfix to get the change:

service postfix reload
 
trialotto said:
@Matt Grant

a) DKIM: go to "Tools & Settings > Mail > Mail Server Settings (click on it) > DomainKeys spam protection": enable sign outgoing mail

b) use an appropriate SPF record: add a TXT record to DNS (Note: Google has some simple documentation about this)

c) use DMARC: add a TXT record to DNS
Click to expand...
Trialotto, forgive my ignorance, but I am under the impression that DomainKeys that is available on Plesk 12.0 is the old Yahoo standard and is not the not the same as DKIM. Is that not the case?
 
@Ed Greenberg

Thanks for the excellent post, this is actually a setup that is similar to having a mail cluster filtering out spam, with some important differences.

The import differences are:

a) the custom configuration ofPostfix config files on a Plesk instance is not recommended: any upgrade/update can revert the customizations,

b) introducing Amavis and the somewhat buggy and inefficient ClamAV introduces additional resource usage: this stack is being known for knocking the system down, when being under the duress of a relatively small spam attack.

c) the solution does not offer or barely prevents any attacks from "local spam scripts": any spam script, installed on the server (i.e. a hack), that bypasses postfix (for instance, by calling any of the other possibilities to send mail, such as the mail() function) or qmail, will still result in outgoing spam. Note that this remark specifically applies to most WP instances.

For these (and other) reasons, most of the Amavis based filtering solutions are located on external mail clusters, with often a custom ClamAV and/or other solutions, like Pyzor.

Finally, I must add that, even though it is an excellent post, most mails are blocked by Google, not because they are spam, but because DNS cannot be resolved, which will result in Google marking mail as spam, since the "machine is not learning" that the mail sender can be trusted.

In essence, your solution can (and often will properly) work for mail forwards from the Plesk instance, but not for other types of mails.

Regards....
 
@Fronobulax

You stated

Fronobulax said:
but I am under the impression that DomainKeys that is available on Plesk 12.0 is the old Yahoo standard and is not the not the same as DKIM. Is that not the case?
Click to expand...

and I can answer that, at least if I am not mistaken, that in both Plesk versions (12.0.18 and 12.5.30) DKIM is being used.

You can verify that by having a look at the headers, for instance by opening the "original message" in Gmail.

Regards....
 
@trailotto We have the older DomainKeys in Plesk, it's fairly straightforward to add OpenDKIM though.
You obviously have to script the creation and adding to key and signing tables.
Regards

Lloyd
 
You must log in or register to reply here.

Similar threads

T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
395
TurabG
T
G
Resolved Emails not being blocked by server wide mail settings/blacklist
Replies
4
Views
963
gregconway
G
PeopleInside
Issue with Google Drive Backup
Replies
7
Views
3K
PeopleInside
PeopleInside
D
Question get spam sent out
Replies
7
Views
959
Detlef D.
D
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
552
Change Maker
C
Back
Top