• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Postfix mails are rejected by google - identified as bulk spam

O

OrinocoDelta

Basic Pleskian
Hello i run a server and have ONLY problems if i am sending mails to domains hosted by google ...

OSUbuntu 12.04.5 LTS
Plesk version12.0.18 Update #24, last updated at Nov 20, 2014 06:32 AM

Here a little bit about my configuration:

a) I have set a Reverse DNS (xyz.mydomain1.com) - My hostname!
b) i run 4 domains on this server (mydomain1, mydomain2, mydomain3, mydomain4)
c) my DNS settings are made by myself in my Domain Provider account
d) i also set SPF records and i use Domain Keys

Everything works like a charm but following now the outputs with my problems:

Here is my postconf -n output:

Code: 
root@shamu:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
message_size_limit = 10240000
mydestination = localhost.$mydomain, localhost, localhost.localdomain
myhostname = xyz.mydomain1.com
mynetworks = , 127.0.0.0/8, [::1]/128
myorigin = /etc/mailname
plesk_virtual_destination_recipient_limit = 1
readme_directory = no
recipient_delimiter = +
relayhost =
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client sbl.spamhaus.org
smtpd_milters = , inet:127.0.0.1:12768
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = , hash:/var/spool/postfix/plesk/transport
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110

NOW i sending a email from my domain2.tld and google rejects this email
I really don't know why and what i can do.... can someone point to get this fixed?
 
This i see in syslog:

Code: 
Nov 20 14:37:09 shamu postfix/smtpd[24534]: connect from mail-wg0-f66.google.com[74.125.82.66]
Nov 20 14:37:09 shamu postfix/trivial-rewrite[24477]: warning: do not list domain xyz.domain1.tld in BOTH mydestination and virtual_alias_domains
Nov 20 14:37:09 shamu postfix/smtpd[24534]: 2E0D794008C: client=mail-wg0-f66.google.com[74.125.82.66]
Nov 20 14:37:09 shamu /usr/lib/plesk-9.0/psa-pc-remote[17409]: Unable to get sender domain by sender mailname
Nov 20 14:37:09 shamu greylisting filter[24536]: Starting greylisting filter...
Nov 20 14:37:09 shamu greylisting filter[24536]: Bounce message. SKIP
Nov 20 14:37:09 shamu /usr/lib/plesk-9.0/psa-pc-remote[17409]: handlers_stderr: SKIP
Nov 20 14:37:09 shamu /usr/lib/plesk-9.0/psa-pc-remote[17409]: SKIP during call 'grey' handler
Nov 20 14:37:09 shamu /usr/lib/plesk-9.0/psa-pc-remote[17409]: Unable to get sender domain by sender mailname
Nov 20 14:37:09 shamu /usr/lib/plesk-9.0/psa-pc-remote[17409]: Unable to get sender domain by sender mailname
Nov 20 14:37:09 shamu postfix/cleanup[24479]: 2E0D794008C: message-id=<[email protected]>
Nov 20 14:37:09 shamu /usr/lib/plesk-9.0/psa-pc-remote[17409]: handlers_stderr: SKIP
 
Hi OrinocoDelta,

first, please correct this:

warning: do not list domain xyz.domain1.tld in BOTH mydestination and virtual_alias_domains

Even it is just a warning, it is a misconfiguration.


If you would include the header from the bounce message, there could be more investigations, because we can't see, WHAT Google doesn't like. You could always try to send eMails to another account on your server, in order to see in the headers informations, what might be adjusted to solve issues.
It is mostly a good idea to use some tools to investigate issues, like the ones at: http://www.port25.com/support/authentication-center/email-verification/
 
Hello here is the output from the bounce message:

X-Received: by 10.194.174.40 with SMTP id bp8mr66970107wjc.104.1416491341851;
Thu, 20 Nov 2014 05:49:01 -0800 (PST)
Return-Path: <mail@domain2.tld>
Received: from domain2.tld (xyz.domain1.tld. [85.214.56.248])
by mx.google.com with ESMTPS id ce8si4499146wib.2.2014.11.20.05.49.01
for <name@domain.tld>
(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Thu, 20 Nov 2014 05:49:01 -0800 (PST)
Received-SPF: pass (google.com: domain of mail@domain2.tld designates 85.214.56.248 as permitted sender) client-ip=85.214.56.248;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of hmail[EMAIL='[email protected]']@domain2.tld[/EMAIL] designates 85.214.56.248 as permitted sender) smtp.mail=mail[EMAIL='[email protected]']@domain2.tld[/EMAIL]
Received: from rmbp13.fritz.box (ip5b434561.dynamic.kabel-deutschland.de [91.67.69.97])
by shamu.cresolvis.com (Postfix) with ESMTPSA id 2FBC894008C
for <name@domain.tld>; Thu, 20 Nov 2014 14:48:58 +0100 (CET)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=domain2.tld;
b=kMbJl8KDJDK2UTGL4D8/DhdF0deFC8Mcie0/P9daADL3gJ65zY5y8vU3d58dCSN7aOgNIiF25+WqMZjOTtsJMrhhDEiW9HWeLZM2vHJgV6ZoSamx5MYvYCp7vsBRiqjM;
h=From:Content-Type:Reply-To:X-Priority:Subject:Date:To:Message-Id:Mime-Version:X-Mailer;
From: The Dolphin's Voice <mail@domain2.tld>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F04A3292-9D15-4F43-96B3-7DAE67BB7DDB"
Reply-To: name@domain.tld
X-Priority: 1
Subject: Skype call yesterday
Date: Thu, 20 Nov 2014 14:48:58 +0100
To: name@domain.tld
Message-Id: <C5E647A9-E587-4501-90BE-6429CB6A2E4A@[EMAIL='[email protected]']domain2.tld[/EMAIL]>
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
X-Mailer: Apple Mail (2.1993)
Click to expand...
 
warning: do not list domain xyz.domain1.tld in BOTH mydestination and virtual_alias_domains
Click to expand...

I want correct this, but all i tied do not worked! So i can send mails to mostly everyone else, but only google do not like from time to time my mails... why?
 
I noticed, that your SPF - entries are all "strict" ( "-all" ) and don't define additional MX - servers and or allowed IPs.


Let's make an example:

IP 999.999.999.999 reverses to server1.EXAMPLE1.com, so does mail.EXAMPLE1.com, as defined as additional MX record.

Let's assume, you have 2 additional domains on this server ( EXAMPLE3.com and EXAMPLE3.com ), both with the same IP as EXAMPLE1.com. When the reverse check now tries to verify the IP 999.999.999.999 ... where does it point to? Well, EXAMPLE2.com and as well EXAMPLE3.com reverse to 999.999.999.999 but where does the reverse of the IP - check points to? Correct, it reverses to EXAMPLE1.com and never to EXAMPLE2.com or/and EXAMPLE3.com.


To solve your issues, please adjust your SPF - entries like this:

v=spf1 +a +mx +ip4:999.999.999.999 ?all
Please read the additional informations for "PASS", "SoftFail", "FAIL" and "Neutral" at http://www.openspf.org/SPF_Record_Syntax , to make sure, that you choose the correct string, in order to avoid failures. It might be a good idea to add the MAIN - domain in the SPF - entry for the other domains, either with the string "include:EXAMPLE1.com", or per definition as for example "mx:EXAMPLE1.com mx:EXAMPLE2.com" and/or "a:EXAMPLE1.com a:EXAMPLE2.com", because there is only ONE reverse entry for the IP.​
 
Ok i will try this now, i will fix this and i will learn also why...

First i will try this:

v=spf1 +a +mx +ip4:my.main.server.ip ?all
It might be a good idea to add the MAIN - domain in the SPF - entry for the other domains, either with the string "include:EXAMPLE1.com", or per definition as for example "mx:EXAMPLE1.com mx:EXAMPLE2.com" and/or "a:EXAMPLE1.com a:EXAMPLE2.com", because there is only ONE reverse entry for the IP.
Click to expand...

I understand what you are writing here, but it do not exist a MAIN DOMAIN ... all 4 DOMAINS are used, do you mean i should use the MAIN DOMAIN depending on my hostname? My hostname is: shamu.cresolvis.com AND i also have a DOMAIN cresolvis.com in use ....
 
I defined the "MAIN" - domain as the one, which reverses to the IP and the other way round... so this would be "cresolvis.com"
 
Correct, and the other 3 domains do the same... same IP .. FYI: i just tried the above SPF record, still the same!

AND also i can't get rid of this message:

warning: do not list domain xyz.domain1.tld in BOTH mydestination and virtual_alias_domains
Click to expand...

Is this maybe some behavior, because i set up the hostname in Plesk panel and i also modified /etc/hosts file?

@UFHH01: I really thank you that you try to help me ;-)
 
Last edited:
Hi OrinocoDelta,

mydestination = localhost.$mydomain, localhost, localhost.localdomain
myhostname = xyz.mydomain1.com

As you can see, you define your hostname twice, because you already defined the hostname at "etc/hostname". There is no need to do this. To avoid this, you can define at "mydestination":

mydestination = localhost.cresolvis.com, localhost, localhost.localdomain
... if it doesn't solve this specific issue, please try out yourself several possible modifications at these two lines.



No, @OrinocoDelta : The other domains are not reversed to the IP, as you can check here:

Be aware that a rDNS - check is done on BOTH ways, from domain to IP and from IP to domain, that is why the suggestions for additional SPF - entries are always a good idea.
 
Ok tried the first part - no luck ;-) also with
#myorigin = /etc/mailname

Very strange - all day trying various things - always the same! Hmh! I think i have to live with it now ;-(

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
message_size_limit = 10240000
mydestination = localhost.cresolvis.com, localhost, localhost.localdomain
myhostname = shamu.cresolvis.com
mynetworks = , 127.0.0.0/8, [::1]/128
plesk_virtual_destination_recipient_limit = 1
readme_directory = no
recipient_delimiter = +
relayhost =
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client sbl.spamhaus.org
smtpd_milters = , inet:127.0.0.1:12768
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = , hash:/var/spool/postfix/plesk/transport
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110
Click to expand...
 
What details you get from google, open email in google account and click on why spam it will give details like, why it is sending the mails to spam.
 
You must log in or register to reply here.

Similar threads

B
Resolved no SASL authentication mechanisms
2
Replies
21
Views
5K
bork
B
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
P
Resolved Use PLESK/Postfix mailservice in combination with Office 365 - Problems sending mails to same domain (from local to office)
Replies
3
Views
3K
Jargon
J
Abdelkarim Mateos
Question 454 4.7.1 Relay access denied. Please check the recipient and try again.
Replies
2
Views
3K
Abdelkarim Mateos
Abdelkarim Mateos
R
Resolved Plesk behind HAProxy
Replies
5
Views
3K
razertechDE
R
Back
Top