dirk2099
By:
dirk2099

Email sent to gmail is flagged as spam.

December 11, 2013 51.5k views
I am almost ready to give up here. I have a ubuntu server with postfix and I am hosting mutiple domain names with email accounts. Any email address I send from on my server to gmail ends up in a spam folder. I have this SPF record set for all my domains in the DNS and my email still ends up in gmails spam folder. Here is my SPF record: @ v=spf1 mx ip4:192.241.174.155 -all I have checked the spam lists from here http://www.spamhaus.org/query/ip/192.241.174.155 and everything looks good. Any help would be appreciated. I am at a loss. Here is a email header from one email that is put in apm folder Delivered-To: blah@gmail.com Received: by 10.68.204.97 with SMTP id kx1csp344035pbc; Wed, 11 Dec 2013 15:41:50 -0800 (PST) X-Received: by 10.224.55.197 with SMTP id v5mr6990173qag.9.1386805309858; Wed, 11 Dec 2013 15:41:49 -0800 (PST) Return-Path: Received: from blahtech.us (blahtech.us. [192.241.174.155]) by mx.google.com with ESMTP id t13si17143153qef.73.2013.12.11.15.41.49 for ; Wed, 11 Dec 2013 15:41:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of blah@blahtech.us designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of blah@blahtech.us designates 192.241.174.155 as permitted sender) smtp.mail=blah@blahtech.us Received: from localhost (localhost [127.0.0.1]) by blahtech.us (Postfix) with ESMTP id 29E78A13FB for ; Wed, 11 Dec 2013 18:41:49 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at blahtech.us Received: from blahtech.us ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvifmUrXjonV for ; Wed, 11 Dec 2013 18:41:48 -0500 (EST) Received: from blah.com (localhost [127.0.0.1]) by blahtech.us (Postfix) with ESMTP id B45E0A13EF for ; Wed, 11 Dec 2013 18:41:48 -0500 (EST) Received: from 50.165.145.244 (SquirrelMail authenticated user blah@blahtech.us) by blah.com with HTTP; Wed, 11 Dec 2013 18:41:48 -0500 Message-ID: <8f7a1823da66577b49c4fccd524b7e95.squirrel@blah.com> Date: Wed, 11 Dec 2013 18:41:48 -0500 Subject: Wed night hockey From: blah@blahtech.us To: blahblah1@gmail.com User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal
32 Answers
"Received: from localhost (localhost [127.0.0.1])"

In all likelihood, there's your problem. A LOT of spammers use localhost in the email header b/c they're relying on a spoofed domain name. So, despite the SPF record, you're sending the receiving mail-servers mixed signals.

Given that your SPF record is using the "hard fail" qualifier, i.e. -all, it's no surprise that Gmail is sending your mail to the Spam folder. It might help to change it to "soft fail," i.e. ~all. See How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability.

Nevertheless, you're better off with a properly set /etc/hosts file. See Setting the Hostname & Fully Qualified Domain Name (FQDN) on Ubuntu 12.04 or CentOS 6.4 | GitHub.
by Pablo Carranza
A carefully tailored SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from getting flagged as spam before they reach your recipients.
  • Hi @pablo,

    I am in the same situation actually. All my sent emails are flagged as spams. I correctly setup SPF, DKIM and properly set /etc/hosts file. Please, is there any way to remove Received: from localhost (localhost [127.0.0.1]) from the header ?

    Best,

    Edouard.

Thank you for the help.

I am a little confused on one thing.
I am trying to set the FQDN and right now the /etc/hosts has:
127.0.0.1 localhost blahtech

Should I remove the localhost and have the line say:
127.0.0.1 blahtech

or should i have:
192.241.174.155 blahtech

Thank you
Don't remove localhost, remove blahtech and add a new line above it that says 127.0.0.1 blahtech .

So /etc/hosts will look like this:
127.0.0.1 blahtech

127.0.0.1 localhost
[...]
This is how my
/etc/hosts
file looks like now:

127.0.0.1 blahtech
127.0.0.1 localhost


If I do
hostname -f
in the terminal my hostname shows up as blahtech.us which is correct.

But when I send a email the email header still has localhost in it.



Delivered-To: blahblah1@gmail.com
Received: by 10.68.204.97 with SMTP id kx1csp418090pbc;
Thu, 12 Dec 2013 11:56:56 -0800 (PST)
X-Received: by 10.49.76.66 with SMTP id i2mr16662763qew.35.1386878216527;
Thu, 12 Dec 2013 11:56:56 -0800 (PST)
Return-Path:
Received: from blahtech.us (blahtech.us. [192.241.174.155])
by mx.google.com with ESMTP id e16si19805596qej.91.2013.12.12.11.56.56
for ;
Thu, 12 Dec 2013 11:56:56 -0800 (PST)
Received-SPF: pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) smtp.mail=info@blahgranola.com
Received: from localhost (localhost [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id E3A53A2E4C
for ; Thu, 12 Dec 2013 14:56:55 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at blahtech.us
Received: from blahtech.us ([127.0.0.1])
by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id M-iVFP5FI675 for ;
Thu, 12 Dec 2013 14:56:55 -0500 (EST)
Received: from blahblah.com (localhost [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id A0F7CA2E45
for ; Thu, 12 Dec 2013 14:56:55 -0500 (EST)
Received: from 50.138.128.223
(SquirrelMail authenticated user info@blahgranola.com)
by blahblah.com with HTTP;
Thu, 12 Dec 2013 14:56:55 -0500
Message-ID:
Date: Thu, 12 Dec 2013 14:56:55 -0500
Subject: test
From: info@blahgranola.com
To: blahblah1@gmail.com
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

egre

  • maybe too late for you, but others can help...
    check your /etc/postfix/main.cf

    myhostname = yourdomain.com
    
Did you reboot your droplet?
Nope but I rebooted now and I think its fixed.

I still localhost listed in the header after
Received: from localhost (blahtech [127.0.0.1])




Delivered-To: blahblah1@gmail.com
Received: by 10.68.204.97 with SMTP id kx1csp421854pbc;
Thu, 12 Dec 2013 12:53:44 -0800 (PST)
X-Received: by 10.224.127.74 with SMTP id f10mr9660112qas.56.1386881624569;
Thu, 12 Dec 2013 12:53:44 -0800 (PST)
Return-Path:
Received: from blahtech.us (blahtech.us. [192.241.174.155])
by mx.google.com with ESMTP id r10si11014534qak.130.2013.12.12.12.53.42
for ;
Thu, 12 Dec 2013 12:53:43 -0800 (PST)
Received-SPF: pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) smtp.mail=info@blahgranola.com
Received: from localhost (blahtech [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id 6AD2AA2E1B
for ; Thu, 12 Dec 2013 15:53:41 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at blahtech.us
Received: from blahtech.us ([127.0.0.1])
by localhost (blahtech.us [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 4Qu-wLkQ3AUt for ;
Thu, 12 Dec 2013 15:53:41 -0500 (EST)
Received: from blahblah.com (blahtech [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id E50F2A2CCB
for ; Thu, 12 Dec 2013 15:53:40 -0500 (EST)
Received: from 50.138.128.223
(SquirrelMail authenticated user info@blahgranola.com)
by blahblah.com with HTTP;
Thu, 12 Dec 2013 15:53:40 -0500
Message-ID: <0ffb94d941b77c6674f3afd011941f6e.squirrel@blahblah.com>
Date: Thu, 12 Dec 2013 15:53:40 -0500
Subject: test66
From: info@blahgranola.com
To: blahblah1@gmail.com
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

fgregre
"Should I remove the localhost and have the line say:"

No! I provided an example of what your /etc/hosts file should look like @ Setting the Hostname & Fully Qualified Domain Name (FQDN) on Ubuntu 12.04 or CentOS 6.4 | GitHub.
I don't know if this might be relevant or not. When I created my first droplet, the emails I sent to comcast, gmail, hotmail, and yahoo, were going into spam as well. After researching I found out it was my PTR records that weren't set properly.

So I went into my DO DNS settings and notice my PTR record said server1 and I change it to server1.mydomain.com which is my hostname.

That solved the issue for me.
"After researching I found out it was my PTR records that weren't set properly."

Ya, the How To Create Your First DigitalOcean Droplet Virtual Server article needs a semi-major overhaul.

It appears as though the article was written b/f DigitalOcean rolled out its DNS Manager, but the article was never updated to reflect (i) the importance of PTR records and (ii) the fact that a PTR record is automatically created from the hostname assigned to a droplet in the DigitalOcean Control Panel. Consequently, users that do not format their hostname as a FQDN, in the DO Control Panel, are doomed from the start.
I am seriously confused now. Sorry and I really thank you guys for all the help.

I have the hostname set in my digital ocean control panel to
blahtech.us
and I have my
/etc/hosts
file to
127.0.0.1    blahtech

127.0.0..1 localhost


I also have the
/etc/hostname
file set to
blahtech.us


In the DNS records for one of my domain names blahgranola.com I have an "A" record set as
A   mail    192.241.174.155


Please keep in mind I have several domain names for multiple clients.
If you would only take a look at the article I cited to -- twice before -- you would see that your /etc/hosts file should be formatted like this.
I have been reading your article and I have found it informative but I am a little confused thats all.

I think I have it now.

127.0.0.1 localhost.localdomain localhost
127.0.1.1 mail.blahtech.us
127.0.1.1 mail.blahgranola.com
192.241.174.155 mail.blahtech.us
192.241.174.155 mail.blahgranola.com


Is that a typo in the localhost ip? 127.0.1.1 Shouldn't it be 127.0.0.1?
"Is that a typo in the localhost ip? 127.0.1.1 Shouldn't it be 127.0.0.1?"

I take back my previous comment. localhost is ALWAYS 127.0.0.1; but, on Debian-based system, such as Ubuntu, you need the second 127.0.1.1 ... line in the /etc/hosts file, as well.
okay so is this correct? I followed what I could from your article and did a little google searching to put this together. Email still goes into gmails spam folder with these settings. I have two domain names here blahtech.us and blahgranola.com

my
/etc/hosts
file:

127.0.0.1 localhost.localdomain localhost
127.0.1.1 btserver.blahtech.us btserver
127.0.1.1 btserver.blahgranola.com btserver
192.241.174.155 btserver.blahtech.us btserver
192.241.174.155 btserver.blahgranola.com btserver


My
/etc/hostname
file:
btserver


My digitalocean control panel -> settings -> rename
btserver


And again thank you for the help.
RE: the Hostname you specify in the DigitalOcean Control Panel

Did you see @Raul Cruz's comment, above? Use a Fully Qualified Domain Name (FQDN), e.g. btserver.blahtech.us.
I set the digitalocean control panel host name to
btserver.blahtech.us
and email still goes to spam in gmail. Do I need to create any sort of "A" record in my blahtech.us DNS like
A   btserver  192.241.174.155
?

Or maybe I need to just wait a few hours for everything to resolve?
Email still goes to spam. I am almost ready to give up. Do you have any other suggestions?
Everything passes except the SOA serial number has a warning and the server returned no glue records. The SPF passes So I am at a loss.

I just noticed hotmail flags email from my server as spam as well. This is not good.

I appreciate all the help.
"I just noticed hotmail flags email from my server as spam as well."

From both domains?
Yes both domains.

I also used this service:
www.mail-tester.com

and my domains have a 9/10 score and the only thing wrong is the message is not signed with DKIM.
Actually Hotmail is excepting emails now. It is just Gmail once again.
I think I found the problem. A bot was using a old contact form submission script that I had forgotten about years ago on my server to spam the hell out of my gmail account. I never had any bot checks on that script so the bot was able to send over a 100 emails a day to my gmail account. Gmail must of blacked flagged the servers IP from this.

I have removed the script and the spam has stopped.

I am hoping maybe within a few days or so this might clear up the spam flag and if not I may have to change the servers IP and see if that helps.

I appreciate all the help from everyone here. If anything I was able to fix a bunch of other issues with my email server from the help of the people here.

Thank you
50% of digital ocean's AMS datacenter's IP's are blacklisted. That's why your email are going in to a spam folder in gmail.
  • Assuming this is true...

    1. is this something i can control/avoid with proper mail server/DNS/FQDN setup or is it a roll of the dice depending on the IP of my droplet?
    2. Is there a common alternative you could share?
I have the same problem, in my mails appears Received: from mydomain.com (mydomain.com[127.0.0.1]), anyone knows how can I resolve it?
Have another answer? Share your knowledge.