Server won't send email

October 24, 2017 216 views
LEMP

About a month ago my SMTP block opened (by default is blocked) but I haven't test it until today, now I just tested it but it won't send email. I think this is my very first time I'm trying my contact form to send email to my Gmail address, but somehow on my log Google said my IP address is spammy, how so?

Here's part of the log with credential info redacted

Oct 24 13:33:00 ubuntu-vps-name postfix/pickup[1748]: D899E43DD7: uid=1000 from=<user-account-name>
Oct 24 13:33:00 ubuntu-vps-name postfix/cleanup[3280]: D899E43DD7: message-id=040b84f194a292e2e44e75aa35859d17@domain.com
Oct 24 13:33:00 ubuntu-vps-name postfix/qmgr[1749]: D899E43DD7: from=user-account-name@domain.com, size=752, nrcpt=1 (queue active)
Oct 24 13:33:01 ubuntu-vps-name postfix/smtp[3281]: D899E43DD7: to=my-gmail-address@gmail.com, relay=gmail-smtp-in.l.google.com[209.85.201.27]:25, delay=0.18, delays=0.03/0.01/0.06/0.09, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[209.85.201.27] said: 550-5.7.1 [server-ip-address 1] Our system has detected an unusual rate of 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedIPError to review our 550 5.7.1 Bulk Email Senders Guidelines. g42si245975qta.275 - gsmtp (in reply to end of DATA command))
Oct 24 13:33:01 ubuntu-vps-name postfix/cleanup[3280]: 0CA5F43DD8: message-id=20171024133301.0CA5F43DD8@ubuntu-vps-name
Oct 24 13:33:01 ubuntu-vps-name postfix/qmgr[1749]: 0CA5F43DD8: from=<>, size=3561, nrcpt=1 (queue active)
Oct 24 13:33:01 ubuntu-vps-name postfix/bounce[3282]: D899E43DD7: sender non-delivery notification: 0CA5F43DD8
Oct 24 13:33:01 ubuntu-vps-name postfix/qmgr[1749]: D899E43DD7: removed
Oct 24 13:33:01 ubuntu-vps-name postfix/local[3284]: 0CA5F43DD8: to=user-account-name@domain.com, relay=local, delay=0.02, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Oct 24 13:33:01 ubuntu-vps-name postfix/qmgr[1749]: 0CA5F43DD8: removed

Is this mean my server hacked? I've implemented all security protection from guides I found on DO guide and some other site. Please help me. Thanks

1 comment
  • I found an explanation here https://varaneckas.com/blog/check-your-ip/

    Maybe my problem is similar with that. I knew that Digital Ocean has a lot of its IP blacklisted as spammy, I thought it's just for website blacklist or something similar to akismet blacklist, didn't realise that it's also email blacklist too... I already checked my IP on some sites, none of them said my IP blacklisted. I also thought email blacklist only temporary, but it last really long from this IP previous owner until now still blacklisted.

1 Answer

@MrWorldWideWeb Hey there,

These days the big mail providers like hotmail, gmail etc. have got their spamfilters pretty strict. This means you won't be able to send any "legit" mails before you are verified. I won't go into details alot right now, but think about configuring the following:

  • SPF
  • DKIM
  • DMARC
  • SSL/TLS
  • Global used IP Blacklists & provider specified blacklists. Hotmail for example uses reputation: https://postmaster.live.com/snds/
  • You need to be sending "proper" emails for a while before you got a good reputation.

I don't know if you want to learn about all of that & configurate it, but I recommend doing it ;) Maybe its something completely new, but learning new things is alwasy fun!

Hope I helped you with this.

  • I'm already using SSL/TLS, now just set up SPF DKIM DMARC, I have a question about it, for DKIM record I put default._domainkey. as hostname, so the result will end up as default._domainkey.mydomain.com is this correct?

    My site also already verified with Google Postmaster

    How long I have to wait for my IP ban lifted?

    *Edit: I just renewed my DKIM by following this guide https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

    However I'm still blocked by Gmail

    by Popute Sebastian Armin
    This tutorial will focus on installing and configuring OpenDKIM: an open source implementation of the DKIM sender authentication system.
    • Update, DKIM and SPF pass, I don't know how to check DMARC. Email still not delivered to Gmail.

      For TLS, my domain is using TLS, however my email not using TLS.

      • Allright, so you've got your public DKIM key in the DNS now (followed the complete tutorial)? SPF record created? Good! Those are one of the most important ones.

        DMARC can easily created with a TXT record. Create a record with the following (change example.com with your own email/domain)

        TXT     _dmarc      v=DMARC1; p=none; fo=1; rua=mailto:info@example.com;ruf=mailto:info@example.com
        

        For TLS, my domain is using TLS, however my email not using TLS.
        Do you mean you have your apache website on SSL? You need to have a valid SSL certificate to use with your postfix installation. You can find alot of tutorials online how to do this, or check out the postfix manual

        You can also use some helpfull websites which will tell you the status on your mail/domain:
        Mail-Tester
        MX-Toolbox

        • Hi, it works now! I managed to get score 7.6 on mail tester and now the email delivered to my Gmail. However the email goes to spam folder, not that it matters because I can whitelist it on my Gmail, but maybe there's a way to make it go directly to my inbox without I have to whitelist it?

          Thanks

          • Hey, good to hear! Which points are still missing in mail-tester? Maybe you can improve that.

            As I said, sometimes you need to get reputation points. So maybe after a few (maybe 2-4) weeks you've been sending emails, gmail will accept them if you don't send any spam.

Have another answer? Share your knowledge.