Question

Singapore IP Blacklisted with Outlook, Mail-Abuse, Symantec and more...

Posted August 4, 2020 202 views
Email

Hi,

We recently setup a droplet with DigitalOcean and installed cPanel, LiteSpeed, Redis and a bunch of other softwares.

We did all of the following:

  • Setup appropriate DMARC records
  • Setup appropriate DNSSEC records
  • Setup appropriate SPF records
  • Setup appropriate DKIM records
  • Ensured PTR was setup.
  • Disabled the ability to create/use email accounts on the server itself. Emails are managed by Office365 or GSuite
  • Enabled cPanels “SMTP Restrictions”
  • Enabled a limit of 150 emails per domain per hour
  • Setup the default/catch-all forwarder to “fail”.
  • Setup the server to hold outgoing mail that is “potentially spam”
  • Setup the server so if a domain sends 200+ unique emails out per hour it gets flagged as a potential spammer.
  • Restricted outgoing SMTP mail to root, exim and mailman only.

The only emails our droplet sends are:

  • cPanel usage/security emails
  • Imunify360 emails
  • Wordfence security emails
  • WordPress password reset emails
  • WordPress contact form emails (Of which is protected with Google’s reCAPTCHA)

I’ve check the emails from the websites with mail-tester.com and they score a perfect 10/10 with the only improvement possible being “Add a List-Unsubscribe header” of which is to be expected because it was a single email that wasn’t part of a subscription.

I’ve checked the server IP against various blacklists and the IP is listed on a few because DO has had a lot of abuse on its network so the entire AS is “limited”

However when I check IP’s around my IP on the likes of talosintelligence.com especially:

https://i.imgur.com/w83OsAw.png

What am I supposed to do here to allow cPanel/Websites to send a few basic emails without them being blocked. I can’t use a Floating IP because you can’t setup a PTR for them…

I don’t want to have to try and move the droplet to another country especially when DigitalOcean doesn’t have a “Migrate droplet to different zone” feature.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi,

I’ve not received anything back from DigitalOcean or any of the lists that have the IP blocked so as a quick fix I am wanting to fix it by using an external mailer.

For one of our other services we use Mailgun with a dedicated IP however my attempt to setup Mailgun for cPanel/WHM didn’t work.

The trace report showed:

ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after pipelined MAIL FROM:noreply@wordpresswebsite.com SIZE=3316: 550 5.7.1 Relaying denied

I assume this is because wordpresswebsite.com isn’t the same as the cPanel/WHM?

How do I setup relaying with Mailgun? If not possible, what other providers can I use that I don’t have to authenticate every single domain with them?

Would I have to setup a cPanel mail node to achieve this?

Thanks

Submit an Answer