"Temporarily rate limited" ? from Google in mail relay.

September 4, 2014 28.7k views

For a short period, I've setup Postfix mail relay on my vhost to forward my email to my gmail account. Mind you, I've had this email address and domain for over 14 years -- it gets a lot of spam (which is a big reason why I use Gmail for its awesome filters).

While watching the logs, I got this message (pretty quickly) from Google's SMTP server:

Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 to review our Bulk 421 4.7.0 Email Senders Guidelines. f14si1032016icj.42 - gsmtp (in reply to end of DATA command))

(I've since moved the MX record back to the original shared host to insure mail works)

The thing is, I'm not bulk emailing. I'm simply trying to setup a mail relay for my custom domain. Google saw "an unusual rate (was actually only about 5) of unsolicited mail" being forwarded over simply because my address is spammed ... a lot.

Is there anything I can do to alleviate this? The need of a mail relay host is actually a huge issue. This is preventing me from fully moving off my current shared hosts (A2Hosting & Dreamhost).

  • Just brain-storming here: what if, rather than using Postfix to send to your google account, you could set up POP3 (maybe using dovecot or similar) and then set up your gmail account to check and retrieve your mail from there.

    This would eliminate the need for sending, and would stop Google from giving you grief.

  • You know, sierracircle. That is an interesting idea I hadn't even thought of. However, that still requires the use of a Postfix server. Might as well just forward it on over.

3 Answers

Did you set a SPF record and set up DKIM? Email with out them will often run afoul of Gmail:

To ensure that Gmail can identify you:

  • Use a consistent IP address to send bulk mail.
  • Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain.
  • Use the same address in the 'From:' header on every bulk mail you send.

We also recommend the following:

  • Sign messages with DKIM. We do not authenticate messages signed with keys using fewer than 1024 bits.
  • Publish an SPF record.
  • Publish a DMARC policy.

Check out this tutorial:

How To Install and Configure DKIM with Postfix

by Popute Sebastian Armin
This tutorial will focus on installing and configuring OpenDKIM: an open source implementation of the DKIM sender authentication system.
  • Is this required as well for merely forwarding email? I hadn't set up any of those, as I was unaware I needed to. I was merely trying to create a relay server to forward my personal email to my gmail account.

  • It's been a few days as I've been researching SPF and DKIM records. I now have a better understanding of them; however, I'm left in a conundrum: SPF doesn't work in my instance. In my particular instances, I'm going from <random from> -> <my vhost> -> gmail. Google is then validating <random from> against <my vhost>, resulting in a fail.

    Is there anyway to tell Google my vhost is a valid in-between relay for @mydomain(s)?

    Edit: Solution is SRS. Looking into that now.

  • Solution

    Okay, so I did a little more research and I found some interesting things:

    SPF "breaks" email forwarding.


    Yup! So, the solution here is to use SRS, in combination with SPF. I found a great quick tutorial for installing a PostSRS deamon:

    In addition to this, I highly recommend updating 'mydomain' to be the desired from: domain you've setup SPF against. In addition, change the postsrsd process to run under 'postfix' in /etc/default/postsrsd.

    ps -ef | grep postfix should then show a new postsrsd process, with your domain under -d parameter.

Wow, I find it hard to believe that one email address sending mail to google would be enough to trigger alarms.

Have you checked your ip to make sure it isn't blacklisted on any of the common sites. Could be previous owner was a spammer.

How long has this server been in operation? Any chance it could have actually been hacked and indeed sending out spam

  • I'm not actually sending any email. It's a relay server; catching incoming mail, and redirects it to my gmail account. Now, it is coming in on a few different email addresses as I saw, about 4 total, all But all redirected to one specific address.

While I agree with the comments above, it seems to me the only mail being limited is relayed spam. If I originate a message on one of my severs it goes through with no problem at all. But I have sevveral domains and stopped trying to filter spam beyond using spf, dmarc and rbl lists several years ago and let google or yahoo filter my spam. I wonder if I can do any special processing on the messages that google is rate limiting with Postfix.

Have another answer? Share your knowledge.