3

I followed this tutorial to get email working on my VPS. I've been having problems sending email to Gmail.

I can receive emails fine, but any mail that is sent to Gmail is bounced with the following message:

Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information. qa9si13920205vdb.18 - gsmtp (in reply to end of DATA command)

I have updated my PTR record to match my IP address.

Before I was getting messages in mail.log that looked like this:

postfix/smtp[3160]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400c:c06::1b]:25: Connection timed out

and after searching around I found that this was a problem with IPv6, which I've now disabled on my box. I've stopped getting these messages but I'm still receiving bounce messages.

Here is my main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_cert_file=/etc/ssl/private/<redacted>_com/ssl-bundle.crt
smtpd_tls_key_file=/etc/ssl/private/<redacted>_com.key
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1

smtp_address_preference = ipv4

#Enabling SMTP for authenticated users, and handing off authentication to Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions =
      permit_sasl_authenticated,
      permit_mynetworks,
      reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = <redacted>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = <redacted>.com, <redacted>, localhost.<redacted>, localhost
mydestination = localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_transport = lmtp:unix:private/dovecot-lmtp

#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

Here are the logs I get when trying to send email to gmail:

Jun  5 11:27:52 <redacted> postfix/master[5118]: terminating on signal 15
Jun  5 11:27:53 <redacted> postfix/master[5326]: daemon started -- version 2.11.3, configuration /etc/postfix
Jun  5 11:28:09 <redacted> dovecot: imap-login: Login: user=<<redacted>@<redacted>.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1, mpid=5346, TLS, session=<0w+B8MYXwQB/AAAB>
Jun  5 11:28:09 <redacted> postfix/submission/smtpd[5347]: connect from localhost[127.0.0.1]
Jun  5 11:28:09 <redacted> postfix/submission/smtpd[5347]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jun  5 11:28:09 <redacted> postfix/submission/smtpd[5347]: 9A97B6241F: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=<redacted>@<redacted>.com
Jun  5 11:28:09 <redacted> postfix/cleanup[5352]: 9A97B6241F: message-id=<b0845816f2924994c29eecdeaf3c66c3@<redacted>.com>
Jun  5 11:28:09 <redacted> postfix/qmgr[5335]: 9A97B6241F: from=<<redacted>@<redacted>.com>, size=1032, nrcpt=1 (queue active)
Jun  5 11:28:09 <redacted> postfix/submission/smtpd[5347]: disconnect from localhost[127.0.0.1]
Jun  5 11:28:09 <redacted> dovecot: imap(<redacted>@<redacted>.com): Disconnected: Logged out in=912 out=460
Jun  5 11:28:09 <redacted> dovecot: imap-login: Login: user=<<redacted>@<redacted>.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1, mpid=5357, TLS, session=<yW2G8MYXxgB/AAAB>
Jun  5 11:28:09 <redacted> dovecot: imap(<redacted>@<redacted>.com): Disconnected: Logged out in=333 out=1227
Jun  5 11:28:09 <redacted> dovecot: imap-login: Login: user=<<redacted>@<redacted>.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1, mpid=5358, TLS, session=<xPqG8MYXxwB/AAAB>
Jun  5 11:28:09 <redacted> dovecot: imap(<redacted>@<redacted>.com): Disconnected: Logged out in=90 out=861
Jun  5 11:28:10 <redacted> postfix/smtp[5354]: 9A97B6241F: to=<<redacted>@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.141.26]:25, delay=0.95, delays=0.06/0.03/0.22/0.65, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.141.26] said: 550-5.7.1 [<redacted>      12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information. qa9si13920205vdb.18 - gsmtp (in reply to end of DATA command))
Jun  5 11:28:10 <redacted> postfix/cleanup[5352]: 9003A62422: message-id=<20150605152810.9003A62422@<redacted>>
Jun  5 11:28:10 <redacted> postfix/qmgr[5335]: 9003A62422: from=<>, size=3474, nrcpt=1 (queue active)
Jun  5 11:28:10 <redacted> postfix/bounce[5359]: 9A97B6241F: sender non-delivery notification: 9003A62422
Jun  5 11:28:10 <redacted> postfix/qmgr[5335]: 9A97B6241F: removed
Jun  5 11:28:10 <redacted> dovecot: lmtp(5362): Connect from local
Jun  5 11:28:10 <redacted> dovecot: lmtp(5362, <redacted>@<redacted>.com): nFazJArAcVXyFAAALAfe6g: msgid=<20150605152810.9003A62422@<redacted>>: saved mail to INBOX
Jun  5 11:28:10 <redacted> postfix/lmtp[5361]: 9003A62422: to=<<redacted>@<redacted>.com>, relay=<redacted>[private/dovecot-lmtp], delay=0.06, delays=0/0.02/0.01/0.03, dsn=2.0.0, status=sent (250 2.0.0 <<redacted>@<redacted>.com> nFazJArAcVXyFAAALAfe6g Saved)
Jun  5 11:28:10 <redacted> dovecot: lmtp(5362): Disconnect from local: Successful quit
Jun  5 11:28:10 <redacted> postfix/qmgr[5335]: 9003A62422: removed
k9rosie
  • 39
  • 1
  • 2

1 Answers1

1

The tutorial is great (I've followed it myself) but there are a few significant things missing, most of them DNS-related. Take a look here: http://blog.codinghorror.com/so-youd-like-to-send-some-email-through-code/

I can not stress this enough: you need a reverse DNS record (PTR). Most email providers will just drop messages from hosts that have no PTR. Just fix this first, there's no point working on the rest if you don't have a PTR.

A correct SPF record is not needed per se for delivery, but it will HUGELY improve your messages' chances of not ending up in the spam folder.

Accordingly, you'll need to configure DKIM. After that, add your domain on a public DNS whitelist.

You'll still end up in some spam folders (if I remember correctly outlook.com seems that doesn't support DKIM correctly), but less often than previously :)

dtsomp
  • 161
  • 7
  • +1 for suggesting the vital need of reverse DNS. However in my experience SPF neither DKIM is needed. Email delivery works perfectly fine without it. In fact SPF and DKIM are often abused by spammers to legitimise their spam. Its popularity with spammers is reason enough to disqualify it as a valid way to prevent spam. – aseq Jun 05 '15 at 23:11
  • @aseq when I was setting up my private mail server, I used to to send emails to all of my accounts on other providers (gmail, yahoo, outlook), then check the headers on the received email. Spam score would get better after each of the steps (SPF, DKIM, whitelist). – dtsomp Jun 06 '15 at 08:44