3

EDIT

Let's ignore for a while all that I have written below and refrase the question: If you have your own domain name and you want to get email for that domain into your Gmail inbox (not Google Apps), how would YOU do it? Preferably SMTP only, without using POP3.

ORIGINAL QUESTION:

  • I have several vanity domain names, one of them is amedee.be.
  • I am running a Debian server on an Amazon AWS host, with Postfix.
  • I have also installed SpamAssassin and I have confirmed that it takes care of the most obvious spam.
  • I am using Procmail to forward mail to Gmail.
  • I am using the best practices as described by Google: https://support.google.com/a/answer/175365?hl=en

Most email arrives just fine, which is unlike in the Similar Questions that ServerFault suggests, where it is all or nothing. But more often than I would like (about 1 in 20), I get this in /var/log/mail.log:

Nov 30 15:01:39 ip-172-31-51-67 postfix/smtp[29724]: 4B72563149: 
  to=<amedee.vangasse@gmail.com>, 
  relay=gmail-smtp-in.l.google.com[74.125.22.26]:25, 
  delay=2657, 
  delays=2657/0.2/0.07/0.18, 
  dsn=5.7.1, 
  status=bounced (host gmail-smtp-in.l.google.com[74.125.22.26] said: 
    550-5.7.1 [52.0.177.1037] Our system has detected that this message is 
    550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 
    550-5.7.1 this message has been blocked. Please visit 
    550 5.7.1 https://support.google.com/mail/answer/188131 for more information. 
  y66si45484104qhc.73 - gsmtp (in reply to end of DATA command))

I have verified that it is most definitely not spam. When the same mail is sent to Gmail directly, it arrives.

I don't know if it is a coincidence, but I started noticing this around the time when I moved my server from Hetzner to AWS. I have been using this setup for a few years and it's only in the last 2 months that emails gets lost. The strange thing is, the Postfix and Procmail configs on my old and new server are identical.

Other related questions mention DKIM and SPF, which I would have to investigate what those letters mean, but in the past I haven't used that and it works, so first I would like to rule out other obvious causes.

/etc/postfix/main.cf

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/checks/body_checks
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/checks/header_checks
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 1
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0

# If you can't deliver it in two hours - it can't be delivered!
#bounce_queue_lifetime = 2h
#maximal_queue_lifetime = 3h
#queue_run_delay = 3m
#minimal_backoff_time = 5m
#maximal_backoff_time = 10m

message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/checks/mime_header_checks
mydestination =
        styx,
        styx.amedee.be,
        ip-172-31-51-67.ec2.internal,
        localhost.ec2.internal,
        localhost,
        intrepid,
        intrepid.exabyte.be,
        intrepid.amedee.be,
        mail.amedee.be,
        mx.amedee.be,
        localhost.localdomain,
        localhost.amedee.be,
        amedee.be,
        amed.ee,
        vangasse.eu,
        vangas.se,
        dhertefelt.be,
        dhertefe.lt,
        pcrobots.amedee.be,
        nowww.be
mydomain = amedee.be
myhostname = styx.amedee.be
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = -
relayhost =
smtp_destination_concurrency_limit = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name. All Your Spam Are Belong To Us!
smtpd_client_connection_count_limit = 5
smtpd_client_restrictions =
#       reject_invalid_hostname,
        permit
smtpd_error_sleep_time = 10
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
#       reject_invalid_hostname,
        permit
smtpd_junk_command_limit = 3
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
#       reject_invalid_hostname,
        reject_multi_recipient_bounce,
        reject_non_fqdn_recipient,
#       reject_non_fqdn_sender,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_unknown_recipient_domain,
        reject_unlisted_recipient,
        permit
smtpd_relay_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        defer_unauth_destination
#smtpd_sasl_auth_enable = yes
#smtpd_sasl_local_domain = $myhostname
#smtpd_sasl_path = private/auth
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_type = dovecot
smtpd_sender_restrictions =
#       reject_unknown_sender_domain,
        permit
smtpd_soft_error_limit = 2
smtpd_timeout = 120
smtpd_tls_cert_file = /etc/postfix/tls/mail.cert
smtpd_tls_key_file = /etc/postfix/tls/mail.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
#virtual_alias_domains = /etc/postfix/maps/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/maps/virtual_alias_maps

/etc/postfix/master.cf

smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=spamassassin
submission inet n       -       -       -       -       smtpd
  -o content_filter=spamassassin
pickup    unix  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
spamassassin unix -     n       n       -       -       pipe
  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

/home/amedee/.procmailrc

UMASK=007
PATH=/usr/bin:/usr/local/bin
MAILDIR=$HOME/Maildir
LOGFILE=$HOME/log/procmail.log
SHELL=/bin/bash
VERBOSE=no
SED=/bin/sed

SENDER=`formail -c -x Return-Path`
SENDMAILFLAGS="-oi -f $SENDER"

GMAIL=amedee.vangasse@gmail.com

#From the manpages: prevent duplicate mails
:0 Wh: msgid.lock
| formail -D 8192 msgid.cache

:0
* ^Subject: Undelivered Mail Returned to Sender
/dev/null

:0
* .*
! $GMAIL

My question: what do I need to do so Gmail won't bounce any more of the legitimate emails that I forward?

EDIT: Somebody flagged my question as a duplicate of this question: How to send emails and avoid them being classified as spam? HOWEVER my question is not about sending email as the original sender, my question is about forwarding email that was sent by somebody else. The flagging was also done 2 minutes after I posted my question, which isn't enough time to read it completely, so I think it was a case of diagonal reading. Don't feel bad, we all want to score StackExchange reputation.

I will keep editing this question as I address each point from suspected duplicates, until I have proven without any reasonable doubt that it is not a duplicate.

EDIT: DNS config:

* 300 IN A 52.0.177.103
@ 300 IN A 52.0.177.103
styx 300 IN A 52.0.177.103
@ 300 IN MX 1 styx.amedee.be.
@ 300 IN SPF "v=spf1 ip4:52.0.177.103 ptr ?all"
@ 300 IN TXT "v=spf1 ip4:52.0.177.103 ptr ?all"

EDIT: According to mxtoolbox.com, my Reverse DNS does not match my SMTP banner. So I changed my SMTP banner in /etc/postfix/main.cf:

#smtpd_banner = $myhostname ESMTP $mail_name. All Your Spam Are Belong To Us!
smtpd_banner = ec2-52-0-177-103.compute-1.amazonaws.com

and confirmed the change after Postfix reload:

admin@ip-172-31-51-67:~$ telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 ec2-52-0-177-103.compute-1.amazonaws.com
quit
221 2.0.0 Bye
Connection closed by foreign host.

So, as far as I can tell, the Reverse DNS of 52.0.177.103 is ec2-52-0-177-103.compute-1.amazonaws.com, and the IP address of ec2-52-0-177-103.compute-1.amazonaws.com is 52.0.177.103. Rather unfortunate, I would much more prefer that the hostname styx.amedee.be and the Reverse DNS were the same, but I assume that this is beyond my control.

Community
  • 1
Amedee Van Gasse
  • 308
  • 3
  • 18
  • 1) We read quickly. 2) Whether a message is forwarded doesn't matter - from the perspective of the receiving server, it's one and the same. – EEAA Nov 30 '15 at 16:37
  • No problem. I will just keep adding information to my question, is that ok? – Amedee Van Gasse Nov 30 '15 at 16:43
  • It's worth considering that EC2 IP addresses have historically poor reputation as far as spam goes. Many providers outright block mail from EC2 netblocks, while some others penalize messages from EC2 by means of a high positive spam score. You may want to try using their SES service (which does not carry a negative spam reputation) instead of sending directly. Integration with postfix is dead simple. – EEAA Nov 30 '15 at 16:48
  • @EEAA please elaborate how this would explain that >95% of my email has no problem at all? – Amedee Van Gasse Nov 30 '15 at 16:50
  • 1
    You can [request Amazon to change your reverse DNS on an Elastic IP](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#Using_Elastic_Addressing_Reverse_DNS). This is done on the same form on which you request them to [remove the rate limits on outgoing SMTP](https://aws.amazon.com/forms/ec2-email-limit-rdns-request?catalog=true&isauthcode=true). – Michael Hampton Nov 30 '15 at 17:38
  • Thank you @MichaelHampton, that is actually a useful comment! Although I get "This service limit increase case cannot yet be created through Support Center." I already created a support case to be able to create a support case. – Amedee Van Gasse Nov 30 '15 at 17:47
  • With regard to your updated question: In this sort of scenario, having Gmail fetch your mail via POP3 really is the best way to go. – Michael Hampton Nov 30 '15 at 18:00
  • The problem there is, I have registered a lot of email addresses in the format amedee-NAMEOFWEBSITE@amedee.be, and Postfix just takes care of it. If I have to use POP3 from the Domain Registrar's mailbox, then I loose that wildcard. Or I would have to configure POP3 on my own server, which I prefer not to do if possible. – Amedee Van Gasse Nov 30 '15 at 18:07
  • Using POP3 would actually be admitting defeat... – Amedee Van Gasse Nov 30 '15 at 18:08
  • I admit defeat. The problem cannot be solved. – Amedee Van Gasse Nov 30 '15 at 18:12
  • You can't, because you don't know how Gmail does detect Spam internally at all. Even if you would implement all the best mail practices Google documents there's still no guarantee at all it would'nt bounce now and then. It work's the other way around: you got a server, to install Dovecot as IMAP-Server and forward all your Gmail stuff to your own server - perioud. – Marc Stürmer Jan 04 '16 at 16:01
  • The question was already answered, you're beating a dead horse... – Amedee Van Gasse Jan 04 '16 at 16:21

1 Answers1

1

This is not possible with SMTP alone. You will have to configure a POP3 service on your personal mailserver (for example Dovecot), then configure Gmail to fetch the mail using POP3. With any other method, you will risk losing email.

Amedee Van Gasse
  • 308
  • 3
  • 18
  • 1
    And it goes without saying, really; there is no reason Gmail could *not* start blocking any particular sender at any point in time, regardless of their local configuration or the content of their email. Their network, their policy, their rules. – tripleee Nov 30 '15 at 19:41