0

I recently tried setting up a mail server to be able to send mail for the websites I host with apache.
At first I tried to work with exim but I was overflown with error messages and mails I tried to send were rejected for most destination. I think only Gmail accepeted mails sent with exim but they went to spam.

I finally decided to change and start using Postfix which is said to be easier to configure for my needs.

I followed basic configuration steps and I tried a simple mail send but the same thing occured.

Jan  4 11:43:45 sd-79356 postfix/qmgr[29420]: 374A1A4D72: from=<root@xxx.xxx.xxx.xxx.online.net>, size=361, nrcpt=1 (queue active)
Jan  4 11:43:45 sd-79356 postfix/smtp[29427]: 374A1A4D72: to=<xxxxxxxxxx@hotmail.fr>, relay=mx1.hotmail.com[65.54.188.94]:25, delay=0.67, delays=0.07/0/0.45/0.15, dsn=5.0.0, status=bounced (host mx1.hotmail.com$
Jan  4 11:43:45 sd-79356 postfix/smtp[29427]: 374A1A4D72: lost connection with mx1.hotmail.com[65.54.188.94] while sending RCPT TO
Jan  4 11:43:45 sd-79356 postfix/cleanup[29425]: DBBB1A4D75: message-id=<20160104104345.DBBB1A4D75@sd-xxxxx.dedibox.fr>
Jan  4 11:43:45 sd-79356 postfix/bounce[29428]: 374A1A4D72: sender non-delivery notification: DBBB1A4D75

And for Gmail address, the message is sent, but goes to spam.

I know this is a quite recurring questions and I think I've read most of posts on SO, SF or other forums but nothing solved my problem.

The last change in configuration I tried after that is setting up TLS after I read this post, but unfortunately it didn't change anything to my problem, same errors.

I forget to mention I've checked dozen times if my server wasn't blacklisted or reported as spammer, which could explain the problem and obvisouly there's no such issue, so please don't tell me my problem is probably that (there's always someone who says to do that check in similar questions, so don't waste your time if you have nothing better to suggest).

Last point, my goal is to be able to send mail for several websites hosted in Apache Virtualhosts, this means I will need several "sender" outgoing addresses and I can't just write directly in configuration the outgoing address name.

Here is my config /etc/postfix/main.cf :

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

readme_directory = no

# What I added to use TLS support, which doesn't solve the problem
smtpd_use_tls=yes
smtpd_tls_security = may
smtpd_tls_key_file = /etc/postfix/tls/smtpd.key
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# till here

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = sd-xxxxx.dedibox.fr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = xxx.xxx.xxx.xxx.online.net, sd-xxxxx.dedibox.fr, localhost.dedibox.fr, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only

What I get in the received mail with gmail :

Received: from sd-xxxxx.dedibox.fr ([xxx.xxx.xxx.xxx])
    by mx.google.com with ESMTPS id 74si69449965wmm.7.2016.01.04.03.15.17
    for <xxxxxxx@gmail.com>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Mon, 04 Jan 2016 03:15:18 -0800 (PST)
Received-SPF: neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of root@xxx.xxx.xxx.xxx) client-ip=xxx.xxx.xxx.xxx;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of root@xxx.xxx.xxx.xxx) smtp.mailfrom=root@xxx.xxx.xxx.xxx
Received: by sd-xxxxx.dedibox.fr (Postfix, from userid 0)
id B5DA5A4D78; Mon,  4 Jan 2016 12:14:47 +0100 (CET)
Community
  • 1
ibi0tux
  • 161
  • 1
  • 7
  • Possible duplicate of [How to send emails and avoid them being classified as spam?](http://serverfault.com/questions/48428/how-to-send-emails-and-avoid-them-being-classified-as-spam) – MadHatter Jan 04 '16 at 11:34
  • No, it's not a duplicate, you didn't read my post. – ibi0tux Jan 04 '16 at 11:54
  • You need to read the linked duplicate and *follow the link about canonical questions* - these are questions where the community has said all it is going to say on a class of subject, because although everyone's particular problems in that class are somewhat different, to the extent that they are interesting, they aren't different, and to the extent that they're different, they aren't interesting (to anyone save the questioner). So we write one answer that's designed to be the last word on the subject, and say no more. But five must agree to close, and you may get a good answer beforehand. – MadHatter Jan 04 '16 at 12:10

2 Answers2

2
  1. Gmail gives your explanation why mail was classified as spam. Did you check that?
  2. If each of your domains has dedicated IP, you need to check that its A and PTR records are in sync. This increases chance of passing spam filters significantly.
  3. Try to add SPF records to your domains.
user1700494
  • 1,642
  • 2
  • 11
  • 20
  • 1. I checked raw received mail in gmail and I've got something like that `xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of root@xxx.xxx.xxx.xxx)` (I've pasted the full message in the post). 2. Each domain points to the same IP 3. It's a good idea for domains, but in my case I'm using no domain for the test I made, directly the IP of the server – ibi0tux Jan 04 '16 at 12:47
  • Using IP instead of FQDN is often sufficient condition to mark your mail as spam. – user1700494 Jan 04 '16 at 13:40
1

This caught my eye:

lost connection with mx1.hotmail.com[65.54.188.94] while sending RCPT TO

Are you sure your ISP hasn't blocked outgoing SMTP? Try to telnet mx1.hotmail.com 25 to see if you're able to connect in the first place.

Joe
  • 131
  • 3
  • There's no problem with that, I can connect with telnet. – ibi0tux Jan 04 '16 at 12:35
  • My next guess would be that _xxx.xxx.xxx.xxx.online.net_ doesn't have a MX record (unless that's just an example and you replaced the real address). Try to use real, or at least an existing mail domain as a sender address. – Joe Jan 04 '16 at 12:40
  • I tried both, with `xxx.xxx.xxx.xxx.online.net` and with a domain that points to the server and I still get the same errors. I also noticed that with gmail I have a lot of connection timeouts. What I am sure is that adding TLS didn't solve the problem. I will now explore the SPF records clue to see if this solve something (since this is clearly exposed in gmail logs). – ibi0tux Jan 04 '16 at 13:22
  • Finally I compared the mail status with "standard" mails that are properly sent and received and the same SPF-related appears. The only noticeable difference is the outgoing address, that shows an ip in my case, even though I specified a full domain name in my conf. – ibi0tux Jan 04 '16 at 14:24
  • 1
    If you need to rewrite sender addresses for outgoing mail, try [`sender_canonical_maps`](http://www.postfix.org/postconf.5.html#sender_canonical_maps). – Joe Jan 05 '16 at 06:31