Diagnosis of e-mail rejection by Google servers

0

Google servers, whether Gmail or company mailboxes hosted by Google have been rejecting each and every e-mail that I sent for the past week or so. There are no indications as to why the message was rejected and I can't figure out what is wrong. I am now at the end of my wits.

Here is the rejection message:

host gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1b] said: 550-5.7.1
[2001:41d0:52:100::1161      12] Our system has detected that this
550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam
sent 550-5.7.1 to Gmail, this message has been blocked. Please visit
550-5.7.1  https://support.google.com/mail/?p=UnsolicitedMessageError 550
5.7.1  for more information. n30si13214745wrb.62 - gsmtp (in reply to end
of DATA command)

The sender is a VPS that I own and administer myself, for my one-person company, running CentOS 6, ISPConfig, amavisd-new, ClamAV and SpamAssassin. I have every standard antispam countermeasures that I know of:

  • SPF
  • DKIM
  • DMARC
  • reverse DNS (both IPv4 and IPv6) entries matching the MX entries.

Except for DMARC, which is a new thing (I've added the DNS record just today), the rest has been set up for years.

Every e-mail that I send is legitimate and I can't understand why I can't even reply to an e-mail sent to me, nor why all of that didn't protect me from such an inconvenience.

What I've tried so far

• I have checked the blacklisting status of my domain with mxtoolbox.com: it was blacklisted in two of the thirty blacklists the site helps check. I have had it delisted from one and things seem more complicated on the second, SORBS, which has (drumroll...) one single suspicious e-mail: my server is now blacklisted because some software program somewhere thought that one e-mail was suspicious.

• I have used the e-mail server test at allaboutspam and whenever I have my signature in the test e-mail, it says the e-mail contains a URL blacklisted in black.uribl.com but uribl.com says it doesn't list my domain. That's quite confusing.

• I have sent the same message to my e-mail accounts (TO'ed, not CC'ed) with Yahoo, Outlook and GMail: Yahoo accepted the message, Outlook put it in the Junk folder and GMail downright rejected it.

What other actions can I take to certify and authenticate my legitimate e-mails?

Last, I wonder why there is a 12 after the condensed IPv6 address. Is it a code of some sort that could guide me to the solution?

AbVog

Posted 2017-07-03T22:04:39.363

Reputation: 521

Postmaster Tools – DavidPostill – 2017-07-03T22:45:21.340

Thanks, Postmaster Tools was the first thing that I checked, but it's of no help for ultra-low volume senders like me. I've found out the reason my server was blocked. – AbVog – 2017-07-04T08:01:18.657

Great. You can answer you own question :) – DavidPostill – 2017-07-04T08:05:50.207

Answers

0

I found out that one of the e-mail user accounts on the server had been compromised and was used to send out spam.

I found that out thanks to How to Remove Your IP from the Gmail Blacklist, specifically this command:

grep sasl_username /var/log/maillog|awk {'print $NF'} |sort |uniq -c |sort -n

The command would give the number of authentications made by each account. By running it against all archived maillog files, I was able to determine that the user account test@, which I probably created years ago when I was starting as system admin of my VPS, was sending e-mails.

I've used ISPConfig to deny the sending of e-mails to all my accounts except those that have a reason to send e-mails (i.e. application accounts as well as my main identity account). I'd also recommend strengthening the passwords.

AbVog

Posted 2017-07-03T22:04:39.363

Reputation: 521

Asked: 2017-07-03T22:04:39.363

Viewed: 445 times

Active: 2017-07-04T08:33:41.920