my mail server is rejecting gmail

i try to send a message from my gmail account to one of the addresses hosted by my mail server and get the following message:

Delivery to the following recipient failed permanently:

xxxxxxxxxx@xxxxxxxx.com

Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain xxxxxxxxx.com by mail.xxxxxxx.com. [xxx.xxx.xxx.xxx].

The error that the other server returned was: 554 5.7.1 Service unavailable; Client host [mail-we0-f180.google.com] blocked using blackhole.securitysage.com

i have never seen this message before and my mail server has always accepted gmail emails until today.

i found the following relevant lines in my /etc/postfix/main.cf file:

relay_domains = hotmail.com gmail.com, etc
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,

i noticed that the relay_domains entry does not have google.com - it only has gmail.com. so:

has gmail recently changed the name of their mailserver?
or has gmail (or my pc?) been hacked to reroute traffic through blackhole.securitysage.com?

i have no idea what the reject_rhsbl_client and reject_rhsbl_sender entries are. if someone can explain them to me that would be good. i just went to the securitysage.com site and it says "site under reconstruction, 80% complete", so maybe my mail server is failing because it is not getting a confirmation from securitysage.com?

mulllhausen

Posted 2013-04-03T04:51:56.230

Reputation: 460

Answers

You will find that blackhole.securitysage.com is a list of domain names commonly used by spammers, and is thus being blocked by your mail server. You can safely comment out those lines, as they are not a standard method of detecting spam.

If you want to do spam filtering, you will want to look at spamassassin (and you may even want to incorporate blackhole.securitysage.com rules into it), but you obviously don't want to simply reject emails based solely on a third parties list of questionable domains.

Google RBL and RHSBL to get a better understanding of these technologies - they are a double edged sword, and are as likely to cut you as a spammer if not wielded wisely !

davidgo

Posted 2013-04-03T04:51:56.230

Reputation: 49 152

Also, you probably don't want to specify hotmail.com gmail.com as relay domains - the relay domains are the domain names YOUR SERVER is responsible for - so the domain names of the destination address. Having these lines in your server are not causing a problem with Google receiving email sending you - but its ignored for that.

It could, however, be a concern because it could make your server into an "open relay" for people wanting to spam hotmail and google.com through your server if they find out.

davidgo

Posted 2013-04-03T04:51:56.230

Reputation: 49 152

Use another blacklist, or no blacklist at all. blackhole.securitysage.com is blocking all and any domain I'm testing, it seems they are currently not functional.

Those lines reject_rhsbl_client and reject_rhsbl_sender, you can remove them. If you start to get problems with spam, you can get better ones on any postfix forum. RHSbl isn't a good way to block spammers anyway.

Havenard

Posted 2013-04-03T04:51:56.230

Reputation: 788