Some mail from newly setup mailserver flagged spam by GMail

1

1

I have just setup a new mailserver using Postfix on CentOS 7, the machine serves as mx for two domains, domain1.com and domain2.com. The server's hostname is domain1.com and it has the correct PTR record set. Both domains point their only MX record at domain1 and both have correct DKIM and SPF records.

The problem is that mail sent from an address @domain2.com is consistently marked as spam by GMail, while the exact same mail sent from @domain1.com is not.

Below are some of the DNS records as output by dig.

Domain 1

domain1.com.    300 IN  A   1.2.3.4
domain1.com.    300 IN  MX  1 domain1.com.
domain1.com.    300 IN  TXT "v=spf1 mx ~all"
default._domainkey.domain1.com 300 IN TXT "v=DKIM1\; k=rsa\; p=<blurp>"

Reverse DNS for the 1.2.3.4

4.3.2.1.in-addr.arpa. 3600 IN    PTR domain1.com

Domain 2

domain2.com.     300 IN  A   1.2.3.4
domain2.com.     300 IN  MX  1 domain1.com.
domain2.com.     300 IN  TXT "v=spf1 mx ~all"
default._domainkey.domain2.com. 300 IN   TXT "v=DKIM1\; k=rsa\; p=<blurp>"

The SMTP server responds as following to EHLO:

220 domain1.com ESMTP Postfix
EHLO banana
250-domain1.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Again, the problem is that the exact same mail sent from @domain2.com is flagged as spam, but not mail from @domain1.com. I tried running the whole setup through several DKIM and SPF validators, and I also checked the IP against several blacklists. In addition I ran all the tests on mxtoolbom.com, none of these tools report any problem.

Below are two emails sent by the same user from respectively domain1.com and domain2.com as GMail sees them:

Non-spam (@domain1)

Delivered-To: test_account@gmail.com
Received: by 10.60.57.165 with SMTP id j5csp382145oeq;
        Tue, 28 Oct 2014 06:11:12 -0700 (PDT)
X-Received: by 10.112.168.2 with SMTP id zs2mr3138752lbb.25.1414501871638;
        Tue, 28 Oct 2014 06:11:11 -0700 (PDT)
Return-Path: <user@domain1.com>
Received: from domain1.com (domain1.com. [1.2.3.4])
        by mx.google.com with ESMTP id lm8si2545487lac.7.2014.10.28.06.11.10
        for <test_account@gmail.com>;
        Tue, 28 Oct 2014 06:11:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@domain1.com designates 1.2.3.4 as permitted sender) client-ip=1.2.3.4;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of user@domain1.com designates 1.2.3.4 as permitted sender) smtp.mail=user@domain1.com;
       dkim=pass header.i=@domain1.com
Received: by domain1.com (Postfix, from userid 1001)
    id 7104140D41; Tue, 28 Oct 2014 14:11:10 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain1.com;
    s=default; t=1414501870;
    bh=6ycM+eq5HvFTqqe79TLije21S91XFijH+fOKPHMU5Zc=;
    h=From:Subject:Date:To;
    b=<blurp>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on domain2.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from [192.168.178.63] (dsl.provider.com [100.100.100.100])
    by domain1.com (Postfix) with ESMTPSA id 726E140D09
    for <test_account@gmail.com>; Tue, 28 Oct 2014 14:11:05 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain1.com;
    s=default; t=1414501865;
    bh=6ycM+eq5HvFTqqe79TLije21S91XFijH+fOKPHMU5Zc=;
    h=From:Subject:Date:To;
    b=<blurp>
From: That Guy <user@domain1.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Yellow Bananas
Message-Id: <F5746816-4146-4F80-ACFE-D337BF1B8792@domain1.com>
Date: Tue, 28 Oct 2014 14:11:05 +0100
To: test_account@gmail.com
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
X-Mailer: Apple Mail (2.1990.1)

Hi,

Do not forget to buy some bananas!

Marked as span (@domain2.com)

Delivered-To: test_account@gmail.com
Received: by 10.60.57.165 with SMTP id j5csp382123oeq;
        Tue, 28 Oct 2014 06:11:01 -0700 (PDT)
X-Received: by 10.112.167.130 with SMTP id zo2mr4018217lbb.4.1414501861369;
        Tue, 28 Oct 2014 06:11:01 -0700 (PDT)
Return-Path: <user@domain2.com>
Received: from domain1.com (domain1.com. [1.2.3.4])
        by mx.google.com with ESMTP id mj1si2507360lbc.40.2014.10.28.06.11.00
        for <test_account@gmail.com>;
        Tue, 28 Oct 2014 06:11:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@domain2.com designates 1.2.3.4 as permitted sender) client-ip=1.2.3.4;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of user@domain2.com designates 1.2.3.4 as permitted sender) smtp.mail=user@domain2.com;
       dkim=pass header.i=@domain2.com
Received: by domain1.com (Postfix, from userid 1001)
    id E816D40D41; Tue, 28 Oct 2014 14:10:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain2.com;
    s=default; t=1414501859;
    bh=6ycM+eq5HvFTqqe79TLije21S91XFijH+fOKPHMU5Zc=;
    h=From:Subject:Date:To;
    b=<blurp>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on domain2.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from [192.168.178.63] (dsl.provider.com [100.100.100.100])
    by domain1.com (Postfix) with ESMTPSA id F326840D09
    for <test_account@gmail.com>; Tue, 28 Oct 2014 14:10:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain2.com;
    s=default; t=1414501855;
    bh=6ycM+eq5HvFTqqe79TLije21S91XFijH+fOKPHMU5Zc=;
    h=From:Subject:Date:To;
    b=<blurp>
From: That Guy <user@domain2.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Yellow Bananas
Message-Id: <AD7F87AA-B53B-4D25-AD8F-C38E4C7D660F@domain2.com>
Date: Tue, 28 Oct 2014 14:10:53 +0100
To: test_account@gmail.com
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
X-Mailer: Apple Mail (2.1990.1)

Hi,

Do not forget to buy some bananas!

According to Google the reason for blocking the second mail is: "Why is this message in Spam? It's similar to messages that were detected by our spam filters. Learn more", which is a link to https://support.google.com/mail/answer/1366858?hl=en&expand=5.

I've been at it for several hours now, but I can't seem to figure this out. I did everything Google recommends in their bulk email guide.

Blubber

Posted 2014-10-28T13:25:56.237

Reputation: 191

1Try using different words in the email just to see if the problem is consistent (one server approved, the other not). You might be hitting some random weirdness unrelated to which server is sending the mail. Additionally, does either domain have a "suspicious" name like getfreesexhere.com or the word 'suck' in it or something? – barrycarter – 2014-10-28T17:57:24.757

I tried sending several mails from both domains, with different contents. The mails from the second domain are consistently flagged as spam. Both domains have regular non-suspicious english dictionary words. – Blubber – 2014-10-28T18:03:13.063

You might be running into the "Scunthorpe problem". Try sending an email with an @domain2.com address but send it through domain1.com (or any other server). That will distinguish whether it's the address or the server. – barrycarter – 2014-10-28T18:19:52.257

Both domains use the same MX (domain1.com), in fact, both the emails where sent through the same SMTP server. I tried sending exactly the same email through mailgun, that one was not flagged as spam. Then I resent the same email through my own smtp server, and it got flagged again. I guess it has something to do with the smtp server not being on the same domain as the email address, but the SPF record should take care of this afaik. – Blubber – 2014-10-28T19:10:47.703

Have you tried telnetting (or ncat'ing) to port 25 of one of gmail's MX servers from your server, and seeing exactly what happens? It's possible you'll get a more useful error message. – barrycarter – 2014-10-28T22:38:52.903

Unfortunately I can't do that, the gmail servers require TLS. Also, at first I though it might be my reverse DNS entry, earlier that day the entry pointed to the wrong domain, so I fixed it, but I though some servers might have a ttl of a day on that. Anyway, after waiting a day the problem has nog been resolved. – Blubber – 2014-10-29T10:48:43.123

Did you solve your problem? I have the same problem... – Tobia – 2016-01-04T08:36:14.430

Yes I did. The problem is hat Digital Ocean is just not the place to host a mailserver. It is so easy and cheap to get a VPS up and running that they are easy targets for spammers. The solution was to move the mailserver to a different provider, I mailed several candidates before making the move to make sure they take steps to avoid IP blacklists. – Blubber – 2016-01-05T10:38:12.160

I think there are missing details in domain configurations. Compare with the answer here: https://superuser.com/questions/1385025/multi-domain-mail-server

– i486 – 2019-03-17T11:10:26.233

No answers

Asked: 2014-10-28T13:25:56.237

Viewed: 420 times

Active: 2014-10-28T13:25:56.237