Gmail.com is bouncing forwarded emails

SYSTEM INFORMATION
OS type and version Ubuntu 24.04.1
Virtualmin version 7.20.2

I am forwarding emails from a virtual server to gmail, but gmail has started bouncing SOME of the emails. An example from mail.log (which I have lightly reformatted):

================ Queue ID 044127F120: ====================
Sep-04 06:59:21 message-id=<7E3D6C52-C1AF-4036-8DE8-8C2A78A9BE67@gmail.com>
Sep-04 06:59:21 from=<my.sender@gmail.com>, size=85849, nrcpt=1 (queue active)
Sep-04 06:59:21 to=<pmayesNNN@gmail.com>,
   orig_to=<phil@philmayes.com>,
   relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a]:25,
   delay=0.46,
   delays=0/0.01/0.1/0.34,
   dsn=5.7.1,
   status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a] said: 
   550-5.7.1 [2a01:4ff:1f0:d8fc::1      19] Gmail has detected that this message is 
   550-5.7.1 likely suspicious due to the very low reputation of the sending 
   550-5.7.1 domain. To best protect our users from spam, the message has been 
   550-5.7.1 blocked. For more information, go to 
   550 5.7.1  https://support.google.com/mail/answer/188131 d9443c01a7336-206ae8bd073si24369495ad.57 - gsmtp (in reply to end of DATA command))
Sep-04 06:59:21 sender non-delivery notification: 759877F122
Sep-04 06:59:21 removed
================ Queue ID 759877F122: ====================
Sep-04 06:59:21 message-id=<20240904135921.759877F122@host.peacepoll.org>
Sep-04 06:59:21 from=<>, size=6415, nrcpt=1 (queue active)
Sep-04 06:59:21 to=<my.sender@gmail.com>,
   relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a]:25,
   delay=0.51,
   delays=0/0/0.09/0.41,
   dsn=5.7.26,
   status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a] said: 
   550-5.7.26 Unauthenticated email from peacepoll.org is not accepted due to 
   550-5.7.26 domain's DMARC policy. Please contact the administrator of 
   550-5.7.26 peacepoll.org domain if this was a legitimate mail. To learn about 
   550-5.7.26 the DMARC initiative, go to 
   550 5.7.26  https://support.google.com/mail/?p=DmarcRejection d2e1a72fcca58-71778594214si2474735b3a.198 - gsmtp (in reply to end of DATA command))
Sep-04 06:59:21 removed

Who’s who:
OS = Ubuntu 24.04.1, Virtualmin 7.20.2, Postfix 3.8.6
host.peacepoll.org == system hostname
my.sender@gmail.com == mail sender
phil@philmayes.com == user and virtual server
pmayesNNN@gmail.com == forwarding address

I have SPF, DKIM and DMARC set up for all domains. DMARC is set to “reject”:
v=DMARC1; p=reject; adkim=r; aspf=r; pct=100; fo=1; rf=afrf; ri=86400

I’m pretty ignorant about the workings of email delivery and why the sending domain has “very low reputation”. The only fix I can think of is to change DMARC policy to “quarantine”, which seems rather a hack. Thanks for any advice.

Hello @pythonista2,

There is Postmaster Tools – Google which will tell you why the sending domain has a low reputation. You will be able to see (maybe after a few days when enough data has been collected by Google) how many messages are forwarded and among those who many messages Google considers to be spam.

Virtualmin has two methods of forwarding mail. The forward option in the Edit Users screen will forward mail without filtering it first via Spamassassin but the forward option in Usermin will first reject spam and then forward only non-spam messages.

Maybe the latter option will help repair the domain reputation that you have with Google.

Oh, like you, I too programmed in assembly language - for the 6502 way back in my teens in the 80’s.

1 Like

Thanks! I had set up Postmaster with verified domains, but it says “No data to display at this time…”

When setting up Virtualmin, I was confused by the two methods of forwarding mail. Nice to know that Spamassassin only applies to one. I don’t think that’s sufficient, as I was using Usermin for forwarding.

I worked on the 6502 for a while writing embedded software for automobiles.

I found this a good site to help learn whats going wrong

One thing your spf record is only allowing one IP4 and your mail server is using IP6

1 Like

Yeah, I’ve played with that site.

Nicely observed about IPV6! So much to learn…

Virtualmin when it forwards emails does not modify the headers so when they get to Gmail they will fail certain tests.

I think if you use usermin forwarding it will be equivalent to you clicking forward.

I think cpanel has a software that does it, maybe it is called srs?

1 Like

This may help add extra records

1 Like

I ran across srs here but the installation looked too scary. You prompted me to look again and I found simpler instructions here and here.

I need to take a deep breath before doing this :slight_smile:

@pythonista2 SRS would be a brilliant feature to add into virtualmin, if you get it working can you add a feature request on github.

These links are for reference:

1 Like

Nice links – thanks.