I am forwarding emails from a virtual server to gmail, but gmail has started bouncing SOME of the emails. An example from mail.log (which I have lightly reformatted):
================ Queue ID 044127F120: ====================
Sep-04 06:59:21 message-id=<7E3D6C52-C1AF-4036-8DE8-8C2A78A9BE67@gmail.com>
Sep-04 06:59:21 from=<my.sender@gmail.com>, size=85849, nrcpt=1 (queue active)
Sep-04 06:59:21 to=<pmayesNNN@gmail.com>,
orig_to=<phil@philmayes.com>,
relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a]:25,
delay=0.46,
delays=0/0.01/0.1/0.34,
dsn=5.7.1,
status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a] said:
550-5.7.1 [2a01:4ff:1f0:d8fc::1 19] Gmail has detected that this message is
550-5.7.1 likely suspicious due to the very low reputation of the sending
550-5.7.1 domain. To best protect our users from spam, the message has been
550-5.7.1 blocked. For more information, go to
550 5.7.1 https://support.google.com/mail/answer/188131 d9443c01a7336-206ae8bd073si24369495ad.57 - gsmtp (in reply to end of DATA command))
Sep-04 06:59:21 sender non-delivery notification: 759877F122
Sep-04 06:59:21 removed
================ Queue ID 759877F122: ====================
Sep-04 06:59:21 message-id=<20240904135921.759877F122@host.peacepoll.org>
Sep-04 06:59:21 from=<>, size=6415, nrcpt=1 (queue active)
Sep-04 06:59:21 to=<my.sender@gmail.com>,
relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a]:25,
delay=0.51,
delays=0/0/0.09/0.41,
dsn=5.7.26,
status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c01::1a] said:
550-5.7.26 Unauthenticated email from peacepoll.org is not accepted due to
550-5.7.26 domain's DMARC policy. Please contact the administrator of
550-5.7.26 peacepoll.org domain if this was a legitimate mail. To learn about
550-5.7.26 the DMARC initiative, go to
550 5.7.26 https://support.google.com/mail/?p=DmarcRejection d2e1a72fcca58-71778594214si2474735b3a.198 - gsmtp (in reply to end of DATA command))
Sep-04 06:59:21 removed
I have SPF, DKIM and DMARC set up for all domains. DMARC is set to “reject”:
v=DMARC1; p=reject; adkim=r; aspf=r; pct=100; fo=1; rf=afrf; ri=86400
I’m pretty ignorant about the workings of email delivery and why the sending domain has “very low reputation”. The only fix I can think of is to change DMARC policy to “quarantine”, which seems rather a hack. Thanks for any advice.
There is Postmaster Tools – Google which will tell you why the sending domain has a low reputation. You will be able to see (maybe after a few days when enough data has been collected by Google) how many messages are forwarded and among those who many messages Google considers to be spam.
Virtualmin has two methods of forwarding mail. The forward option in the Edit Users screen will forward mail without filtering it first via Spamassassin but the forward option in Usermin will first reject spam and then forward only non-spam messages.
Maybe the latter option will help repair the domain reputation that you have with Google.
Oh, like you, I too programmed in assembly language - for the 6502 way back in my teens in the 80’s.
Thanks! I had set up Postmaster with verified domains, but it says “No data to display at this time…”
When setting up Virtualmin, I was confused by the two methods of forwarding mail. Nice to know that Spamassassin only applies to one. I don’t think that’s sufficient, as I was using Usermin for forwarding.
I worked on the 6502 for a while writing embedded software for automobiles.
@pythonista2 SRS would be a brilliant feature to add into virtualmin, if you get it working can you add a feature request on github.
These links are for reference:
SPF (Sender Policy Framework) support - Despite the title: Because it is very easy to make Virtualmin supporting SRS, I am posting the (Debian 8) howto:
well I did not even read that link - for me it was my public IP - all ive done was set properly dkmi and dmarc policy and asked on spam house to be removed, since then no issues and its been couple of years - keep in mind if your public ip changes - you would have to do all process again = 15 minutes of your life = easy good luck.
I have figured out how to get postsrsd working, mostly thanks to the links here and a little bit of info from the github page of postsrsd.
As @pythonista2 mentions, the Vander site is slightly outdated. The main difference beween my approach and his is I used the main.cf changes from the github page.
I have written a small guide for a (so far on 3 servers tested) succesfull deployment:
Check, add if not exist, spf record for the rewrite domain (in my cases the hostname of the server)
In a (root) terminal execute the following commands:
mkdir /opt/postsrsd
cd /opt/postsrsd
apt -y install autotools-dev autoconf flex cmake automake
wget https://github.com/roehling/postsrsd/archive/master.zip
unzip master
cd postsrsd-main
mkdir _build && cd _build
cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local
make -j
sudo make install
cd ~
rm -r /opt/postsrsd
Edit /usr/local/etc/postsrsd.conf. Comment out line 14 so it reads:
#domains = {}
and uncomment line 26. Add the file path as shown in the example, so it reads:
domains-file = "/usr/local/etc/postsrsd.domains"
In webmin, make an hourly cron job, run as root, and run it after saving. Also. Don’t forget to replace server.example.com with the subdomain or hostname of the server:
in the not to distant future the team are looking at overhauling the email system. What form this take I do not know but adding SRS is probably a really good feature.
If someone with more knowledge would make GitHub issue requesting SRS and add all the relevant info and links might be useful.