Mail setup oddities (and mails sent from a virtualmin server being marked as spam)

Hi,

I’m having some strange problems with my virtualmin server which I can’t get to the bottom of. I have 2 domains on my server, one of which can send/receive emails without any problems, and the second one which seems to get marked as spam by some of the major mail services (gmail, hotmail etc…).

Here’s a quick overview of the setup (I’ve replaced domain/user names to make it easier to follow)

Server Hostname: domainA.com
Server mailname: domainA.com

First virtual server: domainA.com, username userA
Second virtual server: domainB.com, user userB

Sending email from domainB works fine without any problems even though the hostname/mailname are domainA. It’s domainA which is the problem. At first I thought it was the forum software we’re using which is sending the mail, but have seen it happen for ‘normal’ mail as well.

Currently all of the email addresses I’m using are aliases (its more convenient for our users to get their emails forwarded)

I’ve made sure that SPF and DKIM are working on both domains, but this made little difference. An example of an email which went to spam in gmail is:
Return-Path: xenforo@domainA.com
Received: from domainA.com (domainA.com. [x.x.x.x])
by mx.google.com with ESMTP id e3si7624723wix.38.2012.02.29.05.34.01;
Wed, 29 Feb 2012 05:34:02 -0800 (PST)
Received-SPF: pass (google.com: domain of xenforo@domainA.com designates x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of xenforo@domainA.com designates x.x.x.x as permitted sender) smtp.mail=xenforo@domainA.com dkim=pass (test mode) header.i=@domainA.com

From what I can tell, there’s no problems here.

As a test, I set up my steam account email as a domainA.com forwarder to my gmail and sent a password reset email from within steam. This also got marked as spam with the following:
Return-Path: noreply@steampowered.com
Received: from domainA.com (domainA.com. [x.x.x.x])
by mx.google.com with ESMTP id v58si9256418wec.28.2012.03.04.14.41.55;
Sun, 04 Mar 2012 14:41:55 -0800 (PST)
Received-SPF: fail (google.com: domain of noreply@steampowered.com does not designate x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of noreply@steampowered.com does not designate x.x.x.x as permitted sender) smtp.mail=noreply@steampowered.com

So I’m thinking that it’s something strange in the mail alias sending the email through to my google account? I think the email above is a symptom rather than a cause though - if the setup is having problems delivering mail anyway then forwarding a mail from domainA.com to a gmail.com address would suffer from the same problems.

What’s confusing me is that domainB.com is working without any problems at all, when the headers for an email for this domain show plenty of references to domainA (as it’s the hostname/mailname):
Return-Path: userB@domainA.com
Received: from domainA.com (domainA.com. [x.x.x.x])
by mx.google.com with ESMTP id f9si7133892wiw.37.2012.03.04.15.03.09;
Sun, 04 Mar 2012 15:03:09 -0800 (PST)
Received-SPF: pass (google.com: domain of userB@domainA.com designates x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of userB@domainA.com designates x.x.x.x as permitted sender) smtp.mail=userB@domainA.com; dkim=pass (test mode) header.i=@domainB.com

So… emails for domainB are actually having a return path of userB@domainA.com

I’m sorry if this makes no sense, but it’s confused me to the point where I don’t even know what I should be expecting to see in the headers any more.

Basically, my questions are:

(1) Is it obvious from my setup or headers why emails from domainA are being marked as spam whereas domainB aren’t (even though the hostname/mailname for the server is domainA).
(2) Is it right that emails for domainB are using userB@domainA.com as the return path

One thought I’ve had (the only thing I can think off which is different to my other working virtualmin server)…

Could it be because the hostname and mailname are domainA.com rather than something like x.domainA.com ? I don’t know if that could cause any problems.

Is it obvious from my setup or headers why emails from domainA are being marked as spam whereas domainB aren’t (even though the hostname/mailname for the server is domainA)

Unfortunately, it’s not obvious… your setup looks okay.

Having SPF and DKIM setup correctly can be a huge factor there – so you may want to double or triple check that those are actually what they should be.

Also, your hostname should typically be in the FQDN format, “host.domain.com” – but that shouldn’t be the cause of your email being marked as spam.

Is it right that emails for domainB are using userB@domainA.com as the return path

Yup! All outgoing email goes out via the primary interface on your server, and is stamped with the hostname of the server, “domainA.com” in your case.

Does it seem to matter what email client is used for sending messages from domainA.com?

For example, instead of using a desktop client like Outlook or Thunderbird, what if you logged into Usermin on port 20000, or perhaps RoundCube, and sent an email from domainA.com to a Gmail address. Do you see the same problems then?

-Eric

Thanks for your reply. I’m fairly confident that SPF and DKIM are set up correctly (i’ve done a few of the online tests, and the headers say dkim=pass).
Is it worth me changing the hostname and mailname, or is it a bit late now I’ve got live domains on the server? Also, other than changing /etc/hostname and /etc/mailname, would i need to change things like mydestination in the postfix config?

I just tried an email (from a real smtp account) through usermin and it went straight to spam in my gmail account:
Return-Path: xenforo@domainA.com
Received: from domainA.com (domainA.com. [x.x.x.x])
by mx.google.com with ESMTP id q12si3277634wec.108.2012.03.05.07.54.25;
Mon, 05 Mar 2012 07:54:25 -0800 (PST)
Received-SPF: pass (google.com: domain of xenforo@domainA.com designates x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of xenforo@domainA.com designates x.x.x.x as permitted sender) smtp.mail=xenforo@domainA.com; dkim=pass (test mode) header.i=@domainA.com
Received: from domainA.com (localhost [127.0.0.1])
by domainA.com (Postfix) with SMTP id 03BE122FB1
for my.address@gmail.com; Mon, 5 Mar 2012 15:54:25 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=domainA.com; s=2012;
t=1330962865; bh=GGuZhC3Fbh4hOB6KKQzbMlofWrWEPSpPqrvyan3e03U=;
h=From:Subject:To:Message-Id:Date:MIME-Version:Content-Type;
b=LlSO9ttWMkXffb3BmslAOBuFSrNLoiVay6ufSoz4U5dFc5poZ29NlWz2xogvhHtYb
GSUSrkAbo8mmmPDvOUGledZ1U0iJdl4H5t7Wbu653cdX1CH7yl86WeTfBv2v24Dymq
fGThOu2nZ9S/F4d1neZpzp+W7HLiLggc5z3YX1NQ=

I’ve also tried setting up the account in Thunderbird and get the same result.

I unfortunately don’t see anything that stands out regarding why your email is going to spam at some providers.

You could always try sending yourself an email, and then look at the X-Spam-Status header, and see if SpamAssassin notices anything unusual.

Is it worth me changing the hostname and mailname, or is it a bit late now I’ve got live domains on the server?

Having the name of one of your Virtual Servers also be the server’s hostname can prevent email from being delivered to domains on your server.

If you’re not having email delivery problems, it may not matter; though it certainly wouldn’t hurt to get that straightened out.

Also, other than changing /etc/hostname and /etc/mailname, would i need to change things like mydestination in the postfix config?

You would want to change /etc/hostname, /etc/mailname, /etc/hosts, and the mydestination line of /etc/postfix/main.cf. You’d manually run “hostname host.domain.com”, and then restart Postfix. After that, your new hostname should be good to go!

I’d suggest going into System Settings -> Re-Check Config afterwards to make sure it doesn’t see any issues.

-Eric

Thanks again, I appreciate the help :slight_smile:

To make matters worse, I did some thorough testing on another VPS which has virtualmin installed (and I’ve made no modifications to postfix etc…), and I’m having the same problem. This VPS has its own x.y.z hostname and mailname which has no reference to any of the domains I’m using, yet sending mail through usermin or thunderbird to a gmail or hotmail account ends up in spam.

I sent to another mail server so it would run through spamassassin, and the score is pretty much always negative, so I don’t think its that.

I’ve done loads of online checks for things like SMTP, DKIM, SPF etc… and they all come back without any problems. I’ve also checked blacklists and neither of my servers are listed anywhere.

I spent most of last night looking around and I see a few people having similar(ish) problems but no fixes. I’ve also gone through a lot of postfix documentation and not found anything. I dont really know where to turn now as postfix seems to be working perfectly and the headers of the ‘spam’ email all look fine.

I sent to another mail server so it would run through spamassassin, and the score is pretty much always negative, so I don’t think its that.

Even though it’s always negative, where there any hits at all in the X-Spam-Status?

I’m just looking for anything at all that might point to a culprit.

-Eric

X-Virus-Scanned: Debian amavisd-new at x.x.x
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=4.5 tests=[BAYES_00=-2.599,
SPF_PASS=-0.001]

This was a message with a subject of ‘this is a test’ and a body of ‘test’.

I’ve tried changing the hostname of the machine to x.z.y just to see if it makes any difference. I’m currently waiting on the RDNS to update.

Still pulling my hair out though :frowning: At least if there was an error or a tiny irregularity somewhere I’d have something to look at - as it stands I’m really in the dark. I don’t think it can be a blacklist problem because domainB.com can send mail fine, and domainA.com has only recently been registered (and the server only has one IP).

Again, thanks for your help so far :slight_smile:

Finally the RDNS update has propagated, and… same result :frowning:

Nuts! Yeah, I’m really not sure what’s going on there… I’m not sure why that primary domain if yours does not work, but the other one does.

I kind of wish providers offered some more detail for those of us in this sort of bind!

In the headers you shared above, it even showed Google seeing the SPF and DKIM as being correct.

Are you seeing this with just one Gmail account, or all Gmail accounts? That is, is it possible there’s a filter setup on that one account? Could you try emailing a different account, and see if you get a different result?

-Eric

Thanks again, I do really appreciate the help :slight_smile:

It’s multiple gmail addresses (at least 3 completely unrelated people), so I don’t think it can be filter related. I’ve noticed that a lot of the emails (but not all) are getting marked as spam in hotmail as well!

After getting nowhere with this for over a week (and especially as I’m getting the same problem on a completely unrelated virtualmin setup), I’ve been forced to switch the MX records over to google apps.

Not my ideal solution, but it’s the only way I can get mails to deliver :frowning:

I plan on migrating a fully working ISPConfig server over to Virtualmin at some point in the near future, so I’m interested to see how that will work!

Sorry to hear you couldn’t get it working, but that sounds like a reasonable workaround!

Hopefully your migration with your other server goes a bit smoother :slight_smile:

-Eric