My server has stopped sending emails

Hi,

Some time ago the “BIND DNS Server” did not start for me, I did not give it much importance since the websites worked correctly.

After stopping receiving emails sent from the server, I thought that this could be the problem as the BIND DNS was not set up and the SPF was not sent correctly.

I fixed this issue with this ticket:

I Remove the content of my parameters from my file, to leave it empty as indicated in the post

from

auto_chroot=sh -c '. /etc/sysconfig/named && echo "$ROOTDIR"'
chroot=/var/named/chroot

to

auto_chroot=
chroot=

I tried to run the BIND DNS and it worked correctly, it works again

But the emails still do not arrive, checking the postfix user mail I found the following errors:

This is the mail system at host xxxxxxx.localdomain.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<xxxx@gmail.com>: host gmail-smtp-in.l.google.com[xxx.xx.27.27] said:
    550-5.7.26 This mail is unauthenticated, which poses a security risk to the
    550-5.7.26 sender and Gmail users, and has been blocked. The sender must
    550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
    550-5.7.26 DKIM checks did not pass and SPF check for
    [ns3121678.localdomain] 550-5.7.26 did not pass with ip: [5.1xx.1xx0.67].
    The sender should visit 550-5.7.26
    https://support.google.com/mail/answer/81126#authentication for 550 5.7.26
    instructions on setting up authentication.
    j25-20020aa7c0d9000000b0050bf9999de9si643513edp.620 - gsmtp (in reply to
    end of DATA command)

for google and for yahoo for example

This is the mail system at host xxxx.localdomain.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<xxxx@yahoo.es>: host mx-eu.mail.am0.yahoodns.net[1xxx.125.72.73] said:
    554 Message permanently deferred due to unresolvable RFC.5321 from domain;
    see https://postmaster.yahooinc.com/error-codes (in reply to end of DATA
    command)

I was checking the SPF and I think they are configured correctly:

xxxxxxxxxxxxxxx.es.	IN	MX	5 mail.xxxxxxxxxx.es.
xxxxxxxxxxxxxxx.es.	IN	TXT	"v=spf1 a mx a:xxxxxxxxxxxxx.es ip4:5.xxx.190.67 ip4:5.xxx.190.67 ip6:xxx:41d0:0008:c743::1 ?all"

Do you have any idea what could be happening?

Thank you very much!!!

Choose the correct server, then…

Server Configuration > DNS options

This should give you some clues.

thank for you answer this is the dns options

image977×729 40.8 KB

Proper DMARC is a topic to its’ self. But I have TLSA and DMARC record enabled. That should be safe enough for now.

Thank you very much for your help, but the problem continue, in one web appears this error:

: host gmail-smtp-in.l.google.com[142.250.27.27] said:
    550-5.7.26 This mail is unauthenticated, which poses a security risk to the
    550-5.7.26 sender and Gmail users, and has been blocked. The sender must
    550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
    550-5.7.26 DKIM checks did not pass and SPF check for
    [ns3121678.localdomain] 550-5.7.26 did not pass with ip: [5.xxx.190.67].
    The sender should visit 550-5.7.26
    https://support.google.com/mail/answer/81126#authentication for 550 5.7.26
    instructions on setting up authentication.
    h20-20020a17090619d400b0096f8ec3d764si324239ejd.914 - gsmtp (in reply to
    end of DATA command)

and the other web:

 host gmail-smtp-in.l.google.com[2a00:1450:4025:401::1a]
    said: 550-5.7.1 [2xxxxx1:41d0:8:c743::1] Our system has detected that this
    message does 550-5.7.1 not meet IPv6 sending guidelines regarding PTR
    records and 550-5.7.1 authentication. Please review 550-5.7.1
    https://support.google.com/mail/?p=IPv6AuthError for more information 550
    5.7.1 . r18-20020aa7cfd2000000b0050bca4826cdsi1347134edy.204 - gsmtp (in
    reply to end of DATA command)

The changes may take time to propagate. In the meantime follow the links given in the rejections for more information.

ns3121678.localdomain

That should be a FQDN. Not a internal name.

Postfix uses hostname to send.
Check thats has a FQDN

image1722×470 43.4 KB

Hi,

The Hostname is OK, I dont know why appears the local domain in mail. Any suggestion?

I need the email, it is important for my websites

Thank you very much!!!

maybe it’s time to get a more up to date OS, I know that centos 7 is supported but it is getting a bit old now and it may be worth moving on to a newer OS such as Alma or Rocky Linux.
but just run

cat /etc/hostname

in a terminal window just to make sure it is set correctly
if it is correct I guess there to be an error in your postfix config files (assuming you are using postfix)

Hi,

Thank for your answers.

win the command return:

cat /etc/hostname
ns3121678

I changed the value of postfix configuration but the problem persists:

image1784×900 104 KB

host gmail-smtp-in.l.google.com[142.250.27.26] said:
    550-5.7.26 This mail is unauthenticated, which poses a security risk to the
    550-5.7.26 sender and Gmail users, and has been blocked. The sender must
    550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
    550-5.7.26 DKIM checks did not pass and SPF check for [ns3121678.ovh.net]
    did 550-5.7.26 not pass with ip: [5.135.190.67]. The sender should visit
    550-5.7.26  https://support.google.com/mail/answer/81126#authentication for
    550 5.7.26 instructions on setting up authentication.
    n26-20020a056402061a00b0050ced5c9ecasi2134657edv.403 - gsmtp (in reply to
    end of DATA command)

that better, but you have DNS and Blacklist issues.

But I don’t think that is the problem. OVH is a very big company, or is it my domain level? From what I see, this refers to ovh in general, the problem is that I don’t know why it’s not taking the TXT SPF records and I don’t know why.

You have no DNS for this domain name.
You will have issues if you don’t sort out your DNS.

image856×368 13.7 KB

Hi,
Thank you very much for the reply.

Until recently, emails were sent by all the websites and it worked correctly.

That does not have DNS because it is the address of the server, not of the web page, I do not know if I am missing something that I should do.

The web pages have their DNS configured

Someone mentioned blacklisting, and you mentioned that you are using OVH.

OVH, as an organization, has been blacklisted by a few lists, which means that none of their IPv4 addresses can be used for email. The administrators of these lists are frustrated with OVH’s apparent lack of willingness to address the issue of users spamming from their IP addresses. As a result, they blacklist all IPv4 addresses associated with the company. I faced numerous difficulties because of this, until I eventually gave up and switched to using Microsoft’s SMTP for my email needs. It’s important to note that I don’t have a dedicated mail server on Webmin; instead, I attempted to send emails from software installed on websites like Drupal and Dolibarr, which ended up using OVH’s IP address.

However, I recently learned about a workaround that involves using the IPv6 address provided by OVH. If you have a virtual machine (VM) with OVH, you can obtain an IPv6 address for free. These IPv6 addresses are not supposed to be blacklisted. Although I haven’t personally tried this workaround, it was suggested by OVH themselves. It’s worth mentioning that the blacklisting issue sometimes disappears temporarily, only to reappear unexpectedly.

if you have your own domain names then don’t use ovh.net is your hostname, use your own hostname as its not matching the spf and dkim. Plus sounds like you provider has given you a blacklist IP from the sounds of that last post.

At times, all IPv4 ranges from OVH are blacklisted, then for a while they are unlisted, and so back to blacklist again. I never had this problem when I used Azur for for my VM.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.