I am looking for suggestions on mail settings to tweak so we do not get put on a blacklist when our one customer sends out the 300 or so newsletters. If you need me to I can start the ticket process so we can have someone take a peek. The messages are 554 from Yahoo and 553 from at&t. I have started both blacklist requests to get us out of jail. We did have a open dns resolver issue on another host on the same subnet and this machine had an issue with someone hosting a credit card phishing web page.
Thanks,
Joe
Virtualmin serial number 5562099
Sep 25 14:21:02 atomic postfix/smtp[5654]: 066C5211C95: to=, relay=mta6.am0.yahoodns.net[66.196.118.35]:25, delay=0.81, delays=0.08/0/0.24/0.49, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.196.118.35] said: 554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit https://help.yahoo.com/kb/postmaster/SLN5067.html [120] (in reply to end of DATA command))
Sep 25 14:21:06 atomic postfix/smtp[5654]: 949E2211C95: to=, relay=mta7.am0.yahoodns.net[66.196.118.240]:25, delay=0.72, delays=0.08/0/0.1/0.54, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[66.196.118.240] said: 554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit https://help.yahoo.com/kb/postmaster/SLN5067.html [120] (in reply to end of DATA command))
Sep 25 14:21:34 atomic postfix/smtp[5657]: 61075211D32: to=, relay=ff-ip4-mx-vip1.prodigy.net[144.160.159.21]:25, delay=1.3, delays=0.73/0/0.48/0.08, dsn=5.3.0, status=bounced (host ff-ip4-mx-vip1.prodigy.net[144.160.159.21] said: 553 5.3.0 flpd579 DNSBL:ATTRBL 521< 24.176.22.19 >_is_blocked.__For_information_see_http://att.net/blocks (in reply to MAIL FROM command))
Sep 25 14:21:43 atomic postfix/smtp[5657]: A4456211D32: to=, relay=ff-ip4-mx-vip2.prodigy.net[144.160.159.22]:25, delay=0.82, delays=0.09/0/0.65/0.08, dsn=5.3.0, status=bounced (host ff-ip4-mx-vip2.prodigy.net[144.160.159.22] said: 553 5.3.0 flpd599 DNSBL:ATTRBL 521< 24.176.22.19 >_is_blocked.__For_information_see_http://att.net/blocks (in reply to MAIL FROM command))
So, the obvious stuff is true for any mail server:
DKIM and SPF need to be good. There are some tools out there to check that. Make sure the names and IPs match what your mail headers and DNS records actually contain (we recently had a problem where our old server IP was in the DKIM records because I’d created them manually ages ago and so they didn’t get updated when we migrated). Virtualmin handles both of these, but if you’ve got multiple IPs and domain names, it may get it wrong, if configuration isn’t right.
Reverse DNS. This one can either be provided by your host/colo, or by your own DNS server, if it’s been delegated.
Make sure you’re handling bounces and unsubscribes fast and accurately. It takes very little unwanted mail to get blocked.
You can also lookup your IP on various DNSBL query sites which will let you know if you’ve been blacklisted by any of them and why (it may be something unrelated to you; if you haven’t been on the IP long, it might be blaklisted because of previous tenants).
Our version of CentOS is old and Virtualmin,
We got the reverse DNS from the ISP working on Monday
The bounces and unsubscribes are something I have not seen but have to ask the end users and look to see what they get.
When I do a yum search I find packages that might have DKIM but not sure what ones to install to get it to work on the old version of Virtualmin:
libopendkim.i386 : An open source DKIM library
libopendkim-devel.i386 : Development files for libopendkim
opendkim.i386 : A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
perl-Mail-DKIM.noarch : Sign and verify Internet mail with DKIM/DomainKey signatures
clamav-milter.i386 : Sendmail-milter for the Clam Antivirus scanner
clamav-milter-sysv.i386 : SysV initscripts for the clamav sendmail-milter
jilter.noarch : Sendmail milter protocol for Java
milter-regex.i386 : Sendmail milter plug-in for regular expression filtering
mimedefang.i386 : E-Mail filtering framework using Sendmail’s Milter interface
opendkim.i386 : A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
opendmarc.i386 : A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
perl-Sendmail-PMilter.noarch : Perl binding of Sendmail Milter protocol
sendmail-devel.i386 : Extra development include files and development files.
spamass-milter.i386 : Milter (mail filter) for spamassassin
spamass-milter-postfix.i386 : Postfix support for spamass-milter