OT: Problems sending emails to gmail. I used postfix debian install (based falko)

HI there,

Since we installed (or maybe gmail activated spam control) we have problems to send emails to gmail.com

Its a real problem or us because some customers use gmail accounts. I have setup SPF records, ptr, and so. so don't know what could be wrong . Of course, i'm sure we don't send spam!. the only difference between our installation server and falko howto, we added maia mailguard to server.

I post you the message when we send email to gmail (of course we tried to contact gmail, and it's imposible, they ghave an autoresponse support and that's all, we dont get reply from human):


Asunto: Undelivered Mail Returned to Sender

This is the Postfix program at host mailsrv0098.ourmaindomain.com.

I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The Postfix program

<[email protected]>: host gmail-smtp-in.l.google.com[72.14.215.114]
said:
550-5.7.1 Our system has detected an unusual amount of unsolicited
550-5.7.1 mail originating from your IP address. To protect our
550-5.7.1
users from spam, mail sent from your IP address has been 550-5.7.1
rejected. Please visit 550-5.7.1
http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk
Email Senders Guidelines. y18si783770hua (in reply to end of DATA
command)


What could be wrong please? i searched in google for info, and many people have same problem

By the way our ip is no in blacklist, i checked it in dnstuff.

thanks for help

 

no, from your IP there have been sent quite a number or spam to gmail... it seems people did complain and so you landed on the gmail blacklist....
Maybe you have an open relay server and someone is abusing it?

 

If you host your server on a dynamic IP address or DSL line, it is blacklisted almost automatically, no matter if you send spam or not.

If you have a static IP address, you should check your mail log if there''s much more email traffic than you expected, and you should also check your mailqueue with

Code:

postqueue -p

to see if there are lots of emails in it (which might be a sign that your server is abused by spammers).

Also, what's the output of

Code:

postconf -d | grep mynetworks
postconf -n | grep mynetworks

?

 

sjau,as i asaid no blacklist, our users dont send spam

Falko, static IP , we have a range of IP's

It's a closed mail server with sasl auth.

# postqueue -p
Mail queue is empty


mailsrv0098:~# postconf -d | grep mynetworks
mynetworks = 127.0.0.0/8 192.168.1.0/24 [::1]/128 [fe80::214:5eff:fe87:5489]/64
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_connection_limit_exceptions = $mynetworks
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
mailsrv0098:~# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8 mailsrv0098.tecnoretail.com 212.170.0.40/32 80.25.82.230/32 213.171.236.34/32 213.97.104.216/32
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
mailsrv0098:~#

thanks for help dude.

 

Are you sure none of these systems is abusing your server for spam?
Did you check the known blacklists such as SORBS?

 

re Flako, thanks for help

No one is of servers are doind spam. I added them because they are static ip adsl of customer and the server is only for this customer, server only has 2 domain, tecnoretail for testing pourposes and the customer domain , so i'm really sure no spam and i checked server logs and no spaming

any ideas? some one said me i have to check HELO, PTR , DNS and so, but i checked and i don't see nothing strange

I checked sorbs and many others and no blacklisted:

[213.171.236.38] was not found in the SORBS database.

thanks

 

Did you visit this page? http://www.google.com/mail/help/bulk_mail.html
Maybe one of your customers sent as newsletter which was reported as spam to Google... Anyway, I'd try to contact Google and find out what caused the problem.

 

Re,

I tried contact google 5 times, its imposible they have an auto response and then they say each time i should to send emailes, and i sent 10 different examples and it' imposible,no answer from them. i have been contacting them during 1 month so it's imposible

I asked my customer if he sent a newsletter or something like that, and he said me no, i checked logs and no mailing list, no newsletter nothing masive

I checked the web page bulk in gmail, so i created spf records they recomend but same problem.

 

I've just checked your IP address here: http://www.mxtoolbox.com/blacklists.aspx
and it really seems to be ok.

 

Yes, im no backlisted. well, thanks for help, i will have to redirect all .gmail.com to external smtp server to allow send emails to gmail

And... if some gmail admin is reading this psot, please, check your config because lot of people have same problem like me.

thanks for help.

 

I have the same problem, did you fix it? And its not because of spam i have and old server whit slackware 10.0 and Qmail and work, i just want to put new server because that you got alot of problems. I use the Virtual Users And Domains With Postfix, Courier And MySQL (Ubuntu 6.10 Edgy Eft) to install postfix.

Code:

This is the mail system at host teiast.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: host gmail-smtp-in.l.google.com[66.249.93.27] said:
    550-5.7.1 [85.138.82.92] The IP you're using to send email is not
    authorized  550-5.7.1 to send email directly to our servers. Please use
    550 5.7.1 the SMTP relay at your service provider instead. 54si4575387ugp
    (in reply to end of DATA command)

 

Does your server use a dynammic IP address?
Please check if it is blacklisted: http://www.mxtoolbox.com/blacklists.aspx

 

It must not be, because i active the old server whit qmail and i can send emails to gmail, the servers are in the same place. I have a custom dns teiast.com and my IP is dynammic that i use ddcliente to update my ip in teiast.com. The only diference its in one server i have Qmail, in this new one i install Postfix and cant send emails to gmail, but in the old one i can.

 

I'm not sure about your qmail setup, but nowadays most dynamic IP addresses are blacklisted. To circumvent this, you can relay your mails through another mail server: http://www.howtoforge.com/postfix_relaying_through_another_mailserver

 

Ok i have use the relay server from gmail

Outgoing Mail (SMTP) Server - requires TLS: smtp.gmail.com (use authentication)
Use Authentication: Yes
Use STARTTLS: Yes (some clients call this SSL)
Port: 465 or 587

My problem now its on STARTTLS this is the error i get from sending emails:

Code:

This is the mail system at host teiast.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: host smtp.gmail.com[72.14.205.109] said: 530 5.7.0 Must
    issue a STARTTLS command first e17sm281738qba (in reply to MAIL FROM
    command)

mail.log

Code:

May 21 23:03:21 teiast postfix/smtpd[3909]: connect from localhost[127.0.0.1]
May 21 23:03:21 teiast postfix/smtpd[3909]: DC40B1CF3C6: client=localhost[127.0.0.1]
May 21 23:03:21 teiast postfix/cleanup[3900]: DC40B1CF3C6: message-id=<002201c79bf3$f7077dd0$2001a8c0@NOVONE>
May 21 23:03:22 teiast postfix/smtpd[3909]: disconnect from localhost[127.0.0.1]
May 21 23:03:22 teiast amavis[3461]: (03461-01) Passed CLEAN, [85.138.82.92] [85.138.82.92] <[email protected]> -> <[email protected]>, Message-ID: <002201c79bf3$f7077dd0$2001a8c0@NOVONE>, mail_id: oixzFPEc2zwW, Hits: -1.439, queued_as: DC40B1CF3C6, 6076 ms
May 21 23:03:22 teiast postfix/qmgr[3685]: DC40B1CF3C6: from=<[email protected]>, size=1947, nrcpt=1 (queue active)
May 21 23:03:22 teiast postfix/smtp[3901]: DCA7F1CF3B4: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.3, delays=0.19/0.03/0.04/6.1, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=03461-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DC40B1CF3C6)
May 21 23:03:22 teiast postfix/qmgr[3685]: DCA7F1CF3B4: removed

 

Please try this:

Code:

postconf -e 'smtp_enforce_tls = yes'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'

and restart Postfix.

 

Know i dont recebe back the email i send, stay in queue and in my mail.log its like:

Code:

May 24 00:40:12 teiast postfix/smtpd[3880]: warning: 88.157.59.198: hostname rev-88-157-59-198.tvtel.pt verification failed: Name or service not known
May 24 00:40:12 teiast postfix/smtpd[3880]: connect from unknown[88.157.59.198]
May 24 00:40:12 teiast postfix/smtpd[3880]: C73111CF3C4: client=unknown[88.157.59.198], sasl_method=PLAIN, [email protected]
May 24 00:40:12 teiast postfix/cleanup[3883]: C73111CF3C4: message-id=<[email protected]>
May 24 00:40:12 teiast postfix/qmgr[3692]: C73111CF3C4: from=<[email protected]>, size=535, nrcpt=1 (queue active)
May 24 00:40:12 teiast postfix/smtpd[3880]: disconnect from unknown[88.157.59.198]
May 24 00:40:13 teiast postfix/smtp[3884]: C73111CF3C4: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.35, delays=0.21/0.11/0.03/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])

postqueue -p

Code:

C73111CF3C4      535 Thu May 24 00:40:12  [email protected]
           (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])
                                         [email protected]

main.cfg

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = teiast.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, localhost.localdomain
relayhost = smtp.gmail.com
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_enforce_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes

 

Ok, can you undo the steps from my last post?
Afterwards, please post the output of

Code:

telnet localhost 25

and then

Code:

ehlo localhost

 

220 teiast.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-teiast.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

 

Hm, STARTTLS is there...