Hi, I am having issues with gmail blacklisting us. The only emails I can see as being potentially counted as spam are those we are sending bounce responses to where they have been sent to use from someone faking a gmail account addresses. For some of these messages we are then getting a bounce from gmail such as this: Apr 24 11:35:22 srv5 postfix/smtp[13134]: 32D8F47B: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b]:25, delay=0.41, delays=0.07/0/0.06/0.28, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b] said: 550-5.7.1 [2001:8d8:86d:f00::6d:5104 12] Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. w48si7722162eel.146 - gsmtp (in reply to end of DATA command)) So it looks like they are counting this as spam. How do I set things up in postfix to avoid this response? Thanks, James
First, you must find out which software is sending these messages to gmail as the default postfix setup of ispconfig is nots ending bounces in case that a email address does not eexit, it rejects the incoming email instead which does not cause a blacklisting from google. The word bounce in the error message above is not indicating that you send a bounce to gmail. it means that gmail did not accpet (bounce) this mail. check your mailqueue, maybe a website is sending spam message or a email account has been hacked. you can inspect email messages with the postcat command.
Hi Till The message is being sent to a legitimate email account but has a .exe file attached in this example so is being caught by amavis which sends it to our banned email account I have setup and then sends a response to the gmail originator. Here are the preceding log messages: Apr 24 11:35:22 srv5 postfix/qmgr[2684]: DCBAA3F9: from=<[email protected]>, size=43964, nrcpt=1 (queue active) Apr 24 11:35:22 srv5 postfix/smtpd[13133]: connect from localhost.localdomain[127.0.0.1] Apr 24 11:35:22 srv5 postfix/smtpd[13133]: 1DD1047A: client=localhost.localdomain[127.0.0.1] Apr 24 11:35:22 srv5 postfix/cleanup[13114]: 1DD1047A: message-id=<[email protected]> Apr 24 11:35:22 srv5 postfix/smtpd[13145]: disconnect from unknown[83.149.44.150] Apr 24 11:35:22 srv5 postfix/qmgr[2684]: 1DD1047A: from=<[email protected]>, size=44707, nrcpt=1 (queue active) Apr 24 11:35:22 srv5 postfix/smtpd[13133]: disconnect from localhost.localdomain[127.0.0.1] Apr 24 11:35:22 srv5 postfix/smtpd[13133]: connect from localhost.localdomain[127.0.0.1] Apr 24 11:35:22 srv5 postfix/smtpd[13133]: 32D8F47B: client=localhost.localdomain[127.0.0.1] Apr 24 11:35:22 srv5 postfix/cleanup[13114]: 32D8F47B: message-id=<[email protected]> Apr 24 11:35:22 srv5 postfix/pipe[13201]: 1DD1047A: to=<[email protected]>, relay=maildrop, delay=0.13, delays=0.07/0/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service) Apr 24 11:35:22 srv5 postfix/qmgr[2684]: 1DD1047A: removed Apr 24 11:35:22 srv5 postfix/qmgr[2684]: 32D8F47B: from=<>, size=4635, nrcpt=1 (queue active) Apr 24 11:35:22 srv5 postfix/smtpd[13133]: disconnect from localhost.localdomain[127.0.0.1] Apr 24 11:35:22 srv5 amavis[12422]: (12422-04) Blocked BANNED (.exe,March 2014.docx.exe) {BouncedInternal,Quarantined}, DKIM_ALWAYS LOCAL [83.149.44.150]:2222 [83.149.44.150] <[email protected]> -> <[email protected]>, quarantine: [email protected], Queue-ID: DCBAA3F9, Message-ID: <[email protected]>, mail_id: GBrgZfR1o2XZ, Hits: -, size: 43963, 225 ms Apr 24 11:35:22 srv5 postfix/smtp[13296]: DCBAA3F9: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.4, delays=1.1/0/0/0.23, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=12422-04, BOUNCE) Apr 24 11:35:22 srv5 postfix/qmgr[2684]: DCBAA3F9: removed and then the message I posted first: Apr 24 11:35:22 srv5 postfix/smtp[13134]: 32D8F47B: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b]:25, delay=0.41, delays=0.07/0/0.06/0.28, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b] said: 550-5.7.1 [2001:8d8:86d:f00::6d:5104 12] Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/a...&answer=188131 for 550 5.7.1 more information. w48si7722162eel.146 - gsmtp (in reply to end of DATA command)) Any ideas. James
It is not a good idea to "bounce" banned content messages to the original sender. This way every spammer can abuse your server to spam, since mails with faked sender are returned to those addresses. A delivery status message has the original mail attached or at least some headers that might identify it as spam, so you will always be treated as spammer sooner or later in this case.
Hi Croydon This is what I thought, my only issue now is how do I stop it happening? My system is based on: Debian Wheezy Postfix ISPconfig Courier If you can point me in the right direction it would be greatly appreciated.
There is a setting in /etc/amavis/conf.d/50-user $final_banned_destiny = xxxx; I think you could either set it to D_PASS if you want to allow those files to come through, or set it to D_DISCARD to have those mails silently dropped. Currently it is set to D_BOUNCE, I think.
Hi Croydon You were absolutely right, under etc/amavis/conf.d/50-user I had $final_virus_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_bad_header_destiny = D_PASS; So I have now changed these all to D_DISCARD with the exception of header density which stayed as D_PASS and guess what, no more bounced on banned emails. Many thanks for your help with, you wouldn't believe how long I've been looking for a way to turn this off. James