Inconsistent email processing with gmail

Discussion in 'Server Operation' started by anark10n, Sep 21, 2022.

Tags:
  1. anark10n

    anark10n Member

    Hey there
    So, I'm not sure where to put this, but I'm having some different email processing issues with gmail when sending to gmail from different domains on my server. Messages from one domain will pass and go to the inbox, another will go to spam, and yet another will be rejected outright with the following message:
    Code:
    host gmail-smtp-in.l.google.com[142.251.4.26] said:
       550-5.7.1 [<my server ip address>      19] Our system has detected that this message
       is 550-5.7.1 likely suspicious due to the very low reputation of the
       sending 550-5.7.1 domain. To best protect our users from spam, the message
       has been 550-5.7.1 blocked. Please visit 550 5.7.1
       https://support.google.com/mail/answer/188131 for more information.
       f5-20020a814145000000b0034575e93719si2984231ywk.424 - gsmtp (in reply to
       end of DATA command)
    
    I've tried copying the domain record settings from the domain that passes to the other domains, but i still get the same behaviour across the different domains. I've the google admin toolbox reports the same settings for all three domains, but I don't know why the wildly varying behaviours. Is there anything else I can check/configure to find out why the varying issues when sending from my server?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely google received spam from the blocked domains in the past. Ensure that you have set up SPF and dkim and DMARC records. And have you signed up for google postmaster tools already?
     
  3. anark10n

    anark10n Member

    Yep, all records set up correctly, even using the google recommended SPF records. Weirdly enough, google admin toolbox reports that 'DKIM is not set up' for all three domains, even though just about every other MX tester reports that i've tried reports that is.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Check if all dns servers responsible for that domain have the correct records, might be that one of the secondaries did not pick them up (split brain situation).
     
  5. anark10n

    anark10n Member

    Checked a few ns lookups and they all report that all nameservers have the same records, mxtoolbox.com being the most comprehensive and reporting that they contain the same TXT records.
    I went back to test DKIM and I get the following reports to the effect of "Message has a DKIM or DK signature, not necessarily valid" in most of them. Is that a problem? And if so, what steps do i take make sure it's valid?
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It means that most likely the DKIM record in your DNS zone is not the same as the DKIM key on your server. Have you compared those?
     
  7. anark10n

    anark10n Member

    Yeah, even generated a new DKIM key, and copy/pasted the key. Still get the same varying email issues between domains. And this only happens with gmail. Messages from all domains to yandex, zoho, and yahoo accounts all go to Inbox.
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  9. anark10n

    anark10n Member

    Yeah, that's one of the testers I tested with and I got a 10/10 score. Here's the result from the domain that's rejected outright by gmail as being suspicious.
     
  10. pyte

    pyte Active Member HowtoForge Supporter

    Well this is more and more an issue with small mail providers and self hosters. For some reason GMail is rejecting mails or flag them as spam even though the mail has no obvious faults. I've expiriencing similar issues with a lot of customer domains, which get send by the same mailserver.

    customer 1: SPF OK, no DKIM, no DMARC -> Mail passes through to GMail Inbox
    customer 2: SPF OK, DKIM OK, DMARC OK -> Mail passes through but lands in the Spam folder
    customer 3: SPF O, no DKIM, no DMARC -> Mail gets rejected

    We tested this with multiple mailboxes and body content, nothing changes. And it's not like that one of these domains sends massive amounts and the others dont.

    This seems to become more and more an issue with big mail providers like Google. There is no insight, what the reason for the rejection or flag is. We are trying to find out with the "Postmaster Tools" from GMail what might causing the issue, but as of now there are still no stats in the dashboard at all after 2 weeks.

    BTW your result link will not work this way :)
     
  11. anark10n

    anark10n Member

    I've sent a report of this to gmail, and got a response that i would have to wait 2 weeks for it to be seen, so no idea as to when i'd get a response, if at all. The postmaster tools stats only show based on volume, not on time. So unless you send a whole lot of mail to gmail regularly, you probably won't see any.

    The link stops working after some time, since it's a temporary email account that's used to test the message sent.
     
  12. pyte

    pyte Active Member HowtoForge Supporter

    Would be nice if you get it to responde here, may we get some insight too.
     
  13. anark10n

    anark10n Member

    Gave dkim another poke with a selector defined, and now google admin toolbox reports Invalid format of DKIM record. even though every other tester reports my dkim signature as valid. Google admin toolbox reports this same error for the other 2 domains whose messages go to inbox and spam respectively, so i'm guessing the google admin toolbox is just an unreliable mess.
     
  14. pyte

    pyte Active Member HowtoForge Supporter

    Always has been but they don't give a shit, sadly. I donsn't seems like these issues will get less in the future though. Big mail providers are trying to dictate what a valid E-Mail is and what not, on their own, because they simple can when everyone is using their service.

    A nice read about the topic: https://cfenollosa.com/blog/after-s...hrown-in-the-towel-the-oligopoly-has-won.html
     
  15. ahrasis

    ahrasis Well-Known Member

    Interesting article link you posted there. But I can't help to wonder if the above statement is at all true because so far that I know such mails will only ended in spam / junk folder unless the email address owner himself decided to filter such mails to be deleted. If they ended in spam / junk folder, the owner can filter them as not a spam for the future, but of course this is not what all email service providers wanted, which is not to be in spam / junk folder in the first place.
     
  16. pyte

    pyte Active Member HowtoForge Supporter

    Well i maintaine a pretty big mailserver with around 90mio mails a year. So far it seems like there are no cases of "hellbanning" that i know of, but i can imagine that Google and other big tech companys are using such practices because it is way easier to handle it that way. We will see in the near future i guess.

    I didn't had a single problem with my own mailserver hosted on a VPS for years now though it's only 1 domain and very little outgoing mails.
     

Share This Page