Hi! I need help in terms of reconfiguration of my server because all mail goes into spam on gmail etc.. I have vps server on OVH that has ISPConfig3 installed on it with postfix, I use this server for hosting websites, and have a few domains here and all of them require email, and those email domains are expected to work. So I tried configuring SPF, DMARC, DKIM and that is properly configured. I configured also MX and reverse PTR records but I don't know is it properly configured. I tried everything I could do.... My main domain is n*****uch.co and here are dns records for it : Code: A @ 54.xx.xx.23 1 Hour A mail 54.xx.xx.23 1 Hour MX @ mail.n*****uch.co (Priority: 1) 1 Hour When I check for host of both domain and ip address i get this Code: host mail.n*****uch.co mail.n******uch.co has address 54.xx.xx.23 host 54.xx.xx.23 23.xx.xx.54.in-addr.arpa domain name pointer n******uch.co. Second domain jc*******es.ca DNS records Code: A @ 54.xx.xx.23 1 Hour MX @ mail.jc********s.ca (Priority: 0) 1 Hour Host terminal command for this domains returns me this: Code: host jc*********s.ca jc*******s.ca has address 54.xx.xx.23 jc*******s.ca mail is handled by 0 mail.jc*********s.ca. My postfix main.cf file : Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = vpsXXXXX.ovh.net alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, $ smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_$ smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject$ smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_se$ smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 smtp_header_checks = pcre:/etc/postfix/header_checks.pcre My /etc/hosts file: Code: # Your system has configured 'manage_etc_hosts' as True. # As a result, if you wish for changes to this file to persist # then you will need to either # a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl # b.) change or remove the value of 'manage_etc_hosts' in # /etc/cloud/cloud.cfg or cloud-config from user-data # 127.0.1.1 n*****uch.co n******uch 54.37.75.23 n******uch.co n******uch 127.0.1.1 vpsXXXXX.ovh.net vpsXXXXX 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts Also my mails sent from this server need sometimes need up to few minutes to deliver to recipient (average case about 3 minutes). I am very thankful in advance.
There is Tutorial: https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/
I do not understand that question. Compare how you installed your server to the tutorial. Or compare the setup that you have now to the one described in the tutorial. Then the tutorial has chapter about Troubleshooting, use that to find out what is not working.
I followed this tutorial, so I had to change mydestination parameter. So, because n*****uch.co is my main domain, and I set hosts and hostname to mail.n*****uch.co when I send mail from jc*******s.ca it displays in header Recieved from mail.n*****uch.co (mail.n******uch.co. [54.xx.xx.23]) Is it normal, and is it the reason because mails are getting into spam?
Many e-mail domains on the e-mail server are OK. The tutorial talks about that in https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/#further-usage Have you set the MX record jc****s.ca to mail. n****uch.co? And SPF of jc****s.ca so it allows sending from mail.n***uch.co? The tutorial shows ways to test your setup, maybe those would be better tests than sending to GMail?
I configured all of dns authentication (SPF, DKIM, DMARC, and MX records), but mails still go into spam. The reason why gmail puts my mail into spam is "It is similar to messages that were identified as spam in the past.". The only problems mxtoolbox domain check are these but I don't think they are the cause of this. Code: dmarc n*****uch.co DMARC Quarantine/Reject policy not enabled mx n*****uch.co DMARC Quarantine/Reject policy not enabled dns n*****uch.co SOA Expire Value out of recommended range I have 2 websites that have wordpress installed on them and they are sending reports weekly, and they are going into spam folder in gmail.
You could have stated that right away. That reason has nothing to do with SPF or DKIM. Reports I get from my server also tend to get marked as SPAM. Maybe some persons mark as SPAM the reports they get, instead of asking to no longer receive them. This makes reports look like spam for all users.
To be quite frank, gmail will always spam your emails from a private mail server. In fact most public mail providers will do so until you have enough people manually taking your emails out of junk and accepting it to their inbox, the numbers required however I couldn't tell you. However you are headed in the right direction with dkim, dmark and spf because without those your mail will always hit the spam folder no matter how many users accept you. I don't know how strict your policy is but you can use dmarcian,eu to test out your policies so you start off on ~all on the spf record, ~ is neutral, most mail will be junked but you need to do it while you use dmarcian to check your mails are being delivered properly from all of your mail sources (website? mail server and possibly any mail proxy you might use). You can then move to the strict policy. Once you are set to strict your mail is more likely to be accepted but might still be junked.
Google requires you to register your domain and server here: https://www.gmail.com/postmaster/ Then you will get a better reputation over time.
Thank you, that means everything further is up to spam algorithm of receiver's mailbox. But now there is another problem, I cannot receive mails on my server, whenever I try to send, I get back Mailer Daemon message that contains: Code: This is the mail system at host mail.n******uch.co. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <m*****@n******uch.co>: unknown user: "m****" What should I do to fix this? Thanks in advance
It means that the mailbox doesn't exist. Did you create it in ISPConfig, and is it correctly spelled (both in ISPConfig and in the adress bar)?
Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.n******uch.co alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 smtp_header_checks = pcre:/etc/postfix/header_checks.pcre Here it is, thanks
Thank you, it is now solved, but my mails stay in the queue for about 4 minutes, for both outcoming and incoming mails, which wasn't used to be that long before. What could cause that?
Check the mail log, eg. pick one specific message and search for the message queue IDs. Note that each message is reinjected back into postfix after being sent to amavis, so the full logs for a message will involve two queue IDs.
Here is the part of mail.log when I recieved some email, it took about 3-4 minutes to show in inbox. https://pastebin.com/zbBm2Khj
ok. looks like your clamav (amavis) is getting killed because it runs out of memory. your mail service then can't do anything with the mail because it can pass it through clamav for scanning. you need to increase the amount of ram, or find out what's using it all, and why.
