[ISPConfig3][POSTFIX] All outgoing mail goes into spam, and takes time to deliver.

Discussion in 'General' started by djokerno1e, May 17, 2020.

  1. djokerno1e

    djokerno1e New Member

    Hi! I need help in terms of reconfiguration of my server because all mail goes into spam on gmail etc..
    I have vps server on OVH that has ISPConfig3 installed on it with postfix, I use this server for hosting websites, and have a few domains here and all of them require email, and those email domains are expected to work. So I tried configuring SPF, DMARC, DKIM and that is properly configured.
    I configured also MX and reverse PTR records but I don't know is it properly configured.
    I tried everything I could do....

    My main domain is n*****uch.co and here are dns records for it :
    Code:
    A    @    54.xx.xx.23    1 Hour
    A    mail    54.xx.xx.23    1 Hour
    MX    @    mail.n*****uch.co (Priority: 1)    1 Hour
    
    When I check for host of both domain and ip address i get this
    Code:
    host mail.n*****uch.co
    mail.n******uch.co has address 54.xx.xx.23
    
    host 54.xx.xx.23
    23.xx.xx.54.in-addr.arpa domain name pointer n******uch.co.
    Second domain jc*******es.ca DNS records
    Code:
    A    @    54.xx.xx.23    1 Hour
    MX    @    mail.jc********s.ca (Priority: 0)    1 Hour
    Host terminal command for this domains returns me this:
    Code:
    host jc*********s.ca
    jc*******s.ca has address 54.xx.xx.23
    jc*******s.ca mail is handled by 0 mail.jc*********s.ca.
    My postfix main.cf file :
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = vpsXXXXX.ovh.net
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, $
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_$
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject$
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_se$
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtp_header_checks = pcre:/etc/postfix/header_checks.pcre
    
    My /etc/hosts file:
    Code:
    # Your system has configured 'manage_etc_hosts' as True.
    # As a result, if you wish for changes to this file to persist
    # then you will need to either
    # a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl
    # b.) change or remove the value of 'manage_etc_hosts' in
    #     /etc/cloud/cloud.cfg or cloud-config from user-data
    #
    127.0.1.1 n*****uch.co n******uch
    54.37.75.23 n******uch.co n******uch
    127.0.1.1 vpsXXXXX.ovh.net vpsXXXXX
    127.0.0.1 localhost
    
    # The following lines are desirable for IPv6 capable hosts
    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    
    Also my mails sent from this server need sometimes need up to few minutes to deliver to recipient (average case about 3 minutes).
    I am very thankful in advance.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. djokerno1e

    djokerno1e New Member

  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I do not understand that question.
    Compare how you installed your server to the tutorial. Or compare the setup that you have now to the one described in the tutorial. Then the tutorial has chapter about Troubleshooting, use that to find out what is not working.
     
  5. djokerno1e

    djokerno1e New Member

    I followed this tutorial, so I had to change mydestination parameter. So, because n*****uch.co is my main domain, and I set hosts and hostname to mail.n*****uch.co when I send mail from jc*******s.ca it displays in header Recieved from mail.n*****uch.co (mail.n******uch.co. [54.xx.xx.23]) Is it normal, and is it the reason because mails are getting into spam?
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  7. djokerno1e

    djokerno1e New Member

    I configured all of dns authentication (SPF, DKIM, DMARC, and MX records), but mails still go into spam. The reason why gmail puts my mail into spam is "It is similar to messages that were identified as spam in the past.".

    The only problems mxtoolbox domain check are these but I don't think they are the cause of this.
    Code:
    dmarc    n*****uch.co    DMARC Quarantine/Reject policy not enabled
    
    mx    n*****uch.co    DMARC Quarantine/Reject policy not enabled
    
    dns    n*****uch.co    SOA Expire Value out of recommended range
    I have 2 websites that have wordpress installed on them and they are sending reports weekly, and they are going into spam folder in gmail.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You could have stated that right away. That reason has nothing to do with SPF or DKIM.
    Reports I get from my server also tend to get marked as SPAM. Maybe some persons mark as SPAM the reports they get, instead of asking to no longer receive them. This makes reports look like spam for all users.
     
  9. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    To be quite frank, gmail will always spam your emails from a private mail server. In fact most public mail providers will do so until you have enough people manually taking your emails out of junk and accepting it to their inbox, the numbers required however I couldn't tell you.

    However you are headed in the right direction with dkim, dmark and spf because without those your mail will always hit the spam folder no matter how many users accept you.

    I don't know how strict your policy is but you can use dmarcian,eu to test out your policies so you start off on ~all on the spf record, ~ is neutral, most mail will be junked but you need to do it while you use dmarcian to check your mails are being delivered properly from all of your mail sources (website? mail server and possibly any mail proxy you might use). You can then move to the strict policy. Once you are set to strict your mail is more likely to be accepted but might still be junked.
     
  10. Steini86

    Steini86 Active Member

    Chris_UK likes this.
  11. djokerno1e

    djokerno1e New Member

    Thank you, that means everything further is up to spam algorithm of receiver's mailbox.
    But now there is another problem, I cannot receive mails on my server, whenever I try to send, I get back Mailer Daemon message that contains:
    Code:
    This is the mail system at host mail.n******uch.co.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to postmaster.
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                       The mail system
    
    <m*****@n******uch.co>: unknown user: "m****"
    
    What should I do to fix this? Thanks in advance
     
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It means that the mailbox doesn't exist. Did you create it in ISPConfig, and is it correctly spelled (both in ISPConfig and in the adress bar)?
     
  13. djokerno1e

    djokerno1e New Member

    Yes it is correct, but after reconfiguration it cannot receive mails anymore.
     
  14. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share your postfix config? (/etc/postfix/main.cf)
     
  15. djokerno1e

    djokerno1e New Member

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = mail.n******uch.co
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtp_header_checks = pcre:/etc/postfix/header_checks.pcre
    
    Here it is, thanks
     
  16. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Remove $mydomain from mydestination.
     
  17. djokerno1e

    djokerno1e New Member

    Thank you, it is now solved, but my mails stay in the queue for about 4 minutes, for both outcoming and incoming mails, which wasn't used to be that long before. What could cause that?
     
  18. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Check the mail log, eg. pick one specific message and search for the message queue
    IDs. Note that each message is reinjected back into postfix after being sent to amavis, so the full logs for a message will involve two queue IDs.
     
  19. djokerno1e

    djokerno1e New Member

  20. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    ok. looks like your clamav (amavis) is getting killed because it runs out of memory.
    your mail service then can't do anything with the mail because it can pass it through clamav for scanning.

    you need to increase the amount of ram, or find out what's using it all, and why.
     
    Th0m likes this.

Share This Page