Mail from server flagged as spam by gmail

Discussion in 'Installation/Configuration' started by anark10n, Jan 14, 2020.

  1. anark10n

    anark10n Member

    Hey there
    As the title says, mail from any domain on my server is being flagged as spam by gmail, when it wasn't the case before. Currently on Debian 9 using postfix. mail-tester.com, port25.com, mxtoolbox.com, isnotspam.com all report green; and my mail server does not appear in the blacklists that i've checked. I'm at a loss as to what to try next. Only gmail flags my mails as spam, even after i tell gmail that the messages are not spam, the same message will still go to spam. I'm at a loss as to what else to check, any help would be much appreciated.
     
  2. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    have you got verified correct SPF, DKIM and DMARC records set up for the domain that you're sending from?

    have you got a gmail account you can access? send an email to from the domain that keeps getting marked to spam and then look at it in gmail, you might need to open it in a new window, or select show original, so that you can see the full header details for the email.
    if you check those headers it should indicate if it's failing any SPF or DKIM checks.
     
  3. anark10n

    anark10n Member

    Checked the header details from the gmail web portal, reports my SPF and DKIM have passed.
    Code:
    Delivered-To: [email protected]
    Received: by 2002:ac2:5459:0:0:0:0:0 with SMTP id d25csp5420274lfn;
            Tue, 14 Jan 2020 02:34:14 -0800 (PST)
    X-Google-Smtp-Source: APXvYqzXDveFq9NTvbQC2NA6YnlCoEEr6nQZLC44My7UzAGHvVLEWO07LWZbCBJqEzxSPhqKRqP6
    X-Received: by 2002:a05:6638:21a:: with SMTP id e26mr14739110jaq.53.1578998054283;
            Tue, 14 Jan 2020 02:34:14 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1578998054; cv=none;
            d=google.com; s=arc-20160816;
            b=RkaQMFsDvAIeASpd9DrWOhoMqMpXnl8gA7gUi+ZpfPiSwcYhOWY3yhtbnlNGQOD4IB
             2I2krOHk7HOlsYxmmcxo/DQBJyg7+tOFdovJznaQDpt4VUX/jK5FdHfruwINt1VlETwq
             yuVIBfN12oDr6yiFFN35dCHV37WlBZP6tnlLFT9m14PRxbWmEJ9kiGfPEqgT4POfSV64
             9MTrDQwa41jdwcfqKq5uui/sZq5Fgloi4b0IYPpJcRXwkyCJjISV/lg4SBYWX62iySHG
             2MuzbqsY9FyYMLDaVvIXjVahws6pRA896iX89zibTnjWHZe/RH2SNBTyfZdpeqQ5gbC8
             Bdiw==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
            h=user-agent:message-id:subject:to:from:date
             :content-transfer-encoding:mime-version:dkim-signature;
            bh=QujJjZ9HQcnQ1rWAjZi11UmMlDHpRNp5D4ktFS5FBd8=;
            b=wNQUHfUgaXXXbE4tsHiXNUW+RV6s1foAdslwNR2zIiG44AsAiKwXvdKl8LtPkJrULz
             QQfe3mbVT1GDSfvIYs0vX3QLsxrTaVh/ZKVrVn31Iyr69dp5hbBkgi0kby/xPfv2X8Uf
             tGcRf4ocVRNzHjwZzr5InN1N0oD0NVAjxJaovdRUqsFbn7y4SKvYyt/Vq5WJu77p37F3
             3Pf03tvWGaPTREUfLNMfeiDAlyl4WkTgz+iqnI/rcsGDHsDR5qf0HiosskLcmETHngjg
             YaJn/xTaxUpi/4a4OWm1P/RLviLsbazUWqjPr8wrWK8/NC+th4MVOLI+s2nqNI8XXhZY
             E5Cw==
    ARC-Authentication-Results: i=1; mx.google.com;
           dkim=pass [email protected] header.s=default header.b=ubVGhxjL;
           spf=pass (google.com: domain of [email protected] designates IP.AD.DR.ESS as permitted sender) [email protected];
           dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=anarkware.org
    Return-Path: <[email protected]>
    Received: from hostname.domain.tld (hostname.domain.tld. [IP.AD.DR.ESS])
            by mx.google.com with ESMTPS id j9si13858460iof.146.2020.01.14.02.34.14
            for <[email protected]>
            (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
            Tue, 14 Jan 2020 02:34:14 -0800 (PST)
    Received-SPF: pass (google.com: domain of [email protected] designates IP.AD.DR.ESS as permitted sender) client-ip=IP.AD.DR.ESS;
    Authentication-Results: mx.google.com;
           dkim=pass [email protected] header.s=default header.b=ubVGhxjL;
           spf=pass (google.com: domain of [email protected] designates IP.AD.DR.ESS as permitted sender) [email protected];
           dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=anarkware.org
    Received: from localhost (localhost.localdomain [127.0.0.1]) by hostname.domain.tld (Postfix) with ESMTP id 3318F41D8D for <[email protected]>; Tue, 14 Jan 2020 10:33:55 +0000 (UTC)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anarkware.org; h= user-agent:message-id:subject:subject:from:from:date:date :content-transfer-encoding:content-type:content-type :mime-version; s=default; t=1578998034; x=1580812435; bh=QujJjZ9 HQcnQ1rWAjZi11UmMlDHpRNp5D4ktFS5FBd8=; b=ubVGhxjLSCRE42JEmVbW06A eHEP9YUx7HzQAiiFM53XQHRn14hqAYKB/mhc0KzKI5X3pZwo6RIkksexjHwGyNBb UTES+pRrcFeiJ5CX1rX4UKYqxz9sjlr45UJkmk7aJ4Nw2HAoju0A9C1c8SoP644D 7tsTEwchSnu8W9LjnoXE=
    X-Virus-Scanned: Debian amavisd-new at hostname.domain.tld
    Received: from hostname.domain.tld ([127.0.0.1]) by localhost (hostname.domain.tld [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id leqY55Mbvn1k for <[email protected]>; Tue, 14 Jan 2020 10:33:54 +0000 (UTC)
    Received: from domain.tld (localhost [IPv6:::1]) by hostname.domain.tld (Postfix) with ESMTP id B1B5F41CDB for <[email protected]>; Tue, 14 Jan 2020 10:33:54 +0000 (UTC)
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII; format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Tue, 14 Jan 2020 12:33:54 +0200
    From: [email protected]
    To: [email protected]
    Subject: Spectrum analysis report
    Message-ID: <[email protected]>
    X-Sender: [email protected]
    User-Agent: Roundcube Webmail/1.2.3
    
    Results inconclusive.
    
    These are the header details with identifying details fudged.
     
    Last edited: Jan 15, 2020
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  5. Steini86

    Steini86 Active Member

    Google has outsourced the spam detection to the remote host (you). They require you to register here and fill the forms: https://gmail.com/postmaster
     
  6. anark10n

    anark10n Member

    Yeah, the headers in my previous post were taken from the gmail tool. It's the one that reported that my SPF and DKIM checks passed, but the message still ends up in my spam folder.

    Do I need to do something else on my server outside of adding the TXT to my DNS records?
     
  7. Steini86

    Steini86 Active Member

    If it shows you a good/green status and you apply to all the common best practices (SPF/DMARC/DANE...) then you should be fine. Maybe it takes some time to take effect. If it still does not work, go through the sender guidelines required by google: https://support.google.com/mail/answer/81126
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I was experiencing the same issue when I just set up my server. I disabled sending over IPv6 to gmail.com adresses because this was giving issues sometimes (only with gmail, and no other provider). I saw that in the DMARC reports. Does mail-tester.com give you a 10/10 score, and how old is/are the domain(s) of the mailserver and sending adress?
    It can take weeks before your email will not be marked as spam anymore. If SPF, DKIM, and DMARC are correctly setup and there is no abuse of your server it should be working soon.
     
  9. florian030

    florian030 Well-Known Member HowtoForge Supporter

    It seems, that you did not set a ptr for the ipv6.
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    No, PTR was and is configured. DKIM failed sometimes on IPv6, but not on IPv4. Weird issue.
     
  11. anark10n

    anark10n Member

    I didn't know about DANE, so I don't think I have it configured on my server. Are there any other areas I should cover?
    The spam flagging is happening to all of my domains, both old and new. The server has been operational for ~3 years, and this started happening only recently. Mail-tester.com gives me a 10/10 for all of my messages from my server, for any of the domains, as well as getting a pass from all the other mail testers i've tried. I've added the TXT record from the Postmaster tools to the DNS records of my domains, but messages are still going to spam. I don't have IPv6 configured on my server at the moment, could that be an issue?
     
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    DANE is not required and you shouldn't use it unless you know what you're doing.
    No IPv6 configured can't be the issue. Probably one of your users is sending out spam, you should check the logs and see if someone is sending out a suspicious traffic. Did you run a blacklist check? https://mxtoolbox.com/blacklists.aspx
     
  13. florian030

    florian030 Well-Known Member HowtoForge Supporter

    dkim is not related to the protocol. did you try a stronger dkim-key?
     
  14. anark10n

    anark10n Member

    Thanks for the heads up on DANE, i usually try these things out on my test server before applying them to my real server. And yes, I checked mxtoolbox, my server doesn't appear on their blacklists that i've checked, or on any other blacklist that i've checked.
    What would suspicious traffic look like in the logs? I check them regularly, and there's not a high amount of traffic for any of my clients.
     
  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I understand that it's not related, so it's a very weird issue. It's a 4096 bit key, generated by ISPC.
     
  16. anark10n

    anark10n Member

    How do i check and/or change the number of bits used for my DKIM signature? Gmail says it doesn't authenticate messages that use fewer than 1024 bits and I want to make sure that mine does.
     
  17. florian030

    florian030 Well-Known Member HowtoForge Supporter

    server-config dkim-strength
     

Share This Page