Mail server added to backscatterer blacklist

My e-mail server has ended up in Backscatterer blacklist, informs mxtoolbox.com. Is there a way to find out why mail server ended up on that list? Any way to prevent this happening again?
https://mxtoolbox.com/problem/blacklist/BACKSCATTERER

 

Contibuting factor may have been error in postfix main.cf. I noticed it had line

Code:

smtpd_recipient_restrictions = permit_mynetworks,

That is everything missing after first comma. I believe this happened last week when I updated ISPConfig to 3.1.14p2. Maybe my conf-custom file was bad, I copied it again from install/tpl and added my modifications.
Your diagnosis may be correct. It is indeed a problem with users forwarding their mails to GMail, I have constantly in mailq entries like

Code:

Our system has detected that this message is 421-4.7.0 suspicious due to the nature of the content and/or the links within. 421-4.7.0 To best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0  https://support.google.com/mail/answer/188131 for more information.

 

I fixed the postfix main.cf, but looks like graylisting still does not work. This is screenshot from mailgraph:

Graylisting stopped right after updating ISPConfig. I did remember to restart postfix after modifying main.cf.

 

I have enabled greylisting per mailbox, in ISPConfig settings. I have not thought about enabling it in main.cf. But I suppose I can not, since not all users may want greylisting, and at least one user is adamant mails must arrive without any delay.
Postgrey is running:

Code:

systemctl status postgrey.service
● postgrey.service - LSB: Start/stop the postgrey daemon
   Loaded: loaded (/etc/init.d/postgrey; generated; vendor preset: enabled)
   Active: active (running) since Thu 2019-07-25 18:59:32 EEST; 4 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1001 ExecStart=/etc/init.d/postgrey start (code=exited, status=0/SUCCESS)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/postgrey.service
           └─1156 postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023

heinä 30 13:11:55 ispc6 postgrey[1156]: action=pass, reason=triplet found, client_name=newsletters.bigocode.info, client_address=167.99.66.61, sender=bounce@bi
heinä 30 13:11:55 ispc6 postgrey[1156]: cleaning up old logs...
heinä 30 13:23:54 ispc6 postgrey[1156]: action=pass, reason=client whitelist, client_name=mail-oln040092067095.outbound.protection.outlook.com, client_address=
heinä 30 13:31:28 ispc6 postgrey[1156]: action=pass, reason=client AWL, client_name=sypressi2.dnainternet.net, client_address=83.102.40.154, sender=bounce30825
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

 

hi Taleman,

Have you solved this issue with greylisting?

I had exactly that same message because one user set two @gmail.com addressess inside the "Copy " option of his ISCP panel.

The problem was an high number of Facebook notifications ([email protected]) going to these 2 Gmail accounts. And Gmail servers blocked them with that message. It seems they block the forwarded facebook notifications

To avoid the blacklist I was forced to put the domain "facebookmail.com DISCARD" inside /etc/postfix/sender_access , and to inform the user.

If you have another solution it would be good to know it.


thanks

 

We are solving different problems.
My problem was graylisting was not working. I got it working fixing my postfix/main.cf
Before that my server was on blacklist, but I just wait until it gets removed.
I know no other way than preventing uses from forwarding their e-mails to other mail systems to prevent ending up in some blacklist since all mailboxes receive so much spam.

 

oh.. ok. I understand