My e-mail server has ended up in Backscatterer blacklist, informs mxtoolbox.com. Is there a way to find out why mail server ended up on that list? Any way to prevent this happening again? https://mxtoolbox.com/problem/blacklist/BACKSCATTERER
The most likely reason is that one of your accounts accepts emails which then get forwarded to another server which then rejects it. Example: you accept emails for [email protected] and forward it to [email protected], if gmail would reject an incoming email e.g. because it's spammy, then this email will probably become backscatter.
Contibuting factor may have been error in postfix main.cf. I noticed it had line Code: smtpd_recipient_restrictions = permit_mynetworks, That is everything missing after first comma. I believe this happened last week when I updated ISPConfig to 3.1.14p2. Maybe my conf-custom file was bad, I copied it again from install/tpl and added my modifications. Your diagnosis may be correct. It is indeed a problem with users forwarding their mails to GMail, I have constantly in mailq entries like Code: Our system has detected that this message is 421-4.7.0 suspicious due to the nature of the content and/or the links within. 421-4.7.0 To best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information.
I fixed the postfix main.cf, but looks like graylisting still does not work. This is screenshot from mailgraph: Graylisting stopped right after updating ISPConfig. I did remember to restart postfix after modifying main.cf.
Maybe you had greylisting enabled globally before, directly in main.cf? Or did you enable it on a per-mailbox basis with the checkbox in the mailbox settings? And postgrey is started?
I have enabled greylisting per mailbox, in ISPConfig settings. I have not thought about enabling it in main.cf. But I suppose I can not, since not all users may want greylisting, and at least one user is adamant mails must arrive without any delay. Postgrey is running: Code: systemctl status postgrey.service ● postgrey.service - LSB: Start/stop the postgrey daemon Loaded: loaded (/etc/init.d/postgrey; generated; vendor preset: enabled) Active: active (running) since Thu 2019-07-25 18:59:32 EEST; 4 days ago Docs: man:systemd-sysv-generator(8) Process: 1001 ExecStart=/etc/init.d/postgrey start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/postgrey.service └─1156 postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023 heinä 30 13:11:55 ispc6 postgrey[1156]: action=pass, reason=triplet found, client_name=newsletters.bigocode.info, client_address=167.99.66.61, sender=bounce@bi heinä 30 13:11:55 ispc6 postgrey[1156]: cleaning up old logs... heinä 30 13:23:54 ispc6 postgrey[1156]: action=pass, reason=client whitelist, client_name=mail-oln040092067095.outbound.protection.outlook.com, client_address= heinä 30 13:31:28 ispc6 postgrey[1156]: action=pass, reason=client AWL, client_name=sypressi2.dnainternet.net, client_address=83.102.40.154, sender=bounce30825 Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
hi Taleman, Have you solved this issue with greylisting? I had exactly that same message because one user set two @gmail.com addressess inside the "Copy " option of his ISCP panel. The problem was an high number of Facebook notifications ([email protected]) going to these 2 Gmail accounts. And Gmail servers blocked them with that message. It seems they block the forwarded facebook notifications To avoid the blacklist I was forced to put the domain "facebookmail.com DISCARD" inside /etc/postfix/sender_access , and to inform the user. If you have another solution it would be good to know it. thanks
We are solving different problems. My problem was graylisting was not working. I got it working fixing my postfix/main.cf Before that my server was on blacklist, but I just wait until it gets removed. I know no other way than preventing uses from forwarding their e-mails to other mail systems to prevent ending up in some blacklist since all mailboxes receive so much spam.