Yahoo and Hotmail goes to Spam folder

Discussion in 'Server Operation' started by jem, Nov 21, 2020.

  1. jem

    jem New Member

    I need help trying to figure out why emails from my server goes to Hotmail and yahoo spam folder.
    I think its because postfix is using the localhost. CONNECT from localhost[127.0.0.1]. i have research online and try many different configuration which did not work. i don't know what to do next. if someone could help me that would be great.

    thanks
     
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    enable dkim + dmarc and check the mailheader at the destination.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    and make sure you have a SPF record for the domain and a rDNS record with your hostname for the external IP of your server.

    Eventually do a test with mail-tester.com and share the outcome.
     
  4. jem

    jem New Member

    Just let you know i have already have dkim + dmarc enabled.
    Here is the result for www.mail-tester.com
    https://www.mail-tester.com/test-lt6c2thpm

    upload_2020-11-22_10-3-54.png

    Here is the header result from yahoo
    the email still goes to the spam folder

    Received: from 10.197.36.138
    by atlas107.free.mail.bf1.yahoo.com with HTTP; Sun, 22 Nov 2020 15:02:56 +0000
    Return-Path: <[email protected]>
    Received: from 74.208.12.181 (EHLO ns6.domsrv.com)
    by 10.197.36.138 with SMTPs; Sun, 22 Nov 2020 15:02:56 +0000
    X-Originating-Ip: [74.208.12.181]
    Received-SPF: pass (domain of jemmot.com designates 74.208.12.181 as permitted sender)
    Authentication-Results: atlas107.free.mail.bf1.yahoo.com;
    dkim=pass [email protected] header.s=default;
    spf=pass smtp.mailfrom=jemmot.com;
    dmarc=success(p=REJECT) header.from=jemmot.com;
    X-Apparently-To: [email protected]; Sun, 22 Nov 2020 15:02:56 +0000
    X-YMailISG: imJccJMWLDvqMdet0j7zSEJedn3kT8f1uoESXft07ywVAkW.
    EXHEfXtF8gHk8ygRuiLLSMx61KqCmIuvyoPTyGz9E1l2b1v1C8LpyQW.wAfY
    GwnhWCRXD0tHypqL3FJixDHXc9SocGoTq9emsMBxh0QvQg1.9GXa8XY1MgpT
    CRP.H9B9G_0V_SMG63k.Q_7PYjuN_hv71rAATJ1aygQC4WPY6qRGXeqSbotF
    oapdvHlsn2bqR4x8JdkpCIw5LRRabnrWAISlEoBiwj9v6vPq7O.ro2E1n0cH
    1jKYjga8ybFeOcQvz_ludq2hesp00oDkbYGpuQJQGxEBXlD0fb8eNhPmZtzq
    .glaRrquqRA1rwFFTbYoTSjA1N9GhtriTq4bnll3aKJftcSlqpzrMrso1GWK
    R4h9hvI3VM8xTPgINGQauNzdWgdes65csRCrvl_8Xh5maNS7.E4m2xxK1nT_
    FPYLG5ooF7T5vX6RwOaC5jzvPUuftURETLtdiKC_RsB1NMpA8nZ2bz2XPsEO
    OU5bqerrfglOME2TAeRhrWCY_DT4.ksu8JSH42BJQ9k7EsGP13k85vCFnKtw
    JxL9bJR_9UP6pUNz3FsuqLtD5YRlA98PTrk3d7OSEAvd5ttpWCBexKV_R5rt
    ZFqNc5cQQckmcPW8_3tuxDMuKb4ildWdh4NhDPCWPLj9eXILdSDcz2CGZriA
    DokPezFWqaXkoOR2S0h4onS20Qjwcesm6zytssK5bFN9ZSClRfWKy91DHS4W
    Yx_p.7VcXzjHpr5VxG.P_byr3E2aViv_p45DVKubP1v.G2BwaGzwhoQOn4Gm
    hvGO6vXcWsNoTf8AdCufiGZhDOPWVzKunS6PEk6oi8fAASu2IxhgXiFK6hTV
    lGKVtRUSMQsIu8BW8Vql87lBgo4TgBninpC5qjydDVvCjwhnpfZ5.ZTo9plm
    zCxp2cTwx7C4qQCBHcCAtLLPWGwgpCtSLL6a2WcGe0bVteFn7v3hrh4yF6Ae
    .cJX9kW9lTEjAxB_G1yMjyb9y0hMa27sBx2gOasaO0FRlPPNO3DKru6FiUIs
    0eT_6tI0tw3SCn5uMi3P6oyCtfHVxT.YwjqCAamxWIzQN2LRS6TjxVWJoPns
    9rYOZsmiy8a_JL74dil2BypODCu6Z81eSZchXXQLTlAk7HZ9cn5ess2WBePS
    ZQ--
    Received: from localhost (ns6.domsrv.com [127.0.0.1])
    by ns6.domsrv.com (Postfix) with ESMTP id DE59F21E18
    for <[email protected]>; Sun, 22 Nov 2020 10:02:55 -0500 (EST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jemmot.com; h=
    content-language:x-mailer:content-type:content-type:mime-version
    :message-id:date:date:subject:subject:from:from; s=default; t=
    1606057375; x=1607871776; bh=0/Rd4N2V67OsHD4oWbS3hBs+H7e6BSGhLJi
    k/ByXEE8=; b=pAa+f8J6KFOgJyNXmGy2PRFOL2QGiDG1ybVFGztMgOr3vywkClc
    J1ZUavBnNvyomO8tTxQgtjPl3OG9K6goTfsZu3ihn8+A5tjk1Ho9wM9Qis3pbUig
    9yKnyrIvoHpVyUO7L7TxhyrcJJjYzKtfx8+dCpfR2FcnVGPvuxXbiopSBlb6Lm0c
    NeG0iIztPkYwggW90UG5tV3iMsKwoU+jlRA8hroXr+Ek9kHeb49ee6VtuDxsoI0y
    tB+BEBEDN4+N5bX0uacwHD0Ms/feXoJ0W8HjBwgQCYSNZZtXR+HI3GjW+6GEaWgh
    Zeo1l8RVJEuoRNLpjz+H3iS1NwBu8DylU+g==
    X-Virus-Scanned: Debian amavisd-new at ns6.domsrv.com
    Received: from ns6.domsrv.com ([127.0.0.1])
    by localhost (ns6.domsrv.com [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id OiKKNFG_8fdo for <[email protected]>;
    Sun, 22 Nov 2020 10:02:55 -0500 (EST)
    Received: from Jemdesktop (modemcable205.1-80-70.mc.videotron.ca [70.80.1.205])
    (Authenticated sender: [email protected])
    by ns6.domsrv.com (Postfix) with ESMTPSA id 52C9421E17
    for <[email protected]>; Sun, 22 Nov 2020 10:02:55 -0500 (EST)
    From: "jem" <[email protected]>
    To: <[email protected]>
    Subject: reply to this email please
    Date: Sun, 22 Nov 2020 10:02:55 -0500
    Message-ID: <001301d6c0e0$8f60ee70$ae22cb50$@com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0014_01D6C0B6.A68AE670"
    X-Mailer: Microsoft Office Outlook 12.0
    Thread-Index: AdbA4IRgz9yklpL3TWCZ6A/b/YG66w==
    Content-Language: en-us
    X-Antivirus: Avast (VPS 201122-2, 11/22/2020), Outbound message
    X-Antivirus-Status: Clean
    Content-Length: 3115

    This is a multipart message in MIME format.

    ------=_NextPart_000_0014_01D6C0B6.A68AE670
    Content-Type: text/plain;
    charset="us-ascii"
    Content-Transfer-Encoding: 7bit

    reply to this email please



    --
    This email has been checked for viruses by Avast antivirus software.
    https://www.avast.com/antivirus

    ------=_NextPart_000_0014_01D6C0B6.A68AE670
    Content-Type: text/html;
    charset="us-ascii"
    Content-Transfer-Encoding: quoted-printable

    <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:eek:=3D"urn:schemas-micr=
    osoft-com:eek:ffice:eek:ffice" xmlns:w=3D"urn:schemas-microsoft-com:eek:ffice:word" =
    xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
    //www.w3.org/TR/REC-html40">

    <head>
    <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"=
    >
    <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
    <style>
    <!--
    /* Font Definitions */
    @font-face
    {font-family:"Cambria Math";
    panose-1:2 4 5 3 5 4 6 3 2 4;}
    @font-face
    {font-family:Calibri;
    panose-1:2 15 5 2 2 2 4 3 2 4;}
    /* Style Definitions */
    p.MsoNormal, li.MsoNormal, div.MsoNormal
    {margin:0in;
    margin-bottom:.0001pt;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";}
    a:link, span.MsoHyperlink
    {mso-style-priority:99;
    color:#0563C1;
    text-decoration:underline;}
    a:visited, span.MsoHyperlinkFollowed
    {mso-style-priority:99;
    color:#954F72;
    text-decoration:underline;}
    span.EmailStyle17
    {mso-style-type:personal-compose;
    font-family:"Calibri","sans-serif";
    color:windowtext;}
    =2EMsoChpDefault
    {mso-style-type:export-only;}
    @page Section1
    {size:8.5in 11.0in;
    margin:1.0in 1.0in 1.0in 1.0in;}
    div.Section1
    {page:Section1;}
    -->
    </style>
    <!--[if gte mso 9]><xml>
    <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
    </xml><![endif]--><!--[if gte mso 9]><xml>
    <o:shapelayout v:ext=3D"edit">
    <o:idmap v:ext=3D"edit" data=3D"1" />
    </o:shapelayout></xml><![endif]-->
    </head>

    <body lang=3DEN-US link=3D"#0563C1" vlink=3D"#954F72">

    <div class=3DSection1>

    <p class=3DMsoNormal>reply to this email please<o:p></o:p></p>

    </div>

    <div id=3D"DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
    <table style=3D"border-top: 1px solid #D3D4DE;">
    <tr>
    <td style=3D"width: 55px; padding-top: 13px;"><a href=3D"https://ww=
    w.avast.com/sig-email?utm_medium=3Demail&utm_source=3Dlink&utm_campaign=3Ds=
    ig-email&utm_content=3Demailclient" target=3D"_blank"><img src=3D"https://i=
    pmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-re=
    peat-v1.gif" alt=3D"" width=3D"46" height=3D"29" style=3D"width: 46px; heig=
    ht: 29px;" /></a></td>
    <td style=3D"width: 470px; padding-top: 12px; color: #41424e; font-size: =
    13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-=
    free. <a href=3D"https://www.avast.com/sig-email?utm_medium=3Demail&utm_sou=
    rce=3Dlink&utm_campaign=3Dsig-email&utm_content=3Demailclient" target=3D"_b=
    lank" style=3D"color: #4453ea;">www.avast.com</a>
    </td>
    </tr>
    </table><a href=3D"#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width=3D"1" heigh=
    t=3D"1"> </a></div></body>

    </html>

    ------=_NextPart_000_0014_01D6C0B6.A68AE670--
     

    Attached Files:

  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It might be that the spamfilter thinks the link to Avast is suspicious in combination with the short message, which is also a bit of spammy text?
     
  6. jem

    jem New Member

    Thanks for replying.
    is it possible to have my external ip show instead of Received: from localhost (ns6.domsrv.com [127.0.0.1]).
    i used reject_rbl_client multi.uribl.com in smtpd_recipient_restrictions and it was blocking all emails.
    http://uribl.com/refused.shtml
    54 5.7.1 Service unavailable; Client host [142.0.80.50] blocked using multi.uribl.com; 127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 74.208.114.135];
     
  7. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Yes, it would be possible to configure amavis to run on a public ip and you connect there, but this is not a problem, as thousands of other servers use this setup without causing any issue.

    Open the link from your log message and it explains what your issue is (ie. why multi.uribl.com is denying your DNS queries).
     
    Th0m likes this.
  8. jem

    jem New Member

    Just thank you all for your help. bellow is an error message i am getting from Yahoo. I think clients a sending massive email at once to yahoo clients what can i do to resolved this issue. thanks.

    (host mta6.am0.yahoodns.net[67.195.228.110] said: 421 [IPTS04] Messages from 74.208.12.181 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.verizonmedia.com/error-codes (in reply to end of DATA command))
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Find out who is sending out large volumes by looking into your mailq and mail.log. Change that user's password.

    I have this set in my Postfix main.cf:
    Code:
    anvil_rate_time_unit = 1h
    smtpd_client_recipient_rate_limit = 30
    Along with the default and ISPConfig settings this limits the max emails / h to 100 and max recipients to 30.
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Does the limiting work by discarding the 101st e-mail?
    Or the 101st e-mail during an hour is delayed and sent at the next hour?
     
  11. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Also clear spam sitting in your mail queue after changing the password.

    You can look into postfwd for a more configurable/flexible rate limiting setup.
     
    Th0m likes this.
  12. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I think you start getting a temp failure when sending, so an mta would queue and retry, while regular clients would need to resend manually; spammers might do either, but often do not retry.
     
    Th0m likes this.
  13. jem

    jem New Member

    Thank you all. i really appreciate the help. I received this error from Gmail. I do have DMARC policy
    this is not the first time this client get this error.

    enabled. what could be the reason why.
    <@gmail.com>: host gmail-smtp-in.l.google.com[2607:f8b0:4001:c19::1a]
    said: 550-5.7.26 Unauthenticated email from Domain.ca is not accepted
    due to 550-5.7.26 domain's DMARC policy. Please contact the administrator
    of 550-5.7.26 domain.ca domain if this was a legitimate mail. Please
    visit 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn
    about the 550 5.7.26 DMARC initiative. r9si6014144ill.52 - gsmtp (in reply
    to end of DATA command)
     
    Last edited: Nov 26, 2020
  14. jem

    jem New Member

    here's my main.cf configuration

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    myhostname = ns6.domsrv.com
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key

    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination



    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases

    #mydestination = ns6.domsrv.com, localhost, localhost.localdomain
    mydestination = ns6.domsrv.com


    #mydestination = /etc/postfix/local-host-names
    relayhost =
    #mynetworks = 127.0.0.0/8 [::1]/128
    #mynetworks = 74.208.12.181 127.0.0.0/8 [::1]/128
    mynetworks = 74.208.12.181 127.0.0.0/8 [::1]/128

    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023





    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps

    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    check_helo_access regexp:/etc/postfix/helo_access,
    reject_invalid_hostname, reject_non_fqdn_hostname,
    reject_invalid_helo_hostname,
    check_helo_access regexp:/etc/postfix/blacklist_helo


    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re,
    reject_authenticated_sender_login_mismatch,
    permit_mynetworks, permit_sasl_authenticated,
    check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf,
    check_sender_access regexp:/etc/postfix/tag_as_foreign.re

    ##smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org

    smtpd_client_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    check_client_access mysql:/etc/postfix/mysql-virtual_client.cf,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client b.barracudacentral.org

    smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_non_fqdn_helo_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_invalid_helo_hostname,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf,
    reject_rbl_client qq.com,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client pbl.spamhaus.org

    anvil_rate_time_unit = 1h just added these 2 lines
    smtpd_client_recipient_rate_limit = 30

    #smtpd_client_message_rate_limit = 100
    smtpd_client_message_rate_limit = 30

    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings

    message_size_limit = 0
    compatibility_level = 2



    smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
    smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
     
  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You need working SPF, DKIM, and DMARC records set up that allow your server to send mail for your domain.
     

Share This Page