Mail server: Difference between revisions

From miki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 4: Line 4:
* [[SMTP]]
* [[SMTP]]
* [[Postfix]]
* [[Postfix]]

== Guides ==
* https://jan.wildeboer.net/2022/08/Email-0-The-Journey-2022/
* https://vadosware.io/post/its-never-been-easier-or-harder-to-self-host-email/


== Testing ==
== Testing ==
Line 47: Line 51:
</source>
</source>


;Solution 1 &mdash; Install postsrsd
As reported [https://www.digitalocean.com/community/questions/temporarily-rate-limited-from-google-in-mail-relay here], the issue may be due to SPF, which "breaks" mail forwarding: we forward a mail with <code>@twitter.com</code> as sender domain, but our server is not authorized by the SPF record in twitter.com domain. The solution is to use [http://www.openspf.org/SRS SRS], which rewrites the sender address to match the domain of the forwarding server. Another solution is to use POP3 on Gmail to fetch mail from remote account instead.
:As reported [https://www.digitalocean.com/community/questions/temporarily-rate-limited-from-google-in-mail-relay here], the issue may be due to SPF, which "breaks" mail forwarding: we forward a mail with <code>@twitter.com</code> as sender domain, but our server is not authorized by the SPF record in twitter.com domain. The solution is to use [http://www.openspf.org/SRS SRS], which rewrites the sender address to match the domain of the forwarding server.

;Install [postsrsd]
:See [[Configuration Noekeon.org]].
:See [[Configuration Noekeon.org]].


;Solution 2 &mdash; Add offending sender to Gmail account contact list
;Clear mail queue
:May stop GMail to see your mail server as a bulk-sender-whatever.
The message, if rejected by Google, remains in the mail queue, and is resent regularly by postfix, triggering many logcheck messages. To clean the [[Postfix]] queue :

;Solution 3 &mdash; Install opendkim
:Not tested yet.

;Solution 4 &mdash; Use POP3 on Gmail to fetch from remote account
:This bypass Gmail filtering and hence we avoid the problem.

;Final solution &mdash; Clear mail queue
Fed up of logcheck spam because postfix can't forward the mail? Then just clear the [[Postfix]] queue :
<source lang=bash>
<source lang=bash>
mailq
mailq

Latest revision as of 05:39, 5 September 2022

Related pages:

Guides

Testing

See also IMAP and SMTP.

Troubleshooting

Google GMail - 421-4.7.0 black listing

References:

We get in /var/log/mail.log:

Sep  5 08:29:11 ober postfix/smtp[8491]: 43B4F22205: host gmail-smtp-in.l.google.com[66.102.1.27] said: 421-4.7.0 [91.134.133.203      15] Our system 
has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from 
your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0  https://support.google.com/mail/answer/81126 to review our Bulk 
Email 421 4.7.0 Senders Guidelines. jg8si2554443wjb.4 - gsmtp (in reply to end of DATA command)
Sep  5 08:29:11 ober postfix/smtp[8490]: 6FD32222D3: host gmail-smtp-in.l.google.com[66.102.1.27] said: 421-4.7.0 [91.134.133.203      15] Our system 
has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from 
your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 
421 4.7.0 review our Bulk Email Senders Guidelines. d66si5510162wmc.138 - gsmtp (in reply to end of DATA command)

Looking the source message, we see it is due to a forwarder from twitter to a gmail account:

grep 43B4F22205 /var/log/mail.log.1|head
# Sep  1 16:52:22 ober postfix/cleanup[8522]: 43B4F22205: message-id=<A8.4B.18871.79048C75@twitter.com>
# Sep  1 16:52:22 ober postfix/qmgr[2449]: 43B4F22205: from=<b0045f3e0b2keccakontwitter=noekeon.org@bounce.twitter.com>, size=21136, nrcpt=1 (queue active)
# Sep  1 16:52:22 ober postfix/local[8524]: A18C5222D1: to=<keccakontwitter@noekeon.org>, relay=local, delay=5.9, delays=5.8/0/0/0.06, dsn=2.0.0, status=sent (forwarded as 43B4F22205)
# Sep  1 16:52:22 ober postfix/smtp[8531]: 43B4F22205: host gmail-smtp-in.l.google.com[64.233.166.26] said: 421-4.7.0 [91.134.133.203      15] [...]
# Sep  1 16:52:23 ober postfix/smtp[8531]: 43B4F22205: to=<guido.bertoni@gmail.com>, orig_to=<keccakontwitter@noekeon.org>, relay=alt1.gmail-smtp-in.l.google.com[173.194.222.26]:25, [...]
grep keccakontwitter /etc/aliases
# keccakontwitter: gvabulk, mip, jda, gbe
grep ^gbe /etc/aliases
# gbe: guido.bertoni@gmail.com
Solution 1 — Install postsrsd
As reported here, the issue may be due to SPF, which "breaks" mail forwarding: we forward a mail with @twitter.com as sender domain, but our server is not authorized by the SPF record in twitter.com domain. The solution is to use SRS, which rewrites the sender address to match the domain of the forwarding server.
See Configuration Noekeon.org.
Solution 2 — Add offending sender to Gmail account contact list
May stop GMail to see your mail server as a bulk-sender-whatever.
Solution 3 — Install opendkim
Not tested yet.
Solution 4 — Use POP3 on Gmail to fetch from remote account
This bypass Gmail filtering and hence we avoid the problem.
Final solution — Clear mail queue

Fed up of logcheck spam because postfix can't forward the mail? Then just clear the Postfix queue :

mailq
# -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
# C8E5822246    61203 Tue May  2 18:52:15  SRS0=uPVF=4I=bounce.twitter.com=n0288f29604-ddce666005a144febeb7aa8cc3accd73-keccakontwitter===noekeon.org@noekeon.org
# (host alt1.gmail-smtp-in.l.google.com[74.125.131.26] said: 421-4.7.0 [91.134.133.203      15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.0 review our Bulk Email Senders Guidelines. u64si539507lfg.80 - gsmtp (in reply to end of DATA command))
#                                          night.moore.nm@gmail.com
# 
# -- 60 Kbytes in 1 Request.
postsuper -d ALL deferred