On 09/11/15 16:43, L.P.H. van Belle wrote: > >> -----Oorspronkelijk bericht----- >> Van: njo...@megan.vbhcs.org [mailto:owner-postfix-us...@postfix.org] >> Namens Noel Jones >> Verzonden: maandag 9 november 2015 16:05 >> Aan: postfix-users@postfix.org >> Onderwerp: Re: Disable spooling >> >> On 11/9/2015 3:46 AM, Paulo Matos wrote: >>> Hi, >>> >>> I have configured postfix with virtual users and virtual domains so I >>> have it configured to serve two domains AAA.com and BBB.com. However, >>> the machine hostname >>> is centauri (none of the hostname its serving). Reverse DNS is enabled >>> to one of the domains. I think that as a result of this setup I am >>> getting a good chunk of my emails blocked by google with the following >>> message: >>> >>> -------- >>> Reporting-MTA: dns; centauri >>> X-Postfix-Queue-ID: D8B6D22FD3 >>> X-Postfix-Sender: rfc822; pa...@matos-sorge.com >>> Arrival-Date: Thu, 5 Nov 2015 10:40:10 +0000 (GMT) >>> >>> Final-Recipient: rfc822; x...@yyy.com >>> Original-Recipient: rfc822; x...@yyy.com >>> Action: failed >>> Status: 5.7.1 >>> Remote-MTA: dns; aspmx.l.google.com >>> Diagnostic-Code: smtp; 550-5.7.1 >>> Our >>> system has detected an 550-5.7.1 unusual rate of unsolicited mail >>> originating from your IP address. To 550-5.7.1 protect our users >>> from spam, >>> mail sent from your IP address has been 550-5.7.1 blocked. Please >> visit >>> 550-5.7.1 https://support.google.com/mail/answer/81126 to review >>> our Bulk >>> Email 550 5.7.1 Senders Guidelines. ju5si7198479wjc.28 - gsmtp >>> ---------- >>> >>> The problem is most likely that Reporting-MTA doesn't match any of the >>> hostnames of the email we are sending from. >> >> No, the problem is most likely google thinks they are receiving an >> unusual rate of unsolicited mail from your IP. >> >> - First, set your SMTP HELO hostname to match your rDNS hostname with >> http://www.postfix.org/postconf.5.html#smtp_helo_name >> This probably won't fix the problem with google, but may help with >> other sites that don't like a non-FQDN or nonexistent HELO name. >> >> - configure your network gateway firewall such that client machines >> cannot access outgoing port 25 to prevent an infected client machine >> on your network from directly sending mail to the internet. >> >> - configure SPF, DKIM, and DMARC for your domains. Looks as if you >> have SPF setup already. >> >> >> >> -- Noel Jones > > I suggest the following. > > (this is obligated by RFCs) > > Make sure your helo mail-hostname.domain.tld has an A record. > Helo hostname must be resolvable. > > Make sure your hostname.domain.tld has an A and RR (PTR) record. > Most server do not block on this because you wil be blokking to many servers > Lots of hosts give "unknown" back so rejecting on unknown_hostname is not > good imo. > > But an easy setting users/mail server managers can do is make sure the dns > And helo is correct. > So i do block on reject_invalid_helo_hostname reject_unknown_helo_hostname > And report back that the have incorrect server/dns settings.
How do you report that back? > > My hostname of my server for example is core.domain.tld (server hostname) > In postfix i have mail.domain.tld (helo hostname) > .. myhostname = mail.domain.tld > For you to setup myhostname = mail.domain.tld and I guess you setup your FQDN to be domain.tld, does mail.domain.tld need to be a MX record? > And you can set the same hostname in postfix and use that also for your > server, but i dont recommend that. > > Then thats done, login at google, use the administrative tools from google to > check your environment. > I am new to that. Which tools? Thanks for your help. Paulo Matos > Greetz, > > Louis > > >
