In message <5700f376.7050...@lfweb.dk>
Lars Nielsen writes:
>
> Hi,
> This Thursday i had problems sending mails to outlook.com addresses. I
> found out that MS thought my mail-server was suspicious and had blocked
> me as sender. I could however mail to them and gotten my server allowed
> again.
>
> But how can i ensure that i run a "professional" mail server that
> doesn't get blocked? I have attached my "postconf -n" output here so you
> can see if i miss something obvious!?
>
> Thanks for you help
> Best regards
> Lars Nielsen
I have no idea but I did also get blocked. Since I only know two
people that I send mail to with M$oft email services, and had only
recently sent only one email I could narrow it down to the content.
The content was something along the lines of "please preview this web
content on web-test.a-domain-i-use and oh btw you'll need to use https
and the cert doesn't cover web-test so click through the warnings". I
think that was it. The email referenced a https URL with bad cert
(valid for @, www, but not web-test).
I called. Tech said they don't save messages or reasons for rejection
and could not give a reason but once resolved you're sort of
semi-whitelisted (low mail volume and a real human responded so they
won't be so touchy next time). Their spam methods are proprietary.
Nothing in your config jumps out as bad (to me). You could DKIM sign
your mail and add DKIM and SPF DNS records (maybe DMARC, though I
don't do that but might in the near future). DKIM and SPF pass can
only help, even if just a little, and DKIM+SPF+DMARC can make sure
that forgery doesn't penalize your domain.
Maybe someone that actually knows what they are talking about will
weigh in on this thread. :-)
Curtis
> =================
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> allow_percent_hack = no
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 3d
> config_directory = /etc/postfix
> default_destination_concurrency_limit = 3
> delay_warning_time = 4h
> disable_vrfy_command = yes
> home_mailbox = Maildir/
> inet_interfaces = all
> inet_protocols = all
> initial_destination_concurrency = 1
> mailbox_command =
> mailbox_size_limit = 0
> maximal_backoff_time = 8000s
> maximal_queue_lifetime = 5d
> minimal_backoff_time = 600s
> mydestination =
> myhostname = mail.lfw.dk
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myhomeip/32
> myserverip/32
> mynetworks_style = host
> myorigin = lfw.dk
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_helo_timeout = 60s
> smtp_tls_cert_file = /etc/postfix/client.pem
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client blackholes.easynet.nl
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 20
> smtpd_hard_error_limit = 12
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
> warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname,
> regexp:/etc/postfix/helo.regexp, permit
> smtpd_junk_command_limit = 2
> smtpd_recipient_limit = 16
> smtpd_recipient_restrictions = check_client_access
> hash:/etc/postfix/helo_client_exceptions check_sender_access
> hash:/etc/postfix/sender_checks, permit_sasl_authenticated,
> permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_recipient,
> reject_unknown_sender_domain, reject_unknown_recipient_domain,
> reject_unauth_destination, reject_unauth_pipelining, check_client_access
> hash:/etc/postfix/rbl_client_exceptions, reject_rbl_client
> cbl.abuseat.org, reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client bl.spamcop.net, reject_rhsbl_sender
> dsn.rfc-ignorant.org, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = permit_mynetworks, warn_if_reject
> reject_non_fqdn_sender, reject_unknown_sender_domain,
> reject_unauth_pipelining, permit
> smtpd_soft_error_limit = 3
> smtpd_tls_CAfile = /etc/ssl/intermediate.ca.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/client.pem
> smtpd_tls_key_file = /etc/ssl/mail.lfw.dk.pem
> smtpd_tls_loglevel = 3
> smtpd_tls_mandatory_protocols = !SSLv2
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> swap_bangpath = no
> tls_random_source = /dev/urandom
> unknown_address_reject_code = 554
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> unknown_local_recipient_reject_code = 450
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/spool/mail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_limit = 51200000
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_minimum_uid = 5000
> virtual_transport = virtual
> virtual_uid_maps = static:5000
