Static IP, Linode. Only the IPv6 was listed, the IPv4 was not, but it
seems that postfix usually chooses IPv6 when the receiving MX resolves
on IPv6. And that's probably the correct behavior.
On 12/28/2016 12:18 AM, Dominic Raferd wrote:
Is your mailserver's external ip static or dynamic? I am afraid that
mail servers from dynamic ips always get listed as spambots even when
using SPF, DKIM, correct rDNS etc. The solutions in this case are
either to get your isp to allocate to you a static ip (not all isps
offer this however), set up another mail server at a new location with
static ip (e.g. vps), or use a relayhost through which postfix can
send your outgoing mails. Usually your isp will provide a relayhost.
This relayhost won't be bothered that you are sending from a dynamic
ip and the servers onto which it sends your mails will be concerned
about the relayhost's ip (which will be static), not yours.
On 28 December 2016 at 07:32, Alice Wonder <al...@domblogger.net> wrote:
Virtual machine for a web application, it is still in testing.
reverse DNS is properly set up.
Postfix only listens on the local host.
Linux firewall drops anything not to port 80, 443, or a custom high number
port I use for SSH.
This postfix is not an open relay, or a relay for anything on the Internet,
it only exists so the web application can send e-mail.
SPF for the domain is correctly set up, DKIM for the host is correctly set
up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and
DKIM checks.
So far it has only sent e-mails to addresses I control as the web
application is still in testing.
Yet yesterday the IP address ended up on Spamhaus blacklist.
I am 100% confident that no one else was sending e-mail from that IP
address, I'm a bit puzzled as to how the IP address got added to the
blacklist, but I was told that Spamhaus sometimes just adds an entire subnet
if more than one IP on the subnet was sending spam, and that's probably what
happened.
I think that is irresponsible of Spamhaus if that is what they are doing,
but is there something more I can do other than correct rDNS, SPF, and DKIM
to avoid getting on a blacklist?
