On Thu, 8 Nov 2018 at 07:35, Poliman - Serwis <ser...@poliman.pl> wrote:
> I have domain kamir-transport.pl deployed on the server with dns zone > where are configured google MX servers like aspmx.l.google.com, > alt1.aspmx.l.google.com (and few more). Mailboxes are not on my server, > all email things are deployed on google. Yesterday I saw in log the > message: > > 9FBE713D05F 1564 Tue Nov 6 06:34:55 webmas...@kamir-transport.pl > (host alt2.aspmx.l.google.com[74.125.24.27] said: 421-4.7.0 > [54.38.202.128 15] Our system has detected that this message is 421-4.7.0 > suspicious due to the nature of the content and/or the links within. > 421-4.7.0 To best protect our users from spam, the message has been > blocked. 421-4.7.0 Please visit 421 4.7.0 > https://support.google.com/mail/answer/188131 for more information. > t1-v6si2536163pgv.349 - gsmtp (in reply to end of DATA command)) > bi...@kamir-transport.pl > > Honestly I don't fully understand this log. Looks like google mx says that > some message from webmas...@kamir-transport.pl belong to ip 54.38.202.128 > (what is 15 after ip address?) looks suspicious, although is send to > another mailbox in this same domain. But both mailboxes are hosted on > google, so why google mx mention something about not their ip? > > PS > SPF record configured in DNS zone looks like google advices -> v=spf1 > include:_spf.google.com ~all > This is a response from gsmtp (Gmail) saying that the email your server relayed to them looks suspicious (detailed reasons not given) - and so it was temp blocked. I am not sure why gsmtp gives a temp 4xx response, I rewrite them to permanent 5xx to prevent pointless retries. If you are relaying world-sourced mails into your users' Gmail mailboxes then messages of this type are a perennial problem. You might reduce their frequency with improved anti-spam/anti-virus checks.
