Hi there, I know this is a bit off-topic here, but I'm completely desparate right now and am clueless if there's anything wrong with my MTA configuration that I completely overlook. I have a Postfix mail server running that serves multiple domains. All users are fully authenticated and need to use TLS to authenticate. Since about six month I have issues that my users cannot send mails to services from Microsoft or Google (hotmail.com, outlook.com, gmail.com) because the messages bounce:
<REDACTED> host eur.olc.protection.outlook.com[104.47.125.33] said: 550 5.7.1 Unfortunately, messages from [37.120.172.118] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [SG2APC01FT051.eop-APC01.prod.protection.outlook.com] (in reply to MAIL FROM command) or something like <REDACTED>: host gmail-smtp-in.l.google.com[74.125.140.27] said: 550-5.7.1 [37.120.172.118 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. z2si12224425wro.400 - gsmtp (in reply to end of DATA command) Of course I went through the troubleshooting guides and applied for lifting of the ban (for Microsoft, this is possible -- Gmail offers no such thing). It always has been lifted, but with no explanation why it was in effect. I.e., something along the lines of: > My name is REDACTED and I work with the Outlook.com Deliverability Support > Team. > > We have implemented mitigation for your IP (37.120.172.118) and this process > may take 24 - 48 hours to replicate completely throughout our system. Here's what I've checked/tried: * Neither I nor any of my users send spam. The mail volume is VERY low. * I use a reputable service provider for my server (i.e., I suspect if there were other customers in my IP range doing bad things, they'd be kicked out). * I have not configured an open relay. In fact, I've even written a testsuite to check my MTA configuration: https://github.com/johndoe31415/mtatest which passes. * I've a valid reverse DNS: $ host johannes-bauer.com johannes-bauer.com has address 37.120.172.118 johannes-bauer.com mail is handled by 10 johannes-bauer.com. $ host 37.120.172.118 118.172.120.37.in-addr.arpa domain name pointer spornkuller.de. $ host spornkuller.de spornkuller.de has address 37.120.172.118 spornkuller.de mail is handled by 10 spornkuller.de. * I have setup SPF: $ host -a johannes-bauer.com [...] johannes-bauer.com. 3600 IN TXT "v=spf1 mx -all" * I'm using DKIM. In my desparation I've even registered to the Google Postmaster thing and demeaningly "verified" my domain by altering the DNS: https://postmaster.google.com/ -- all data is entirely empty (even though there were positively mails blocked since I've registered with them). If anyone has any ideas of what could be wrong, I'm absolutely grasping for straws here. Any help is greatly appreciated. All the best, Johannes
