> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] > On Behalf Of Matt Lawrence > > Apparently gmail is delivering some mail from me marked as spam and > trashing a lot of the rest. This is a horrible violation of the RFCs > and it's causing me some real problems in my life. How do I get them to > quit doing such evil things? I own my own domain and mail server and > I'm the only one on it. The volume is very low. And, my gmail account > forwards to this account as well. So, WTF Google?
There are lots of things you need to keep on top of, and I can name only a few: Obviously, look up your own IP address on various blacklists, just to be sure. Apply all the general system updates on your system. If your system has obvious vulnerabilities that they detect, they're more likely to be distrustful of mail originating from you. If reasonable, operate behind a deep inspection firewall - for example - I can name one specific thing I know - When you telnet (or netcat) into a public facing mail server, it announces a bunch of information such as the type and version of the mta. The cisco firewall inspects and mangles this traffic, replacing that info with a bunch of **** characters, helping to obfuscate the actual mta version and reducing the probability of successful attack against the mta. I assume cisco and others do this type of stuff for inbound and outbound connections, and reducing your exposure area will only help increase your reputation. You should ensure your MX points to your IP, and you should ensure reverse dns of the IP maps back to the MX. They figure the probability of spam coming from legitimate systems is much lower when you've gone to this level of effort. You should set SPF and DMARC for your domain. I may be incorrect that DKIM is a bit tougher, I don't normally do DKIM, but if you do it too, that will only help. Whenever possible, enable TLS on your server, give it a real cert, keep on top of it. The probability of spam coming from such a server is much lower. You should listen on 587 and require TLS and smtp auth - even if you don't use it - they figure the chances of your MTA being insecure are much higher if you don't do this. You're familiar with SSL Labs ssltest? https://www.ssllabs.com/ssltest/ They said in Jan 2014 that they're developing something for smtp testing, but I don't see it available now. If you find it, or find something similar, it might be good to use it. This is a really useful tool - Microsoft specific, but might be helpful - https://testconnectivity.microsoft.com/ Go to Message Analyzer and paste some mail headers that were received by the recipient system. I'm not sure if this will work for gmail, but they analyze the headers and display it in an easily readable format, indentifying the spam score and reasons why, etc. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
