[Solved] Low server IP reputation when forwarding email to Gmail
Email server: mail.elementsofsound.org
Example hosted domain: matrixswitchcorp.com
The error I'm getting looks like this:
dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c04::1b] said: 550-5.7.1 [2600:3c01::f03c:91ff:fee4:e8f7 18] Our system has detected that 550-5.7.1 this message is likely suspicious due to the very low reputation of 550-5.7.1 the sending IP address. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information.
I do not send spam or bulk email from my server. I read that Gmail will give a low reputation to a server even if it is innocently forwarding spam from other sources. So I implemented much more strict Postfix rules using spamhaus.org and other block lists. This has cut down on perhaps 90% of the spam my server was forwarding before. I also lowered the spam assassin rating at which emails are discarded. Still after several weeks, Gmail is still rejecting many emails, making me think my server is permanently set to a low reputation, rather than being able to recover from a low score. Are there any network wide blacklists for Linode?
I have the appropriate DNS and reverse DNS for ipv4 and ipv6. I also am using DKIM signing and SPF. I also use SASL for sending email. Server is also set up for TLS. My server isn't listed on any blacklists that I've found. I've run my domains through services like mxtoolbox.com and only came up with things like not having a DMARC policy, but I can't imagine that causing such issues.
Any help on this would be GREATLY appreciated. I'm at my wits end on this. I'd hate to have to host my own email or change my IP address. But I need to do something, since some of the businesses I'm hosting are having bad communication issues, potential lost business, etc. because of this.
Thank you in advance for any assistance with this.
IPv6 address pool smtpaddresspreference inet_protocols
Sadly, Gmail is notoriously opaque about what it does or does not like.
At any rate, I installed the postsrsd package and have not seen a rejection from Gmail since, for about 7 hours now (was happening multiple times per hour before). I also updated my DKIM signatures to be 2048 bits instead of 256 which it was before, and Gmail says it considers unsigned if under 1024 bits. That would only affect sending emails though over SASL or emails originating from my server, not forwards.
Yeah, it is extremely frustrating how difficult it is to get to the bottom of what sort of spam rule is getting triggered with some other company's algorithm. Maybe DMARC would have helped me in this case? I can kind of understand though why they are so opaque, since it seems like a constant cat and mouse game with spammers. If they made it too easy for them to figure out why their crappy emails are getting rejected, it would be easier for them to figure out how to get around it.
On the upside, it is nice to see how much better the whole spam situation is though. By simply adding some postfix rules to reject hosts which don't announce who they are or are listed in known black lists, I've cut down spam a huge amount on my server.