View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions [Solved] Low server IP reputation when forwarding email to Gmail
Log in to Ask a Question

[Solved] Low server IP reputation when forwarding email to Gmail

email

For over a month now my VPS has started to get rejected a lot when forwarding legitimate email to Gmail accounts. I host several domains on my server and have set up a lot of Postfix virtual email addresses which forward to gmail accounts for hosting.

Email server: mail.elementsofsound.org

Example hosted domain: matrixswitchcorp.com

The error I'm getting looks like this:

dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c04::1b] said: 550-5.7.1 [2600:3c01::f03c:91ff:fee4:e8f7 18] Our system has detected that 550-5.7.1 this message is likely suspicious due to the very low reputation of 550-5.7.1 the sending IP address. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information.

I do not send spam or bulk email from my server. I read that Gmail will give a low reputation to a server even if it is innocently forwarding spam from other sources. So I implemented much more strict Postfix rules using spamhaus.org and other block lists. This has cut down on perhaps 90% of the spam my server was forwarding before. I also lowered the spam assassin rating at which emails are discarded. Still after several weeks, Gmail is still rejecting many emails, making me think my server is permanently set to a low reputation, rather than being able to recover from a low score. Are there any network wide blacklists for Linode?

I have the appropriate DNS and reverse DNS for ipv4 and ipv6. I also am using DKIM signing and SPF. I also use SASL for sending email. Server is also set up for TLS. My server isn't listed on any blacklists that I've found. I've run my domains through services like mxtoolbox.com and only came up with things like not having a DMARC policy, but I can't imagine that causing such issues.

Any help on this would be GREATLY appreciated. I'm at my wits end on this. I'd hate to have to host my own email or change my IP address. But I need to do something, since some of the businesses I'm hosting are having bad communication issues, potential lost business, etc. because of this.

Thank you in advance for any assistance with this.

Best regards,

Element Green

2 Replies

People have reported here on the forum that Gmail does not like the auto-assigned (SLAAC) IPv6 addresses given out by Linode. If you are using one of those, request an IPv6 address pool and configure your system to use an address from there instead. A last-ditch alternative may be to set smtpaddresspreference or inet_protocols to use IPv4 instead, but this may cause problems with mail delivery for some sites.

Sadly, Gmail is notoriously opaque about what it does or does not like.

Thank you for the info. I'm happy to say that I discovered what the problem was. It seems SRS (Sender Rewriting Scheme - https://en.wikipedia.org/wiki/SenderRewritingScheme) was the answer. I had never heard of this till now, surprisingly. I had noticed in the headers of emails in my Gmail account that had been forwarded from my server warnings about my domain not being authorized to send emails of the domain of the origin of the email. This should have clued me to the fact that forwarding email breaks SPF, unless you use SRS. Why I haven't seen more mention of this pretty much being a requirement for email forwarding servers is a mystery to me. Maybe there are other ways of getting around this issue?

At any rate, I installed the postsrsd package and have not seen a rejection from Gmail since, for about 7 hours now (was happening multiple times per hour before). I also updated my DKIM signatures to be 2048 bits instead of 256 which it was before, and Gmail says it considers unsigned if under 1024 bits. That would only affect sending emails though over SASL or emails originating from my server, not forwards.

Yeah, it is extremely frustrating how difficult it is to get to the bottom of what sort of spam rule is getting triggered with some other company's algorithm. Maybe DMARC would have helped me in this case? I can kind of understand though why they are so opaque, since it seems like a constant cat and mouse game with spammers. If they made it too easy for them to figure out why their crappy emails are getting rejected, it would be easier for them to figure out how to get around it.

On the upside, it is nice to see how much better the whole spam situation is though. By simply adding some postfix rules to reject hosts which don't announce who they are or are listed in known black lists, I've cut down spam a huge amount on my server.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct