1 Topic by 4eLife

  • 4eLife
  • Member
  • Offline
  • Registered: 2019-06-19
  • Posts: 19

Topic: Being blocked by google and blacklisted

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.6.4
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: Ubuntu 20.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? N/A
- [IMPORTANT] Related original log or error message is in the main post. But basically google are blocking my emails. And I don't spam. Yet they sent me hundreds of porn stuff every week?
====

Google is blocking me from sending mail, even if I sign up for a service of my own it says the email was unsolicited etc. Here's what I am getting in the mail.log



Here are some errors from the mail.log

Nov 19 11:40:16 mail amavis[739478]: (739478-04) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [157.173.204.121]:58060 [157.173.204.121] ESMTP/ESMTP <bounces@4elife.net> -> <iiswotir@gmail.com>, (ESMTPSA://[157.173.204.121]:58060), Queue-ID: 4Xt2bz4vCrz3sTX, Message-ID: <d5c01c3e5969a9bfdb98fba7a00f5a7b@mailer.4elife.com>, mail_id: R02dkaeVvjRC, b: NL3v8Ou6c, Hits: -0.161, size: 128234, queued_as: 4Xt2c044Xfz3sWh, Subject: "Stephen, Your Drum Coach Tips #27 Is Here!", From: <mail@4elife.net>, helo=mailer.4elife.com, Tests: [ALL_TRUSTED=-1,HTML_IMAGE_RATIO_02=0.001,HTML_MESSAGE=0.001,MIME_BASE64_TEXT=0.001,MIME_HTML_MOSTLY=0.1,MPART_ALT_DIFF=0.724,T_CTYPE_NULL=0.01,URIBL_BLOCKED=0.001,URIBL_DBL_BLOCKED_OPENDNS=0.001], autolearn=no autolearn_force=no, autolearnscore=0.838, dkim_new=dkim:4elife.net, 331 ms
Nov 19 11:40:16 mail postfix/amavis/smtp[747866]: 4Xt2bz4vCrz3sTX: to=<iiswotir@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.92, delays=0.59/0/0/0.33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Xt2c044Xfz3sWh)
Nov 19 11:40:16 mail postfix/qmgr[2499]: 4Xt2bz4vCrz3sTX: removed
Nov 19 11:40:16 mail postfix/smtp[747870]: Trusted TLS connection established to gmail-smtp-in.l.google.com[108.177.15.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
Nov 19 11:40:17 mail postfix/smtp[747870]: 4Xt2c044Xfz3sWh: to=<iiswotir@gmail.com>, relay=gmail-smtp-in.l.google.com[108.177.15.26]:25, delay=0.47, delays=0.01/0/0.11/0.36, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[108.177.15.26] said: 550-5.7.1 [146.59.233.14      19] Gmail has detected that this message is likely 550-5.7.1 suspicious due to the very low reputation of the sending domain. To 550-5.7.1 best protect our users from spam, the message has been blocked. For 550-5.7.1 more information, go to 550 5.7.1  https://support.google.com/mail/answer/188131 ffacd0b85a97d-382464454e6si2785219f8f.134 - gsmtp (in reply to end of DATA command))


Because of the, URIBL_BLOCKED=0.001,URIBL_DBL_BLOCKED_OPENDNS, I did a DNSCHECKER and found these two blistings:

-------------------------------
dnsbl.spfbl.net                Yes

DETAILS:
A domain is considered non-compliant when the WHOIS search result for that domain does not contain the email address of the domain owner. Update the registration data and remove privacy protection for this domain in WHOIS and wait one hour for the cached result of this WHOIS query to expire.

This IP was listed as unreliable abuse treatment team for the same IP range.

Email for abuse complain of this IP:

abuse@ovh.net
This abuse team is unreliable.

Is this as simple as removing the privacy protection? I thought that was a good option to choose. I mean, who wants unsolicited email?


-------------------------------
dnsbl-3.uceprotect.net        Yes

DETAILS:
To be honest, this looks like a scam set in place to get people to pay to be removed from their site. I can say this very confidently because I do not send spam. I send to people on my list of about 300 occasionally, once so far this year.

Here is their report:

Your ISP OVH, FR/AS16276 is UCEPROTECT-Level3 listed because of a spamscore of 167.1.
See: http://www.uceprotect.net/rblcheck.php? … .59.233.14


-------------------------------

Any help to solve this issue would be very much appreciated.

Thanks in advance.

Ps: To be honest, I dont really know what any of this means. So thanks again.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 914

Re: Being blocked by google and blacklisted

did you set your own DNS records?

the SPF looks very generic and uses a wide range of IP's which is very unlikely if you only use your own server for sending mails

problem is, OVH seems to have a wide IP range which is absued for spammails, and if you share the same ASN, google will block this

you can try https://postmaster.google.com/managedomains?pli=1

and sanitize your spf records

3 Reply by 4eLife

  • 4eLife
  • Member
  • Offline
  • Registered: 2019-06-19
  • Posts: 19

Re: Being blocked by google and blacklisted

Cthulhu wrote:

did you set your own DNS records?

the SPF looks very generic and uses a wide range of IP's which is very unlikely if you only use your own server for sending mails

problem is, OVH seems to have a wide IP range which is absued for spammails, and if you share the same ASN, google will block this

you can try https://postmaster.google.com/managedomains?pli=1

and sanitize your spf records

Thanks, I added the mail domain (which is a subdomain: mail4elife.net), to the postmaster in the url you sent. Do I need to also add the main 4elife.net domain?

As far as the SPF record goes, should there just be the one? And does this need to be one for the main domain and one for the sub domain?

I recall adding and changing the spf records but will check them and start anew with a fresh one. Specifically for the IP address.

Many thanks. If you have any other infop/tips, I would appreciate that too. I will look into what you said. Thanks. Much appreciated.

4 Reply by 4eLife (edited by 4eLife 2024-11-27 02:28:28)

  • 4eLife
  • Member
  • Offline
  • Registered: 2019-06-19
  • Posts: 19

Re: Being blocked by google and blacklisted

Cthulhu wrote:

did you set your own DNS records?

the SPF looks very generic and uses a wide range of IP's which is very unlikely if you only use your own server for sending mails

problem is, OVH seems to have a wide IP range which is absued for spammails, and if you share the same ASN, google will block this

you can try https://postmaster.google.com/managedomains?pli=1

and sanitize your spf records

I reverted to some more basic, older spf records and now the first issue (dnsbl.spfbl.net ) is no longer blacklisted. But the other one: dnsbl-3.uceprotect.net is.

It seems as you suggest (because I dont spam), that this is more of a host issue. I will contact ovh.

Thanks again. I appreciate anything else you may have to say. Thanks again.

I will check to see if google now sends mail?

yeah, seems theyre still blocking.

Do you have an idea what steps I can take to get this sorted? Thanks

5 Reply by chris.23lo

  • chris.23lo
  • Member
  • Offline
  • Registered: 2022-06-30
  • Posts: 54

Re: Being blocked by google and blacklisted

it doesn't look like an iredmail software question.....

did you check your setup ?
1/ dig -t txt 4elife.net +short
2/ dig -t txt 4elife.com +short

6 Reply by 4eLife (edited by 4eLife 2024-11-28 18:26:45)

  • 4eLife
  • Member
  • Offline
  • Registered: 2019-06-19
  • Posts: 19

Re: Being blocked by google and blacklisted

chris.23lo wrote:

it doesn't look like an iredmail software question.....

did you check your setup ?
1/ dig -t txt 4elife.net +short
2/ dig -t txt 4elife.com +short

Thanks for the response, It seems that uceprotect.net blacklisted thousands of email/servers a short while ago at the network level. So my IP is blacklisted because the OVH server netowrk is blacklisted (which is on the 3rd Layer) The lower layers of that list are my personal Ip address which is now blacklisted becasue the OVH network is. I believe that is the issue.

Im not surre what the dig commands above do, they just show me the  spf records?

So based on OVHs unwillingness to buy a whitelist, which I will also nnot do, I need to change suppliers, but of course the same could occur again. The uceprotect.net service is obviously doing a money grab and Im being punished for other ovh server users spam.

Until I find a crative way around it then Im basically... * well, you know.

7 Reply by chris.23lo (edited by chris.23lo 2024-11-29 10:03:20)

  • chris.23lo
  • Member
  • Offline
  • Registered: 2022-06-30
  • Posts: 54

Re: Being blocked by google and blacklisted

i saw your log...and i find you have two domains, two mail servers and two ips

4elife.net and 4elife.com and if you are routing mail internally between the two and only you know it. Your spf needs to cover both, as well as reverse dns, tls certs etc.

Having said that, gmail blocks some mail can be a variety of reasons, including OVH as provider though I never use OVH but I dislike OVH as we do receive many spam via OVH.

uceprotect isn't likely the *sole* reason gmail blocks you. Gmail is big engouh to have their own blacklist mechanism and rules and bigdata.

8 Reply by 4eLife

  • 4eLife
  • Member
  • Offline
  • Registered: 2019-06-19
  • Posts: 19

Re: Being blocked by google and blacklisted

chris.23lo wrote:

i saw your log...and i find you have two domains, two mail servers and two ips

4elife.net and 4elife.com and if you are routing mail internally between the two and only you know it. Your spf needs to cover both, as well as reverse dns, tls certs etc.

Having said that, gmail blocks some mail can be a variety of reasons, including OVH as provider though I never use OVH but I dislike OVH as we do receive many spam via OVH.

uceprotect isn't likely the *sole* reason gmail blocks you. Gmail is big engouh to have their own blacklist mechanism and rules and bigdata.

The two domains are completely seperate. The .com is just the autorsponder I use. The .net is the actual mail server. Also two seperate hosts/networks too.

I am going to move the mail server to a new vps host. As a first step. I will keep the same domain name for the mail server and just move the entire mailserver to a new host. I am thinking namecheap at present although I am opn to suggestions.

All of the actual websites that the mail server serves, ie emails for Joomla smpt etc. That includes the .com one mentioned above were purchased through namecheap, but the dns records point to my Contabo VPS servers. Thats the basic setup of everything.

Thanks again.