Virtualmin 3.65 Pro and poMMo version: Aardvark PR16.1 +42

4 posts / 0 new
Topic locked
Last post
#1 Wed, 09/28/2016 - 13:52
SmokinJoe

Virtualmin 3.65 Pro and poMMo version: Aardvark PR16.1 +42

Hi Guys,

I am looking for suggestions on mail settings to tweak so we do not get put on a blacklist when our one customer sends out the 300 or so newsletters. If you need me to I can start the ticket process so we can have someone take a peek. The messages are 554 from Yahoo and 553 from at&t. I have started both blacklist requests to get us out of jail. We did have a open dns resolver issue on another host on the same subnet and this machine had an issue with someone hosting a credit card phishing web page.

Thanks, Joe Virtualmin serial number 5562099

Sep 25 14:21:02 atomic postfix/smtp[5654]: 066C5211C95: to=<tmueller35@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.35]:25, delay=0.81, delays=0.08/0/0.24/0.49, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.196.118.35] said: 554 Message not allowed - [PH01] Email not accepted for policy reasons.  Please visit https://help.yahoo.com/kb/postmaster/SLN5067.html [120] (in reply to end of DATA command))
Sep 25 14:21:06 atomic postfix/smtp[5654]: 949E2211C95: to=<swanson714@yahoo.com>, relay=mta7.am0.yahoodns.net[66.196.118.240]:25, delay=0.72, delays=0.08/0/0.1/0.54, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[66.196.118.240] said: 554 Message not allowed - [PH01] Email not accepted for policy reasons.  Please visit https://help.yahoo.com/kb/postmaster/SLN5067.html [120] (in reply to end of DATA command))
Sep 25 14:21:34 atomic postfix/smtp[5657]: 61075211D32: to=<choldship@sbcglobal.net>, relay=ff-ip4-mx-vip1.prodigy.net[144.160.159.21]:25, delay=1.3, delays=0.73/0/0.48/0.08, dsn=5.3.0, status=bounced (host ff-ip4-mx-vip1.prodigy.net[144.160.159.21] said: 553 5.3.0 flpd579 DNSBL:ATTRBL 521< 24.176.22.19 >_is_blocked.__For_information_see_http://att.net/blocks (in reply to MAIL FROM command))
Sep 25 14:21:43 atomic postfix/smtp[5657]: A4456211D32: to=<dillonjack@sbcglobal.net>, relay=ff-ip4-mx-vip2.prodigy.net[144.160.159.22]:25, delay=0.82, delays=0.09/0/0.65/0.08, dsn=5.3.0, status=bounced (host ff-ip4-mx-vip2.prodigy.net[144.160.159.22] said: 553 5.3.0 flpd599 DNSBL:ATTRBL 521< 24.176.22.19 >_is_blocked.__For_information_see_http://att.net/blocks (in reply to MAIL FROM command))
Thu, 09/29/2016 - 00:49
Joe
Joe's picture

So, the obvious stuff is true for any mail server:

  1. DKIM and SPF need to be good. There are some tools out there to check that. Make sure the names and IPs match what your mail headers and DNS records actually contain (we recently had a problem where our old server IP was in the DKIM records because I'd created them manually ages ago and so they didn't get updated when we migrated). Virtualmin handles both of these, but if you've got multiple IPs and domain names, it may get it wrong, if configuration isn't right.
  2. Reverse DNS. This one can either be provided by your host/colo, or by your own DNS server, if it's been delegated.
  3. Make sure you're handling bounces and unsubscribes fast and accurately. It takes very little unwanted mail to get blocked.

MXToolbox is a pretty good set of tools for checking the DNS records and such: http://mxtoolbox.com/SuperTool.aspx

You can also lookup your IP on various DNSBL query sites which will let you know if you've been blacklisted by any of them and why (it may be something unrelated to you; if you haven't been on the IP long, it might be blaklisted because of previous tenants).

--

Check out the forum guidelines!

Wed, 10/05/2016 - 11:03 (Reply to #2)
SmokinJoe

Hi Joe,

Thanks for the reply.

Our version of CentOS is old and Virtualmin,
We got the reverse DNS from the ISP working on Monday The bounces and unsubscribes are something I have not seen but have to ask the end users and look to see what they get.

When I do a yum search I find packages that might have DKIM but not sure what ones to install to get it to work on the old version of Virtualmin:

libopendkim.i386 : An open source DKIM library libopendkim-devel.i386 : Development files for libopendkim opendkim.i386 : A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail perl-Mail-DKIM.noarch : Sign and verify Internet mail with DKIM/DomainKey signatures clamav-milter.i386 : Sendmail-milter for the Clam Antivirus scanner clamav-milter-sysv.i386 : SysV initscripts for the clamav sendmail-milter jilter.noarch : Sendmail milter protocol for Java milter-regex.i386 : Sendmail milter plug-in for regular expression filtering mimedefang.i386 : E-Mail filtering framework using Sendmail's Milter interface opendkim.i386 : A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail opendmarc.i386 : A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library perl-Sendmail-PMilter.noarch : Perl binding of Sendmail Milter protocol sendmail-devel.i386 : Extra development include files and development files. spamass-milter.i386 : Milter (mail filter) for spamassassin spamass-milter-postfix.i386 : Postfix support for spamass-milter

Thanks, Joe aka The Average Joe

Wed, 10/05/2016 - 12:41
SmokinJoe

Hi All,

I installed : opendkim.i386

Do I also need : perl-Mail-DKIM

Thanks, Joe

Thanks, Joe aka The Average Joe

Topic locked