Link to home
Create AccountLog in
Avatar of Thomas
ThomasFlag for Malaysia

asked on

Postfix issue, emails clasified as spam by google

Hi,

I have an issue with some mail send to Google. I send some test emails from  me to my google account and they are classified as spam. I am not sure why.
I do run CentOS 6 with postfix and amavisd and all does work fine. However I am worried that there is a misconfiguration somewhere that might mark my email as not trustworthy in terms if IP or something.

I would appreciate if someone would have the time to look at my mail header posted below because I have 2 concerns with it and hope that maybe someone has some tips for me or can tell me if it is actually normal.

See the header here and the questions below:

Delivered-To: me@gmail.com
Received: by 10.64.245.136 with SMTP id xo8csp193991iec;
        Sun, 7 Jul 2013 23:50:41 -0700 (PDT)
X-Received: by 10.66.89.201 with SMTP id bq9mr21093609pab.112.1373266240778;
        Sun, 07 Jul 2013 23:50:40 -0700 (PDT)
Return-Path: <me@ebm.my>
Received: from mailapp.dmni.net (mailapp.dmni.net. [198.15.73.154])
        by mx.google.com with ESMTPS id bk3si12019613pbd.148.2013.07.07.23.50.40
        for <me@gmail.com>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Sun, 07 Jul 2013 23:50:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of me@ebm.my designates 198.15.73.154 as permitted sender) client-ip=198.15.73.154;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of me@ebm.my designates 198.15.73.154 as permitted sender) smtp.mail=me@ebm.my
Received: from localhost (localhost [127.0.0.1])
      by mailapp.dmni.net (Postfix) with ESMTP id 692406210EF;
      Mon,  8 Jul 2013 02:50:39 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mailapp.dmni.net
Received: from mailapp.dmni.net ([10.0.73.154])
      by localhost (mailapp.dmni.net [127.0.0.1]) (amavisd-new, port 10024)
      with ESMTP id xIcYcBPPJURA; Mon,  8 Jul 2013 02:50:38 -0400 (EDT)
Received: from [127.0.0.1] (unknown [175.143.195.47])
      (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
      (No client certificate requested)
      by mailapp.dmni.net (Postfix) with ESMTPSA id 2E04D62036B;
      Mon,  8 Jul 2013 02:50:34 -0400 (EDT)


Here are my questions:
1. I wonder if anyone sees some issues with it in general

2. There is the following:
Received: from localhost (localhost [127.0.0.1])
by mailapp.dmni.net (Postfix) with ESMTP id 692406210EF;
Mon,  8 Jul 2013 02:50:39 -0400 (EDT)
Should it say localhost? everything is set to use mailapp.dmni.net - 198.15.73.154 for outgoing mail. So I am not sure why this says localhost and where to change it.

3. Then there is:
Received: from mailapp.dmni.net ([10.0.73.154])
by localhost (mailapp.dmni.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id xIcYcBPPJURA; Mon,  8 Jul 2013 02:50:38 -0400 (EDT)
Now here it is right mailapp.dmni.net but the 10.0.73.154 is an internal address why would it show this. I do use:
smtp_bind_address = 10.0.73.154
Since this is the NAT address and if I do
smtp_bind_address = 198.15.73.154
it gives an error:
postfix/smtp[22747]: warning: smtp_connect_addr: bind 198.15.73.154: Cannot assign requested address

But it should not show this address in the email header. Can it be a NAT misconfiguration or something?

4. lastly I have amavisd configures to use domainkeys and it seems to work in yahoo mail but google header shows nothing, is this not supported by google?
(By the way yahoo.com does not classify any of my email as spam)

Any assistance on getting this right would be very welcome. I understand it is maybe relative general but I hope that maybe someone had a similar experience and might be able to let me know what could be wrong.

Best wishes,
Thomas
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Yahoo will probably decide to block you off and on in the future like it does almost every body.  You have haven't shown us any of the content in your emails.  Most email services have their own ways of identifying 'spam' content.  You may just be triggering Google's filter.  Hotmail can be even worse and block you until one of their customers sends you an email.

Oh, you should read the email headers on emails you get from Gmail.
Sadly you need to publish exact mail domains and IPs to get help with email filters. nobody can guess what is the problem without them,
Avatar of Thomas

ASKER

Hi,

All I try to find out is why the header possible could have in:

Received: from mailapp.dmni.net ([10.0.73.154])
      by localhost (mailapp.dmni.net [127.0.0.1]) (amavisd-new, port 10024)
      with ESMTP id xIcYcBPPJURA; Mon,  8 Jul 2013 02:50:38 -0400 (EDT)

Why would it show the internal 10.0.73.154 and not the public one 198.15.73.154
What postfix setting could possible do this, or could it be a misconfiguration of the firewall?

I have a contact at google and figured out why i was marked as spam. The only thing that still worries me if that it shows my internal IP instead of the public one and how to prevent it. I also think it is not good to show the internal one because obviously the PTR does not resolve to me if this IP even exists in the world.

Any idea?

Thom
It shows the submission address. Configure amavs to submit via localhost or ./lib/sendmail and you are all set...
Avatar of Thomas

ASKER

hi gheist,
Sounds what I need, any idea what setting this is. I checked trough the amavis_new config several times now and do not find anything to specify this.
Researching in google says it is normal and it could be hidden with postfix header checks but I think modifying the headers is a bad idea since it gives a bad reputation.

So I guess another question is to see if this is normal and if i should keep it for best practices. However if there is a setting in amavis then this would be fine.
I do not see any reason why someone would like to see the internal address. Nobody could find me with an internal address, what seems to be important is a public address with a proper setup PTR record.

So if you know the setting I would be happy if you can share it with me.

Best wishes,
Thomas
SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
All the email I send from Gmail shows their internal server IP addresses as does Yahoo email.  I don't see how your internal IP address would be a problem.
Avatar of Thomas

ASKER

Well, I do know that Gmail and Yahoo show their internal addresses which makes full sense to me because they probably run many mail servers and can better identify the origin of the mail in case of a complaint. However on a single mail server it is not needed. I know it is no problem that it shows. However, I try to find out if it is normal or if there is a setting I can map it to the public address. I do not care that it shows but if some spam filter or recipient would run a lookup on it then it would show as wrong or not associated to my server and might reduce the mail server reputation.
I guess after some research it seems this is the default set-up. Still seems strange to me that it uses an non resolvable internal IP address.

Thanks for the assistance, everyone

Best wishes,
thom
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Thomas

ASKER

Thank you both for attending to my concerns. It is good to have some additional eyes look at this. Another question about my headers is coming up but i make it a separate question because it is a bit more in the SpamAssassin side.
Thank you both for your time, I do appreciate it.
You're welcome.