I added a second IP to ISPConfig and am getting quite a few messages that cannot be sent to people I was able to send them to previoiusly. Below is the error I am getting:

<recipent email address>: host
recipient mail server[IP address] said: 554 Denied
[CS] (Mode: normal) (in reply to end of DATA command)

Are there any errors in your mail log (in the /var/log/ directory)?

I looked in mail.log and didn't find anything, but I noticed some of this person's emails are getting stuck in the queue and just staying there. I see them when I do mailq but not when I do qshape.

I looked in mail.err and found a bunch that say "queue file write error," but they're all from a different email address. There are also some errors that say "Maximum connection limit reached for ::ffff....."

Please check if your server is blacklisted: http://mxtoolbox.com/blacklists.aspx

Nope. I checked every IP on the subnet. It was blacklisted a week ago but was quickly removed from all blacklists. My mailq continues to fill up and emails just seem to get stuck in there. all email are sent from "MAILER-DAEMON" or the one user on the second IP address.

or the one user on the second IP address.
Does the MX record of the domain point to a different IP?

Did you run postqueue -p? In the output you should find the reasons why mails aren't delivered.

Do you have an SPF record for your domain?

I tried to run postqueue -p but it doesn't give me any more information than mailq:

(connect to [recipient email][recipient IP]:25: Connection refused)

MX record points to the same IP.

I do not have an SPF record for either IP addresses.

Hm, I guess your server is somehow blacklisted (maybe the recipient servers use blacklists that are not covered by http://mxtoolbox.com/blacklists.aspx ).

You should also create SPF records for your domains.

How do I create SPF records?

The wizard at www.openspf.org/wizard.html tells you what you need to add to your BIND configuration (in case you run your own nameservers).

Thanks, Falko. I followed the steps, and pardon my ignorance, but how do I do this:


If you run BIND

Paste this into your zone file:
mail.domain.com. IN TXT "v=spf1 a ~all"

Do you run your own nameservers, or where are your DNS records hosted?

Yes, it's all based on the perfect setup tutorial for ubuntu.

There's an example how to create an SPF record with ISPConfig 2 at the bottom of this page: http://www.howtoforge.com/ispconfig_dns_providerdomain_schlund