Gmail Blocked Single eMail Domain - Temporary Workaround Required

Discussion in 'ISPConfig 3 Priority Support' started by mousebat, Aug 10, 2018 at 1:31 PM.

  1. mousebat

    mousebat New Member HowtoForge Supporter

    Hi

    About 2 weeks ago - unbeknownst to myself one of my users accounts was hacked (even with strong password!) and for days we were sending spam. I've since changed the password and increased the strength of our firewalls with FireHOL blacklists etc...

    Within 24 hours I'd removed our IP's from every RBL going but we're still, 2 weeks later, having trouble with this particular domain not being able to send email to any gmail mx's. The domain is verified with Google Postmaster tools and I have valid DKIM, SPF and DMARC records. All other domains are functioning fine but the previously hacked domain are still bouncing with this message:
    I have another domain I could use temporarily whilst we wait for the reputation to rebuild (I've seen this take over a month in some cases). Is there a way to have all email from our problem domain, to gmail's mx's, rewritten to use another "fresh" domain? The fresh domain would of course have to have correct SPF and DKIM records (DKIM through amavis?). I could set up email aliases for each user's address so mail replied to on the fresh domain could be forwarded to the main domain, offering the users a seamless solution.

    The problem is compounded as some people tend to use gmail's G-Suite to send and receive email for their own domains so it would probably have to target gmail's mx's?

    Many thanks in advance

    Elliot
     
  2. Taleman

    Taleman Active Member HowtoForge Supporter

    That GMail return message tells you your server is still sending spam. My guess is the mails are in mail queue, and are still being delivered, or trying to be delivered.
    Check as root on the mail server host with command
    Code:
    mailq
    
    how many and what messages you have in the queue.
    You can see the contents of the message using the 10 charecter ID code, it is the first word on lines mailq prints. Use it like this:
    Code:
    postcat /var/spool/postfix/deferred/C/C1C4480322
    That is from Debian GNU/Linux 9.5, if you run some other operating system it may be in some other directory.
    Then if you want to remove stuff from mailq, there is nifty pfdel.perl script. My copy was installed by previous maintainer, but using Internet Search Engines now I found this: http://www.ustrem.org/en/articles/postfix-queue-delete-en/
     
  3. mousebat

    mousebat New Member HowtoForge Supporter

    We've definitely cured our problem and there is no mail in the mail queue other than genuine email. As I said before, we've cured the problems we were facing about 2 weeks ago and we're still blacklisted, only on gmail's mx's.

    It's well document how draconian gmail is with their blanket domain bans, this poor chap was on one for 34 days!
    https://productforums.google.com/forum/#!topic/gmail/ZmmC4bdo428
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. mousebat

    mousebat New Member HowtoForge Supporter

    Other domains hosted on our server (IP?) are unaffected, it's literally just one domain. I basically need mail destined for a Google hosted MX and coming from @foo.com to be rewritten to come from @bar.com (with @bar.com's SPF's, DKIM etc...)
     
    Last edited: Aug 10, 2018 at 9:05 PM

Share This Page