Problems with Gmail, Yagoo and Hotmail

Discussion in 'Server Operation' started by andresmontanez, Nov 2, 2007.

  1. andresmontanez

    andresmontanez New Member

    Hello everyone;

    I have a "big" problem. Mails from my server are marked as SPAM by Yahoo and Gmail; Hotmail says it's accepted but never delivered.

    I have SPF and DomainKeys working; I had tryed the postmasters of the three providers but nothing. The IP address is clean; and the mails marked are just test mails (eg: Subject: Test number one; plus a few words as body).

    Yahoo, the only one who replyed something interesting (Hotmail saied "check the Internet Explorer Options", and Gmail sayed "it's spam but I can't telly why)... sended me an email saying:

    "The sender seems to have forged your email address in the "reply-to"
    and/or the "from" field of the message they sent out. Please know that
    we are currently aware of this type of spam and are investigating it."

    I don't know why, this is an example of the mails sended and marked as Spam; and everything seems Fine for my Eye;; anyone can see something more?

    Thanks...


    ########## begin sended mail ##########
    Delivered-To: [email protected]
    Received: by 10.142.192.1 with SMTP id p1cs98342wff;
    Thu, 1 Nov 2007 18:24:29 -0700 (PDT)
    Received: by 10.141.79.12 with SMTP id g12mr618936rvl.1193966669497;
    Thu, 01 Nov 2007 18:24:29 -0700 (PDT)
    Return-Path: <[email protected]>
    Received: from excelsior.stonetree.com.uy (excelsior.stonetree.com.uy [71.6.135.103])
    by mx.google.com with ESMTP id b39si4293699rvf.2007.11.01.18.24.27;
    Thu, 01 Nov 2007 18:24:29 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email protected] designates 71.6.135.103 as permitted sender) client-ip=71.6.135.103;
    DomainKey-Status: good
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 71.6.135.103 as permitted sender) smtp.mail=[email protected]; domainkeys=pass header.From=[email protected]
    Received: from excelsior.stonetree.com.uy (localhost.localdomain [127.0.0.1])
    by excelsior.stonetree.com.uy (Postfix) with ESMTP id 9F2D78004
    for <[email protected]>; Thu, 1 Nov 2007 23:24:05 -0200 (UYST)
    DomainKey-Signature: a=rsa-sha1; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=ozvD8mp5E/Z6OcGL+TBrp3PiqA4ruTjrBS/+YN5x5AEHmCqZVoS7clPAW/EEqE0wf/qaMjbP/qV1hQ0iAaMkur25JgSL1WYpACNdII9eCUAwCAva/Ws7lwg548q/zDfi8UDHApC/qs95nhvldjCwt2HKNeKd8mAloW1X5FQfJoQ=; c=nofws; d=stonetree.com.uy; q=dns; s=dk
    Received: from [192.168.0.150] (r190-64-159-48.dialup.adsl.anteldata.net.uy [190.64.159.48])
    (Authenticated sender: [email protected])
    by excelsior.stonetree.com.uy (Postfix) with ESMTP id 4D8137FCC
    for <[email protected]>; Thu, 1 Nov 2007 23:23:57 -0200 (UYST)
    Message-ID: <[email protected]>
    Date: Thu, 01 Nov 2007 23:23:47 -0200
    From: Stonetree Technologies <[email protected]>
    User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
    MIME-Version: 1.0
    To: [email protected]
    Subject: Prueba dos
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit

    cambio mydomain
    ########## end sended mail ##########
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. andresmontanez

    andresmontanez New Member

    All the IPs of the server are Clean (not blacklisted) and they are all in the SPF.
    Gmail says DomainKeys Passed; and SPF Passed.

    I tryed to contact all providers; and the only one who replyed was Yahoo; saying the above message (forged from or reply-to)... any idea if this is a Postfix problem with authentication?

    Thanks.
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Does this happen as well when you send that mail from mail.stonetree.com.uy (the mail shown here seems to have been sent form a different server)?
     
  5. andresmontanez

    andresmontanez New Member

    I had made a few adjustemns, sent a mail to Yahoo, it was delivered to SPAM folder... the headers are the folowing:

    ########## BEGIN HEADER ##########
    From Stonetree Technologies Sun Nov 4 12:46:29 2007
    Return-Path: <[email protected]>
    Authentication-Results: mta323.mail.re4.yahoo.com from=stonetree.com.uy; domainkeys=pass (ok)
    Received: from 66.240.194.76 (EHLO mx.excelsior.stonetree.com.uy) (66.240.194.76)
    by mta323.mail.re4.yahoo.com with SMTP; Sun, 04 Nov 2007 12:46:36 -0800
    Received: from mx.excelsior.stonetree.com.uy (localhost [127.0.0.1])
    by mx.excelsior.stonetree.com.uy (Postfix) with ESMTP id 97C668004
    for <[email protected]>; Sun, 4 Nov 2007 18:46:35 -0200 (UYST)
    DomainKey-Signature: a=rsa-sha1; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=0V4+YuxKRwWUBN8NJiwbT55sxNf7v3Igzx8yPYGxf6Go7gKAmwZ+CASrlHomm+jc3Rn5eQWQQcY/Ym5raVF9wWnLhpXsDSZiqFbIlqoWlO0zzMtdh+v/JUs6Etx/lviiZOdh+L/26MWNbhrh7sjaBLgEWiK4pWwG03HWK89AkPQ=; c=nofws; d=stonetree.com.uy; q=dns; s=dk
    Received: from [192.168.0.150] (r190-64-149-60.dialup.adsl.anteldata.net.uy [190.64.149.60])
    (Authenticated sender: [email protected])
    by mx.excelsior.stonetree.com.uy (Postfix) with ESMTP id CC0977FCB
    for <[email protected]>; Sun, 4 Nov 2007 18:46:34 -0200 (UYST)
    Message-ID: <[email protected]>
    Date: Sun, 04 Nov 2007 18:46:29 -0200
    From: Stonetree Technologies <[email protected]>
    User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
    MIME-Version: 1.0
    To: [email protected]
    Subject: Prueba de mail
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit
    Content-Length: 41
    ########## END HEADER ##########

    The MX record for the domain "stonetree.com.uy" is "mx.excelsior.stonetree.com.uy"; it is in the SPF; everthing is OK.

    I have Postfix with Virtual Domains; all domains has the MX to "mx.excelsior.stonetree.com.uy".

    All the IP Addresses are clean (not blacklisted).

    Any idea why Google and Yahoo mark the mails as Spam? Or why Hotmail doesn't deliver the massage (even if the logs says otherwise).

    The messages content is rubish (eg: "This is a testing mail").

    Could be somthing wrong configured in the postfix + virtual domains?
     
  6. edge

    edge Active Member Moderator

    Try again. When I did (long time ago) they all did reply and told me they added my domains to an ok** list.
    **With Hotmail (MSN) it's called Sender ID program. I forgot the name from Yahoo.
     
  7. chuckl

    chuckl New Member

    I would guess that this is your problem:

    Looks like mail relaying, it's from a home broadband account, and to any of the big boys, thats spam.
     
  8. edge

    edge Active Member Moderator

    Thats a good find! Now why did I not see this.
     
  9. chuckl

    chuckl New Member

    Thats why they pay me the big bucks. :)

    I wish.

    Rgds,
    Chuck
     
  10. andresmontanez

    andresmontanez New Member

    Findings...

    Yes, i'm connected from a xDSL from my Home.
    My Thunderbird connects to the mail server (in USA, with static IP, clean as water and reverse dns).
    The mail originates from my home; but the sender is the server... could be that? I tryed with others servers and it arrived ok.

    I finded that the problem could be the "Message-ID" header...
    ""Message-ID: <[email protected]>""

    in the postfix page I found this "http://www.postfix.org/BACKSCATTER_README.html"
    where it's explained that the Message-ID shoud be "host.domain";
    in my case, should be "...@mx.excelsior.stonetree.com.uy",
    how is configured the Message id? Or how can this beheavor be changed.

    Thanks a lot :)
     
  11. chuckl

    chuckl New Member

    I don't use Thunderbird, so I'm afraid I can't help you there. I have no idea what it does or doesn't do.
    Normally, you connect to a mail server with a mail client, the server accepts the mail from the client, and then sends it on to the destination mail server, with itself as the originating server. So if my domain is mydomain.com, and my email address is [email protected], the headers would show that my mail server has mail from [email protected] which it is delivering to [email protected].

    This is normal mail server operation. Your server however, is reporting the connection from you to itself, almost as a server-server mail transport connection, which is I think why the receiving mail servers at Gmail yahoo etc regard it as mail relaying and spam. PArticularly when it is shown as a home DSL type source, almost all of which are automatically blacklisted.

    I don't know if this is normal for Thunderbird, or whether it is a Postfix setting, but I've never seen it on my Postfix servers. Altering or deleting mail header components is also not a good idea. Very likely a standards violation, and even MORE likely to get it labelled as spam.
     
  12. mrtornado79

    mrtornado79 New Member

    I have the exact same problem here are the headers and everything seems ok.

    headers from Iloha Webmail.

    X-Apparently-To: [email protected] via 66.163.178.175; Sat, 26 Jan 2008 17:38:14 -0800
    X-YahooFilteredBulk: 88.198.67.242
    X-Originating-IP: [88.198.67.242]
    Return-Path: <[email protected]>
    Authentication-Results: mta174.mail.re3.yahoo.com from=; domainkeys=neutral (no sig)
    Received: from 88.198.67.242 (EHLO www.usarmydt.com) (88.198.67.242) by mta174.mail.re3.yahoo.com with SMTP; Sat, 26 Jan 2008 17:38:14 -0800
    Received: by www.usarmydt.com (Postfix, from userid 33) id BC1B030C252; Sun, 27 Jan 2008 02:38:13 +0100 (CET)
    To: [email protected]
    Subject: bulk or not ?
    Received: from 172.133.61.147 (auth. user [email protected]) by www.usarmydt.com with HTTP; Sun, 27 Jan 2008 01:38:13 +0000
    X-IlohaMail-Blah: [email protected]
    X-IlohaMail-Method: mail() [mem]
    X-IlohaMail-Dummy: moo
    X-Mailer: IlohaMail/0.8.14 (On: www.usarmydt.com)
    Message-ID: <[email protected]>
    From: [email protected] Add Mobile Alert
    Bounce-To: <[email protected]>
    Errors-To: <[email protected]>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Date: Sun, 27 Jan 2008 02:38:13 +0100 (CET)
    Content-Length: 2

    Headers from Thunderbird.

    X-Apparently-To: [email protected] via 66.163.178.171; Sat, 26 Jan 2008 17:35:38 -0800
    X-YahooFilteredBulk: 88.198.67.242
    X-Originating-IP: [88.198.67.242]
    Return-Path: <[email protected]>
    Authentication-Results: mta163.mail.re2.yahoo.com from=usarmydt.com; domainkeys=neutral (no sig)
    Received: from 88.198.67.242 (EHLO www.usarmydt.com) (88.198.67.242) by mta163.mail.re2.yahoo.com with SMTP; Sat, 26 Jan 2008 17:35:38 -0800
    Received: from [172.133.61.147] (AC853D93.ipt.aol.com [172.133.61.147]) by www.usarmydt.com (Postfix) with ESMTP id 4CABB30C251 for <[email protected]>; Sun, 27 Jan 2008 02:35:36 +0100 (CET)
    Message-ID: <[email protected]>
    Date: Sat, 26 Jan 2008 17:35:32 -0800
    From: "toro" <[email protected]> Add Mobile Alert
    User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
    MIME-Version: 1.0
    To: "Gigi Kent" <[email protected]>
    Subject: whatever
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit
    Content-Length: 10

    If anyone can help that would be nice :)
     
    Last edited: Jan 27, 2008
  13. iyeat

    iyeat New Member

    Interestingly enough, I have the same issue at Yahoo... Here are the headers of a mail that I forwarded from my account on my Fedora 8 setup that was marked as spam by Yahoo... I don't have domain keys nor spf though...

    Code:
    From [email protected] Sun Jan 27 01:02:54 2008
    Return-Path: <[email protected]>
    Authentication-Results: mta560.mail.mud.yahoo.com  from=basicprototype.com; domainkeys=neutral (no sig)
    Received: from 69.94.131.24  (EHLO echo.basicprototype.com) (69.94.131.24)
      by mta560.mail.mud.yahoo.com with SMTP; Sun, 27 Jan 2008 01:02:57 -0800
    Received: from localhost (unknown [127.0.0.1])
    	by echo.basicprototype.com (Postfix) with ESMTP id 587784070209
    	for <[email protected]>; Sun, 27 Jan 2008 09:02:57 +0000 (UTC)
    Received: from echo.basicprototype.com ([127.0.0.1])
    	by localhost (echo.basicprototype.com [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id iRDbJ0GIAmMk for <[email protected]>;
    	Sun, 27 Jan 2008 01:02:54 -0800 (PST)
    Received: from mail.basicprototype.com (echo.basicprototype.com [69.94.131.25])
    	by echo.basicprototype.com (Postfix) with ESMTP id D3A064070132
    	for <[email protected]>; Sun, 27 Jan 2008 01:02:54 -0800 (PST)
    MIME-Version: 1.0
    Date: Sun, 27 Jan 2008 01:02:54 -0800
    From: <[email protected]>
    To: [email protected]
    Subject: Fwd: Re: is =?UTF-8?Q?DOS=5FOUTLOOK=5FTO=5FMX=20too=20low=3F?=
    Message-ID: <086da7590311b957e0b518b20036d59c@localhost>
    User-Agent: Basic Prototype&reg; Webmail/0.1-rc2
    Content-Type: text/plain; charset="UTF-8"
    Content-Transfer-Encoding: 8bit
    Content-Length: 2884
     

Share This Page