Dealing with recipients' servers spam filtering
Hi,
I run a mailman3 instance with mainly private lists for which I know and trust every single member. Some of them have Hotmail email addresses, and the messages they send though our lists are rejected as being spam by most of the recipients' mail servers, while these are legitimate emails.
I'd welcome any pointer to best practices / howtos regarding mailman3 / exim4 configuration to mitigate this problem.
Many thanks in advance,
_g.
On 2/12/21 8:41 AM, Gilles Filippini wrote:
I run a mailman3 instance with mainly private lists for which I know and trust every single member. Some of them have Hotmail email addresses, and the messages they send though our lists are rejected as being spam by most of the recipients' mail servers, while these are legitimate emails.
I'd welcome any pointer to best practices / howtos regarding mailman3 / exim4 configuration to mitigate this problem.
What does the non-delivery long entries say are the reasons for the rejections? Do you have a SPF record setup for your list domain? Do you have DMARC mitigation enabled for your list?
-- Brian Carpenter Harmonylists.com Emwd.com
Brian Carpenter a écrit le 12/02/2021 à 15:10 :
On 2/12/21 8:41 AM, Gilles Filippini wrote:
I run a mailman3 instance with mainly private lists for which I know and trust every single member. Some of them have Hotmail email addresses, and the messages they send though our lists are rejected as being spam by most of the recipients' mail servers, while these are legitimate emails.
I'd welcome any pointer to best practices / howtos regarding mailman3 / exim4 configuration to mitigate this problem.
What does the non-delivery long entries say are the reasons for the rejections?
It says: host mx1.free.fr[212.27.48.7] said: 550 spam detected (in reply to end of DATA command)
Do you have a SPF record setup for your list domain? Do you have DMARC mitigation enabled for your list?
I don't have any SPF record setup. DMARC mitigation is configured to 'Replace From: with list address' and 'DMARC mitigate unconditionally' set to 'No'.
Thanks,
_g.
On 2/12/21 10:59 AM, Gilles Filippini wrote:
It says: host mx1.free.fr[212.27.48.7] said: 550 spam detected (in reply to end of DATA command) I don't have any SPF record setup. DMARC mitigation is configured to 'Replace From: with list address' and 'DMARC mitigate unconditionally' set to 'No'.
Well make sure you set up SPF records for your list domains. They do help in mail delivery. I personally set DMARC mitigate unconditionally to yes for my lists. Unfortunately the 550 spam detected message is too generalized to be helpful. If you have more informative information from your logs then please share them.
-- Brian Carpenter Harmonylists.com Emwd.com
Brian Carpenter a écrit le 12/02/2021 à 17:33 :
On 2/12/21 10:59 AM, Gilles Filippini wrote:
It says: host mx1.free.fr[212.27.48.7] said: 550 spam detected (in reply to end of DATA command) I don't have any SPF record setup. DMARC mitigation is configured to 'Replace From: with list address' and 'DMARC mitigate unconditionally' set to 'No'.
Well make sure you set up SPF records for your list domains. They do help in mail delivery. I personally set DMARC mitigate unconditionally to yes for my lists. Unfortunately the 550 spam detected message is too generalized to be helpful. If you have more informative information from your logs then please share them.
Writing down what I've learned so far, in case it may help others:
1- The lists server DNS record (lists.example.com) should be of 'A' type (no 'ALIAS' or 'CNAME') 2- The SPF record should be set for the very same DNS name; e.g. lists.example.com (not just example.com) 3- This record seems to work for my server: lists.example.com. IN TXT "v=spf1 ip4:123.123.123.123 -all" Where the IP address is the same as the one registered for the 'A' record.
How to check the SPF record: 1- Create a dummy mailing list and register your email address and check-auth@verifier.port25.com. 2- Send an email to this list. You should receive a report from auth-results@verifier.port25.com
Here is what I've received for my server:
Summary of Results
SPF check: pass "iprev" check: pass DKIM check: none
Let's see it this is enough to mitigate the problem with Hotmail addresses.
Best,
_g.
On 2/13/21 7:31 AM, Gilles Filippini wrote:
Writing down what I've learned so far, in case it may help others:
1- The lists server DNS record (lists.example.com) should be of 'A' type (no 'ALIAS' or 'CNAME')
Not only that, reverse lookup of the IP in the A record must point back to the same (lists.example.com) domain. See, e.g., <https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>.
2- The SPF record should be set for the very same DNS name; e.g. lists.example.com (not just example.com) 3- This record seems to work for my server: lists.example.com. IN TXT "v=spf1 ip4:123.123.123.123 -all" Where the IP address is the same as the one registered for the 'A' record.
And you should also DKIM sign outgoing mail.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Brian Carpenter -
Gilles Filippini -
Mark Sapiro