Re: Using dma for external incoming mail
Date: Wed, 10 Jul 2024 16:40:31 UTC
On 7/10/24 11:49 AM, Miroslav Lachman wrote: > On 10/07/2024 16:35, bob prohaska wrote: >> >> On Wed, Jul 10, 2024 at 12:02:20AM +0200, Dag-Erling Smørgrav wrote: >>> bob prohaska <fbsd@www.zefox.net> writes: >>>> It looks like all I need is SPF and TLS, [...] >>> >>> You also need DKIM. >>> >> Going by: https://support.google.com/a/answer/81126?hl=en >> >> If I'm reading right, that requirement applies only to >> senders of more than 5000 mails per day. I'm sending >> one or two, at most. >> >> Do I misunderstand something >> >> Thanks for writing! > > I maintain a small mail server with about dozen of active domains. > Average traffic is under 50 outgoing messages per day but Gmail refused > messages until I set SPF and DKIM for each domain. If there was ever a > traffic of more than 5000 messages per day it was many years ago due to > hacked sender account sending spam. > So I think it is very easy to be blocked by Gmail. It is not about > domain, but by the IP of the server I think. > > YMMV > > Miroslav Lachman > > > > Miroslav is correct. I have 2 domains hosted by Digital Ocean and one falls into an address range that Gmail rejects and another that Gmail accepts. mxtoolbox.com will check and alert you if your sending domain has any blacklist flags attached to it. UCEPROTECTL3 and UCEPROTECTL2 are the most common and they come from using a non-compliant host. You also have to be careful about using a DHCP address. Gmail may flag email you send even if it is Smarthosted through a compliant static IP mailserver if it detects that the originating address is DHCP. Gmail likes to deliver mail from one of my servers to their Junk/Spam folder, another of my servers gets email delivered fine. I've been through a lot of trial and error making gmail happy. These current sendmail features I'm using (updated 2 days ago) seem to do the trick the best: # sendmail -d0.1 -bv root | grep SASL PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS TLS_EC Tim