Re: Using dma for external incoming mail

From: TIM KELLERS <tim_at_beachpatt.com>
Date: Wed, 10 Jul 2024 16:40:31 UTC
On 7/10/24 11:49 AM, Miroslav Lachman wrote:
> On 10/07/2024 16:35, bob prohaska wrote:
>>
>> On Wed, Jul 10, 2024 at 12:02:20AM +0200, Dag-Erling Smørgrav wrote:
>>> bob prohaska <fbsd@www.zefox.net> writes:
>>>> It looks like all I need is SPF and TLS, [...]
>>>
>>> You also need DKIM.
>>>
>> Going by: https://support.google.com/a/answer/81126?hl=en
>>
>> If I'm reading right, that requirement applies only to
>> senders of more than 5000 mails per day.  I'm sending
>> one or two, at most.
>>
>> Do I misunderstand something
>>
>> Thanks for writing!
> 
> I maintain a small mail server with about dozen of active domains. 
> Average traffic is under 50 outgoing messages per day but Gmail refused 
> messages until I set SPF and DKIM for each domain. If there was ever a 
> traffic of more than 5000 messages per day it was many years ago due to 
> hacked sender account sending spam.
> So I think it is very easy to be blocked by Gmail. It is not about 
> domain, but by the IP of the server I think.
> 
> YMMV
> 
> Miroslav Lachman
> 
> 
> 
> 

Miroslav is correct.  I have 2 domains hosted by Digital Ocean and one 
falls into an address range that Gmail rejects and another that Gmail 
accepts.

mxtoolbox.com will check and alert you if your sending domain has any 
blacklist flags attached to it.  UCEPROTECTL3 and UCEPROTECTL2 are the 
most common and they come from using a non-compliant host.

You also have to be careful about using a DHCP address.  Gmail may flag 
email you send even if it is Smarthosted through a compliant static IP 
mailserver if it detects that the originating address is DHCP.

Gmail likes to deliver mail from one of my servers to their Junk/Spam 
folder, another of my servers gets email delivered fine.

I've been through a lot of trial and error making gmail happy.

These current sendmail features I'm using (updated 2 days ago) seem to 
do the trick the best:
# sendmail -d0.1 -bv root | grep SASL
                 PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS TLS_EC

Tim