search

mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
8.87k stars 1.17k forks source link

Server ip keeps getting banned from cloudmark.com #2477

Closed plokko closed 5 years ago

plokko commented 5 years ago

Our server keep getting banned from CloudMark: We have the latest mailcow-dockerized version, all services (clamav,rspamd,etc.) are active. We did set all dns records including dmark and SPF and we get 10/10 score on mail-tester.com. We have imposed rate-limits to our clients mailboxes (60 mail/hour per mailbox).

We can't find any suspicous activities on the postfix queue (the blocked queue contains only non-spam email, postfix logs seems clean) and no other suspicious activities or files were found on the server (it is a dedicated cloud vps). RSPAMd seems to filter both ongoing and incoming email so even if one of our users are sending spam it should be filtered.

How can we fix the issue or find the problem? We already did everything possible but we can't find anything!

andryyy commented 5 years ago

  1. You should ask Cloudmarks postmaster.

  2. There is no way you just setup a domain, SPF and DKIM and get into everyone’s inbox. And that’s good! No one likes spam.

A new domain or new IP/domain combination has neither a good nor a bad reputation. Google, Outlook etc. want to see some content from your domain. No test mails, but some valid communication over some time.

  1. Furthermore you should mail from a non-spammy ASN. If you buy a 5 Euro VPS, you should not be surprised about a bad reputation. That’s probably not the case here, though.

An apparently clean IP does not indicate a clean ASN. Most OVH IPs are not blacklisted but still you don’t want to use them for mail. Are you using OVH by chance?

Am 28.03.2019 um 16:13 schrieb plokko notifications@github.com:

Our server keep getting banned from CloudMark: We have the latest mailcow-dockerized version, all services (clamav,rspamd,etc.) are active. We did set all dns records including dmark and SPF and we get 10/10 score on mail-tester.com. We have imposed rate-limits to our clients mailboxes (60 mail/hour per mailbox).

We can't find any suspicous activities on the postfix queue (the blocked queue contains only non-spam email, postfix logs seems clean) and no other suspicious activities or files were found on the server (it is a dedicated cloud vps). RSPAMd seems to filter both ongoing and incoming email so even if one of our users are sending spam it should be filtered.

How can we fix the issue or find the problem? We already did everything possible but we can't find anything!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

plokko commented 5 years ago

@andryyy

  1. I asked and i did get unlocked but it didn't last too long, they did not give me a lot of informations
  2. I do know, i'm just saying that i did my "homeworks" correctly before posting here and i'm not getting blacklisted otherwhere
  3. no, it's on Hetzner cloud but if it was the case after an unblock i should have been clear.

What i'm asking is if there are some rules that i'm not applying that cloudmark sees as bad habit (ex. rspamd ruels a little too permissive) or any help on how i can pin-poin the problem.

mritzmann commented 5 years ago

If Cloudmark does not tell you why you are blacklisted, there is no way to "fix" it.

(Sometimes there's nothing you can do about it... Nobody knows exactly according to which criteria the big providers blacklist. Maybe machine learning, maybe a single mail, maybe manual false positive.)

andryyy commented 5 years ago

Yes, you should try to get in contact with them. Ask them politely, don't demand to be unlisted etc. :)

Perhaps your IP is in a high-spam subnet and they just listed the whole network.