0

My email server serves only a few people who are all known to me. I recently forwarded an email from my server to my own GMail account but got this error on my servers mailq.

relay=alt1.gmail-smtp-in.l.google.com[142.250.153.27]:25, delay=90571, delays=90570/0.03/0.62/0.72, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[142.250.153.27] said: 421-4.7.28 [85.234.130.200 15] Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. f15-20020aa7d84f000000b0053318ba2b73si678945eds.692 - gsmtp (in reply to end of DATA command))

The claim that my server has sent unsolicited email is nonsense. I have checked the mail logs and only myself and one other user has sent any email and they are not unsolicited.

So the claim is definitely spurious. I already had SPF configured. I have now set up the reverse DNS to match the forward DNS look up in case that had any effect. After sending a further test email it is still rejected.

I have even now gone to the trouble of adding DKIM to my server - but Google is still rejecting. As it seems impossible to get to a human being at Google how can I resolve this?

John S
  • 1
  • 1
  • 2
    Does this answer your question? Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User? – Gerald Schneider Sep 21 '23 at 09:09
  • 3
    If your system is compromised and sending spam, the abuser may not be using your SMTP daemon to do so but rather they can be sending mail directly. Then there is no evidence of large volumes of mail in your maillog, nor will you see bounces and/or queued mail. But your IP is still the originator. You may see evidence of that when you monitor outgoing traffic to port 25. – HBruijn Sep 21 '23 at 09:37
  • Nobody that would do such a thing has access to the system, and my system is configured to ensure no relaying can occur from other external users. So I don't think this is the answer - Google is wrong but I can't seem to ask them why they think this is happening because they don't have humans to talk to. – John S Sep 21 '23 at 09:46
  • @John_S: you have not understood the comment by HBrujin. You have stated that you checked your mail logs and see no mail originating from your mailserver - this does not PROVE that your mailserver is not relaying messages but it is very unlikely. OTOH if there are ANY ports listening on this host OTHER than those opened by the mail server they could be POTENTIALLY be exploited for sending email. – symcbean Sep 21 '23 at 10:39
  • Block all outbound traffic destined for port tcp/25 from your public IP address(es), except that sent from your mail server. On the mail server block all outbound traffic destined for port tcp/25 except that which originates from the MTA itself. Ideally log traffic blocked in either situation so you can demonstrably prove no messages are sent from your IP address(es) except through your authorised MTA. (I assume you're already logging all traffic sent through your MTA.) – Chris Davies Sep 21 '23 at 11:59
  • The NDR states that your sending ip address is the origin of unsolicited mail. Your sending ip address also appears on at least one blacklist. It appears that your mail server is being hosted in a data center at Simply Transit LTD. This could be a shared ip address or it could be that the entire netblock of the data center/hosting company has been blacklisted. So... the problem is not necessarily your server, but the address space your email is being sent from. I'd suggest reaching out to the netblock owner and speaking to them about it. – joeqwerty Sep 21 '23 at 12:07
  • Thanks that is useful - will look into these suggestions. – John S Sep 22 '23 at 02:43
  • Ok I think I made some progress - I found Google Postmaster that lets me validate my domain with Google by adding a DNS record TXT google-site-verification= and I previously had that set up but had migrated to a new server. Now I re-issued that DNS record from Google Postmaster and added it - I hope this will prove to be the solution. Microsoft have a similar thing called SNDS but I set that up too but was already saying my IP address is "Normal". Worth knowing about anyway - hope it helps others. – John S Sep 22 '23 at 06:57

0 Answers0