Hi,
I'm looking for advice on ways to gradually phase in a new Exim server so that providers that throttle incoming emails from unseen IPs don't completely block all emails from our servers.
<snip>
I'm assuming that you already know that the new IP address is not on any blacklists.
Therefore, it's "simply" a matter of getting a good reputation for that IP address. (i.e. turning a "neutral" reputation into a "good" one).
Make sure the new machine has good HELO banners and reverse DNS. If you're using IPv6 then many providers set the bar higher and don't accept things that have been "common practice" for years but aren't strictly best practice.
In modern eMail systems, reputation doesn't only come from IP addess. It can come from an (authenticated) sending domain as well. There are two ways to authenticate: SPF and DKIM.
If you're signing messages with DKIM then the SDID reputation should automatically transfer to the new machine provided you sign with the same identity (of course, you can use another key/selector if you want).
You'll also have to add the new IP address to any SPF records that your outgoing domains use.
These two things will help you with the "large" providers such as Gmail, etc.
Smaller providers may still be using IP address reputation but not being on blacklists will will hopefully give you enough of a "not bad" reputation that you will be in a good place.
Once all that is taken care of I'd try some deliveries from each of your sending domains to popular places or places you think you'll have trouble delivering to.
Inspect the headers of delivered messages to check the recipient is authenticating the mail properly.
If you have problems, resolve them first. i.e. don't try setting up a complex arrangement of forwarding between machines until you're reasonably sure that the new machine has a "good enough" reputation already.
Once simple tests are working, pick off small streams of mail one-by-one and send them through the new machine. If recipients are using domain-based reputation then you're more likely to encounter trouble based on the sending domain than the sending IP address so by picking individual authenticated mail streams one-by-one it'll be easier to diagnose problems.
If you're not starting with a blacklist-free IP addess or you're not currently building domain-based reputation with recipients using DKIM and/or SPF then I'd start with fixing those two things before you start sending mail through the new machine.
Best wishes, @ndy -- [email protected] http://www.ashurst.eu.org/ 0x7EBA75FF -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
