Is your mailserver's external ip static or dynamic? I am afraid that mail servers from dynamic ips always get listed as spambots even when using SPF, DKIM, correct rDNS etc. The solutions in this case are either to get your isp to allocate to you a static ip (not all isps offer this however), set up another mail server at a new location with static ip (e.g. vps), or use a relayhost through which postfix can send your outgoing mails. Usually your isp will provide a relayhost. This relayhost won't be bothered that you are sending from a dynamic ip and the servers onto which it sends your mails will be concerned about the relayhost's ip (which will be static), not yours.
On 28 December 2016 at 07:32, Alice Wonder <al...@domblogger.net> wrote: > Virtual machine for a web application, it is still in testing. > > reverse DNS is properly set up. > Postfix only listens on the local host. > Linux firewall drops anything not to port 80, 443, or a custom high number > port I use for SSH. > > This postfix is not an open relay, or a relay for anything on the Internet, > it only exists so the web application can send e-mail. > > SPF for the domain is correctly set up, DKIM for the host is correctly set > up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and > DKIM checks. > > So far it has only sent e-mails to addresses I control as the web > application is still in testing. > > Yet yesterday the IP address ended up on Spamhaus blacklist. > > I am 100% confident that no one else was sending e-mail from that IP > address, I'm a bit puzzled as to how the IP address got added to the > blacklist, but I was told that Spamhaus sometimes just adds an entire subnet > if more than one IP on the subnet was sending spam, and that's probably what > happened. > > I think that is irresponsible of Spamhaus if that is what they are doing, > but is there something more I can do other than correct rDNS, SPF, and DKIM > to avoid getting on a blacklist?
