2018-11-08 8:49 GMT+01:00 Dominic Raferd <domi...@timedicer.co.uk>: > On Thu, 8 Nov 2018 at 07:35, Poliman - Serwis <ser...@poliman.pl> wrote: > >> I have domain kamir-transport.pl deployed on the server with dns zone >> where are configured google MX servers like aspmx.l.google.com, >> alt1.aspmx.l.google.com (and few more). Mailboxes are not on my server, >> all email things are deployed on google. Yesterday I saw in log the >> message: >> >> 9FBE713D05F 1564 Tue Nov 6 06:34:55 webmas...@kamir-transport.pl >> (host alt2.aspmx.l.google.com[74.125.24.27] said: 421-4.7.0 >> [54.38.202.128 15] Our system has detected that this message is 421-4.7.0 >> suspicious due to the nature of the content and/or the links within. >> 421-4.7.0 To best protect our users from spam, the message has been >> blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/ >> mail/answer/188131 for more information. t1-v6si2536163pgv.349 - gsmtp >> (in reply to end of DATA command)) >> bi...@kamir-transport.pl >> >> Honestly I don't fully understand this log. Looks like google mx says >> that some message from webmas...@kamir-transport.pl belong to ip >> 54.38.202.128 (what is 15 after ip address?) looks suspicious, although is >> send to another mailbox in this same domain. But both mailboxes are hosted >> on google, so why google mx mention something about not their ip? >> >> PS >> SPF record configured in DNS zone looks like google advices -> v=spf1 >> include:_spf.google.com ~all >> > > This is a response from gsmtp (Gmail) saying that the email your server > relayed to them looks suspicious (detailed reasons not given) - and so it > was temp blocked. I am not sure why gsmtp gives a temp 4xx response, I > rewrite them to permanent 5xx to prevent pointless retries. If you are > relaying world-sourced mails into your users' Gmail mailboxes then messages > of this type are a perennial problem. You might reduce their frequency with > improved anti-spam/anti-virus checks. >
Hmm, I am relaying emails. In this example between mailboxes of specific domain which has mx on google. I have on the server - amavisd, clamav, fail2ban, postgrey, [spf, dkim, dmarc - currently not for each domain, which have my server as MX]. Could you advice me what exactly should I improve? I can provide some configs if needed. I am not sure what I can do better. PS What does exactly mean " If you are relaying world-sourced mails into your users' Gmail mailboxes " - my server acts as open relay? -- *Pozdrawiam / Best Regards* *Piotr Bracha*
