1

I've a Postfix server with two virtual domains, users and aliases. Some of my users want their email centralized at Gmail and have aliases in place to redirect incoming e-mail to their Gmail accounts.

Eg. person.a@example.org is forwarded to person.a.xyz@gmail.com. The DB looks like this:

  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `domainid` int(10) unsigned NOT NULL,
  `source` varchar(255) NOT NULL,
  `destination` varchar(255) NOT NULL,
  PRIMARY KEY (`id`) USING BTREE

  Eg. Record: ( 1, 1, 'person.a@example.org', 'person.a.xyz@gmail.com' )

The Postfix config:

virtual_alias_maps = mysql:/etc/postfix/virtual/mysql-alias-maps.cf
(...)
query = SELECT destination FROM `aliases` WHERE source='%s'

This setup works fine, however Google sometimes they classify forwarded email as SPAM and it stays on my Postfix queue. Later Postfix re-tries deliveries and eventually I get rate limited like this:

-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
EB7F52D4AC6    68880 Wed May 10 15:47:55  000000.00.0000000@on.ismg-news.com
(host alt1.gmail-smtp-in.l.google.com[142.250.153.27] said: 421-4.7.28 [x.x.x.x      15] Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. xxxxxxxxxxxxxx - gsmtp (in reply to end of DATA command))
                                         person.a.xyz@gmail.com

727102D4897     9357 Wed May 10 13:16:19  0000-000-000-0000@mail.syncenvi.today
(host alt1.gmail-smtp-in.l.google.com[142.250.153.27] said: 421-4.7.0 [x.x.x.x      15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending domain. To 421-4.7.0 best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0  https://support.google.com/mail/answer/188131 for more information. xxxxxxxxxxxxxx - gsmtp (in reply to end of DATA command))
                                         person.a.xyz@gmail.com

5A5612C600F   114347 Thu May  4 13:47:25  xxxxxxxxxx@bounce.linkedin.com
(host alt1.gmail-smtp-in.l.google.com[142.250.153.26] said: 421-4.7.28 [x.x.x.x      15] Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. xxxxxxxxxxxxxx - gsmtp (in reply to end of DATA command))
                                         person.a.xyz@gmail.com

Google is saying mail sent from your IP address has been temporarily 421-4.7.28 rate limited. This causes issues with emails sent by other users as they can't be delivered. This seem to happen very frequently with emails from Linkedin and ISMG Network News but sometimes with others.

Is there a way to set Postfix to never re-try deliveries of forwardings to Google if they refuse it once? I don't want this to apply to emails sent by my users.

Thank you.

TCB13
  • 1,166
  • 1
  • 14
  • 34
  • You might not need to accept the sort of messages Google ends up punishing you for pushing their way. Not sure if `.today` has attracted any legitimate users at all, in any case its one of those (do)nuts domains where requiring FcrDNS and sending IPs not listed by popular DNSBL will generally not be deemed unreasonable. – anx May 19 '23 at 15:01
  • I do have PTR / FCrDNS checks with rspamd, but for instance Linkedin sometimes dispatches 10 emails in a row and also trigger's Google's policies. This is the kind of situation where I would like to simply discards those emails. – TCB13 May 19 '23 at 16:34
  • Discarding a few of of the solicited messages exceeding the *rate* (symptom) that Google sets up to give you time to react will not improve the *ratio* (cause) of unsolicited (or otherwise making people press "Report Junk" buttons) messages. Contrary, even, if your users treat Linkedin notifications as non-junk. I am saying this without any insight into Googles policies.. but I know they very much do accept tight burst of hundreds of messages in a row just fine - *if* there is very little obvious garbage among them. – anx May 21 '23 at 23:16

0 Answers0