1

I have a Postfix server setup which works fine most of the time but between 100 - 200 mails gets deferred every day with the following errors:

status=deferred (lost connection with alt1.gmail-smtp-in.l.google.com[74.125.142.27] while sending RCPT TO)

status=deferred (lost connection with mta6.am0.yahoodns.net[66.196.118.34] while sending message body)

That's around 10 % of all outgoing mails. Incoming mails works fine and all outgoing to domains on the local server works fine as well.

While troubleshooting, I found a certain mail that gmail keeps on bouncing, but if I compose a new mail to the exact same recipient google accepts it without any issues:

Mail that bounces:

Sep  3 13:08:04 mail postfix/smtp[2623]: 72A66184148: to=<user@gmail.com>, relay=aspmx.l.google.com[173.194.79.27]:25, delay=2.5, delays=0.01/0/0.83/1.7, dsn=5.7.1, status=bounced (host aspmx.l.google.com[173.194.79.27] said: 554 5.7.1 9.9.9 (in reply to end of DATA command))

Mail that gets delivered:

Sep  3 13:10:08 mail postfix/smtp[24005]: 38C47184147: to=<user@gmail.com>, relay=aspmx.l.google.com[173.194.79.27]:25, delay=3.3, delays=0/0.01/0.82/2.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1378199356 hk5si14476075pac.241 - gsmtp)

If I forward the same mail that bounced to another domain on the local server it goes through fine.

But Yahoo bounces it with the following error:

host mta5.am0.yahoodns.net[66.196.118.240] said: 554 5.7.1 9.9.9 (in reply to end of DATA command)

The size of both the emails are more or less same(less than 100KB) so that's not the issue here.

There is no firewall infront of the server. All DNS settings are correct, reverse DNS is setup properly and as I said, it's just certain mails that doesn't go through.

I spoke to the ISP and confirmed the MTU settings are okay.

Any suggestions?

Update I manage a second mail server at a remote location and tried sending the mail that bounces to the remote domain. I ran tcpdump on the receiving end to see what is happening. While sending the mail that is bouncing, the server is sending RSET after it sends RCPT TO. 

16:17:23.249320 IP mail.mydomain.com.47556 > mail.myremotemailserver.com.smtp: P 74:126(52) ack 228 win 123 E..h.R@.7...^.B2...}.....-B........{....... t...y...RCPT TO: ORCPT=

16:17:23.614527 IP mail.mydomain.com.47556 > mail.myremotemailserver.com.smtp: P 126:132(6) ack 242 win 123 E..:.T@.7..J^.B2...}.....-B........{....... t..vy...RSET

However, when I compose a new mail it sends DATA after RCPT to which is expected and the mail goes through fine:

16:19:20.911123 IP mail.mydomain.com.43064 > mail.myremotemailserver.com.smtp: P 73:125(52) ack 228 win 123 E..h..@.7.*_^.B2...}.8..;&J.`..4...{P@..... t...y...RCPT TO: ORCPT=


16:19:21.297598 IP mail.mydomain.com.43064 > mail.myremotemailserver.com.smtp: P 125:131(6) ack 242 win 123 E..:..@.7.*.^.B2...}.8..;&K.`..B...{t5..... t..ay...DATA

Doesn't make much sense to me..

voretaq7
  • 79,879
  • 17
  • 130
  • 214
Debianuser
  • 421
  • 4
  • 12
  • 29
  • I have found out that all such bounces has the error code: 554 5.7.1 9.9.9 – Debianuser Sep 03 '13 at 11:26
  • When you connect from the server having the problem to port 25 of a remote server, what do you see? – Michael Hampton Sep 03 '13 at 12:32
  • 1
    `554 5.7.1 9.9.9` == "Message refused by Heuristic check" (aka, "stop spamming us") – Chris S Sep 03 '13 at 13:15
  • Thanks Chris, but why do I get : 554 5.7.1 9.9.9 on some emails only? I have noticed this is mostly happening with emails that are forwarding other mails as attachment.. If the same sender sends another mail to same recipient, it goes through. – Debianuser Sep 07 '13 at 08:28
  • I couldn't figure this out, so in the end I configured this server to relay all mails to yahoo and gmail through a relayhost somewhere else. This is working fine! This is not a permanent solution so I'm still looking for suggestions. – Debianuser Sep 11 '13 at 18:29
  • This issue is back! Gmail has started rejecting most of the mails and there is this specific mail which is even bounced by my relayhost with the error code : 554 5.7.1 9.9.9! How can this happen? There is no ant-spam software on the relay host. It is just a postfix instance relaying mails from my mailserver. – Debianuser Sep 17 '13 at 17:53

4 Answers4

2

554 is a permanent error, as you're aware. This isn't some form of grey-listing test to see how you implement queueing.

As others have pointed out, 99.9% of 554's are issued because you message failed an anti-spam test. The fact that you get the 554 after the end of DATA suggests that there is something in the content of the message that they don't like, although the server could have already decided that it's going to reject your message much earlier than that and has been configured to wait until the end for various reasons (1. waste your time/bandwidth/resources, and 2. gather as much information about your message as possible).

The hardest part of these situations is that you're failing policies that are developed and enforced by the receiving end; they might be rejecting your message because the body has the word "apple" in it and the last octet of your IP address is a multiple of 3 for all we know. Highly unlikely, but possible.

Messages usually aren't rejected based on failure of 1 criteria, especially by "the big boys", so I would guess that you're failing multiple tests, but the only way to find out exactly (considering the lack of information in the rejection message) is to ask them unfortunately.

I found this page for Google in relation to your problem which may be a good path to follow. I couldn't find a similar page for Yahoo at a quick look.

fukawi2
  • 5,396
  • 3
  • 32
  • 51
1

Did you tried to see the spam assassin score for that particular message? go on this website [spamscorechecker][1]

[1]: http://spamscorechecker.com/ send to them that message and another message which have been delivered so you can see the differences between them. Keep us update because I am curious to know what the problem is.

marcodv
  • 311
  • 1
  • 3
  • 14
  • The link was useful. I got a 4.6/5 for the mail that was bouncing from yahoo. More info: `3 spam rules triggered 1 RCVD_MAIL_COM Forged Received header (contains post.com or mail.com) 1 SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject 2.6 DEAR_FRIEND Dear Friend? That's not very dear!` These mails are going through okay when I use a relayhost. – Debianuser Sep 12 '13 at 20:37
  • Ah nice one, but 4.6/5 is still an high score and it is not good if you're going to send a lot of mails.!Try to follow the explanation on spam assasin page score and reduce your score.That should improve your delivery to the inbox folder. – marcodv Sep 13 '13 at 11:25
  • This issue is happening again, now I can't forward the mail that is bouncing to spamscorechecker.com: `Sep 17 22:42:50 mail postfix/smtp[12871]: D1FEC184145: to=<10903@SpamScoreChecker.com>, relay=SpamScoreChecker.com[107.23.208.101]:25, delay=51, delays=0.01/0.01/4.7/47, dsn=4.4.2, status=deferred (lost connection with SpamScoreChecker.com[107.23.208.101] while sending end of data -- message may be sent more than once)` – Debianuser Sep 17 '13 at 18:45
0

Sounds like gmail et.al. think you are spamming, so it is throttling you to see if you retry. You said your rdns is properly configured but make sure that any SPF records for domains you are sending as denote you as an allowed sender for that domain. Check if your IP is on any blacklists using one of the free online tools and if it appears, request that the IP be removed from said list.

Andrew Domaszek
  • 5,163
  • 1
  • 15
  • 27
  • It is not just gmail. The same mail get bounced by yahoo and a few other mail servers. If I send another mail with different content, all the above servers accept the mail without any issues. IP is not in the blacklist. I have setup many mail servers in the past and have never used SPF records but never faced such issues. How import is it to set it up? – Debianuser Sep 08 '13 at 10:14
  • 1
    They can help but are not critical. I would try adding them; it may increase the trust mail providers have in emails originating from your server by adding accountability. Another similar tool that may boost trust is DKIM, both of which are relatively easy to configure with postfix. There is, however, certain content that gmail, yahoo or the like can never be convinced is legitimate and will always bounce like this. – Andrew Domaszek Sep 08 '13 at 14:17
  • @Debianuser "If I send another mail with different content, all the above servers accept the mail without any issues"... surely it's time to scrutinize the content? – Peter White Sep 12 '13 at 10:14
0

They suppose you are spam. Please reconfigure your MTA according to spamhaus , Also check your MTA according to Barracuda.(Your IP address and so on.)

PersianGulf
  • 602
  • 8
  • 21