| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
12-04-2008, 05:01 AM
| | |  Yahoo puts zimbra mail in spam folder
I have three installations of zimbra - two open source and one NE. All three are on different networks and in different locations. Reverse DNS is setup correctly on all three and SPF records are also setup. Email originated from all three zimbra servers gets put in the Spam folder by Yahoo. Here is the header from a spammed message. HTML Code: From Drew A. Friestedt Thu Dec 4 12:55:14 2008
Return-Path: <dfriestedt@martincapitalgroup.com>
Authentication-Results: mta134.mail.re4.yahoo.com from=martincapitalgroup.com; domainkeys=neutral (no sig)
Received: from 75.149.216.193 (EHLO mail.martincapitalgroup.com) (75.149.216.193) by mta134.mail.re4.yahoo.com with SMTP; Thu, 04 Dec 2008 04:55:08 -0800
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 33452231DB0; Thu, 4 Dec 2008 06:55:15 -0600 (CST) tests=[AWL=-0.126, BAYES_00=-2.599, RDNS_NONE=0.1]
Received: from mail.martincapitalgroup.com ([127.0.0.1]) by localhost (mail.martincapitalgroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trOmchfWMtCq; Thu, 4 Dec 2008 06:55:14 -0600 (CST)
Received: from mail.martincapitalgroup.com (mail.martincapitalgroup.com [192.168.1.160]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 5D2C9231D6C; Thu, 4 Dec 2008 06:55:14 -0600 (CST)
Date: Thu, 4 Dec 2008 06:55:14 -0600 (CST)
From:
"Drew A. Friestedt" <dfriestedt@martincapitalgroup.com>
Add sender to Contacts
To: dfriestedt <dfriestedt@yahoo.com>
Cc: dfriestedt@friestedt.net
Message-ID: <290761590.39721228395314274.JavaMail.root@mail.martincapitalgroup.com>
Subject: test
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 165
Compact Headers
Drew A. Friestedt
Martin Capital Group
1313 W. Randolph Street, Suite 318
Chicago, IL 60607
O: 312.229.1200 ext. 225 C: 312.206-6211
www.martincapitalgroup.com The spam score is high -2.599. Can anyone see what I'm doing wrong from this header?  |
12-04-2008, 05:11 AM
| | Outstanding Member | |
Posts: 684
| | Dns
This is what my DNS server shows for your Ptr record (reverse DNS):
193.216.149.75.in-addr.arpa domain name = 75-149-216-193-Illinois.hfc.comcastbusiness.net
Plus I show mail.martincapitalgroup.com resolving to 75.149.216.194. |
12-04-2008, 05:14 AM
| | |
one thing that I see right away is that yahoo sees the receiving IP as 75.149.216.193. The IP of my mail server is 75.149.216.19(4) - it does not end in 3. The 3 IP is the address of my firewall.
if you ping mail.martincapitalgroup.com I get 75.149.216.194. The reverse DNS is mail.martincapitalgroup.com. So I have no idea why Yahoo is seeing the receiving IP address of my mail server as anything but the 194 IP.... |
12-04-2008, 05:17 AM
| | |
Perhaps because the connecting IP resolves to Code: 75-149-216-193-Illinois.hfc.comcastbusiness.net
__________________  |
12-04-2008, 05:33 AM
| | Outstanding Member | |
Posts: 684
| | My public IP's don't sit behind a firewall.
Since yours do and the firewall is the device actually making the connection, you can either change your DNS records accordingly and setup split-dns (it's explained in the wiki's). Or you can set your mail server outside the firewall. If you choose the latter, be sure your Linux firewall is configured properly as to not raise a security risk.
Between two different networks I have eight computers connected directly to the Internet. Some prefer no to set their machines directly on the Internet. In my opinion, a firewall installed on a computer is just as secure as a firewall appliance. Plus there is less "confusion" such as having to setup split-dns. |
12-04-2008, 07:36 AM
| | |
Thx guys. I was using my Windows 2003 server to handle DNS for Zimbra, which is how I thought I got around the need for split DNS.
I created a new Forward Lookup Zone of mail.martincapitalgroup.com. The A record points to 192.168.1.160 (the internal IP of Zimbra). Should that be the external IP address of 75.149.216.194 instead? I also created an MX where I use mail.martincapitalgroup.com as the FQDN.
Thx a bunch for your assistance. |
12-04-2008, 08:36 AM
| | |
I think you still could have issues. From your post it looks like the outgoing mail is being sent from your firewall's IP rather than the secondary IP you've given to your mailserver, and this is not unusual in such a setup; I had the same problem when I first set up mine.
The issue is that, since your firewall is doing NAT, you likely have a masquerade rule set up so that all outgoing traffic from your internal LAN, DMZ, or whatever is masqueraded to have the source port be the WAN IP of your firewall. Not surprisingly, this means that outgoing SMTP traffic is coming from that same port.
You need to create a SNAT (Source Network Address Translation) rule on your firewall, that takes outgoing traffic from your mail server, and masquerades it as the secondary IP (the one that is in your public MX records). Then the source will match the RDNS and MX lookups and everything will be hunky dory.
__________________
Cheers,
Dan
|
12-04-2008, 08:43 AM
| | |
that's exactly what I was thinking too. I'm running untangle, so I'll figure out how to do it and post my results. |
12-04-2008, 10:17 AM
| | |
OK - I got the outbound NAT working properly. My mail server IP is 75.149.216.194 and yahoo sees my mail server as such (see header info below). Reverse DNS points back to my mail server properly - mail.martincapitalgroup.com. I'm still getting spammed out. I did not setup split DNS per the recommendation above. I'm still using Windows 2003 server to handle DNS for the mail server. I can send and receive mail just fine, except for sending mail to yahoo. Any thoughts?
Think this could be a DKIM issue? I see other people have reported that as being a potential problem. As far as I can see DKIM is not available in zimbra. HTML Code: Return-Path: <dfriestedt@martincapitalgroup.com>
Authentication-Results: mta447.mail.re4.yahoo.com from=martincapitalgroup.com; domainkeys=neutral (no sig)
Received: from 75.149.216.194 (EHLO mail.martincapitalgroup.com) (75.149.216.194) by mta447.mail.re4.yahoo.com with SMTP; Thu, 04 Dec 2008 10:12:23 -0800
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 538B4231D90 for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:12:38 -0600 (CST) tests=[AWL=-0.094, BAYES_00=-2.599, RDNS_NONE=0.1]
Received: from mail.martincapitalgroup.com ([127.0.0.1]) by localhost (mail.martincapitalgroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp63VgrwIqyi for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:12:33 -0600 (CST)
Received: by mail.martincapitalgroup.com (Postfix, from userid 1002) id A1DB5231D8E; Thu, 4 Dec 2008 12:11:46 -0600 (CST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.martincapitalgroup.com (Postfix) with ESMTP id D7D2F231D92 for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:06:14 -0600 (CST)
Received: from mail.martincapitalgroup.com ([127.0.0.1]) by localhost (mail.martincapitalgroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KWw+2HbIlU5e for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:06:14 -0600 (CST)
Received: from mail.martincapitalgroup.com (mail.martincapitalgroup.com [192.168.1.160]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 16ECB231D8C for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:06:14 -0600 (CST)
Date: Thu, 4 Dec 2008 12:06:13 -0600 (CST)
From:
"Drew A. Friestedt" <dfriestedt@martincapitalgroup.com>
Add sender to Contacts
To: dfriestedt <dfriestedt@yahoo.com>
Message-ID: <847143983.40391228413973981.JavaMail.root@mail.martincapitalgroup.com>
Subject: test
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 165
Last edited by dfriestedt; 12-04-2008 at 10:43 AM..
|
12-04-2008, 11:29 AM
| | |
I send to Yahoo addresses just fine w/o DKIM so I'm sure it's not that.
How long ago did you set up your rDNS PTR record? It's possible it hasn't propagated through to Yahoo's DNS cache yet.
Your spamassassin headers look good, but those, of course, are from your machine, not Yahoo!'s.
While W2k3 would not be my choice of DNS for the purpose, if it's handling DNS records resolving to your internal box, it's performing the SplitDNS function. The key to SplitDNS is NOT that the DNS server lives on your Zimbra box; in fact quite a few users have their own DNS servers on a DMZ or LAN for this purpose. The key is that your Zimbra box can self-resolve to the proper internal IP without adversely affecting the external resolution that is necessary for the rest of us to send you email. So that's not a point about which I would worry.
As to why Yahoo! is still classifying your messages as spam, they don't tip their hand for spam heuristics, but it may also have to do with the type of message you are sending. If it's got a blank body, all caps in the subject or message, or majors on graphics or html, it may still be classed as spam. Why don't you try a fresh message with a simple subject header and two or three sentences of plain text, and see what happens?
If this still bombs, maybe somebody will come along with better ideas than I . . . 
__________________
Cheers,
Dan
| | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
