Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Yahoo puts zimbra mail in spam folder

  1. #1
    dfriestedt is offline Senior Member
    Join Date
    Jul 2007
    Posts
    72
    Rep Power
    8

    Default Yahoo puts zimbra mail in spam folder

    I have three installations of zimbra - two open source and one NE. All three are on different networks and in different locations. Reverse DNS is setup correctly on all three and SPF records are also setup. Email originated from all three zimbra servers gets put in the Spam folder by Yahoo. Here is the header from a spammed message.

    HTML Code:
    From Drew A. Friestedt Thu Dec 4 12:55:14 2008
    Return-Path: 		<dfriestedt@martincapitalgroup.com>
    Authentication-Results: 		mta134.mail.re4.yahoo.com from=martincapitalgroup.com; domainkeys=neutral (no sig)
    Received: 		from 75.149.216.193 (EHLO mail.martincapitalgroup.com) (75.149.216.193) by mta134.mail.re4.yahoo.com with SMTP; Thu, 04 Dec 2008 04:55:08 -0800
    Received: 		from localhost (localhost.localdomain [127.0.0.1]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 33452231DB0; Thu, 4 Dec 2008 06:55:15 -0600 (CST) tests=[AWL=-0.126, BAYES_00=-2.599, RDNS_NONE=0.1]
    Received: 		from mail.martincapitalgroup.com ([127.0.0.1]) by localhost (mail.martincapitalgroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trOmchfWMtCq; Thu, 4 Dec 2008 06:55:14 -0600 (CST)
    Received: 		from mail.martincapitalgroup.com (mail.martincapitalgroup.com [192.168.1.160]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 5D2C9231D6C; Thu, 4 Dec 2008 06:55:14 -0600 (CST)
    Date: 		Thu, 4 Dec 2008 06:55:14 -0600 (CST)
    From: 		
    "Drew A. Friestedt" <dfriestedt@martincapitalgroup.com>  
    Add sender to Contacts
    To: 		dfriestedt <dfriestedt@yahoo.com>
    Cc: 		dfriestedt@friestedt.net
    Message-ID: 		<290761590.39721228395314274.JavaMail.root@mail.martincapitalgroup.com>
    Subject: 		test
    MIME-Version: 		1.0
    Content-Type: 		text/plain; charset=utf-8
    Content-Transfer-Encoding: 		7bit
    Content-Length: 		165
    Compact Headers
    
    
    Drew A. Friestedt
    
    Martin Capital Group
    1313 W. Randolph Street, Suite 318
    Chicago, IL  60607
    O: 312.229.1200 ext. 225  C: 312.206-6211
    www.martincapitalgroup.com
    The spam score is high -2.599. Can anyone see what I'm doing wrong from this header?

  2. #2
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Dns

    This is what my DNS server shows for your Ptr record (reverse DNS):

    193.216.149.75.in-addr.arpa domain name = 75-149-216-193-Illinois.hfc.comcastbusiness.net

    Plus I show mail.martincapitalgroup.com resolving to 75.149.216.194.

  3. #3
    dfriestedt is offline Senior Member
    Join Date
    Jul 2007
    Posts
    72
    Rep Power
    8

    Default

    one thing that I see right away is that yahoo sees the receiving IP as 75.149.216.193. The IP of my mail server is 75.149.216.19(4) - it does not end in 3. The 3 IP is the address of my firewall.

    if you ping mail.martincapitalgroup.com I get 75.149.216.194. The reverse DNS is mail.martincapitalgroup.com. So I have no idea why Yahoo is seeing the receiving IP address of my mail server as anything but the 194 IP....

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Perhaps because the connecting IP resolves to
    Code:
    75-149-216-193-Illinois.hfc.comcastbusiness.net

  5. #5
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default My public IP's don't sit behind a firewall.

    Since yours do and the firewall is the device actually making the connection, you can either change your DNS records accordingly and setup split-dns (it's explained in the wiki's). Or you can set your mail server outside the firewall. If you choose the latter, be sure your Linux firewall is configured properly as to not raise a security risk.

    Between two different networks I have eight computers connected directly to the Internet. Some prefer no to set their machines directly on the Internet. In my opinion, a firewall installed on a computer is just as secure as a firewall appliance. Plus there is less "confusion" such as having to setup split-dns.

  6. #6
    dfriestedt is offline Senior Member
    Join Date
    Jul 2007
    Posts
    72
    Rep Power
    8

    Default

    Thx guys. I was using my Windows 2003 server to handle DNS for Zimbra, which is how I thought I got around the need for split DNS.

    I created a new Forward Lookup Zone of mail.martincapitalgroup.com. The A record points to 192.168.1.160 (the internal IP of Zimbra). Should that be the external IP address of 75.149.216.194 instead? I also created an MX where I use mail.martincapitalgroup.com as the FQDN.

    Thx a bunch for your assistance.

  7. #7
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    I think you still could have issues. From your post it looks like the outgoing mail is being sent from your firewall's IP rather than the secondary IP you've given to your mailserver, and this is not unusual in such a setup; I had the same problem when I first set up mine.

    The issue is that, since your firewall is doing NAT, you likely have a masquerade rule set up so that all outgoing traffic from your internal LAN, DMZ, or whatever is masqueraded to have the source port be the WAN IP of your firewall. Not surprisingly, this means that outgoing SMTP traffic is coming from that same port.

    You need to create a SNAT (Source Network Address Translation) rule on your firewall, that takes outgoing traffic from your mail server, and masquerades it as the secondary IP (the one that is in your public MX records). Then the source will match the RDNS and MX lookups and everything will be hunky dory.
    Cheers,

    Dan

  8. #8
    dfriestedt is offline Senior Member
    Join Date
    Jul 2007
    Posts
    72
    Rep Power
    8

    Default

    that's exactly what I was thinking too. I'm running untangle, so I'll figure out how to do it and post my results.

  9. #9
    dfriestedt is offline Senior Member
    Join Date
    Jul 2007
    Posts
    72
    Rep Power
    8

    Default

    OK - I got the outbound NAT working properly. My mail server IP is 75.149.216.194 and yahoo sees my mail server as such (see header info below). Reverse DNS points back to my mail server properly - mail.martincapitalgroup.com. I'm still getting spammed out. I did not setup split DNS per the recommendation above. I'm still using Windows 2003 server to handle DNS for the mail server. I can send and receive mail just fine, except for sending mail to yahoo. Any thoughts?

    Think this could be a DKIM issue? I see other people have reported that as being a potential problem. As far as I can see DKIM is not available in zimbra.


    HTML Code:
    Return-Path:   	 	 <dfriestedt@martincapitalgroup.com>
    Authentication-Results: 		mta447.mail.re4.yahoo.com from=martincapitalgroup.com; domainkeys=neutral (no sig)
    Received: 		from 75.149.216.194 (EHLO mail.martincapitalgroup.com) (75.149.216.194) by mta447.mail.re4.yahoo.com with SMTP; Thu, 04 Dec 2008 10:12:23 -0800
    Received: 		from localhost (localhost.localdomain [127.0.0.1]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 538B4231D90 for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:12:38 -0600 (CST) tests=[AWL=-0.094, BAYES_00=-2.599, RDNS_NONE=0.1]
    Received: 		from mail.martincapitalgroup.com ([127.0.0.1]) by localhost (mail.martincapitalgroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp63VgrwIqyi for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:12:33 -0600 (CST)
    Received: 		by mail.martincapitalgroup.com (Postfix, from userid 1002) id A1DB5231D8E; Thu, 4 Dec 2008 12:11:46 -0600 (CST)
    Received: 		from localhost (localhost.localdomain [127.0.0.1]) by mail.martincapitalgroup.com (Postfix) with ESMTP id D7D2F231D92 for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:06:14 -0600 (CST)
    Received: 		from mail.martincapitalgroup.com ([127.0.0.1]) by localhost (mail.martincapitalgroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KWw+2HbIlU5e for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:06:14 -0600 (CST)
    Received: 		from mail.martincapitalgroup.com (mail.martincapitalgroup.com [192.168.1.160]) by mail.martincapitalgroup.com (Postfix) with ESMTP id 16ECB231D8C for <dfriestedt@yahoo.com>; Thu, 4 Dec 2008 12:06:14 -0600 (CST)
    Date: 		Thu, 4 Dec 2008 12:06:13 -0600 (CST)
    From: 		
    "Drew A. Friestedt" <dfriestedt@martincapitalgroup.com>  
    Add sender to Contacts
    To: 		dfriestedt <dfriestedt@yahoo.com>
    Message-ID: 		<847143983.40391228413973981.JavaMail.root@mail.martincapitalgroup.com>
    Subject: 		test
    MIME-Version: 		1.0
    Content-Type: 		text/plain; charset=utf-8
    Content-Transfer-Encoding: 		7bit
    Content-Length: 		165
    Last edited by dfriestedt; 12-04-2008 at 11:43 AM.

  10. #10
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    I send to Yahoo addresses just fine w/o DKIM so I'm sure it's not that.

    How long ago did you set up your rDNS PTR record? It's possible it hasn't propagated through to Yahoo's DNS cache yet.

    Your spamassassin headers look good, but those, of course, are from your machine, not Yahoo!'s.

    While W2k3 would not be my choice of DNS for the purpose, if it's handling DNS records resolving to your internal box, it's performing the SplitDNS function. The key to SplitDNS is NOT that the DNS server lives on your Zimbra box; in fact quite a few users have their own DNS servers on a DMZ or LAN for this purpose. The key is that your Zimbra box can self-resolve to the proper internal IP without adversely affecting the external resolution that is necessary for the rest of us to send you email. So that's not a point about which I would worry.

    As to why Yahoo! is still classifying your messages as spam, they don't tip their hand for spam heuristics, but it may also have to do with the type of message you are sending. If it's got a blank body, all caps in the subject or message, or majors on graphics or html, it may still be classed as spam. Why don't you try a fresh message with a simple subject header and two or three sentences of plain text, and see what happens?

    If this still bombs, maybe somebody will come along with better ideas than I . . .
    Cheers,

    Dan

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Replies: 2
    Last Post: 02-12-2008, 11:55 AM
  3. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •