Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Postfix on Centos(Virtualmin) goes to Spam - Multipart Messages

[zahirw]

Hi guys

I'm new here and I'm sure this question has been thrown around a lot but I just couldn't find a solution. I have a networking website I've setup and we need to send notification mails to our members depending on activity related to their profiles(messages, comments etc).

We are hosting the site on Centos5.6 with VirtualMin and are using Postfix as our MTA. We also use google apps for email on the site. Heres the problem, the mails go through for some gmail users but more often than not, they end up in gmail,hotmail and yahoo spam.

We've setup the appropriate SPF codes on the server, DKIM and rDNS works fine.

v=spf1 ip4:xx.xx.xx.xx a mx include:_spf.google.com ~all

Below is a sample email that goes directly into gmail spam. I've replaced the actual values with dummy text (Ip, Domain etc)

---


Delivered-To: my.email@gmail.com
Received: by 10.143.165.5 with SMTP id s5cs223598wfo;
Fri, 15 Apr 2011 08:38:22 -0700 (PDT)
Received: by 10.100.15.34 with SMTP id 34mr1202961ano.165.1302881901970;
Fri, 15 Apr 2011 08:38:21 -0700 (PDT)
Return-Path: <apache@domainxyz.com>
Received: from server.domainxyz.com (server.domainxyz.com [xx.xx.xx.xx])
by mx.google.com with ESMTP id c12si6403722anc.63.2011.04.15.08.38.18;
Fri, 15 Apr 2011 08:38:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of apache@domainxyz.com designates xx.xx.xx.xx as permitted sender) client-ip=xx.xx.xx.xx;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of apache@domainxyz.com designates xx.xx.xx.xx as permitted sender) smtp.mail=apache@domainxyz.com; dkim=pass (test mode) header.i=@domainxyz.com
Received: by server.domainxyz.com (Postfix, from userid 48)
id 3549968563; Fri, 15 Apr 2011 21:08:18 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=domainxyz.com;
s=domainxyz-mail; t=1302881898;
bh=l1LE96Pw4vGi1qCMy0/IALNzrln9ZKBKvnUdaevYI/Y=;
h=Toubject:From:Reply-To:MIME-Version:Content-type:Message-Id:
Date;
b=cgnMgqhSoGbQlL8qVPOwsadU5JwyVIklw85ZkHpGF2L/Ge4MFvLQstnBt8Ot0UmG1
sZCC4oFDUH6e5Qd+jgfEdjBs2ax3inTV7FIz4kc0jXxNDEdrAw hik3IBwjrk1LLcep
6VIEYR+Zl9VwKgDHJn2OyJfB5h/eL+iIZCnoiGns=
To: Zahir Gmail <my.email@gmail.com>
Subject: Retrieve your login information
From: domainxyz.com <member-services@domainxyz.com>
Reply-To: domainxyz.com <member-services@domainxyz.com>
MIME-Version: 1.0
Content-type: multipart/alternative; charset=iso-8859-1;boundary=EmailBoundary.568d2e34be8b984d6bdc427f9 f43cc7c
Message-Id: <20110415153818.3549968563@server.domainxyz.com>
Date: Fri, 15 Apr 2011 21:08:18 +0530 (IST)

--EmailBoundary.568d2e34be8b984d6bdc427f9f43cc7c
Content-Type: text/plain; charset="ISO-8859-1"


Hi Zahir Gmail,

You are receiving this email because we received a password reset request on domainxyz for your account. If you did not request for your password to be reset, please ignore this mail.

The following are your account details :
Username : zahirgmail
Personalized URL : www.domainxyz.com/zahirgmail

To reset your password, click here - http://www.domainxyz.com/reset-passw...ame=zahirgmail

We can't wait to see you on domainxyz

All tails wagging!


Slurps!
The domainxyz.com Team
www.domainxyz.com

Note : You are receiving this system generated email because you were registered on domainxyz.com If you haven't signed up with us, please report this mail by forwarding it to abuse@domainxyz.com. Inconvenience regretted. If you are a member, you can log onto your Notifications Page to change the notifications you receive from domainxyz.com. If you wish to change the email address on which you receive there notifications, please visit your Email Settings page. Please do not reply to this email, it will go nowhere.


domainxyz.com is a Social Networking website and is brought to you by domainxyz India Pvt Ltd. To know more about us, Click Here. If you wish to explore Business(Adverting, Marketing or Partnership) opportunities with us, please email us at marketing@domainxyz.com

--EmailBoundary.568d2e34be8b984d6bdc427f9f43cc7c
Content-Type: text/html; charset="ISO-8859-1"

<html>
<body>
<p><table width="620" align="center" cellspacing="0" cellpadding="0">
<tr>
<td style="border: 14px solid #e7e2db;">
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td style="background-color: #a21d22; height:34px;">
<table width="100%" height="34" cellspacing="0" cellpadding="0">
<tr>
<td width="16"></td>
<td width="462" style="font-family:Tahoma, Geneva, sans-serif; font-size: 11px; color:#FFFFFF; font-weight:bold;"><a href="www.domainxyz.com" style="font-family: Tahoma, Geneva, sans-serif; font-size: 11px; color:#FFFFFF; font-weight:bold; text-decoration: none;">www.domainxyz.com</a></td>
<td style="font-family:Tahoma, Geneva, sans-serif; font-size: 11px; color: #FFF; font-weight: bold;">Member Services</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right" style="padding-right: 30px;"><img src="http://www.domainxyz.com/notification/images/mailer_arrow.jpg" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td><img src="http://www.domainxyz.com/notification/images/logo.jpg" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td height="23"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td>
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td width="17"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
<td width="562">
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td style="font-family:Tahoma, Geneva, sans-serif; font-size: 11px; color:#a21e22;"><span style="font-family:Tahoma, Geneva, sans-serif; font-size: 12px; color:#a21e22;">Hi</span> <b>Zahir Gmail</b></td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; line-height: 15px;">You are receiving this email because we received a password reset request on domainxyz for your account. If you did not request for your password to be reset, please ignore this mail. </td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="background-color: #e8e2db;">
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td style="padding-left: 43px;"><img src="http://www.domainxyz.com/notification/images/mailer_arrow2.jpg" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td height="10"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td>
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td width="19"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
<td width="77"><img src="http://www.domainxyz.com/notification/images/mem_ima.gif" alt="" border="0" style="display:block"></td>
<td width="14"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
<td width="452" valign="top">
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; font-style: italic;">The following are your account details </td>
</tr>
<tr>
<td height="5"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 11px; color:#000;"><span style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; font-style:"><b>Username :</b></span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;za hirgmail</td>
</tr>
<tr>
<td height="5"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 11px; color:#000;"><span style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000;"><b>Personal URL :</b> &nbsp;http://www.domainxyz.com/zahirgmail</span></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="20"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000;">To reset your password, click here. or copy paste this link in your browser - <a href="http://www.domainxyz.com/reset-password.php?activate=eFmyUQyDA&username=zahirgmai l" style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#6765E5; text-decoration:none;">http://www.domainxyz.com/reset-passw...yUQyDA&usernam e=zahirgmail</a></td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000;">We can't wait to see you on domainxyz</td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000;">All tails wagging!</td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000;">Slurps!<br />
The domainxyz.com Team<br /><a href="www.domainxyz.com" style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; text-decoration: none;">www.domainxyz.com</a></td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td height="1" style="background-color:#e8e3dd;"></td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; line-height: 15px;"><b>Note :</b> You are receiving this system generated email because you were registered on domainxyz.com If you haven't signed up with us, please report this mail by forwarding it to <a href="mailto:abuse@domainxyz.com" style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; text-decoration: none">abuse@domainxyz.com</a>. Inconvenience regretted. If you are a member, you can log onto your account and visit the Settings > My Notifications page to change the notifications you receive from domainxyz.com. If you wish to change the email address on which you receive there notifications, please visit your Settings > Email Address page. Please do not reply to this email, it will go nowhere.</td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td height="1" style="background-color:#e8e3dd;"></td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
<tr>
<td style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#5c5d5d; line-height: 15px;">domainxyz.com is a Social Networking website and is brought to you by domainxyz India Pvt Ltd. To know more about us, <a href="http://www.domainxyz.com/about-domainxyz/about-the-website.html" style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; text-decoration: none">Click Here</a>. If you wish to explore Business(Adverting, Marketing or Partnership) opportunities with us, please email us at <a href="mailto:marketing@domainxyz.com" style="font-family: Tahoma, Geneva, sans-serif; font-size: 12px; color:#000; text-decoration: none">marketing@domainxyz.com</a></td>
</tr>
<tr>
<td height="18"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
</table>
</td>
<td width="13"><img src="http://www.domainxyz.com/notification/images/spacer.gif" alt="" border="0" style="display:block"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table></p>
</body>
</html>

-----

Would really appreciate any help we can get on this.

Thanks a lot

[Ankheg]

TBH, this kind of thing is nigh-impossible to remotely troubleshoot when you're removed/munged all the relevant bits.

That being said, I'd look at your hostname and PTR records, as those are the usual places that people screw up. (And takes, like, ten seconds to check... when you've included the actual FQDN and IP addresses.)

(Another possible option may be that you have no CAPTCHA or other security measures on your signup form, so you're getting lots of bogus accounts from spambots using fake gmail/hotmail/yahoo addresses, and actually are, from their perspective, spamming them.)

Oh, it's almost certainly unrelated, but your SPF record is almost certainly grossly redundant, and definitely less-than-useful. ("~all" should really be "-all".)

[zahirw]

We've tried two options of the SPF records(only one at a time)
v=spf1 ip4:xx.xx.xx.xx a mx include:_spf.google.com ~all
and
v=spf1 ip4:xx.xx.xx.xx a ~all

Both fail. Even tried removing google apps from the picture all together. Didn't work.

Isn't using -all wrong?

Would this be a more accurate SPF?
v=spf1 a aerver.domainxyz.com ip4:xx.xx.xx.xx include:_spf.google.com ~all

or
v=spf1 a aerver.domainxyz.com ip4:xx.xx.xx.xx include:_spf.google.com -all