This guide is going to show
you how to check your mail server’s IP reputation and give you some IP
blacklist removal tips. Over the years of operating mail servers, we have seen
many occasions of rejected emails due to IP address blacklisting. If you follow
our instructions, you will be able to remove your IP address from most of the
IP blacklists.
Different Types of IP Blacklists
First, there
are internal blacklists and third-party blacklists. Many small
and media-sized mailbox providers use third-party blacklists (Spamhaus,
Barracuda, etc) because they don’t have the resource or time to build their
own. Big mailbox providers like Gmail, Outlook, and GMX tend to their own
internal blacklists. Actually, GMX uses both internal and third-party
blacklists.
Then, there
are single IP blacklists and whole IP range blacklists. It’s
often very easy to request IP removal from single IP blacklists.
However, it’s
not that easy to get off a whole IP range blacklist. Luckily they are not
commonly used.
How to Check if Your IP Address is on a Blacklist
To check if your IP address is
on a third-party blacklist, you can go
to mxtoolbox and dnsbl.info. Note that you don’t necessarily
have to remove your IP address from every third-party blacklist, because they
might not be used by your email recipients at all.
To check if your IP address is
on a mailbox provider’s internal blacklist, you need to check your mail
server’s log file.
/var/log/mail.log on
Debian/Ubuntu
/var/log/maillog on
CentOS/RHEL
However,
reading the raw log file is not fun. We can use a tool
called pflogsumm to easily analyze the log file. Install it on
Debian/Ubuntu with:
sudo apt install pflogsumm
On CentOS/RHEL, pflogsumm is
provided by the postfix-perl-scripts package.
sudo dnf install
postfix-perl-scripts
Use the following command to
generate a report for today. (Note that on CentOS/RHEL, the mail log file
is /var/log/maillog.)
sudo pflogsumm -d today
/var/log/mail.log
Generate a report for
yesterday.
sudo pflogsumm -d yesterday
/var/log/mail.log
If you like to generate a
report for this week:
sudo pflogsumm
/var/log/mail.log
To emit “problem” reports
(bounces, defers, warnings, rejects) before “normal” stats, use --problems-first flag.
sudo pflogsumm -d today
/var/log/mail.log --problems-first
To append the email from
address to each listing in the reject report, use --rej-add-from flag.
sudo pflogsumm -d today
/var/log/mail.log --rej-add-from
To show the full reason in
reject summaries, use --verbose-msg-detail flag.
sudo pflogsumm -d today
/var/log/mail.log --rej-add-from --verbose-msg-detail
You can add a cron job to make
pflogsumm to send a report to your email address every day.
sudo crontab -e
Add the following line, which
will generate a report every day at 4:00 AM.
0 4 * * * /usr/sbin/pflogsumm
-d yesterday /var/log/mail.log --problems-first --rej-add-from
--verbose-msg-detail -q
To receive the report via
email, add the following line above all Cron jobs.
MAILTO="you@example.com"
You should
pay attention to the message
bounce detail and message deferral detail section, where you can see for what reason those
emails are rejected.
If the MAILTO variable has
already been set but you want Postfix log summary sent to a different email
address, you can put the following line in your Cron job.
0 4 * * * /usr/sbin/pflogsumm
-d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail
-q | mutt -s "Postfix log summary" you@example.com
The output of pflogsumm command is redirected to mutt, a command-line mail user
agent, which will use the output as the email body and send it to the email
address you specify at the end. Of course, you need to install mutt on your
Linux server.
sudo apt install mutt
or
sudo dnf install mutt
Rule of Thumb for Running Mail Server on a New IP Address
When you run a mail server on
a new IP address, you should not use this IP address to send newsletters (aka
marketing emails) right away. Instead, you should use this IP address to send
transactional emails for a period of time to improve the reputation.
You may also want to use SMTP
relay services to send emails for a few days because SMTP relay services have a
high IP reputation. After that, send emails directly to the familiar
recipients.
IP Blacklist Removal
Gmail Rating Limiting
If you see the following
message when sending emails to Gmail users, then your IP address has been
rate-limited, instead of being blacklisted. This is a special case which needs
careful treatment.
Our system has detected an
unusual rate of 421-4.7.28 unsolicited mail originating from your IP address.
To protect our 421-4.7.28 users from spam, mail sent from your IP address has
been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines.
Steps to solve this problem:
Send emails to your own Gmail
account. If it’s put in the spam folder, you should mark it as not spam, and
reply to the email. Do this several times.
1.
Once the email doesn’t go into
your Gmail spam folder, you should make other Gmail users send emails to your
new email address. If Gmail sees there are emails sent to your mail server, it
would increase the reputation of your mail server’s IP address.
2. When a Gmail user sends an email to you, your email
address is automatically added to his/her contacts list. This is very helpful
for your emails to land into their inboxes. Reply
to those Gmail users.
3.
Repeat step 2 and step 3 for a
few days.
4.
Do you send transactional
emails? If you do, that’s great! Now you can use your mail server to send
transactional emails. Transactional emails are sent from websites or
web applications to their users. For example, a visitor receives an email after
creating an account at a website, or request resetting the password. It can be
very effective in improving IP reputation because the recipient expects you to
send email to him/her. On your website, you can tell the recipient to check the
spam folder and mark your email as not spam. They are much more likely to open
your email and click links in the email. Over time, your email will
automatically land into the inbox. Note that mailing list sign-up confirmation
email is transactional email, so if you have a newsletter sign-up form on your
website, you can also tell the recipient to check the spam folder and add your
email address to the contact list. Recipients are very likely to click the
confirmation link in the email.
5. After Gmail doesn’t rate-limit your mail server, you
can send newsletters. However, you should warm up your IP address. For example,
send 100 emails on day 1, then send 500 emails on day 2, send 1000 emails on
day 3. Don’t send email to thousands of people immediately.
6.
After sending newsletters to a
few thousand users, you can check your IP address reputation in Gmail
Postmaster Tools. As you can see from the following screenshot, my IP address
has high reputation with Gmail now.
Microsoft Mailboxes (Hotmail.com, Outlook.com, Live.com)
Microsoft uses an internal
blacklist that block many legitimate IP addresses. If your emails are rejected
by hotmail.com, outlook.com, or live.com, you need to submit the sender information form. After that, your emails will be accepted.
Microsoft Exchange/Office 365
Note that Microsoft
Exchange/Office 365 is a mail hosting solution for business owners. It’s
different from the mailbox service for consumers (hotmail.com, outlook.com,
live.com) and it may use different blacklist. For example, I once saw the
following non-delivery notification in my inbox.
host agileconnected-nl01c.mail.protection.outlook.com[104.47.2.36]
said: 550 5.7.511 Access denied, banned sender[xx.xx.xx.xx]. To request removal
from this list please forward this message to delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653.
So I simply forward this
non-delivery notification to delist@messaging.microsoft.com, and add my own comment:
Hi,
I recently set up a new mail
server on this IP address for my website. I use this mail server to send
transactional emails and newsletters to my subscribers.
This IP address is in a data
center. I know this IP address may have been used by spammers in the past, but
I have a legitimate website that will not spam.
Please consider removing it
from the blacklist.
Best,
Xiao Guoan
Linuxbabe.com webmaster
You will receive a reply email
that will tell you what needs to be done.
GMX
GMX uses both third-party
blacklists and an internal blacklist. If you see the following message in the
mail log when sending emails to GMX users, that means your IP address is
blacklisted.
host
mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net (mxgmx017)
Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black
listed. 554 For explanation visit https://postmaster.gmx.net/en/error-messages?ip=xx.xx.xx.xx&c=bip)
You should go to https://postmaster.gmx.net/en/contact and use the contact form to request removal of
your IP address. I received the following emails from GMX admin after I
submitted the request.
Dear Sirs,
Thank you for your
information.
We have now removed the
mailserver's IP address from our blacklist.
Our servers will be updated
within the next hour. You will then be able to
send emails to our system
again.
Many thanks
Web.de
Web.de uses both third-party
blacklists and internal blacklist. If you see the following message in the mail
log when sending emails to web.de users, that means your IP address is
blacklisted.
host
mx-ha02.web.de[212.227.17.8] refused to talk to me: 554-web.de (mxweb110)
Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black
listed. 554 For explanation visit https://postmaster.web.de/error-messages?ip=xx.xx.xx.xx&c=bip
You should go to https://postmaster.web.de/en/contact and use the contact form to request removal of
your IP address. I received the following emails from Web.de admin after I
submitted the request.
Dear Sirs,
Thank you for your
information.
We have now removed the mailserver's
IP address from our blacklist.
Our servers will be updated
within the next hour. You will then be able to =
send emails to our system
again.
Many thanks
Actually GMX and Web.de are
managed by the same company. So if your IP address is removed from GMX
blacklist, then it will also be removed from web.de blacklist.
iCloud Mail
If you see the following
message in mail log when sending emails to icloud.com users, that means your IP
address is blacklisted.
host
mx2.mail.icloud.com[17.57.8.135] refused to talk to me: 550 5.7.0 Blocked - see
https://support.proofpoint.com/dnsbl-lookup.cgi?ip=xx.xx.xx.xx
Apple iCloud Mail is using
the Proofpoint blacklist. You should go to https://ipcheck.proofpoint.com/ to check your IP reputation. If your IP address
is blocked, then submit a support ticket to remove your IP address from the
blacklist. Note that you should provide the recipient’s email address, so
Proofpoint can quickly find your blocked email.
Proofpoint didn’t send me an
email. After about 12 hours, I checked my IP address again at https://ipcheck.proofpoint.com/. This time, I saw the following message, which
indicated my IP address was removed from the Proofpoint blacklist. And I can
send emails to icloud.com users.
Unable to do IP Lookup, or
failed to contact service for IP lookup
CloudMark Sender Intelligence
Cloudmark Sender Intelligence
(CSI) is a third-party IP blacklist. If you see the following message in the
mail log when sending emails, that means your IP address is blacklisted by
CloudMark.
host
mx.domain.com[66.96.140.73] refused to talk to me: 554 bosimpinc14 bizsmtp
Connection refused. xx.xx.xx.xx has a poor reputation on Cloudmark Sender
Intelligence (CSI). Please visit http://csi.cloudmark.com/reset-request/?ip=xx.xx.xx.xx to request a delisting.
Go to https://csi.cloudmark.com/en/reset to request delisting. After I submitted the
request, I received the following email from CloudMark.
Dear Xiao Guoan,
Thank you for contacting
Cloudmark.
I have reset the reputation of
your IP, so you should see delivery improve shortly. Please note that updates
do not occur instantly but should generally happen within an hour of receiving
this response.
Cloudmark CSI Support
AT & T Mailbox
AT & T provides the
following domain emails for their customers.
@ameritech.net
If you see the following
message in your mail log, your IP address has been blacklisted by AT & T.
<somebody@sbcglobal.net>: host al-ip4-mx-vip2.prodigy.net[144.160.235.144]
said:
553 5.3.0 alph764 DNSBL:RBL 521< xx.xx.xx.xx >_is_blocked.For
assistance
forward this error to abuse_rbl@abuse-att.net (in reply to MAIL
FROM
command)
Simply forward the error
message to abuse_rbl@abuse-att.net. I think it’s better to add some comments, like mine
below.
Hi,
I recently set up a new mail
server on this IP address (xx.xx.xx.xx) for my website (https://your-domain.com%29./ I use this mail server to send transactional emails and newsletters to my
subscribers.
This IP address is in a data
center. I know this IP address may have been used by spammers in the past, but
I have a legitimate website that will not spam.
Please consider removing it from the blacklist.
Best,
Xiao Guoan
Linuxbabe.com webmaster
You will receive an email
confirming they have received your delisting request. If they decide to remove
your IP address from the blacklist, you will receive another email.
t-online.de
t-online.de is operated
by Deutsche Telekom AG, a German ISP. If you see the following
message in your mail log, your IP address has been blacklisted by t-online.de.
host mx00.t-online.de[194.25.134.8]
refused to talk to me: 554 IP=XX.XX.XX.XX - A problem occurred. (Ask your
postmaster for help or to contact tosa@rx.t-online.de to clarify.
You can send a delisting
request to tosa@rx.t-online.de like so:
Subject: IP delisting request
Body:
Hi,
I recently set up a new mail server on this IP address (xx.xx.xx.xx) for my website (https://your-domain.com%29./ I use this mail server to send transactional emails and newsletters to my subscribers.
This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam.
Please consider removing it from the blacklist.
Best,
What If Your Delisting Request is Refused?
Some mailbox providers (such
as .pl domain names) only tell you that your IP address
is blacklisted, but doesn’t tell you how to request delisting your IP address. And
if the network range your IP address belongs to, are blocked by a particular
blacklist, then you have no choice but to use SMTP relay service to bypass IP
address blacklisting.
However, you might not want to set up your entire email server to use relay host. After setting up SMTP realy, you can configure Postfix transport map and relay map so that some emails are delivered via relay host, other emails are sent directly to recipients.