Mail Server Troubles

Home » CentOS » Mail Server Troubles
CentOS 9 Comments

Hi,

This is probably a bit OT, but here goes.

I’ve been running our local school’s mail server since 2013, with mail addresses for school staff and some teachers. The server is running CentOS 7
with Postfix and Dovecot, and it’s a nice no-bullshit configuration with SPF, DKIM and DMARC.

The school sends quite a lot of email out to parents, and sometimes, mail gets rejected:

–8<-------------------------------------------------------- : host SMTP-in.orange.fr[193.252.22.65] said: 550 5.2.0
Mail rejete. Mail rejected. ofr_506 [506] (in reply to end of DATA command)

: host SMTP-in.orange.fr[193.252.22.65] said: 550 5.2.0
Mail rejete. Mail rejected. ofr_506 [506] (in reply to end of DATA command)
–8<-------------------------------------------------------- This happens randomly with the usual suspects among crappy mail providers like Orange, Hotmail/Live, Yahoo and the rest. The school's not happy because in their eyes I'm faulty of badly maintaining their mail server. So my question to you: do any of you guys running mail servers have similar experiences? And how do you cope with it? Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12

9 thoughts on - Mail Server Troubles

  • So wanadoo and orange seem to send a ofr_506 because the scanned mail was found to be SPAM. This is independent of DKIM, SPF, DMARC but from them scanning the email in the DATA and saying nope. Usually that is because too many people complained about a set of email and the weight of email with that content is getting blocked. I don’t know if the school moving to another provider will fix that as this isn’t because of the IP it was sent from (they block before the DATA is sent in that case). [My guess is that someone wants to move to something else and is using this as the Casus Belli to do so. ]

    I don’t really have a suggestion or solution to either problem..

  • If this reject is due to their spam filtering process, it is actually the email author’s problem – how they make up their sentences, key words etc. and thus the problem will travel with them, to whatever email provider they choose.

    Suggest they get educated in how to write an appropriate email that doesn’t raise alarms, or they could use mailchimp (e.g. only) for their large group emails.

    Just a final thought – are the email address headers containing multiple email addresses? this too can trigger blocking by some providers.

  • In recent years I’ve got the impression that the big players do everything to make people move to their platform and stop providing their own email systems. And being the admin of email systems can be a real PITA these days.

    What can be helpful is to check the reputation of your own servers with services of some big player like https://talosintelligence.com/ and if all is ok, it’s a good reason to report to those who think it’s your fault.

    Regards, Simon

  • As someone with school age children, I’ve observed that schools seem to have a vastly over-inflated view of the importance of their communications. I’ve provided my email address to my children’s schools as an EMERGENCY contact method, and I’ve been receiving notifications of every single fund raising activity, athletic event, PTA meeting, etc., etc., ever since – despite multiple complaints.

    It seems likely to me that the school’s emails are being reported as spam by their recipients. Tell them to look in the mirror.

  • Further, you need to explain to them that *you* are only responsible for the policies which dictate which emails *you* accept. You can not mandate other people to accept your mail. It is their mail server and they are completely within their rights to run it how they see fit, and they will.

    Of course one hopes you are following industry best practices to aid your deliverability, but ultimately you are not in control of what others are willing to accept. If they do not understand this, flip it around and ask them how they feel about a spammer insisting you accept their spam and deliver it to all the staff and pupils.

  • –Good point. Feed all your outbound mail to SpamAssassin and set it to retain the report in the output, directed to a local email account so you can review it via Dovecot. You could also direct it to an external mail account (eg. on a VPS) so you can see what it looks like to the outside world.

  • Not for my users, thank you. My authenticated users send whatever they want without any filtering, scoring, scanning for virii (that is Latin plural for virus).

    But if there is problem created by my user, it definitely will be properly addressed, with user, in person.

    Valeri

  • It might interest you to know that the plural for ‘virus’ is
    ‘viruses’. The latin word it was derived from was a neuter term, so you might say ‘vira’, but since it was derived from what meant
    ‘poison’ (like the word virulent) there wasn’t really a plural used. Also, the Romans hadn’t figured out Germ Theory yet so they didn’t know it was composed of multiple small entities. Also, the word
    ‘Viri’ is the plural of the masculine word ‘Vir’ for ‘Male human’, so it is confusing. (‘vir’ used in the words ‘triumvir’ or ‘virile’ /
    ‘virility’)

    Chuck ‘virii’ in the bin with words like ‘octopi’.