SMTP mail goes to spam gmail/yahoo

[sreeninair]

Hello Guys,

I have issue with my email. I have configured a server recently. The mail ip was blacklisted . So I changed main shared Ip as both were same. Still the mails are routed through old ip. Gmail is marking the emails as spam. mails from outlook seems fine with gmail. On checking I could see the old ip was specified in '/var/cpanel/mainip' . I have changed it to new one.


x.x.x.x = old ip

y.y.y.y = new ip

-------------------

    webmail test mail log:

    2014-03-11 21:04:56 1WNR2u-0001bY-NE <= [email protected] H=localhost ([x.x.x.x]) [127.0.0.1]:50900 P=esmtpa A=courier_login:[email protected] S=830 [email protected] T="Update to latest : 5.2.16" for [email protected]
    2014-03-11 21:04:56 SMTP connection from localhost ([x.x.x.x]) [127.0.0.1]:50900 closed by QUIT
    2014-03-11 21:04:56 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WNR2u-0001bY-NE
    2014-03-11 21:04:56 1WNR2u-0001bY-NE SMTP connection outbound 1394561096 1WNR2u-0001bY-NE domain.com [email protected]
    2014-03-11 21:04:57 1WNR2u-0001bY-NE => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [173.194.64.26] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1394561097 o4si22111903oei.46 - gsmtp"
    2014-03-11 21:04:57 1WNR2u-0001bY-NE Completed

------------------------------
Outlook email log : this is not going to spam in gmail

    2014-03-11 21:13:24 SMTP connection from [123.236.xx.xx]:22039 (TCP/IP connection count = 1)
    2014-03-11 21:13:24 no host name found for IP address 123.236.xx.xx
    2014-03-11 21:13:27 1WNRB8-000383-Pn <= [email protected] H=(SreenivasPC) [123.236.xx.xx]:22039 P=esmtpa A=courier_login:[email protected] S=2772 [email protected] T="Email issue" for [email protected]
    2014-03-11 21:13:27 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WNRB8-000383-Pn
    2014-03-11 21:13:27 1WNRB8-000383-Pn SMTP connection outbound 1394561607 1WNRB8-000383-Pn domain.com [email protected]
    2014-03-11 21:13:28 1WNRB8-000383-Pn => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [173.194.64.26] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1394561608 pp9si25079711obc.128 - gsmtp"
    2014-03-11 21:13:28 1WNRB8-000383-Pn Completed
    2014-03-11 21:13:30 SMTP connection from (SreenivasPC) [123.236.xx.xx]:22039 closed by QUIT

--------------

    # cat /etc/mailips >> new ip
    *:y.y.y.y
    #cat /etc/mailhelo
    [email protected] [/usr/local/nagios]# >> nill

I have tried after changing email from dedicated ip from exim configuration. Please help

Thanks
Sreeni

 

[cPanelPeter]

Hello,

You should not change the IP address in /var/cpanel/mainip, as that may effect your license. Instead, you should follow this
documentation.

 

[sreeninair]

Hello Peter,

I have followed this doc for changing the IP. I am not bothered about cPanel license. I can change the licensing Ip. The mail issue is important.

See this

2014-03-11 21:04:56 1WNR2u-0001bY-NE <= [email protected] H=localhost ([x.x.x.x]) [127.0.0.1]:50900 P=esmtpa A=courier_login:[email protected] S=830 [email protected] T="Update to latest : 5.2.16" for [email protected]
2014-03-11 21:04:56 SMTP connection from localhost ([x.x.x.x]) [127.0.0.1]:50900 closed

Here x.x.x.x is the old IP. How the mails are sending from this Ip as I have followed cPanel doc. The mails are going to gmail/Yahoo spam from webmail. Bot from outlook its fine. Please help

Thanks
Sreeni

 

[vanessa]

Check your SPF record to make sure the IP is correct. Gmail is a pretty strict enforcer of proper SPF. When you make the change, allow up to 24 hours for propagation.

If that doesn't work, please paste a copy of the headers from the gmail side of things. You can mask out the sensitive bits.

 

[sreeninair]

Hello Vaessa,


This is this the full email header.

-----------
2014-03-12 07:37:30 SMTP connection from [127.0.0.1]:50293 (TCP/IP connection count = 1)
2014-03-12 07:37:31 1WNav4-0007NG-V3 <= [email protected] H=localhost ([x.x.x.x]) [127.0.0.1]:50293 P=esmtpa A=courier_login:[email protected] S=878 [email protected] x.x.x.x T="Planting a seed" for [email protected]
2014-03-12 07:37:31 SMTP connection from localhost ([x.x.x.x]) [127.0.0.1]:50293 closed by QUIT
2014-03-12 07:37:31 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WNav4-0007NG-V3
2014-03-12 07:37:31 1WNav4-0007NG-V3 SMTP connection outbound 1394599051 1WNav4-0007NG-V3 domain.net [email protected]
2014-03-12 07:37:33 1WNav4-0007NG-V3 => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [173.194.64.27] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1394599053 sm4si699847obb.4 - gsmtp"
2014-03-12 07:37:33 1WNav4-0007NG-V3 Completed
-----------

Here is the spf record details:

SPF record lookup and validation for: domain.net

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 +a +mx +ip4: x.x.x.x ~all

Checking to see if there is a valid SPF record.

Found v=spf1 record for domain.net:
v=spf1 +a +mx +ip4: x.x.x.x ~all

I have noticed that the email is sending from ''SMTP connection from localhost ([ x.x.x.x])'' this ip , it is our old shared ip. But spf is set for new shared ip. The mail ip should be the new ip ' x.x.x.x' as i have not set any options to check etc/mailips in whm. Please let me know how to overcome this. The outlook is directing mails correctly.

Thanks
Sreeni

 

[vanessa]

The headers you sent appear to actually be output from the Exim log, not the headers of the email itself.

For the SPF record, this is likely what's causing the problem. You can edit the IP in the DNS zone directly, or go back to cPanel -> Email Authentication and handle it there. Remember, as with any DNS change, you need to let it propagate. It's not going to be fixed instantly.

 

[sreeninair]

Hello Vaessa,

Thank you for the update.

But how the emails are send from old ip. I will update spf.

Thanks
Sreeni

 

[vanessa]

You sure /etc/mailips is correct? I know you said in your original post that you corrected this, but it wouldn't hurt to check again.

 

[sreeninair]

Hello Vaessa,

Here is the output of mailips. The main shared ip is 'x.x.x.x'. So the mail should go through this right ?

[email protected] [/]# cat /etc/mailips
*:x.x.x.x
[email protected] [/]#
-----

Reference /etc/mailips for outgoing SMTP connections [?] is set to off

-----

The main ip is
[email protected] [/]# hostname -i
x.x.x.x
[email protected] [/]#
------------------

[email protected] [/]# cat /etc/domainips
#domainips v1

[email protected] [/]#


-----------------------

The new shared ip is added in the spf

domain.net .com. 14400 IN MX 0 domain.net .com.

mail 14400 IN CNAME domain.net .com.
www 14400 IN CNAME domain.net .com.
ftp 14400 IN CNAME domain.net .com.
blog 14400 IN A x.x.x.x
clients 14400 IN A x.x.x.x
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV/my6tz4FIUUg675lcg/Ro2nSzKmMSM8JdEnQ3YCGhD0bJWbO9pCr3DVRJm4dr2YyVMYoSYHrifVk80+0CTeqsQrT72Rc52QOF9XaQSGxTzejgqaIFE0Bbwn/wYFUk8VuWmkIDRGXvS5mTog22n15qd8S8Gz0U3iCK7Y6DYDneQIDAQAB;"
default._domainkey.blog 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXfx8rkg0gxHrCx8jFawSmbEyYvDCwuAJ018prVcXZrokAu3XX9NhPbLW8klD+NhyoFfGwjZTP1EDQGLluChm6X7fXTj8U0RCGXICzJzNgOIu24lSBy7j82GMbtUCxieiPDNNgNa+gbZJlhGSAHN0ZBjQ1EubV7bgcEoy7u7k+CwIDAQAB;"
default._domainkey.clients 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCHzVO4rqgpPf5zvEEiMe/Kkx1e6v7DUlyfjnZ+OPLOHBum9vnKmxyS/JCJCsSL7GamQYQwhOgJAK5QDx4omDqRScjOg/ek1uAUnKlx5oZvoKseTrdKpB3tfqdDORu3/qmKbxH+YCfbIofE4OZJhrp6z56swj8uEi+G4WrXLQwqwIDAQAB;"

cpanel 14400 IN A x.x.x.x
webdisk 14400 IN A x.x.x.x
whm 14400 IN A x.x.x.x
webmail 14400 IN A x.x.x.x
forcehost.net .com. 14400 IN TXT "v=spf1 +a +mx +ip4: x.x.x.x ~all"
blog 14400 IN TXT "v=spf1 +a +mx +ip4: x.x.x.x ~all"
clients 14400 IN TXT "v=spf1 +a +mx +ip4: x.x.x.x ~all"

Thanks
Sreeni

 

[vanessa]

Is 23.88.113.189 still present on your server? One thing I should point out is that Exim will by default send out on whatever the primary interface of your server is, regardless of whether it's your shared IP. So, you should configure Exim (you were looking at the correct setting) to look at /etc/mailips, then keep the shared IP in that file.

 

[sreeninair]

Hello Vaessa,

Thanks for the update.

The Ip 'x.x.x.x' is still present in the server. Do I need to remove it?. It is the shared ip in mailips file. How to change Exim primary interface ?.

Thanks
Sreeni

 

[vanessa]

You don't have to remove it. Again, your /etc/mailips file should route all mail over the alternate IP. You indicated previously that 23.88.112.2 was the main IP in /etc/mailips. Now you've said that 23.88.113.189 is the main IP in that file. Note sure which one it actually is, but /etc/mailips should look like this:

*: 23.88.112.2

 

[sreeninair]

Hello Vaessa,

My bad,

It is the shared ip in mailips file. >> I actually mean the shared ip (y.y.y.y) is in /etc/mailips.

I have already tried add "*: y.y.y.y" and enabled "Reference /etc/mailips for outgoing SMTP connections [?]" ON . Still mails are sending via old ip. I will recheck an let you know.

Thanks
Sreeni

 

[sreeninair]

Hello Vanessa ,

The mails are still routed through old ip though new ip are configured in /etc/mailips

Thanks
Sreeni

 

[vanessa]

Exim should be routing email over whatever the "*" definition is in /etc/mailips. Try rebuilding the exim conf and restarting:

/scripts/buildeximconf
service exim restart

If that doesn't work, you'll probably need to have someone look at your server.

 

[sreeninair]

Hello Vanessa ,

This fixed the issue. Thank you.

Thanks
Sreenivas