SMTP mail goes to spam gmail/yahoo

sreeninair

Well-Known Member
Dec 23, 2013
100
0
16
cPanel Access Level
Root Administrator
Hello Guys,

I have issue with my email. I have configured a server recently. The mail ip was blacklisted . So I changed main shared Ip as both were same. Still the mails are routed through old ip. Gmail is marking the emails as spam. mails from outlook seems fine with gmail. On checking I could see the old ip was specified in '/var/cpanel/mainip' . I have changed it to new one.


x.x.x.x = old ip

y.y.y.y = new ip

-------------------
Code:
    webmail test mail log:

    2014-03-11 21:04:56 1WNR2u-0001bY-NE <= [email protected] H=localhost ([x.x.x.x]) [127.0.0.1]:50900 P=esmtpa A=courier_login:[email protected] S=830 [email protected] T="Update to latest : 5.2.16" for [email protected]
    2014-03-11 21:04:56 SMTP connection from localhost ([x.x.x.x]) [127.0.0.1]:50900 closed by QUIT
    2014-03-11 21:04:56 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WNR2u-0001bY-NE
    2014-03-11 21:04:56 1WNR2u-0001bY-NE SMTP connection outbound 1394561096 1WNR2u-0001bY-NE domain.com [email protected]
    2014-03-11 21:04:57 1WNR2u-0001bY-NE => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [173.194.64.26] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1394561097 o4si22111903oei.46 - gsmtp"
    2014-03-11 21:04:57 1WNR2u-0001bY-NE Completed


------------------------------
Outlook email log : this is not going to spam in gmail



Code:
    2014-03-11 21:13:24 SMTP connection from [123.236.xx.xx]:22039 (TCP/IP connection count = 1)
    2014-03-11 21:13:24 no host name found for IP address 123.236.xx.xx
    2014-03-11 21:13:27 1WNRB8-000383-Pn <= [email protected] H=(SreenivasPC) [123.236.xx.xx]:22039 P=esmtpa A=courier_login:[email protected] S=2772 [email protected] T="Email issue" for [email protected]
    2014-03-11 21:13:27 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WNRB8-000383-Pn
    2014-03-11 21:13:27 1WNRB8-000383-Pn SMTP connection outbound 1394561607 1WNRB8-000383-Pn domain.com [email protected]
    2014-03-11 21:13:28 1WNRB8-000383-Pn => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [173.194.64.26] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1394561608 pp9si25079711obc.128 - gsmtp"
    2014-03-11 21:13:28 1WNRB8-000383-Pn Completed
    2014-03-11 21:13:30 SMTP connection from (SreenivasPC) [123.236.xx.xx]:22039 closed by QUIT
--------------
Code:
    # cat /etc/mailips >> new ip
    *:y.y.y.y
    #cat /etc/mailhelo
    [email protected] [/usr/local/nagios]# >> nill

I have tried after changing email from dedicated ip from exim configuration. Please help

Thanks
Sreeni
 
Last edited by a moderator:

cPanelPeter

Technical Analyst III
Staff member
Sep 23, 2013
575
21
143
cPanel Access Level
Root Administrator
Twitter
Hello,

You should not change the IP address in /var/cpanel/mainip, as that may effect your license. Instead, you should follow this
documentation.
 

sreeninair

Well-Known Member
Dec 23, 2013
100
0
16
cPanel Access Level
Root Administrator
Hello Peter,

I have followed this doc for changing the IP. I am not bothered about cPanel license. I can change the licensing Ip. The mail issue is important.

See this

2014-03-11 21:04:56 1WNR2u-0001bY-NE <= [email protected] H=localhost ([x.x.x.x]) [127.0.0.1]:50900 P=esmtpa A=courier_login:[email protected] S=830 [email protected] T="Update to latest : 5.2.16" for [email protected]
2014-03-11 21:04:56 SMTP connection from localhost ([x.x.x.x]) [127.0.0.1]:50900 closed

Here x.x.x.x is the old IP. How the mails are sending from this Ip as I have followed cPanel doc. The mails are going to gmail/Yahoo spam from webmail. Bot from outlook its fine. Please help

Thanks
Sreeni
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
Check your SPF record to make sure the IP is correct. Gmail is a pretty strict enforcer of proper SPF. When you make the change, allow up to 24 hours for propagation.

If that doesn't work, please paste a copy of the headers from the gmail side of things. You can mask out the sensitive bits.
 

sreeninair

Well-Known Member
Dec 23, 2013
100
0
16
cPanel Access Level
Root Administrator
Hello Vaessa,


This is this the full email header.

Code:
-----------
2014-03-12 07:37:30 SMTP connection from [127.0.0.1]:50293 (TCP/IP connection count = 1)
2014-03-12 07:37:31 1WNav4-0007NG-V3 <= [email protected] H=localhost ([x.x.x.x]) [127.0.0.1]:50293 P=esmtpa A=courier_login:[email protected] S=878 [email protected] x.x.x.x T="Planting a seed" for [email protected]
2014-03-12 07:37:31 SMTP connection from localhost ([x.x.x.x]) [127.0.0.1]:50293 closed by QUIT
2014-03-12 07:37:31 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WNav4-0007NG-V3
2014-03-12 07:37:31 1WNav4-0007NG-V3 SMTP connection outbound 1394599051 1WNav4-0007NG-V3 domain.net [email protected]
2014-03-12 07:37:33 1WNav4-0007NG-V3 => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [173.194.64.27] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1394599053 sm4si699847obb.4 - gsmtp"
2014-03-12 07:37:33 1WNav4-0007NG-V3 Completed
-----------
Here is the spf record details:

SPF record lookup and validation for: domain.net

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 +a +mx +ip4: x.x.x.x ~all

Checking to see if there is a valid SPF record.

Found v=spf1 record for domain.net:
v=spf1 +a +mx +ip4: x.x.x.x ~all

I have noticed that the email is sending from ''SMTP connection from localhost ([ x.x.x.x])'' this ip , it is our old shared ip. But spf is set for new shared ip. The mail ip should be the new ip ' x.x.x.x' as i have not set any options to check etc/mailips in whm. Please let me know how to overcome this. The outlook is directing mails correctly.

Thanks
Sreeni
 
Last edited:

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
The headers you sent appear to actually be output from the Exim log, not the headers of the email itself.

For the SPF record, this is likely what's causing the problem. You can edit the IP in the DNS zone directly, or go back to cPanel -> Email Authentication and handle it there. Remember, as with any DNS change, you need to let it propagate. It's not going to be fixed instantly.
 

sreeninair

Well-Known Member
Dec 23, 2013
100
0
16
cPanel Access Level
Root Administrator
Hello Vaessa,

Here is the output of mailips. The main shared ip is 'x.x.x.x'. So the mail should go through this right ?

[email protected] [/]# cat /etc/mailips
*:x.x.x.x
[email protected] [/]#
-----

Reference /etc/mailips for outgoing SMTP connections [?] is set to off

-----

The main ip is
[email protected] [/]# hostname -i
x.x.x.x
[email protected] [/]#
------------------

[email protected] [/]# cat /etc/domainips
#domainips v1

[email protected] [/]#


-----------------------

The new shared ip is added in the spf

Code:
domain.net .com. 14400 IN MX 0 domain.net .com.

mail 14400 IN CNAME domain.net .com.
www 14400 IN CNAME domain.net .com.
ftp 14400 IN CNAME domain.net .com.
blog 14400 IN A x.x.x.x
clients 14400 IN A x.x.x.x
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV/my6tz4FIUUg675lcg/Ro2nSzKmMSM8JdEnQ3YCGhD0bJWbO9pCr3DVRJm4dr2YyVMYoSYHrifVk80+0CTeqsQrT72Rc52QOF9XaQSGxTzejgqaIFE0Bbwn/wYFUk8VuWmkIDRGXvS5mTog22n15qd8S8Gz0U3iCK7Y6DYDneQIDAQAB;"
default._domainkey.blog 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXfx8rkg0gxHrCx8jFawSmbEyYvDCwuAJ018prVcXZrokAu3XX9NhPbLW8klD+NhyoFfGwjZTP1EDQGLluChm6X7fXTj8U0RCGXICzJzNgOIu24lSBy7j82GMbtUCxieiPDNNgNa+gbZJlhGSAHN0ZBjQ1EubV7bgcEoy7u7k+CwIDAQAB;"
default._domainkey.clients 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCHzVO4rqgpPf5zvEEiMe/Kkx1e6v7DUlyfjnZ+OPLOHBum9vnKmxyS/JCJCsSL7GamQYQwhOgJAK5QDx4omDqRScjOg/ek1uAUnKlx5oZvoKseTrdKpB3tfqdDORu3/qmKbxH+YCfbIofE4OZJhrp6z56swj8uEi+G4WrXLQwqwIDAQAB;"

cpanel 14400 IN A x.x.x.x
webdisk 14400 IN A x.x.x.x
whm 14400 IN A x.x.x.x
webmail 14400 IN A x.x.x.x
forcehost.net .com. 14400 IN TXT "v=spf1 +a +mx +ip4: x.x.x.x ~all"
blog 14400 IN TXT "v=spf1 +a +mx +ip4: x.x.x.x ~all"
clients 14400 IN TXT "v=spf1 +a +mx +ip4: x.x.x.x ~all"
Thanks
Sreeni
 
Last edited:

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
Is 23.88.113.189 still present on your server? One thing I should point out is that Exim will by default send out on whatever the primary interface of your server is, regardless of whether it's your shared IP. So, you should configure Exim (you were looking at the correct setting) to look at /etc/mailips, then keep the shared IP in that file.
 

sreeninair

Well-Known Member
Dec 23, 2013
100
0
16
cPanel Access Level
Root Administrator
Hello Vaessa,

Thanks for the update.

The Ip 'x.x.x.x' is still present in the server. Do I need to remove it?. It is the shared ip in mailips file. How to change Exim primary interface ?.

Thanks
Sreeni
 
Last edited:

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
You don't have to remove it. Again, your /etc/mailips file should route all mail over the alternate IP. You indicated previously that 23.88.112.2 was the main IP in /etc/mailips. Now you've said that 23.88.113.189 is the main IP in that file. Note sure which one it actually is, but /etc/mailips should look like this:

Code:
*: 23.88.112.2
 

sreeninair

Well-Known Member
Dec 23, 2013
100
0
16
cPanel Access Level
Root Administrator
Hello Vaessa,

My bad,

It is the shared ip in mailips file. >> I actually mean the shared ip (y.y.y.y) is in /etc/mailips.

I have already tried add "*: y.y.y.y" and enabled "Reference /etc/mailips for outgoing SMTP connections [?]" ON . Still mails are sending via old ip. I will recheck an let you know.

Thanks
Sreeni
 
Last edited: