Get the most out of your Centmin Mod LEMP stack
Become a Member

Email 8.5 out of 10 on mail-tester.com but cannot send to gmail addresses.

Discussion in 'Domains, DNS, Email & SSL Certificates' started by johnnyc, Jan 14, 2022.

  1. johnnyc

    johnnyc Member

    41
    2
    8
    Mar 23, 2015
    Ratings:
    +2
    Local Time:
    4:55 PM
    1. Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 6 32bit or 64bit / CentOS 7 64bit ?
    • Centmin Mod Version Installed: i.e. 123.08stable or 123.09beta01
    • Nginx Version Installed: i.e. 1.15.3
    • PHP Version Installed: i.e. 5.6.37, 7.0.31, 7.1.21, 7.2.9
    • MariaDB MySQL Version Installed: i.e. 10.0.x or 10.1.xx or 10.2.xx
    • When was last time updated Centmin Mod code base ? : i.e. run centmin.sh menu option 23 submenu option 2 or cmupdate command
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command:
      Code (Text):
      cat /etc/centminmod/custom_config.inc
      

      Post output in CODE tags.
    Centos 7.9 - beta 09 branch
    latest versions of everything nginx 1.21.5 / php 7.4.6


    sent a test email to mail-tester.com, got a 8.5 rating.

    I cannot send email to GMAIL servers however. I can only send email to Yahoo successfully,

    Jan 13 22:27:51 server sendmail[17337]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-ECDSA-AES128-GCM-SHA256, bits=128/128
    Jan 13 22:27:51 server sendmail[17337]: 20DMRo5R017335: to=<test@hou-re.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=124532, relay=gmail-smtp-in.l.google.com. [142.250.138.27], dsn=5.0.0, stat=Service unavailable
    Jan 13 22:27:51 server sendmail[17337]: 20DMRo5R017335: 20DMRp5R017337: DSN: Service unavailable
    Jan 13 22:27:52 server sendmail[17337]: STARTTLS=client, relay=mta6.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
    Jan 13 22:27:52 server sendmail[17337]: 20DMRp5R017337: to=<nemagx@yahoo.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=35788, relay=mta6.am0.yahoodns.net. [67.195.228.106], dsn=2.0.0, stat=Sent (ok dirdel)


    What am I doing wrong?
     
  2. cloud9

    cloud9 Premium Member Premium Member

    308
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +146
    Local Time:
    10:55 PM
    1.21.5
    10.3.32
    It looks like a certificate error - google is probably more strict than yahoo, notice both have verify=FAIL in the first line.

    Wat certificates are you using ? How did you install them ? Have you also set up spf and dkim records ?
     
  3. johnnyc

    johnnyc Member

    41
    2
    8
    Mar 23, 2015
    Ratings:
    +2
    Local Time:
    4:55 PM

    Thank you, How do I setup certificates? What certificates exactly? I'm using Sendmail on centmin beta 09 branch (fully updated)

    I DID setup dkim, but it wasn't working properly for whatever reason, so I disabled it (removed it from sendmail.mc and recomplied) to test if the emails would go through to gmail, they still go through to yahoo and 8.5 mail score unchanged.. I also do have a DMARC records in my .zone file, however mail-tester.com always says I do not have a dmarc record, which is frustrating and I do not understand.
     
  4. johnnyc

    johnnyc Member

    41
    2
    8
    Mar 23, 2015
    Ratings:
    +2
    Local Time:
    4:55 PM
    you don't mean SSL certificates by certificates? I do have OPENSSL certificates generated, but i wasn't aware sendmail used SSL protocols?
     
  5. cloud9

    cloud9 Premium Member Premium Member

    308
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +146
    Local Time:
    10:55 PM
    1.21.5
    10.3.32
    Its being rejected by google as verify has failed - looks due to SSL/TLS

    Im not a mail expert at all - have you got lets encrypt certificates and set all that up ?
     
  6. Meirami

    Meirami Active Member

    154
    28
    28
    Dec 21, 2017
    Ratings:
    +63
    Local Time:
    12:55 AM
  7. johnnyc

    johnnyc Member

    41
    2
    8
    Mar 23, 2015
    Ratings:
    +2
    Local Time:
    4:55 PM
    I'm still majorly struggling. yahoo is refusing my emails as well now and I didn't change anything.

    (echo Subject: test; echo; echo test)|/usr/sbin/sendmail -Am -i -v myemail@yahoo.com ... Connecting to mta7.am0.yahoodns.net. via esmtp...
    220 mtaproxy402.free.mail.gq1.yahoo.com ESMTP ready
    >>> EHLO server.anonymousprivacy.com
    250-mtaproxy402.free.mail.gq1.yahoo.com
    250-PIPELINING
    250-SIZE 41943040
    250-8BITMIME
    250 STARTTLS
    >>> STARTTLS
    220 Ready for TLS
    >>> EHLO server.anonymousprivacy.com
    250-mtaproxy402.free.mail.gq1.yahoo.com
    250-PIPELINING
    250-SIZE 41943040
    250-8BITMIME
    250 OK
    >>> MAIL From:<root@server.anonymousprivacy.com> SIZE=20
    553 5.7.2 [TSS09] All messages from 76.247.108.69 will be permanently deferred; Retrying will NOT succeed. See Yahoo Error Codes
    root... Connecting to local...
    root... Sent
    Closing connection to mta7.am0.yahoodns.net.
    >>> QUIT




    (echo Subject: test; echo; echo test)|/usr/sbin/sendmail -Am -i -v myemail@gmail.com... Connecting to gmail-smtp-in.l.google.com. via esmtp...
    220 mx.google.com ESMTP a2si2405505otv.243 - gsmtp
    >>> EHLO server.anonymousprivacy.com
    250-mx.google.com at your service, [76.247.108.69]
    250-SIZE 157286400
    250-8BITMIME
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-CHUNKING
    250 SMTPUTF8
    >>> STARTTLS
    220 2.0.0 Ready to start TLS
    >>> EHLO server.anonymousprivacy.com
    250-mx.google.com at your service, [76.247.108.69]
    250-SIZE 157286400
    250-8BITMIME
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-CHUNKING
    250 SMTPUTF8
    >>> MAIL From:<root@server.anonymousprivacy.com> SIZE=20
    250 2.1.0 OK a2si2405505otv.243 - gsmtp
    >>> RCPT To:<nghalamdanchi@gmail.com>
    >>> DATA
    250 2.1.5 OK a2si2405505otv.243 - gsmtp
    354 Go ahead a2si2405505otv.243 - gsmtp
    >>> .
    550-5.7.1 [76.247.108.69] The IP you're using to send mail is not authorized to
    550-5.7.1 send email directly to our servers. Please use the SMTP relay at your
    550-5.7.1 service provider instead. Learn more at
    550 5.7.1 'The IP you're using to send email is not authorized...' - Gmail Help a2si2405505otv.243 - gsmtp
    root... Connecting to local...
    root... Sent
    Closing connection to gmail-smtp-in.l.google.com.
    >>> QUIT
     
  8. buik

    buik “The best traveler is one without a camera.”

    1,684
    462
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,451
    Local Time:
    11:55 PM
    Your IP address is rejected on the basis of IP reputation.
    Your mail can be as good as it is, you don't have to change anything and it can still be refused now, tomorrow or in three months time.

    The only structural solution is to send mail via the big three. Sad that this is the solution. But that is the way things are in the mail-world today.

    P.s. your own IP address is visable in your logs.
    Please remove that to prevent IP related abuse.
     
  9. eva2000

    eva2000 Administrator Staff Member

    49,034
    11,234
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,485
    Local Time:
    7:55 AM
    Nginx 1.21.x
    MariaDB 10.x