Dedicated server IP reputation good and not blacklisted but still getting bounced?

Question

I have had my dedicated server for 2 months or so, having transferred from a different, very expensive, old and slow dedicated server, for all those reasons. Initially it got onto 1 or 2 blacklists which I hastily got them off (I now have a monitor on this with mxtoolbox.com) and my new IP address now has a good reputation on every checker I can find and a score of 97 on SenderScore. I have set up my clients domains with the appropriate rDNS, DKIM and DMARC DNS records and as a result they score either a 9/10 or 10/10 rating on mail-tester.com but I have daily reports from my clients of experiencing bounce backs from people they have been sending emails to successfully for years! These seem to mostly be returned with the following error:

550 rejected is temporarily blocked

or

550 5.7.1 : Recipient address rejected

My server is a Linux server running Plesk Onyx. It runs Postfix as it's mail server and Dovecot as the POP3/IMAP server. It allows relaying but only with SMTP authorisation (I have to allow this as one of my largest clients uses Shopify and requires relaying to be allowed). I'm not an expert in this particular field (I'm a developer and app programmer) but I have SpamAssasin working on all accounts with a low threshold of 4 as people have been receiving a lot of spam in the past and I wanted to sort it with this new server. I also have other things in place to protect from incoming spam, but it's this outgoing bouncing that's really bothering me... what more can I do when everything I check tells me I have a decent server setup and reputation?! Expert help needed!!

I should add that none of my customers have sites that allowing spam to be sent through them and none are sending abusive mass emails.

Answer 1

If you don't provide your mail server name(s), you won't get much in the way of expert help.

Temporary blocks are common for your first email to a recipient from a server. Barring rules that bypass greylisting for your server, servers using greylisting will temporarily reject your messages. However, this should be with 450 (temporary) rejection rather than a 550 (permanent) rejection. If you are too agressive at retrying, you may trigger the receiving server to locally blacklist your server.

It is possible that you managed to get onto local blacklists when you were first setting your server up. This may be from greylisting as noted ablove, or another mechanism. My server includes some automatic blacklisting of poorly configured servers. These kinds of blacklisting are typically temporary, although often for a period of months.

The "550 recipient address rejected" typically means the recipient is no longer at the address. (Mailing lists often don't get cleaned, so they can generate a lot of these messages.)

As you have setup DMARC, your reporting address should be giving you some indication of why major mailer hosts are rejecting your mail. If you have not setup reporting, do so. Smaller mail servers likely don't support DMARC, so they will not report.

You should be able to use your logs to gather enough data to attempt a reasonable replay of rejected messages using telnet. This may provide more details on why the mail was rejected. You can also use this data to contact the postmaster on the receiving server to see if they can provide assistance.