I felt a shock when I saw a pile of undelivered emails from Gmail in my Inbox. All the bounced emails had following details.
<firstname.lastname@example.org>: host gmail-smtp-in.l.google.com[22.214.171.124] said: 550-5.7.1 [126.96.36.199] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError z17-20020a05622a061100b002f3ba05bca4si1680616qta.333 - gsmtp (in reply to end of DATA command)
I did not know what would be the root cause so I went through couple of checks.
Possible Root Causes for Gmail Rejecting Emails
I went through following possible root causes to figure out why Gmail was rejecting emails.
Invalid SSL Certificate Used by Postfix
Initially I thought that this issue is related to recent Let’s Encrypt SSL renewal. I have setup Postfix to automatically use subdomain SSL. It is possible that Postfix could not get renewed certificate and it would have used invalid certificate.
Within VirtualMin, I have verified that all the services which requires SSL are using SSL. I went to Virtualmin tab > Server Configuration > SSL Certificate. Under Current Certificate, you will get a button(s) (depending on Virtualmin version) at the bottom to use selected subdomain’s SSL for all the various services.
Invalid DKIM, DMARC and SPF
I verified that DKIM, DMARC and SPF records are valid. I have used free services like https://www.learndmarc.com and https://www.mail-tester.com/ to verify that those records are still valid.
If you don’t have DKIM, DMARC and SPF records, I strongly recommend to enable and use DKIM and setup DKIM, DMARC and SPF records.
Verify Mail Log for Suspicious Activities
If for any reason your mail account is compromised, you will see logs of emails being sent within your mail log file. Mail logs are available at /var/log/mail.log.
I have verified that sent emails are legitimate emails and did not find any suspicious activities.
Root Cause of Gmail Blocking Emails
So far, I couldn’t find any reason of wrong setup on my side. Then I used https://mxtoolbox.com/SuperTool.aspx to check for blacklist and my mail server was indeed added to the 3 blacklists. One of them was Spamhaus ZEN. By searching I found out that Gmail is using Spamhaus ZEN black list to block emails.
When I searched for my mail server IP address (domain name did not work) at https://check.spamhaus.org/ it was listed.
Spamhaus did not provide additional details of why they blacklisted my IP address. Luckily, I found the needed information from other blacklists like https://www.spamrats.com/ and http://www.uceprotect.net/en/rblcheck.php. Both of these lists had blacklisted entire Digital Ocean and all of its 2,694,912 IP addresses. I assume that Spamhaus also had similarly blacklisted a specific IP address range which included my mail server IP address.
Once I knew that Spamhaus blacklisted my mail server and my server was not compromised and was still secure, I followed Spamhaus removal process to remove my mail server IP address from blacklist. Within 12 hours, I was able to successfully send emails to Gmail.