Lately I’ve been confronted with the following error messages from my Postfix server form AOL, Verizon or AT&T:
VERIZON: 'blocked by Verizon Online's anti-spam system...
AOL: refused to talk to me: 554- (RTR:BL)....
AT&T: blocked by ldap:ou=rblmx,dc=att,dc=net....
Moreover after trying to get my server on the whitelist it seemed almost impossible or quite a long arduous and slow process.
Since the problem applies only to those big email providers I decided to used a recognized email Relay service to send only the emails which are destined to those providers.
I looked around and found a quite easy to set-up service called Critsend.com which even offers the first 50,000 emails for free. Good enough to check the service out. So I registerd an account and got login name and password.
So here is the problem and a solution:
Problem: If you turn on the SASL authentication in postfix for the relaying of SOME emails via a third party relay service, postfiy will try to authenticate ALL of the outgoing emails with the receiving server. Some will be ok with it and some not, meaning your emails will be refused based on bad authentication.
Solution: Set-up a basic postfix in another server which will receive the emails from your main email server wich will also relay the emails to the third party relay service using SASL authentication.
So it goes like this:
Normal (non AOL mails) ==>> Directly to Destination servers
AOL/AT&T Emails ==(NO Auth)=>> Basic relay server ==(SASL Auth)==>> CritSend Relay service == >> AOL/AT&T
Configuration in my main Postfix server:
Add in file /etc/postfix/main.cf:
header_size_limit = 4096000
transport_maps = hash:/etc/postfix/transport
Create the file /etc/postfix/transport.
Content:
aol.com relay:[my.basicrelay.com]:25
verizon.net relay:[my.basicrelay.com]:25
att.net relay:[my.basicrelay.com]:25
Execute the following commands in mail server afterwards:
postmap /etc/postfix/transport
/etc/init.d/postfix reload
In the postfix of the my.basicrelay.com relay server:
Note: My local subnet connected to the main email server is 192.168.100.0/24.
The LoginName:LoginPassowrd are your acount credentials you received from CritSend.
Add in file /etc/postfix/main.cf:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.100.0/24
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:LoginName:LoginPassowrd
smtp_sasl_security_options = noanonymous
header_size_limit = 4096000
relayhost = [smtp.critsend.com]:25
Execute the following commands in the basic email servers afterwards:
/etc/init.d/postfix reload
With this configuration NON-AOL emails will be sent directly to their respective emails server and the AOL/AT&T emails will be sent via your local basic relay server and forwarded to Critsend to finally reach AOL/AT&T email servers.