I operate a small mail server for my private emails, some friends who have websites and two NGOs. In total my server sends between 60 and 400 messages a day. Now a lot of these emails are personal mails, between two or more people who know each other. Occasionally (usually once or twice a week) there will be a mailing that goes out to "members" of one NGO, informing them what's new etc.

Now I have already moved off the "mass mailings" (about 100 recipients, all personally known and manually subscribed through a paper form) to mailgun.org.

I still get (and increasingly so), rejected messages. Especially big email providers like Gmail, Yahoo or Microsoft (hotmail, live.com, ...) just decide to reject with a 550 or send personal messages to the Spam folder of the recipients. Sometimes this happens:

• gmail user sends email to user on my system
• user on my system replies
• the reply is being rejected or sent to spam

Things I have done:

• set up DKIM (per-domain signing of all outgoing email)
• set up SPF, domains usually have ~all, some -all
• I have a correct PTR for my mail server IP
• obviously no open relay, users can only send from their own email address after authentication
• I have DMARC policies for most of the domains
• I rate limit outgoing messages, for some mail servers down to 1 per minute
• mail test services report "perfect" scores (all pass) for all of the above
• I regularily check my IP for blacklisting using http://www.dnsbl.info - it's always all green

Now the paradox comes here: for most of the big mail providers, there is a way to register to monitor rejection rates and IP reputation:

• https://postmaster.google.com
• https://postmaster.live.com/snds
• and I believe Yahoo has something similar

but I do not classify as bulk sender, because of the low volume. So I did register to monitor my reputation and rejection rates, but because I do not send bulk email, there are no reports.

Is there anything else I can do to improve mail delivery rates? Or should I give in and stop trying to operate my own mail server?

In case it is relevant: I use postfix and have very strict rules about incoming mail (i.e. no unknown domains/host names or invalid SPF records, I use spamassassin etc.)

Update

Here is an example, sent from me to my in-laws and it arrived in their SPAM folder: http://pastebin.com/BC6YgjpQ (I replaced the sending address domain with example.com and the receivers address with [email protected])

Since the question came up: Connections to Gmail are Untrusted TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c0b::1b]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) encrypted.

I have a quick question regarding SPF records: Do they need to be present for all subdomains?

Lets say that I have a TXT record with SPF info for domain.com

Let's also say that I have a seperate email domain for subdomain.domain.com

Will the SPF policy/info for domain.com also apply to the subdomain? Or do I need to add a separate TXT record for that too?

I have Postfix setup on my server so that I can send outgoing mail using the command-line:

mail -s "Subject" [email protected]

1. Is this using Sendmail or Postfix ?
2. Is "Sendmail" just a software category or a distinct program ?
3. If something is "Sendmail-ready" does that mean it will work with Postfix ?

Everything I've read online seems to use these two terms interchangeably.

When I try to send an email on my postfix server to an address on the same domain (for example, if the server hostname is mail.example.com and I try to send an email to [email protected]), I get the following error in the log and the email is not delivered: Recipient address rejected: User unknown in local recipient table. If I send to an address on another domain, I don't have any problems. Here is my /etc/postfix/main.cf file:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = $mydomain
mydestination = $mydomain, localhost.$mydomain, localhost
relayhost =
#fake IP address
mynetworks = 127.0.0.0/8 100.837.191.223
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

I have just finished setting up a Postfix mail server on a linux (ubuntu) platform. I have it sending and receiving email and it is not an open relay. It also supports secure smtp and imap.

Now this is a pretty beginner question but should I be leaving port 25 open? (since secure smtp is preferred). if so then why?

Also what about port 587?

Also should I require any authentication on either of these ports?

Please excuse my ignorance in this area :P