DKIM installed for domain but not available for gmail / google selector?

simz8

Member
Feb 17, 2022
19
2
3
Greece
cPanel Access Level
Root Administrator
Hello,
since a couple of weeks we are facing " 421-4.7.28 rate of unsolicited mail originating from your IP address. To 421-4.7.28 protect our users from spam, mail sent from your IP address has been 421-4.7.28 temporarily rate limited".
The volume of emails especially to gmail / google workspace accounts is not significant (max 50-60) per day.
I must notice that the problem may not appear for a couple of days or weeks and then come back again. I have tested exim and possible spam php mailing and i've ruled out the possibility of email abuse coming out of our VPS.

Trying to find the cause of this problem i read that Google recently started paying more attention to DKIM.
The thing is that SPF and DKIM are properly configured for that sending domain out of my server BUT when i try to check with an online checker (for example DKIM Checker and Lookup Tool tools | EasyDMARC) it finds DKIM correctly for some selectors but for gmail.com selector or google it says that no DKIM found for gmail.
How is that possible????
Have i missed something in the DKIM record that rules out some selectors?

Actually i think that cpanel created the DKIM automatically at some point.
Please help me out. I am totally frustrated.
 
Last edited by a moderator:

mtindor

Well-Known Member
Sep 14, 2004
1,530
143
343
inside a catfish
cPanel Access Level
Root Administrator
Doesn't make sense to me. You wouldn't have any selector published in your DNS for Gmail.Com. Gmail publishes their DKIM public keys. If it's coming from your machine, then the only DKIM you need to worry about is DKIM for those domains on your machine.

Do keep in mind that people often forward their email to Google / AOL / Yahoo / etc. And that's usually where you get into trouble with rate limiting by Gmail. Somebody on cPanel forwards their mail to their Gmail or Google Workspace account, and inevitably spam [not detected by spamassassin] gets forwarded to Gmail/Google. Or somebody who just happens to receive a lot of email is may be forwarding those emails to Gmail.

Make sure you have SRS (sender rewrite scheme) enabled in your Exim.

Also, keep in mind that all it takes to get on the S&*)-LIST of one of the big behemoths like Gmail, Comcast, AOL, Yahoo, etc is for some idiot to mark an email that came from your server as spam. And it's so easy for webmail users on those behemoth mail systems to accidentally (or intentionally) mark a legitimate email as spam.

Mike
 

simz8

Member
Feb 17, 2022
19
2
3
Greece
cPanel Access Level
Root Administrator
Doesn't make sense to me. You wouldn't have any selector published in your DNS for Gmail.Com. Gmail publishes their DKIM public keys. If it's coming from your machine, then the only DKIM you need to worry about is DKIM for those domains on your machine.

Do keep in mind that people often forward their email to Google / AOL / Yahoo / etc. And that's usually where you get into trouble with rate limiting by Gmail. Somebody on cPanel forwards their mail to their Gmail or Google Workspace account, and inevitably spam [not detected by spamassassin] gets forwarded to Gmail/Google. Or somebody who just happens to receive a lot of email is may be forwarding those emails to Gmail.

Make sure you have SRS (sender rewrite scheme) enabled in your Exim.

Also, keep in mind that all it takes to get on the S&*)-LIST of one of the big behemoths like Gmail, Comcast, AOL, Yahoo, etc is for some idiot to mark an email that came from your server as spam. And it's so easy for webmail users on those behemoth mail systems to accidentally (or intentionally) mark a legitimate email as spam.

Mike
Many thanks for your reply Mike.
Indeed i think i got how DKIM works wrong. It's now clear to me.
Nevertheless this 421-4.7.28 rate limit for gmail / google workspace is really a pain in the 4ss.
I have SPF and DKIM published and my server has excellent reputation- it's been online using this IP for 4 years.
The fact is that the problem started when an ERP program used the SMTP server to send about 100 emails (not only to gmail accounts) in a few minutes timespan.
But that was about 22 days ago!
Since then the rate limit comes and goes. For example we didn't have any noticable problem during the last 10 days and today morning it came back again!
After a few hours it managed to deliver some queued gmail emails but now it's back on!!
What can i do????
I checked exim logs for any spam activity but couldn't find any. The mail queue is mostly empty apart from when the rate limit is triggered.
By using Delivery reports at WHM i figured out that not many emails are being sent to Gmail / Google Workspace (about 70-80 per day) - i filtered "Recipient *@gmail.com and delivery host : google.com - please let me know if there is also more ways to find out email going to gmail/google workspace).

I also ran a command to check possible php scripts that may be sending spam but got nothing. :


grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -rn


I registered at google postmaster tools 20 days ago (verified the domain) but the dashboard data is empty.
Do you have anything to propose?
Please help :(
 
Last edited:

mtindor

Well-Known Member
Sep 14, 2004
1,530
143
343
inside a catfish
cPanel Access Level
Root Administrator
Many thanks for your reply Mike.
Indeed i think i got how DKIM works wrong. It's now clear to me.
Nevertheless this 421-4.7.28 rate limit for gmail / google workspace is really a pain in the 4ss.
I have SPF and DKIM published and my server has excellent reputation- it's been online using this IP for 4 years.
The fact is that the problem started when an ERP program used the SMTP server to send about 100 emails (not only to gmail accounts) in a few minutes timespan.
But that was about 22 days ago!
Since then the rate limit comes and goes. For example we didn't have any noticable problem during the last 10 days and today morning it came back again!
After a few hours it managed to deliver some queued gmail emails but now it's back on!!
What can i do????
I checked exim logs for any spam activity but couldn't find any.
I also ran a command to check possible php scripts that may be sending spam but got nothing. :


grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -rn


I registered at google postmaster tools 20 days ago (verified the domain) but the dashboard data is empty.
Do you have anything to propose?
Please help :(
Sorry, but I don't. Usually when I see those rate-limits from Gmail pop up in my logs with outgoing messages sitting in the queue, they are only to one specific Gmail user. Usually, when I see the rate-limiting, it's not affecting 99% of my users. For instance, I have one account where the customer forwards all of their domain email to a Gmail account. Those emails often get rate-limited. But, at the same time, any other emails going out of that same server to Gmail accounts is delivered promptly.

I've never encountered a situation [or at least one lasting long enough for me to notice] where Gmail was rate-limiting ALL email from one of my servers sent to Gmail.

Mike
 

quietFinn

Well-Known Member
Feb 4, 2006
2,109
580
493
Finland
cPanel Access Level
Root Administrator
It's good to remember that 4xx error does not mean the mail delivery is failed, the mail stays in the queue and will be sent later.
 

simz8

Member
Feb 17, 2022
19
2
3
Greece
cPanel Access Level
Root Administrator
It's good to remember that 4xx error does not mean the mail delivery is failed, the mail stays in the queue and will be sent later.
Yes indeed. But the fact that for the last 10 days there was no rate limit and now it got back while at the same time i can see no spam or significant email volumes going to Gmail, really bothers me.
It is totally abnormal behavior. How many days does Google need to completely remove this IP from the rate limt list??
 

simz8

Member
Feb 17, 2022
19
2
3
Greece
cPanel Access Level
Root Administrator
This ultimately sounds like something you'll need to address with Google, as it seems like they should have taken care of this by now.
Well @cPRex, that was the first thing i did after i made sure that no spam was coming out of my VPS.
But Google has not responded to either the support cases i've risen (3 in total) neither in the google community forum question i've posted.
Seems like MS at this kind of issues is far more flexible and faster in responses...
 
  • Sad
Reactions: cPRex