High Rate of Bouncing Incoming Emails to Hestia Server

My problem started basically as a duplicate of this issue where I was using a public DNS resolver on my system. I’ve since resolved that by setting dns_server * to a much less used DNS server provided by my cloud service in my local.cf. I’ve additionally tested against blacklists to confirm the behavior seems to be as expected now and isn’t giving me any obvious errors.

However, I’m still getting a large amount of email being bounced because of listings on blacklists. When I check the blacklists, both through dig and through mx toolbox, they usually show up on one or two blacklists, when they are typically legit senders (things like credit card invoices, iCloud hide my email relays, purchase receipts, as well as some newsletters that were actually signed up for, etc). This is in stark comparison from senders that are very spam oriented and show up on several, if not all blacklists.

Did something change in Hestia’s defaults recently? Or SpamAssassin had an update that changed its scoring? Is anyone else experiencing this from legit sources? I believe this to be a relatively recent development.

Here’s an example from my rejection log:

I haven’t done anything to change the default Hestia settings in regards to mail filtering, though I have added some trusted_networks lines to my local.cf as a response to this recent event, but I feel like that’s more of a bandaid solution than a real fix.

Might there be a way to change these dns blacklists to only increase the spam score instead of just a binary approach?

We haven’t made any changes regarding anti spam for a long time

1 Like

That’s good to know!

Are there any suggestions as to how to address this problem? What is considered best practice for this kind of situation? I’ve not found comprehendible documentation regarding SpamAssassin, so if you’re aware of any it’d be greatly appreciated!