DEV Community

Cover image for Resolving Gmail Rejection on HestiaCP - Exim4
Gerald
Gerald

Posted on

Resolving Gmail Rejection on HestiaCP - Exim4

#ec2 #hestiacp #cloudcomputing #aws

Resolving Gmail Rejection on HestiaCP (Exim4)

The Issue

When attempting to send emails from Gmail to a mail server hosted on EC2 with HestiaCP, the messages were being rejected with the following error:

Resolving Gmail Rejection on HestiaCP (Exim4)

550 Rejected because xxx.xx.xxx.xx(gmail's IP address) is in a black list at zen.spamhaus.org
Enter fullscreen mode Exit fullscreen mode

This happened because Exim4 was configured to block incoming messages from IPs listed on Spamhaus, which occasionally includes Gmail’s sending IPs.

Root Cause

HestiaCP’s default Exim templates include a dnslists (RBL) check against Spamhaus (zen.spamhaus.org). Since Gmail’s IP addresses can sometimes appear in this list, legitimate emails were being denied.

Fixing the Problem

  1. Find the Exim configuration or template file

  • The RBL rule is likely located in the Exim configuration template:

     nano /etc/exim4/exim4.conf.template

  • To verify, search for the Spamhaus entry:

     grep -R "zen.spamhaus.org" /etc/exim4/
  1. Modify the RBL block

You should find a section similar to this:

   deny message = rejected because $sender_host_address is in a black list at $dnslist_domain
       dnslists = zen.spamhaus.org
Enter fullscreen mode Exit fullscreen mode

  • Option A – Disable completely
    Comment out the block:

     # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain
 #     dnslists = zen.spamhaus.org

  • Option B – Change to warnings
    Replace deny with warn so suspicious emails are flagged but not blocked:

     warn dnslists = zen.spamhaus.org
      add_header = X-RBL-Warning: $sender_host_address is listed at $dnslist_domain
  1. Rebuild and restart Exim

Apply the changes with:

   update-exim4.conf
   systemctl restart exim4
Enter fullscreen mode Exit fullscreen mode

Result

  • Gmail messages can now be delivered successfully to your EC2 mail server.
  • Exim no longer blocks Gmail IPs just because they appear in Spamhaus.
  • If you use the warn approach, questionable emails are tagged rather than rejected.

Additional Notes

  • These changes only affect inbound mail filtering.
  • Outbound delivery still requires correct DNS configuration (PTR, SPF, DKIM, DMARC) and may also need AWS SMTP unblocking or an SES relay.

Notes: Leaving this here for future reference. Ps ✌️

Top comments (0)