r/CloudFlare: Email Routing Greylisting
Original Reddit post: https://www.reddit.com/r/CloudFlare/comments/wxcdbm/email_routing_greylisting/
Question
I have four domains in Cloudflare, with all sites hosted on my personal server. One of the domains (let's call it example.com) has MX records to push all mail to Zoho. The other three domains have Email Routing rules set up to forward to my example.com addresses. So me@example.us forwards to me@example.com. I have a bunch of emails arriving every day to both addresses, and I see most of them.
Well one particular business started complaining about not being able to email me. I looked into it and as near as I can figure, I set all of this up correctly. If I send an email to me@example.us, it gets forwarded instantly. If I send an email to not-me@example.us, it gets forwarded to a collect-all address at example.com. Everything seems to be fine, yet every so often some company will complain that my email address is not valid.
I decided to look into it. The email routing page on Cloudflare refuses to show data older than 24 hours. When I called the API, it gave me a message that indicated that's because I have a free account. So I wrote a shell script to call the API every day and email the results to me. What I'm seeing is quite a few entries appearing to indicate that the connection is being greylisted by Zoho:
{
"__typename":"ZoneEmailRoutingAdaptive",
"datetime":"2022-08-24T19:25:49Z",
"dkim":"pass",
"dmarc":"none",
"errorDetail":"upstream (mx.zoho.com.) temporary error: Unknown error: transient error (451): 4.7.1 Greylisted, try again after some time",
"from":"(redacted)",
"id":"(redacted)",
"spf":"pass",
"status":"deliveryFailed",
"to":"me@example.us"
},
I understand the point of greylisting, and it does look like most of these emails are getting through. From the timestamps, it appears the server is retrying every one to three seconds. I get about 15-20 errors before the email is delivered or abandoned. Is there a way to get this to work more smoothly?
TL/DR:
- Email hosted at Zoho for
example.com - Email routing at Cloudflare pushes
example.usemails toexample.com - A few emails getting greylisted and generating a LOT of error messages
Answer
Do you have a reason why you first forward to example.com and then to Zoho?
Does Zoho charge for additional connected domains?
I would always try to minimize additional hops in the mail traffic if there isnt a really good reason to do it with a forwarder in between.
And the 15-20 "bounces" & retries for each message could also be a reason that Zoho greylists your source domain.
Bounces are a hard reason to straight out block a domain since it violated good practices in the WWW mail traffic.
Comment 1 on Answer
Exactly, Zoho charges for more than one domain. So I'm basically aliasing old addresses (the @example.us ones) to the new domain (the @example.com ones). So far about 95% of the messages forward without issues. It's just a few senders so far that get stuck in this loop.
My response to comment 1
Have you checked the source mail addresses and headers that generate the errors?
Cloudflare Email Routing keeps the incoming mail header intact, so Zoho could have a problem with the mail itself, not with the forwarding.
Comment 1.1 on Answer
I sent their support an email but my guess is that they don't want me to forward emails like this; they (Zoho) want me to pay a monthly fee and set up all my domains with them. Which I understand... I just like trying free options first.
My response to comment 1.1
Take the fee that the additional domains cost for 4 months, take your hourly pay, divide the fee and the pay and troubleshoot this error in the resulting time.
If you can solve it, great, if not, for peace of mind, migrate the additional domains to Zoho.