My mail server was blacklisted. I fail to understand why. It was first greylisted and than it became blacklisted. Greylisting is a practice of temporary rejecting mail coming from one mail server to see if it will be resend in a reasonable time. Right?
Whit this in mind I'm posting the following mail.log section:
Sep 30 14:55:49 srv2 postfix/pickup[7668]: 0D07A1C0C4: uid=1020 from=<webmaster@mysite.com>
Sep 30 14:55:49 srv2 postfix/cleanup[9072]: 0D07A1C0C4: message-id=<82ffcafa92df562ebb5ccb00c322e80f@www.mysite.com>
Sep 30 14:55:49 srv2 postfix/qmgr[1268]: 0D07A1C0C4: from=<webmaster@mysite.com>, size=961, nrcpt=1 (queue active)
Sep 30 14:55:49 srv2 postfix/pickup[7668]: 153321C075: uid=1020 from=<webmaster@mysite.com>
Sep 30 14:55:49 srv2 postfix/cleanup[9072]: 153321C075: message-id=<c35124c46c0137bf05610f9a5210b4e2@www.mysite.com>
Sep 30 14:55:49 srv2 postfix/qmgr[1268]: 153321C075: from=<webmaster@mysite.com>, size=1843, nrcpt=1 (queue active)
Sep 30 14:55:49 srv2 postfix/smtp[9076]: connect to ASPMX.L.GOOGLE.COM[2a00:1450:4010:c01::1b]:25: Network is unreachable
Sep 30 14:55:49 srv2 postfix/smtp[9077]: 153321C075: host mxcluster1.one.com[91.198.169.8] said: 450 4.7.1 <name.surname@recipient.se>: Recipient address rejected: XXX.XXX.XXX.XXX temporary greylisted by CYREN IP reputation (in reply to RCPT TO command)
Sep 30 14:55:49 srv2 postfix/smtp[9077]: 153321C075: to=<name.surname@recipient.se>, relay=mxcluster2.one.com[91.198.169.9]:25, delay=0.49, delays=0.03/0.02/0.34/0.09, dsn=4.7.1, status=deferred (host mxcluster2.one.com[91.198.169.9] said: 450 4.7.1 <name.surname@recipient.se>: Recipient address rejected: XXX.XXX.XXX.XXX temporary greylisted by CYREN IP reputation (in reply to RCPT TO command))
Sep 30 14:55:49 srv2 postfix/smtp[9076]: 0D07A1C0C4: to=<info@mysite.com>, relay=ASPMX.L.GOOGLE.COM[64.233.162.27]:25, delay=0.7, delays=0.07/0.02/0.32/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK 1475240149 197si9095639ljf.84 - gsmtp)
Sep 30 14:55:49 srv2 postfix/qmgr[1268]: 0D07A1C0C4: removed
.........
Sep 30 15:03:59 srv2 postfix/qmgr[1268]: 153321C075: from=<webmaster@mysite.com>, size=1843, nrcpt=1 (queue active)
Sep 30 15:03:59 srv2 postfix/smtp[9401]: 153321C075: to=<name.surname@recipient.se>, relay=mxcluster1.one.com[91.198.169.8]:25, delay=490, delays=490/0.01/0.12/0.06, dsn=5.7.1, status=bounced (host mxcluster1.one.com[91.198.169.8] said: 554 5.7.1 <name.surname@recipient.se>: Recipient address rejected: XXX.XXX.XXX.XXX blocked, unlist at http://www.cyren.com/ip-reputation-check.html (in reply to RCPT TO command))
Sep 30 15:03:59 srv2 postfix/cleanup[9403]: 59A921C119: message-id=<20160930130359.59A921C119@srv2.company.se>
Sep 30 15:03:59 srv2 postfix/qmgr[1268]: 59A921C119: from=<>, size=4006, nrcpt=1 (queue active)
Sep 30 15:03:59 srv2 postfix/bounce[9402]: 153321C075: sender non-delivery notification: 59A921C119
The mail was resend 8 minutes after the greylisting and yet it was blacklisted. WHY?
EDIT 1:
This server is a shared hosting server that I administrate. I didn't notice any suspect behavior of any site hosted on this server. In total in the entire day there is about 50 emails sent by all sites and I don't see how this can be spam.
Best Answer
Greylisting is not a cause of your problem, your server behaved correctly. The purpose of greylist is just to check if you are able to retry (most spammers don't bother with retrying).
Then you've hit another guard, the reputation-based check. Your IP has not enough reputation and this means cyren refuses to accept your mail. Their marketing brochure says they could take into account any of "DNS info, geography, dynamic IPs, public RBL". While this may appear unfair, the fight against spam has truly escalated and you cannot expect everyone to just trust you and accept your emails.
I guess that if it's a true reputation system, the best way for you to fix the reputation is to kindly request anyone protected by Cyren to send you an email. This way, Cyren will note that some of "their" people find your domain name to be worthy of attention, and chances are (as they resolve domain MX and A records) this will rise also the reputation of your IP address.