If you are interested, here is what happened.
Our spam filter has a whitelist, and uses a feature called “greylisting.” The feature looks for the sender in a whitelist; if not found it responds with a “temporarily unavailable, try again later” message, and adds the IP to the greylist. When the sender re-sends the message, it is found in the greylist and processes the message.
Greylisting is very effective against “fire-and-forget” spam. It represents about 60% of the rejected messages.
Some unique features of pixls’ mail server caused a failure of the greylist and whitelist functions.
- The spam filter failed to detect pixls as whitelisted because the
Return-Pathheader entry is “pixls-verp-blah-blah@gmail.com” instead of “blah-blah-discuss.pixls.us”. - Pixls’ server sends multiple messages in bursts of 5. This created a list of 5 “temp unavailable” entries in the spam log file.
- A second program, fail2ban, scans the spam log file looking for multiple entries of “temp unavailable” with the same IP address, and, finding more than one in a short period of time, blocks the IP at the firewall.
The IP 65.108.31.59 has been whitelisted in another way.