On 2024-07-13 09:33, bob prohaska wrote:
On Wed, Jul 10, 2024 at 12:40:31PM -0400, TIM KELLERS wrote:
On 7/10/24 11:49 AM, Miroslav Lachman wrote:
>
[snip]
> So I think it is very easy to be blocked by Gmail. It is not about
> domain, but by the IP of the server I think.
>
Miroslav is correct. I have 2 domains hosted by Digital Ocean and one
falls
into an address range that Gmail rejects and another that Gmail accepts.
mxtoolbox.com will check and alert you if your sending domain has any
blacklist flags attached to it. UCEPROTECTL3 and UCEPROTECTL2 are the most
common and they come from using a non-compliant host.
That was informative. No blacklist, but my mx record is somehow wrong.
The intent was to direct any mail for *.zefox.net to host www.zefox.net.
That seems to be considered an error. Once that is fixed, I'll do the same
for zefox.com and zefox.org
Have a look at:
local-host-names, mailertable && virtusertable
local-host-names: host/domain(s) I exchange mail for
mailertable: who MX is for fe;
zefox.net esmtp:[www.zefox.net]
zefox.org esmtp:[www.zefox.net]
zefox.com esmtp:[www.zefox.net]
meaning... www.zefox.net is the MX for zefox.(org|net|com)
virtusertable: is a bit of a routing table. somewhat akin
to aliases.
You also have to be careful about using a DHCP address. Gmail may flag
email you send even if it is Smarthosted through a compliant static IP
mailserver if it detects that the originating address is DHCP.
All addresses are static, no DHCP.
Gmail likes to deliver mail from one of my servers to their Junk/Spam
folder, another of my servers gets email delivered fine.
I'd be delighted to get that far 8-)
I've been through a lot of trial and error making gmail happy.
These current sendmail features I'm using (updated 2 days ago) seem to do
the trick the best:
# sendmail -d0.1 -bv root | grep SASL
PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS TLS_EC
Something different in my case, no SASL in the output. Instead:
bob@pelorus:~ % sendmail -d0.1 -bv root
Version 8.18.1
Compiled with: DNSMAP IPV6_FULL LOG MAP_REGEX MATCHGECOS MILTER
MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SCANF STARTTLS TCPWRAPPERS TLS_EC TLS_VRFY_PER_CTX
USERDB XDEBUG
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = pelorus
(canonical domain name) $j = pelorus.zefox.org
(subdomain name) $m = zefox.org
(node name) $k = pelorus.zefox.org
========================================================
These are what sendmail sees on your local box.
So it assumes it's short (host) name is pelorus
domain name is zefox.org && full name is pelorus.zefox.org
IOW mailertable might read:
zefox.org esmtp:[pelorus.zefox.org]
zefox.net esmtp:[pelorus.zefox.org]
zefox.com esmtp:[pelorus.zefox.org]
You're not restricted to that. But that's what sendmail assumes -- that
pelorus.zefox.org is the most likely candidate for MX.
I've been using sendmail for some ~163 domains for ~3 decades. Feel free to
contact me off list if you want.
Notice: -bv may give misleading output for non-privileged user
b...@www.zefox.net... deliverable: mailer esmtp, host www.zefox.net., user
b...@www.zefox.net
STARTTLS is present, but no SASLv2. Does it matter? I'm baffled where the
reference to b...@www.zefox.net came from, unless it's the MX record.
In the meantime I found a very old "cookbook" for TLS and sendmail at
https://lists.freebsd.org/pipermail/freebsd-questions/2012-August/244636.html
Is it hopelessly out of date? Certificate and key generation seem
particularly obscure.
The plan is to test on pelorus.zefox.org, when TLS works rename the
host to www.zefox.net after migrating user files. I'm guessing this
will require a repeat of sendmail/TLS configuration. Is that right?
It's been suggested elsewhere that postfix is a better MTA these days.
I've no deep preference for sendmail, might postfix be easier, or at
least more accessibly documented?
I swear by sendmail. m4(1) seems to scare some away. But honestly, on
FreeBSD,
you almost need to do nothing, to get a fully functioning MX. Once you're
done.
You won't likely need to touch a config again. Sendmail has a l-o-n-g
lineage,
and as a result; massive amounts of documentation and tips and tricks posted
by
users over the years.
Thank you very much!
bob prohaska
--
--Chris Hutchinson
