On Aug 30, 2019, at 09:18, Eric Broch <[email protected]
<mailto:[email protected]>> wrote:
Thanks, Andrew.
I was testing my DKIM record with all my email client interfaces
against Gmail, all passed except Roundcube sending in text format.
Roundcube sending in html format passed DKIM check at Gmail. Posted a
question about it on the Roundcube mailling list and never got back
to it. Anyway, strange DKIM reject.
Eric
On Fri, Aug 30, 2019 at 10:12 AM Andrew Swartz
<[email protected] <mailto:[email protected]>> wrote:
I send a lot of email to people with gmail accounts. I can
testify that
gmail will send you a daily DMARC report with pass/fail stats for
the
preceeding 24 hours. This was really cool at first. I turned it
off
(i.e. changed the DMARC record) after about 2-3 wks because it
quickly
became an annoyance.
Gmail definitely follows the rules that you specify. If you specify
"reject", it will reject any email which fails the spf check or
where
the dkim signature does not verify. Mine has been set to
"reject" for a
couple years. But you should leave it set to "none" for a couple
weeks
and read the reports to make darn sure that everything is working
properly.
When I was monitoring this, I was surprised that about 5% of
emails end
up with an invalid DKIM signature for unclear reasons. But it is
not a
problem when the receiving servers check the signature during the
smtp
transaction and reject the mail, because the sending server will
just
try again and it will go through then. But if the receiving server
accepts the mail and filters it after the transaction, and the dkim
signature fails to verify, the mail will likely get a bad rating
and go
to a spam folder.
-Andy
On 8/30/2019 7:36 AM, Eric Broch wrote:
> Hi Chandran,
>
> This email landed in my spam folder sorry to say (gmail).
>
> Never set up a DMARC record...any tutorials you recommend (anyone)?
>
> Eric
>
> On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan
<[email protected]
> <mailto:[email protected]>> wrote:
>
> Hi Friends,
>
> I have updated SPF and DMARC record into my DNS server
after that
> the email is delivered to inbox instead spam/junk folder.
>
> Please try to create SPF and DMARC record in your DNS servers
>
> On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
> <[email protected]> wrote:
>
> Hi Friends,
>
> As per Andrew stats, i have checked all those points in
my server.
> I have installed letsencrypt certificate in past two years
> without any issue and spf record validated and
configured on the
> DNS server.
> DKIM also installed on my server well.
>
> When users send an email to gmail, some emails are going to
> inbox and some going to spam with the same my domain.
>
> I have no clue to setup the dmarc record in the dns server.
>
> Could anyone help me for the process of creating dmarc
record.
> Do i need to create my server or dns server.
>
> My domain result for the reputation.
>
> MEDIUM REPUTATION
>
> Not suspicious. We have not seen any direct references
to this
> email address, but the sender domain is highly
reputable, and
> the email is deliverable. We've observed no malicious or
> suspicious activity from this address.
>
> curl emailrep.io/[email protected]
>
> {
>
> "email": "[email protected]",
>
> "reputation": "medium",
>
> "suspicious": false,
>
> "references": 0,
>
> "details": {
>
> "blacklisted": false,
>
> "malicious_activity": false,
>
> "malicious_activity_recent": false,
>
> "credentials_leaked": false,
>
> "credentials_leaked_recent": false,
>
> "data_breach": false,
>
> "first_seen": "never",
>
> "last_seen": "never",
>
> "domain_exists": true,
>
> "domain_reputation": "high",
>
> "new_domain": false,
>
> "days_since_domain_creation": 5524,
>
> "suspicious_tld": false,
>
> "spam": false,
>
> "free_provider": false,
>
> "disposable": false,
>
> "deliverable": true,
>
> "accept_all": false,
>
> "valid_mx": true,
>
> "spoofable": true,
>
> "spf_strict": true,
>
> "dmarc_enforced": false,
>
> "profiles": []
>
> }
>
> }
>
>
> Appreciate of all your supporting.
>
>
> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz
> <[email protected]> wrote:
>
> This seems an issue mostly with server
"suspiciousness", of
> which
> reputation is a component.
>
> Of the factors effecting suspiciousness, only two
are local
> to the smtp
> server:
> 1. DKIM signatures
> 2. TLS certificates
>
> To address these, confirm that both are working
properly:
> 1. DKIM: send an email to a "dkim reflector" and then
> examine the email
> you get back. This pages discusses:
>
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>
> 2. Use a proper TLS certificate. By proper, I mean one
> that verifies.
> Therefore you need to either purchase one or use "Let's
> Encrypt". I've
> been using Lets Encrypt certs for the last year
without any
> problems.
> Setting up the client is not difficult, and it
subsequently
> auto-renews
> every 60 days.
>
> The remaining factors are outside your server, but
just as
> important:
> 1. Reverse-DNS yields same result as the domain MX
record.
> This is
> known as FCRDNS (forward-confirmed reverse DNS).
> Additionally, that
> result must not resemble a dynamic IP address (i.e.
have the
> IP address
> in the domain name).
> 2. SPF is properly set up.
> 3. DMARC set up and working properly.
> 4. Age of the domain name. If created recently,
that looks
> bad.
> 5. Presence of IP on blacklists. That is not hard to
> check. If you
> acquired an IP recently, it's former owner may have
earned
> it a place on
> a blacklist. Easiest fix for that seems to be to get a
> different IP.
>
> I'm curious to hear what others might add to this.
>
> A good place for ideas is to browse through the
> spamdyke.conf file and
> think about all of the things it checks. Gmail is
certainly
> using
> similar data points, but with neural network
analysis rather
> than simple
> pass/fail rules.
>
> For those who have set up a second server to test
things,
> there is a
> good chance something above is not set up or does not
> support the new
> server. Gone are the days when you can bring a new
parallel
> server
> online and start sending mails immediately. There
are lots
> of "i's" to
> dot and "t's" to cross before other servers will
confidently
> accept your
> mail.
>
> Another thought:
> https://emailrep.io/ will give you a report about an email
> ADDRESS's
> reputation. It is interesting. Here is the result
for mine
> (I replaced
> my email address for posting):
>
> curl emailrep.io/[email protected]
> {
> "email": "[email protected]
<mailto:[email protected]>",
> "reputation": "low",
> "suspicious": true,
> "references": 1,
> "details": {
> "blacklisted": false,
> "malicious_activity": false,
> "malicious_activity_recent": false,
> "credentials_leaked": false,
> "credentials_leaked_recent": false,
> "data_breach": false,
> "first_seen": "never",
> "last_seen": "never",
> "domain_exists": true,
> "domain_reputation": "low",
> "new_domain": false,
> "days_since_domain_creation": 5654,
> "suspicious_tld": false,
> "spam": false,
> "free_provider": false,
> "disposable": false,
> "deliverable": false,
> "accept_all": false,
> "valid_mx": true,
> "spoofable": false,
> "spf_strict": true,
> "dmarc_enforced": true,
> "profiles": []
> }
> }
>
>
> Though my domain and address are over 10 years old
and never
> been
> blacklisted, the address gets a "low" reputation.
I'm quite
> sure that
> is because it has determined that my email address
cannot
> accept emails.
> But it is incorrect. After testing it a few
times, I'm
> fairly
> confident that it decides that mostly because it
tries to
> connect to my
> server from smtp25a.kickboxio.net, whose IP
(72.249.58.154)
> is blocked
> by Spamdyke due to being on some blacklist.
Therefore it
> concludes that
> I'm "risky". Also, they feel the risk is increased
because
> my email has
> never been seen on social media, in credential
breaches,
> etc. But I
> feel it is a triumph that I've kept my email
address off of
> places where
> spammers harvest addresses.
>
> Gmail is almost certainly considering all these
factor and
> many more in
> deciding whether an email is rejected, sent to spam
folder,
> or sent to
> inbox. That said, my wife uses gmail and we send
numerous
> emails back
> and forth daily without any problem.
>
> It used to be that setting up an smtp server was
the hard
> part of
> running your own server. But times have changed,
and now
> factors
> external to your network seem far more complicated and
> consequential
> than the server itself.
>
> Again, I'm curious to hear other people thoughts.
>
>
> -Andy
>
> PS: regarding the question of multiple certs, I do
not see
> how that
> could work on the toaster. And in general, smtp
does not
> work that way.
> The cert merely needs to be for the domain name
pointed
> to by the MX
> record of the destination domain. There is no
requirement
> that the
> destination domain be the name on the server
certificate.
> Thus numerous
> virtual domains all have MX records which point to
the same
> server; that
> server's cert merely needs to be for its own domain
name,
> not those of
> all its virtual domains. For incoming mail, when
connecting
> to a server
> and upgrading an smtp connection to a STARTTLS
session, I
> don't think
> that the STARTTLS command has a way to specify the
> destination address's
> domain. That would need to happen for a server to
know which
> certificate to use. For outgoing mail, it is
theoretically
> easy to do,
> but someone would need to write a qmail patch to
implement it.
>
> DKIM works differently: each virtual domain has
it's own
> dkim signing
> key. The toaster supports that, but it must be done
> manually (i.e. it
> does not occur when creating domains with
vqadmin). Adding
> that
> functionality into vqadmin might be a good project
for someone.
>
> I did not intend for this to be so long. It just
happened.
>
>
>
>
>
>
>
>
> On 8/26/2019 11:05 PM, Remo Mattei wrote:
> > Ok guys.. needs some suggestions..
> > I found out that the client (apple Mail) does
not honor
> the DKIM since
> > gmail said failed. I tested with Outlook and web
round
> cube and that
> > does pass the email DKIM and the message does
not go into
> the spam
> > folder in fact.
> >
> > Any help will be great.. I also wonder if there
is a way
> to setup
> > multiple certs for the SMTP (per domain).
> >
> > Remo
> >
> >> On Aug 26, 2019, at 12:03, Tahnan Al Anas
<[email protected]
> >> <mailto:[email protected]>> wrote:
> >>
> >> Basically Gmail put mail in spam folder for
> various reasons, I have
> >> found after hosing new domain in my qmail
server, I need
> to check spf,
> >> dkim dmarc settings, even if all are ok, still
gmail
> sent mail to spam
> >> folder, I need to check reverse forward record
and also
> need to work
> >> to improve domain reputation, this is not an
issue with
> qmail server,
> >> rather it is related with gmail's filtering.
You have to
> work to
> >> improve server and domain's reputation for that.
> >>
> >> Sometime I chat with google to get my other
domain's
> mail in inbox by
> >> sending them to gsuite account.
> >>
> >>
> >> --
> >> --
> >>
> >> Best Regards
> >> Muhammad Tahnan Al Anas
> >>
> >>
> >> On Mon, Aug 26, 2019 at 11:01 PM Eric Broch
> <[email protected]
> >> <mailto:[email protected]>> wrote:
> >>
> >> Create a google (gmail) account if you
don't have
> one. Send an
> >> email to that account from the postmaster
of the
> problematic
> >> domain. Open message, go to three vertical
dots to
> the upper right
> >> of the interface, find 'show original',
there you
> will see why
> >> gmail spammed your message.
> >>
> >> On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei
> <[email protected]
> >> <mailto:[email protected]>> wrote:
> >>
> >> I just tested and I built a new qmail box
> >>
> >>
> >> qmail-1.03-3.1.qt.el7.x86_64
> >>
> >> The other two boxes
> >> With
> >> qmail-1.03-3.1.qt.el7.x86_64
> >> qmail-1.03-3.1.qt.el7.x86_64
> >>
> >> So when sending from the new env which
does not
> have any load
> >> no production etc.. the gmail gets the
message
> in the inbox
> >> from the other two I get the msg on the
spam
> folder.. I
> >> wonder.. how is Google…. Check the
messages..
> The new box I
> >> have even a domain called testdomain.com
> >> <http://testdomain.com/> which it’s
bogus!! But
> still in the
> >> inbox.
> >>
> >> Any tips?
> >>
> >> Thanks
> >>
> >>> On Aug 25, 2019, at 21:10,
ChandranManikandan
> >>> <[email protected]
<mailto:[email protected]>>
> wrote:
> >>>
> >>> Hi Folks,
> >>>
> >>> Emails are delivering to the spam or junk
> folder when users
> >>> send to the recipients.
> >>> Mostly it's all public domain like
gmail,yahoo
> etc..
> >>> How to fix this issue in our server.
> >>> Am using Centos 6 32 bit with
qmailtoaster.
> >>> Could anyone help me.
> >>>
> >>> --
> >>> */Regards,
> >>> Manikandan.C
> >>> /*
> >>
> >
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [email protected]
> For additional commands, e-mail:
> [email protected]
>
>
>
> --
> */Regards,
> Manikandan.C
> /*
>
>
>
> --
> */Regards,
> Manikandan.C
> /*
>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
