RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hey Matt, 

Don’t worry, no offense taken, honest review always been appreciated. Sorry if 
I sound offended, I kind of expected to get a lot of critique and comment since 
I did everything in a rush for the deadline, I just needed some time to sort 
out the information that I get. I did learn a lot from the advice given last 
time, so thank you again for that and other people who have help.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: 17 July 2019 19:42
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

in no way I meant to critize or offend you - I just gave you an honest 
reply how I "felt" when I read your notes.
Yes, it's not perfect, and yes, it also just looks more like "personal 
notes made during the process" than a "well researched common use 
tutorial" - but hey, as I started to use James (cause the system I used 
before was discontinued) I struggled the same like you. I just had the 
advantage as a long time Java developer I could understand the Exception 
logs and could dig thought the source. But even with that knowledge I 
needed a lot of help from others. Maybe that's why I felt "cringy" cause 
I somewhat seen my past self in it. Can this be helpfull to help you? 
Maybe, I hope. But as I'm not the guru I'd like to be I also can just 
give as much input as I self learned since started using James.

Matt

Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Apology for the “gnarf-cringe” writing. I will try to give some of my 
> reasoning for each of the problem. I cant say much other than, that I had a 
> lot of things that I don’t know of, since this is the first time I learn 
> anything about server-related, how to use ubuntu, so it might comes off “Does 
> this guy know what he wrote?” and possibly just writing my personal guess of 
> how things works the best that I know. With that said, I also thank you for 
> the critique / comment  / time for reading the tutorial and giving the point, 
> I will try to update the tutorial slowly as I try to understand the flaw 
> point and how things really work.
>
> Ubuntu for Windows 10 : to be honest since this was an experiment and I never 
> used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning 
> it, and since we don’t have server yet, I think its okay just to put it under 
> my laptop for now, and after that buying a laptop with Ubuntu OS and server 
> after we get the budget and confident enough to use James.
>
> Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server 
> other than sudo reboot and to apply the setting change. I guess I did try to 
> disable the service, and then run “sudo bash run.sh” everytime I make changes 
> and that might be enough to actually restart the setting needed. But 
> sometimes the changes doesn’t apply such as, when changing the port number in 
> the smtp/imap server xml file, maybe im just doing something wrong.
>
> Sudo in general : i need to be honest that I’m being ignorant in this case, 
> since most of the time I tried to move file, use any function, access the 
> keys file, and they will said “Permission Denied” and I don’t even know why 
> (Something to do with chown and chgroup because I see all the files belong to 
> root) so most of the time I “sudo” all my way in. About the port thing, my 
> mate said that I can only login using one specific port and it was below the 
> number 1024, it said to give me admin privilege so I can use all the function 
> with ease, but apparently it was not. I probably need to show him this 
> response to get a better understanding.
>
> Extract the lib of jar : Did I write that? Must be a typo, sorry about that I 
> will look into it. I didn’t meant to say to extract the lib jar. I was meant 
> to say to copy the .jar file and put it on james/lib (at least that;s the way 
> I know to add a library to James Server and used the mailets). I didn’t even 
> know how to create a jar file other than the ANT build.  There’s a lot of 
> java stuff that I need to catch on.
>
> Manual Download of java runtime : I actually think about it and thought that 
> it would be easier maybe to just install the java from the ubuntu using 
> apt-get, but since it’s a request from the upper and I didn’t know better and 
> afraid something might have changes if I don’t do exactly as the instruction, 
> I play safe and just do it. I just realized I should probably ask this to my 
> upper.
>
> Mysql and Mysql connector : I didn’t know about this and might have to 
> consult my mate about this
>
> Ant :  as the previous statement I didn’t know anything about making my java 
> files into .jar, so I just say that "we gonna use ant compile” for now, until 
> I

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hey Matt, 

Don’t worry, no offense taken, honest review always been appreciated. Sorry if 
I sound offended, I kind of expected to get a lot of critique and comment since 
I did everything in a rush for the deadline, I just needed some time to sort 
out the information that I get. I did learn a lot from the advice given last 
time, so thank you again for that and other people who have help.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: 17 July 2019 19:42
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

in no way I meant to critize or offend you - I just gave you an honest 
reply how I "felt" when I read your notes.
Yes, it's not perfect, and yes, it also just looks more like "personal 
notes made during the process" than a "well researched common use 
tutorial" - but hey, as I started to use James (cause the system I used 
before was discontinued) I struggled the same like you. I just had the 
advantage as a long time Java developer I could understand the Exception 
logs and could dig thought the source. But even with that knowledge I 
needed a lot of help from others. Maybe that's why I felt "cringy" cause 
I somewhat seen my past self in it. Can this be helpfull to help you? 
Maybe, I hope. But as I'm not the guru I'd like to be I also can just 
give as much input as I self learned since started using James.

Matt

Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Apology for the “gnarf-cringe” writing. I will try to give some of my 
> reasoning for each of the problem. I cant say much other than, that I had a 
> lot of things that I don’t know of, since this is the first time I learn 
> anything about server-related, how to use ubuntu, so it might comes off “Does 
> this guy know what he wrote?” and possibly just writing my personal guess of 
> how things works the best that I know. With that said, I also thank you for 
> the critique / comment  / time for reading the tutorial and giving the point, 
> I will try to update the tutorial slowly as I try to understand the flaw 
> point and how things really work.
>
> Ubuntu for Windows 10 : to be honest since this was an experiment and I never 
> used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning 
> it, and since we don’t have server yet, I think its okay just to put it under 
> my laptop for now, and after that buying a laptop with Ubuntu OS and server 
> after we get the budget and confident enough to use James.
>
> Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server 
> other than sudo reboot and to apply the setting change. I guess I did try to 
> disable the service, and then run “sudo bash run.sh” everytime I make changes 
> and that might be enough to actually restart the setting needed. But 
> sometimes the changes doesn’t apply such as, when changing the port number in 
> the smtp/imap server xml file, maybe im just doing something wrong.
>
> Sudo in general : i need to be honest that I’m being ignorant in this case, 
> since most of the time I tried to move file, use any function, access the 
> keys file, and they will said “Permission Denied” and I don’t even know why 
> (Something to do with chown and chgroup because I see all the files belong to 
> root) so most of the time I “sudo” all my way in. About the port thing, my 
> mate said that I can only login using one specific port and it was below the 
> number 1024, it said to give me admin privilege so I can use all the function 
> with ease, but apparently it was not. I probably need to show him this 
> response to get a better understanding.
>
> Extract the lib of jar : Did I write that? Must be a typo, sorry about that I 
> will look into it. I didn’t meant to say to extract the lib jar. I was meant 
> to say to copy the .jar file and put it on james/lib (at least that;s the way 
> I know to add a library to James Server and used the mailets). I didn’t even 
> know how to create a jar file other than the ANT build.  There’s a lot of 
> java stuff that I need to catch on.
>
> Manual Download of java runtime : I actually think about it and thought that 
> it would be easier maybe to just install the java from the ubuntu using 
> apt-get, but since it’s a request from the upper and I didn’t know better and 
> afraid something might have changes if I don’t do exactly as the instruction, 
> I play safe and just do it. I just realized I should probably ask this to my 
> upper.
>
> Mysql and Mysql connector : I didn’t know about this and might have to 
> consult my mate about this
>
> Ant :  as the previous statement I didn’t know anything about making my java 
> files into .jar, so I just say that "we gonna use ant compile” for now, until 
> I

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Don’t worry, no offense taken, sorry if I sounded like offended. I was 
expecting to get a lot of comments and critique since I did everything in rush 
for a deadline, and probably why I didn’t put much effort into it. The 
information / critique / comment is always appreciated,  i just need time to 
understand and sort all the information given.

Again, thank you for the information/critique given, I will try to make the 
best of it and update the tutorial.

Sincerely, Jason

PS : (if this message sended 2 time, apology, internet probably)

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 17, 2019 7:42 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

in no way I meant to critize or offend you - I just gave you an honest 
reply how I "felt" when I read your notes.
Yes, it's not perfect, and yes, it also just looks more like "personal 
notes made during the process" than a "well researched common use 
tutorial" - but hey, as I started to use James (cause the system I used 
before was discontinued) I struggled the same like you. I just had the 
advantage as a long time Java developer I could understand the Exception 
logs and could dig thought the source. But even with that knowledge I 
needed a lot of help from others. Maybe that's why I felt "cringy" cause 
I somewhat seen my past self in it. Can this be helpfull to help you? 
Maybe, I hope. But as I'm not the guru I'd like to be I also can just 
give as much input as I self learned since started using James.

Matt

Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Apology for the “gnarf-cringe” writing. I will try to give some of my 
> reasoning for each of the problem. I cant say much other than, that I had a 
> lot of things that I don’t know of, since this is the first time I learn 
> anything about server-related, how to use ubuntu, so it might comes off “Does 
> this guy know what he wrote?” and possibly just writing my personal guess of 
> how things works the best that I know. With that said, I also thank you for 
> the critique / comment  / time for reading the tutorial and giving the point, 
> I will try to update the tutorial slowly as I try to understand the flaw 
> point and how things really work.
>
> Ubuntu for Windows 10 : to be honest since this was an experiment and I never 
> used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning 
> it, and since we don’t have server yet, I think its okay just to put it under 
> my laptop for now, and after that buying a laptop with Ubuntu OS and server 
> after we get the budget and confident enough to use James.
>
> Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server 
> other than sudo reboot and to apply the setting change. I guess I did try to 
> disable the service, and then run “sudo bash run.sh” everytime I make changes 
> and that might be enough to actually restart the setting needed. But 
> sometimes the changes doesn’t apply such as, when changing the port number in 
> the smtp/imap server xml file, maybe im just doing something wrong.
>
> Sudo in general : i need to be honest that I’m being ignorant in this case, 
> since most of the time I tried to move file, use any function, access the 
> keys file, and they will said “Permission Denied” and I don’t even know why 
> (Something to do with chown and chgroup because I see all the files belong to 
> root) so most of the time I “sudo” all my way in. About the port thing, my 
> mate said that I can only login using one specific port and it was below the 
> number 1024, it said to give me admin privilege so I can use all the function 
> with ease, but apparently it was not. I probably need to show him this 
> response to get a better understanding.
>
> Extract the lib of jar : Did I write that? Must be a typo, sorry about that I 
> will look into it. I didn’t meant to say to extract the lib jar. I was meant 
> to say to copy the .jar file and put it on james/lib (at least that;s the way 
> I know to add a library to James Server and used the mailets). I didn’t even 
> know how to create a jar file other than the ANT build.  There’s a lot of 
> java stuff that I need to catch on.
>
> Manual Download of java runtime : I actually think about it and thought that 
> it would be easier maybe to just install the java from the ubuntu using 
> apt-get, but since it’s a request from the upper and I didn’t know better and 
> afraid something might have changes if I don’t do exactly as the instruction, 
> I play safe and just do it. I just realized I should probably ask this to my 
> upper.
>
> Mysql and Mysql connector : I didn’t know about this and might have to 
> consult my mate about this
>
> Ant :  as the previ

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Don’t worry, no offense taken, sorry if I sounded like offended. I was 
expecting to get a lot of comments and critique since I did everything in rush 
for a deadline, and probably why I didn’t put much effort into it. The 
information / critique / comment is always appreciated,  i just need time to 
understand and sort all the information given.

Again, thank you for the information/critique given, I will try to make the 
best of it and update the tutorial.

Sincerely, Jason

PS : (if this message sended 2 time, apology, internet probably)

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 17, 2019 7:42 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

in no way I meant to critize or offend you - I just gave you an honest 
reply how I "felt" when I read your notes.
Yes, it's not perfect, and yes, it also just looks more like "personal 
notes made during the process" than a "well researched common use 
tutorial" - but hey, as I started to use James (cause the system I used 
before was discontinued) I struggled the same like you. I just had the 
advantage as a long time Java developer I could understand the Exception 
logs and could dig thought the source. But even with that knowledge I 
needed a lot of help from others. Maybe that's why I felt "cringy" cause 
I somewhat seen my past self in it. Can this be helpfull to help you? 
Maybe, I hope. But as I'm not the guru I'd like to be I also can just 
give as much input as I self learned since started using James.

Matt

Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Apology for the “gnarf-cringe” writing. I will try to give some of my 
> reasoning for each of the problem. I cant say much other than, that I had a 
> lot of things that I don’t know of, since this is the first time I learn 
> anything about server-related, how to use ubuntu, so it might comes off “Does 
> this guy know what he wrote?” and possibly just writing my personal guess of 
> how things works the best that I know. With that said, I also thank you for 
> the critique / comment  / time for reading the tutorial and giving the point, 
> I will try to update the tutorial slowly as I try to understand the flaw 
> point and how things really work.
>
> Ubuntu for Windows 10 : to be honest since this was an experiment and I never 
> used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning 
> it, and since we don’t have server yet, I think its okay just to put it under 
> my laptop for now, and after that buying a laptop with Ubuntu OS and server 
> after we get the budget and confident enough to use James.
>
> Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server 
> other than sudo reboot and to apply the setting change. I guess I did try to 
> disable the service, and then run “sudo bash run.sh” everytime I make changes 
> and that might be enough to actually restart the setting needed. But 
> sometimes the changes doesn’t apply such as, when changing the port number in 
> the smtp/imap server xml file, maybe im just doing something wrong.
>
> Sudo in general : i need to be honest that I’m being ignorant in this case, 
> since most of the time I tried to move file, use any function, access the 
> keys file, and they will said “Permission Denied” and I don’t even know why 
> (Something to do with chown and chgroup because I see all the files belong to 
> root) so most of the time I “sudo” all my way in. About the port thing, my 
> mate said that I can only login using one specific port and it was below the 
> number 1024, it said to give me admin privilege so I can use all the function 
> with ease, but apparently it was not. I probably need to show him this 
> response to get a better understanding.
>
> Extract the lib of jar : Did I write that? Must be a typo, sorry about that I 
> will look into it. I didn’t meant to say to extract the lib jar. I was meant 
> to say to copy the .jar file and put it on james/lib (at least that;s the way 
> I know to add a library to James Server and used the mailets). I didn’t even 
> know how to create a jar file other than the ANT build.  There’s a lot of 
> java stuff that I need to catch on.
>
> Manual Download of java runtime : I actually think about it and thought that 
> it would be easier maybe to just install the java from the ubuntu using 
> apt-get, but since it’s a request from the upper and I didn’t know better and 
> afraid something might have changes if I don’t do exactly as the instruction, 
> I play safe and just do it. I just realized I should probably ask this to my 
> upper.
>
> Mysql and Mysql connector : I didn’t know about this and might have to 
> consult my mate about this
>
> Ant :  as the previ

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

ngs work, I will 
update the tutorial.

Again, thank you for the comment and critique and the response. I will try to 
put it into good use. Sorry for any wrong word.
Since this thread is more about DKIM and SPF, I might have to stop replying 
after this as to not go off-topic and created a new one if needed.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 17, 2019 5:01 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had a quick look at your notes and had few lines of "gnarf cringe -
why?". I will try to go over them:

- Ubuntu for Win10 - uhm, ok, although I guess it's possible to run
James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the
best choice for a server - so either running a Linux native or at least
use a Windows Server as host OS
- sudo reboot - why you keep rebooting the entire system just for a few
configs and such? this shouldn't be needed at all
- sudo in general - you keep doin much as root - all can be done as
normal user - only start up of james require root as the ports used by
james are below 1024 - wich are the so called "well known ports" wich
require administrative privileges - even on Windows - you should change
to just set up a normal user from the start and do all in that lower
priv context
- extract of lib jar - this bothered me since you first wrote it here on
the list: why you want to extract a lib jar? If you want to build
something against it you just have to add it to the classpath at compile
time - no need for extracting
- manual download of java runtime - also not needed on most Linux
distributions as almost any of thier package managers are able to just
install different versions aside from mostly java is installed by
default at os install
- mysql and mysql-connector: although should still be useable most
distributions switched to MariaDB due to Oracle (wich bought Sun wich
bought MySQL) changed lincese so re-distributing MySQL by Linux isn't as
easy as before - so most switched to MariaDB as its license complies to
re-distribute it within the repos - I once had a week long heavy trouble
cause an update completely crashed my james database - had hard time to
recover it
- ant - yes, it's always better to use a build system nowdays - but just
to compile a single class most java devs would just do it on command
line - your notes are written like ant would required
- use of third party to generate keypair - first rule of security: never
rely on others to generate keys - always do it by yourself - why: cause
you can't be sure that the third party is trustworthy / stores the
private key - this chapter should be complete reworked to generate the
key and signatures on the command line instead of using external services

Overall its maybe a personal note on how you did it - but it's not
really useable as "general tutorial", wich is covered on apache itself.
You only combined a few things like setting up SPF and adding DKIM to a
normal James setup.

Matt

Am 17.07.2019 um 11:21 schrieb Jason Tjankilisan:

Hiya Matt,

Here is the Github link to the tutorial I created : 
https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial
Firstly I apologize if there;s any wrong word or bad English. I hope the 
tutorial were clear enough even for those who just learned about James, as I 
try to make the information as general as it can be. any Comment/Critique are 
welcome !

Thank you for the help and response.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Tuesday, July 16, 2019 2:55 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I don't know about Google Drive and maybe files get unavailable after
some time. If you already have a GitHub account I would recommend you to
maybe set up a new repo and publish it this way. This would ensure a
general availability and also space for additional resources like
examples. Also, the issue and merge functions would allow others to
point out issues and possible fixes. About the format: text, html and
PDF are good formats, where text and html offer easy editable where PDF
would require re-exporting one from what ever source format.

Looking forward to read it.

Matt


-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org





-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Apology for the “gnarf-cringe” writing. I will try to give some of my reasoning 
for each of the problem. I cant say much other than, that I had a lot of things 
that I don’t know of, since this is the first time I learn anything about 
server-related, how to use ubuntu, so it might comes off “Does this guy know 
what he wrote?” and possibly just writing my personal guess of how things works 
the best that I know. With that said, I also thank you for the critique / 
comment  / time for reading the tutorial and giving the point, I will try to 
update the tutorial slowly as I try to understand the flaw point and how things 
really work.

Ubuntu for Windows 10 : to be honest since this was an experiment and I never 
used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning it, 
and since we don’t have server yet, I think its okay just to put it under my 
laptop for now, and after that buying a laptop with Ubuntu OS and server after 
we get the budget and confident enough to use James.

Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server 
other than sudo reboot and to apply the setting change. I guess I did try to 
disable the service, and then run “sudo bash run.sh” everytime I make changes 
and that might be enough to actually restart the setting needed. But sometimes 
the changes doesn’t apply such as, when changing the port number in the 
smtp/imap server xml file, maybe im just doing something wrong.

Sudo in general : i need to be honest that I’m being ignorant in this case, 
since most of the time I tried to move file, use any function, access the keys 
file, and they will said “Permission Denied” and I don’t even know why 
(Something to do with chown and chgroup because I see all the files belong to 
root) so most of the time I “sudo” all my way in. About the port thing, my mate 
said that I can only login using one specific port and it was below the number 
1024, it said to give me admin privilege so I can use all the function with 
ease, but apparently it was not. I probably need to show him this response to 
get a better understanding.

Extract the lib of jar : Did I write that? Must be a typo, sorry about that I 
will look into it. I didn’t meant to say to extract the lib jar. I was meant to 
say to copy the .jar file and put it on james/lib (at least that;s the way I 
know to add a library to James Server and used the mailets). I didn’t even know 
how to create a jar file other than the ANT build.  There’s a lot of java stuff 
that I need to catch on.

Manual Download of java runtime : I actually think about it and thought that it 
would be easier maybe to just install the java from the ubuntu using apt-get, 
but since it’s a request from the upper and I didn’t know better and afraid 
something might have changes if I don’t do exactly as the instruction, I play 
safe and just do it. I just realized I should probably ask this to my upper.

Mysql and Mysql connector : I didn’t know about this and might have to consult 
my mate about this

Ant :  as the previous statement I didn’t know anything about making my java 
files into .jar, so I just say that "we gonna use ant compile” for now, until I 
understand other way to make java files into .jar files.

Third-Party Generate Key pair : since this was an experimental and I don’t 
really mind much about the security (because finding out the way to do it, is 
more important for me right now). I did read about generating a key using 
openssl, but probably since I still lack the understanding I didn’t use it, but 
for future development, of course generating it alone would be better. As you 
said, I will rework not just the generating the key pair part, but mostly all 
of the tutorial.

Im more of  “know what to do first then learning why I should do it and whats 
the meaning behind it” person, that’s why this general tutorial sound like 
personal note of how I do it to setup james server. Slowly as I understand 
things can be done in many other way and know better how things work, I will 
update the tutorial.

Again, thank you for the comment and critique and the response. I will try to 
put it into good use. Sorry for any wrong word.
Since this thread is more about DKIM and SPF, I might have to stop replying 
after this as to not go off-topic and created a new one if needed.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 17, 2019 5:01 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had a quick look at your notes and had few lines of "gnarf cringe - 
why?". I will try to go over them:

- Ubuntu for Win10 - uhm, ok, although I guess it's possible to run 
James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the 
best choice for a server - so either running a Linux native or at least 
use a Windows Server as host OS
- sudo reboot - why you keep rebooting the entire system

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Apology for the “gnarf-cringe” writing. I will try to give some of my reasoning 
for each of the problem. I cant say much other than, that I had a lot of things 
that I don’t know of, since this is the first time I learn anything about 
server-related, how to use ubuntu, so it might comes off “Does this guy know 
what he wrote?” and possibly just writing my personal guess of how things works 
the best that I know. With that said, I also thank you for the critique / 
comment  / time for reading the tutorial and giving the point, I will try to 
update the tutorial slowly as I try to understand the flaw point and how things 
really work.

Ubuntu for Windows 10 : to be honest since this was an experiment and I never 
used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning it, 
and since we don’t have server yet, I think its okay just to put it under my 
laptop for now, and after that buying a laptop with Ubuntu OS and server after 
we get the budget and confident enough to use James.

Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server 
other than sudo reboot and to apply the setting change. I guess I did try to 
disable the service, and then run “sudo bash run.sh” everytime I make changes 
and that might be enough to actually restart the setting needed. But sometimes 
the changes doesn’t apply such as, when changing the port number in the 
smtp/imap server xml file, maybe im just doing something wrong.

Sudo in general : i need to be honest that I’m being ignorant in this case, 
since most of the time I tried to move file, use any function, access the keys 
file, and they will said “Permission Denied” and I don’t even know why 
(Something to do with chown and chgroup because I see all the files belong to 
root) so most of the time I “sudo” all my way in. About the port thing, my mate 
said that I can only login using one specific port and it was below the number 
1024, it said to give me admin privilege so I can use all the function with 
ease, but apparently it was not. I probably need to show him this response to 
get a better understanding.

Extract the lib of jar : Did I write that? Must be a typo, sorry about that I 
will look into it. I didn’t meant to say to extract the lib jar. I was meant to 
say to copy the .jar file and put it on james/lib (at least that;s the way I 
know to add a library to James Server and used the mailets). I didn’t even know 
how to create a jar file other than the ANT build.  There’s a lot of java stuff 
that I need to catch on.

Manual Download of java runtime : I actually think about it and thought that it 
would be easier maybe to just install the java from the ubuntu using apt-get, 
but since it’s a request from the upper and I didn’t know better and afraid 
something might have changes if I don’t do exactly as the instruction, I play 
safe and just do it. I just realized I should probably ask this to my upper.

Mysql and Mysql connector : I didn’t know about this and might have to consult 
my mate about this

Ant :  as the previous statement I didn’t know anything about making my java 
files into .jar, so I just say that "we gonna use ant compile” for now, until I 
understand other way to make java files into .jar files.

Third-Party Generate Key pair : since this was an experimental and I don’t 
really mind much about the security (because finding out the way to do it, is 
more important for me right now). I did read about generating a key using 
openssl, but probably since I still lack the understanding I didn’t use it, but 
for future development, of course generating it alone would be better. As you 
said, I will rework not just the generating the key pair part, but mostly all 
of the tutorial.

Im more of  “know what to do first then learning why I should do it and whats 
the meaning behind it” person, that’s why this general tutorial sound like 
personal note of how I do it to setup james server. Slowly as I understand 
things can be done in many other way and know better how things work, I will 
update the tutorial.

Again, thank you for the comment and critique and the response. I will try to 
put it into good use. Sorry for any wrong word.
Since this thread is more about DKIM and SPF, I might have to stop replying 
after this as to not go off-topic and created a new one if needed.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 17, 2019 5:01 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had a quick look at your notes and had few lines of "gnarf cringe - 
why?". I will try to go over them:

- Ubuntu for Win10 - uhm, ok, although I guess it's possible to run 
James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the 
best choice for a server - so either running a Linux native or at least 
use a Windows Server as host OS
- sudo reboot - why you keep rebooting the entire system

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

Hey Jason,

I had a quick look at your notes and had few lines of "gnarf cringe - 
why?". I will try to go over them:


- Ubuntu for Win10 - uhm, ok, although I guess it's possible to run 
James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the 
best choice for a server - so either running a Linux native or at least 
use a Windows Server as host OS
- sudo reboot - why you keep rebooting the entire system just for a few 
configs and such? this shouldn't be needed at all
- sudo in general - you keep doin much as root - all can be done as 
normal user - only start up of james require root as the ports used by 
james are below 1024 - wich are the so called "well known ports" wich 
require administrative privileges - even on Windows - you should change 
to just set up a normal user from the start and do all in that lower 
priv context
- extract of lib jar - this bothered me since you first wrote it here on 
the list: why you want to extract a lib jar? If you want to build 
something against it you just have to add it to the classpath at compile 
time - no need for extracting
- manual download of java runtime - also not needed on most Linux 
distributions as almost any of thier package managers are able to just 
install different versions aside from mostly java is installed by 
default at os install
- mysql and mysql-connector: although should still be useable most 
distributions switched to MariaDB due to Oracle (wich bought Sun wich 
bought MySQL) changed lincese so re-distributing MySQL by Linux isn't as 
easy as before - so most switched to MariaDB as its license complies to 
re-distribute it within the repos - I once had a week long heavy trouble 
cause an update completely crashed my james database - had hard time to 
recover it
- ant - yes, it's always better to use a build system nowdays - but just 
to compile a single class most java devs would just do it on command 
line - your notes are written like ant would required
- use of third party to generate keypair - first rule of security: never 
rely on others to generate keys - always do it by yourself - why: cause 
you can't be sure that the third party is trustworthy / stores the 
private key - this chapter should be complete reworked to generate the 
key and signatures on the command line instead of using external services


Overall its maybe a personal note on how you did it - but it's not 
really useable as "general tutorial", wich is covered on apache itself. 
You only combined a few things like setting up SPF and adding DKIM to a 
normal James setup.


Matt

Am 17.07.2019 um 11:21 schrieb Jason Tjankilisan:

Hiya Matt,

Here is the Github link to the tutorial I created : 
https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial
Firstly I apologize if there;s any wrong word or bad English. I hope the 
tutorial were clear enough even for those who just learned about James, as I 
try to make the information as general as it can be. any Comment/Critique are 
welcome !

Thank you for the help and response.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Tuesday, July 16, 2019 2:55 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I don't know about Google Drive and maybe files get unavailable after
some time. If you already have a GitHub account I would recommend you to
maybe set up a new repo and publish it this way. This would ensure a
general availability and also space for additional resources like
examples. Also, the issue and merge functions would allow others to
point out issues and possible fixes. About the format: text, html and
PDF are good formats, where text and html offer easy editable where PDF
would require re-exporting one from what ever source format.

Looking forward to read it.

Matt



-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Here is the Github link to the tutorial I created : 
https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial
Firstly I apologize if there;s any wrong word or bad English. I hope the 
tutorial were clear enough even for those who just learned about James, as I 
try to make the information as general as it can be. any Comment/Critique are 
welcome !

Thank you for the help and response.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Tuesday, July 16, 2019 2:55 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I don't know about Google Drive and maybe files get unavailable after 
some time. If you already have a GitHub account I would recommend you to 
maybe set up a new repo and publish it this way. This would ensure a 
general availability and also space for additional resources like 
examples. Also, the issue and merge functions would allow others to 
point out issues and possible fixes. About the format: text, html and 
PDF are good formats, where text and html offer easy editable where PDF 
would require re-exporting one from what ever source format.

Looking forward to read it.

Matt

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Here is the Github link to the tutorial I created : 
https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial
Firstly I apologize if there;s any wrong word or bad English. I hope the 
tutorial were clear enough even for those who just learned about James, as I 
try to make the information as general as it can be. any Comment/Critique are 
welcome !

Thank you for the help and response.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Tuesday, July 16, 2019 2:55 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I don't know about Google Drive and maybe files get unavailable after 
some time. If you already have a GitHub account I would recommend you to 
maybe set up a new repo and publish it this way. This would ensure a 
general availability and also space for additional resources like 
examples. Also, the issue and merge functions would allow others to 
point out issues and possible fixes. About the format: text, html and 
PDF are good formats, where text and html offer easy editable where PDF 
would require re-exporting one from what ever source format.

Looking forward to read it.

Matt

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

Hey Jason,

I don't know about Google Drive and maybe files get unavailable after 
some time. If you already have a GitHub account I would recommend you to 
maybe set up a new repo and publish it this way. This would ensure a 
general availability and also space for additional resources like 
examples. Also, the issue and merge functions would allow others to 
point out issues and possible fixes. About the format: text, html and 
PDF are good formats, where text and html offer easy editable where PDF 
would require re-exporting one from what ever source format.


Looking forward to read it.

Matt

Am 16.07.2019 um 08:54 schrieb Jason Tjankilisan:

Halo Matt,

Surely I don’t mind to share the tutorial and I have asked the permission from 
my team to share it and get a permission. The problem is i still don’t know 
where to put the tutorial to share it since all of it was on Notepad text file 
and im planning to add picture so people wont get confused.For now,  I probably 
use Google Drive to share the File Text and gonna fix some of the words before 
uploading. Its kinda off topic, so apology for that. And with that the topic of 
applying JDKIM and SPF is done.

I will reply as soon as possible once the tutorial done. Thank you so much for 
everyone that has been helping.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Monday, July 15, 2019 5:03 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

glad to hear you got it working in the end.

About keys: I don't think the Exception was caused by re-using the same
key you used for secure the connection, but it's always a good idea to
use different keys for different usages.
I'm looking towards reading your tutorial. Would be nice if you link it
when done. Maybe we can give additional input if someone spots issues.

Matt

Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan:

Hiya Matt,

Last time I check, the selector DKIM didn’t show up either in MXLookup even 
though I copy paste the name of the selector to the DNS Record. So I rename the 
TXT DKIM and create new public key in the DNS Record and suddenly it works, now 
my mail has DKIM and SPF Approval.

I apologize, but apparently the private key used for SSL/TLS are not the same 
as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class 
to have error such as “Bad Password”. That’s why I generate new one from 
DKIMCore and finally it works. Took me longer than I expected to know this.

Finally I can make the tutorial for it.

Sorry for any wrong and thank you for the help and information.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Friday, July 12, 2019 6:10 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had to read to RFC and test a bit with google, but it seems you still
have a DNS issue:

Your selector is: 1562899936.107
Your domain is: pc.107.jp

As by RFC you need to have a TXT record at:
1562899936.107._domainkey.pc.107.jp
But when I look up this domain with ANY as type I get this:

1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" ""

If you look at google for example, they have set thier selector to:
20161025 and thier domain to: googlemail.com. When you lookup
20161025._domainkey.googlemail.com you get this:

20161025._domainkey.googlemail.com. 300 IN TXT  "k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"

So, again, it's a DNS problem. This time a missing record. That's DKIM
verify fail.

Matt

Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan:

Hiya Matt,

Sorry took a long time to reply, was making sure that I did alli could think of 
before posting. Thank you also for providing information and the support given, 
it was really helpful.

I am a part of 107.jp and indeed it was a sub-domain so im guessing the setting 
is different? I will make sure to contact my co-worker

After some more testing and experimenting, I finally made some progress. I 
Successfully implement SPF (I removed the A and the Include google stuff from 
the TXT record just as you said) and it was relatively easy. But for the DKIM 
its another whole story :
- Apparently, Letsencrypt private key used for Keystore is not the same key as 
your DKIM key (Ref: 
https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I 
generate one using DKIMCore, and the error was resolved.
- About the DNS Reverse, we try to get in contact with Contabo about the PTR 
record, so its just a matter of time I hope

I still don’t understand why the DKIM F

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Halo Matt,

Surely I don’t mind to share the tutorial and I have asked the permission from 
my team to share it and get a permission. The problem is i still don’t know 
where to put the tutorial to share it since all of it was on Notepad text file 
and im planning to add picture so people wont get confused.For now,  I probably 
use Google Drive to share the File Text and gonna fix some of the words before 
uploading. Its kinda off topic, so apology for that. And with that the topic of 
applying JDKIM and SPF is done.

I will reply as soon as possible once the tutorial done. Thank you so much for 
everyone that has been helping.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Monday, July 15, 2019 5:03 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

glad to hear you got it working in the end.

About keys: I don't think the Exception was caused by re-using the same 
key you used for secure the connection, but it's always a good idea to 
use different keys for different usages.
I'm looking towards reading your tutorial. Would be nice if you link it 
when done. Maybe we can give additional input if someone spots issues.

Matt

Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Last time I check, the selector DKIM didn’t show up either in MXLookup even 
> though I copy paste the name of the selector to the DNS Record. So I rename 
> the TXT DKIM and create new public key in the DNS Record and suddenly it 
> works, now my mail has DKIM and SPF Approval.
>
> I apologize, but apparently the private key used for SSL/TLS are not the same 
> as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class 
> to have error such as “Bad Password”. That’s why I generate new one from 
> DKIMCore and finally it works. Took me longer than I expected to know this.
>
> Finally I can make the tutorial for it.
>
> Sorry for any wrong and thank you for the help and information.
>
> Sincerely, Jason
>
> Sent from Mail for Windows 10
>
> From: cryptearth
> Sent: Friday, July 12, 2019 6:10 PM
> To: server-user@james.apache.org
> Subject: Re: Applying JDKIM and SPF to the Mailets
>
> Hey Jason,
>
> I had to read to RFC and test a bit with google, but it seems you still
> have a DNS issue:
>
> Your selector is: 1562899936.107
> Your domain is: pc.107.jp
>
> As by RFC you need to have a TXT record at:
> 1562899936.107._domainkey.pc.107.jp
> But when I look up this domain with ANY as type I get this:
>
> 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" ""
>
> If you look at google for example, they have set thier selector to:
> 20161025 and thier domain to: googlemail.com. When you lookup
> 20161025._domainkey.googlemail.com you get this:
>
> 20161025._domainkey.googlemail.com. 300 IN TXT  "k=rsa;
> p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
> "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"
>
> So, again, it's a DNS problem. This time a missing record. That's DKIM
> verify fail.
>
> Matt
>
> Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan:
>> Hiya Matt,
>>
>> Sorry took a long time to reply, was making sure that I did alli could think 
>> of before posting. Thank you also for providing information and the support 
>> given, it was really helpful.
>>
>> I am a part of 107.jp and indeed it was a sub-domain so im guessing the 
>> setting is different? I will make sure to contact my co-worker
>>
>> After some more testing and experimenting, I finally made some progress. I 
>> Successfully implement SPF (I removed the A and the Include google stuff 
>> from the TXT record just as you said) and it was relatively easy. But for 
>> the DKIM its another whole story :
>> - Apparently, Letsencrypt private key used for Keystore is not the same key 
>> as your DKIM key (Ref: 
>> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I 
>> generate one using DKIMCore, and the error was resolved.
>> - About the DNS Reverse, we try to get in contact with Contabo about the PTR 
>> record, so its just a matter of time I hope
>>
>> I still don’t understand why the DKIM Failed, But I did try to compare my 
>> gmail sending to my other gmail “original message” and I see that :
>> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” 
>> tag must be the first.

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Halo Matt,

Surely I don’t mind to share the tutorial and I have asked the permission from 
my team to share it and get a permission. The problem is i still don’t know 
where to put the tutorial to share it since all of it was on Notepad text file 
and im planning to add picture so people wont get confused.For now,  I probably 
use Google Drive to share the File Text and gonna fix some of the words before 
uploading. Its kinda off topic, so apology for that. And with that the topic of 
applying JDKIM and SPF is done.

I will reply as soon as possible once the tutorial done. Thank you so much for 
everyone that has been helping.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Monday, July 15, 2019 5:03 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

glad to hear you got it working in the end.

About keys: I don't think the Exception was caused by re-using the same 
key you used for secure the connection, but it's always a good idea to 
use different keys for different usages.
I'm looking towards reading your tutorial. Would be nice if you link it 
when done. Maybe we can give additional input if someone spots issues.

Matt

Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Last time I check, the selector DKIM didn’t show up either in MXLookup even 
> though I copy paste the name of the selector to the DNS Record. So I rename 
> the TXT DKIM and create new public key in the DNS Record and suddenly it 
> works, now my mail has DKIM and SPF Approval.
>
> I apologize, but apparently the private key used for SSL/TLS are not the same 
> as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class 
> to have error such as “Bad Password”. That’s why I generate new one from 
> DKIMCore and finally it works. Took me longer than I expected to know this.
>
> Finally I can make the tutorial for it.
>
> Sorry for any wrong and thank you for the help and information.
>
> Sincerely, Jason
>
> Sent from Mail for Windows 10
>
> From: cryptearth
> Sent: Friday, July 12, 2019 6:10 PM
> To: server-user@james.apache.org
> Subject: Re: Applying JDKIM and SPF to the Mailets
>
> Hey Jason,
>
> I had to read to RFC and test a bit with google, but it seems you still
> have a DNS issue:
>
> Your selector is: 1562899936.107
> Your domain is: pc.107.jp
>
> As by RFC you need to have a TXT record at:
> 1562899936.107._domainkey.pc.107.jp
> But when I look up this domain with ANY as type I get this:
>
> 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" ""
>
> If you look at google for example, they have set thier selector to:
> 20161025 and thier domain to: googlemail.com. When you lookup
> 20161025._domainkey.googlemail.com you get this:
>
> 20161025._domainkey.googlemail.com. 300 IN TXT  "k=rsa;
> p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
> "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"
>
> So, again, it's a DNS problem. This time a missing record. That's DKIM
> verify fail.
>
> Matt
>
> Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan:
>> Hiya Matt,
>>
>> Sorry took a long time to reply, was making sure that I did alli could think 
>> of before posting. Thank you also for providing information and the support 
>> given, it was really helpful.
>>
>> I am a part of 107.jp and indeed it was a sub-domain so im guessing the 
>> setting is different? I will make sure to contact my co-worker
>>
>> After some more testing and experimenting, I finally made some progress. I 
>> Successfully implement SPF (I removed the A and the Include google stuff 
>> from the TXT record just as you said) and it was relatively easy. But for 
>> the DKIM its another whole story :
>> - Apparently, Letsencrypt private key used for Keystore is not the same key 
>> as your DKIM key (Ref: 
>> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I 
>> generate one using DKIMCore, and the error was resolved.
>> - About the DNS Reverse, we try to get in contact with Contabo about the PTR 
>> record, so its just a matter of time I hope
>>
>> I still don’t understand why the DKIM Failed, But I did try to compare my 
>> gmail sending to my other gmail “original message” and I see that :
>> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” 
>> tag must be the first.

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

Hey Jason,

glad to hear you got it working in the end.

About keys: I don't think the Exception was caused by re-using the same 
key you used for secure the connection, but it's always a good idea to 
use different keys for different usages.
I'm looking towards reading your tutorial. Would be nice if you link it 
when done. Maybe we can give additional input if someone spots issues.


Matt

Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan:

Hiya Matt,

Last time I check, the selector DKIM didn’t show up either in MXLookup even 
though I copy paste the name of the selector to the DNS Record. So I rename the 
TXT DKIM and create new public key in the DNS Record and suddenly it works, now 
my mail has DKIM and SPF Approval.

I apologize, but apparently the private key used for SSL/TLS are not the same 
as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class 
to have error such as “Bad Password”. That’s why I generate new one from 
DKIMCore and finally it works. Took me longer than I expected to know this.

Finally I can make the tutorial for it.

Sorry for any wrong and thank you for the help and information.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Friday, July 12, 2019 6:10 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had to read to RFC and test a bit with google, but it seems you still
have a DNS issue:

Your selector is: 1562899936.107
Your domain is: pc.107.jp

As by RFC you need to have a TXT record at:
1562899936.107._domainkey.pc.107.jp
But when I look up this domain with ANY as type I get this:

1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" ""

If you look at google for example, they have set thier selector to:
20161025 and thier domain to: googlemail.com. When you lookup
20161025._domainkey.googlemail.com you get this:

20161025._domainkey.googlemail.com. 300 IN TXT  "k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"

So, again, it's a DNS problem. This time a missing record. That's DKIM
verify fail.

Matt

Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan:

Hiya Matt,

Sorry took a long time to reply, was making sure that I did alli could think of 
before posting. Thank you also for providing information and the support given, 
it was really helpful.

I am a part of 107.jp and indeed it was a sub-domain so im guessing the setting 
is different? I will make sure to contact my co-worker

After some more testing and experimenting, I finally made some progress. I 
Successfully implement SPF (I removed the A and the Include google stuff from 
the TXT record just as you said) and it was relatively easy. But for the DKIM 
its another whole story :
- Apparently, Letsencrypt private key used for Keystore is not the same key as 
your DKIM key (Ref: 
https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I 
generate one using DKIMCore, and the error was resolved.
- About the DNS Reverse, we try to get in contact with Contabo about the PTR 
record, so its just a matter of time I hope

I still don’t understand why the DKIM Failed, But I did try to compare my gmail 
sending to my other gmail “original message” and I see that :
- The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” 
tag must be the first.
- Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it 
say its failed even though there is DKIM Signature in the original messsage.
- I checked the DNS Record using dnschecker.org and see that the selector TXT 
did not show up for the DKIM, is it supposed to be like that? Given the name of 
the TXT record must be [string]._domainkey.[host name].

Here is the “Original message” :

Delivered-To: jason.tjankili...@gmail.com
Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq;
  Fri, 12 Jul 2019 00:53:21 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2
X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863;
  Fri, 12 Jul 2019 00:53:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none;
  d=google.com; s=arc-20160816;
  b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF
   J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK
   00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz
   ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6
   xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Last time I check, the selector DKIM didn’t show up either in MXLookup even 
though I copy paste the name of the selector to the DNS Record. So I rename the 
TXT DKIM and create new public key in the DNS Record and suddenly it works, now 
my mail has DKIM and SPF Approval.

I apologize, but apparently the private key used for SSL/TLS are not the same 
as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class 
to have error such as “Bad Password”. That’s why I generate new one from 
DKIMCore and finally it works. Took me longer than I expected to know this.

Finally I can make the tutorial for it.

Sorry for any wrong and thank you for the help and information.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Friday, July 12, 2019 6:10 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had to read to RFC and test a bit with google, but it seems you still 
have a DNS issue:

Your selector is: 1562899936.107
Your domain is: pc.107.jp

As by RFC you need to have a TXT record at: 
1562899936.107._domainkey.pc.107.jp
But when I look up this domain with ANY as type I get this:

1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" ""

If you look at google for example, they have set thier selector to: 
20161025 and thier domain to: googlemail.com. When you lookup 
20161025._domainkey.googlemail.com you get this:

20161025._domainkey.googlemail.com. 300 IN TXT  "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
 
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"

So, again, it's a DNS problem. This time a missing record. That's DKIM 
verify fail.

Matt

Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Sorry took a long time to reply, was making sure that I did alli could think 
> of before posting. Thank you also for providing information and the support 
> given, it was really helpful.
>
> I am a part of 107.jp and indeed it was a sub-domain so im guessing the 
> setting is different? I will make sure to contact my co-worker
>
> After some more testing and experimenting, I finally made some progress. I 
> Successfully implement SPF (I removed the A and the Include google stuff from 
> the TXT record just as you said) and it was relatively easy. But for the DKIM 
> its another whole story :
> - Apparently, Letsencrypt private key used for Keystore is not the same key 
> as your DKIM key (Ref: 
> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I 
> generate one using DKIMCore, and the error was resolved.
> - About the DNS Reverse, we try to get in contact with Contabo about the PTR 
> record, so its just a matter of time I hope
>
> I still don’t understand why the DKIM Failed, But I did try to compare my 
> gmail sending to my other gmail “original message” and I see that :
> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” 
> tag must be the first.
> - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it 
> say its failed even though there is DKIM Signature in the original messsage.
> - I checked the DNS Record using dnschecker.org and see that the selector TXT 
> did not show up for the DKIM, is it supposed to be like that? Given the name 
> of the TXT record must be [string]._domainkey.[host name].
>
> Here is the “Original message” :
> 
> Delivered-To: jason.tjankili...@gmail.com
> Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq;
>  Fri, 12 Jul 2019 00:53:21 -0700 (PDT)
> X-Google-Smtp-Source: 
> APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2
> X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863;
>  Fri, 12 Jul 2019 00:53:21 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none;
>  d=google.com; s=arc-20160816;
>  b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF
>   J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK
>   00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz
>   ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6
>   xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6tBhwkpJqCU
>   j6TQ==
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
> s=arc-20160816;
>  h=content-languag

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt,

Last time I check, the selector DKIM didn’t show up either in MXLookup even 
though I copy paste the name of the selector to the DNS Record. So I rename the 
TXT DKIM and create new public key in the DNS Record and suddenly it works, now 
my mail has DKIM and SPF Approval.

I apologize, but apparently the private key used for SSL/TLS are not the same 
as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class 
to have error such as “Bad Password”. That’s why I generate new one from 
DKIMCore and finally it works. Took me longer than I expected to know this.

Finally I can make the tutorial for it.

Sorry for any wrong and thank you for the help and information.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Friday, July 12, 2019 6:10 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I had to read to RFC and test a bit with google, but it seems you still 
have a DNS issue:

Your selector is: 1562899936.107
Your domain is: pc.107.jp

As by RFC you need to have a TXT record at: 
1562899936.107._domainkey.pc.107.jp
But when I look up this domain with ANY as type I get this:

1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" ""

If you look at google for example, they have set thier selector to: 
20161025 and thier domain to: googlemail.com. When you lookup 
20161025._domainkey.googlemail.com you get this:

20161025._domainkey.googlemail.com. 300 IN TXT  "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
 
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"

So, again, it's a DNS problem. This time a missing record. That's DKIM 
verify fail.

Matt

Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Sorry took a long time to reply, was making sure that I did alli could think 
> of before posting. Thank you also for providing information and the support 
> given, it was really helpful.
>
> I am a part of 107.jp and indeed it was a sub-domain so im guessing the 
> setting is different? I will make sure to contact my co-worker
>
> After some more testing and experimenting, I finally made some progress. I 
> Successfully implement SPF (I removed the A and the Include google stuff from 
> the TXT record just as you said) and it was relatively easy. But for the DKIM 
> its another whole story :
> - Apparently, Letsencrypt private key used for Keystore is not the same key 
> as your DKIM key (Ref: 
> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I 
> generate one using DKIMCore, and the error was resolved.
> - About the DNS Reverse, we try to get in contact with Contabo about the PTR 
> record, so its just a matter of time I hope
>
> I still don’t understand why the DKIM Failed, But I did try to compare my 
> gmail sending to my other gmail “original message” and I see that :
> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” 
> tag must be the first.
> - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it 
> say its failed even though there is DKIM Signature in the original messsage.
> - I checked the DNS Record using dnschecker.org and see that the selector TXT 
> did not show up for the DKIM, is it supposed to be like that? Given the name 
> of the TXT record must be [string]._domainkey.[host name].
>
> Here is the “Original message” :
> 
> Delivered-To: jason.tjankili...@gmail.com
> Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq;
>  Fri, 12 Jul 2019 00:53:21 -0700 (PDT)
> X-Google-Smtp-Source: 
> APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2
> X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863;
>  Fri, 12 Jul 2019 00:53:21 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none;
>  d=google.com; s=arc-20160816;
>  b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF
>   J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK
>   00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz
>   ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6
>   xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6tBhwkpJqCU
>   j6TQ==
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
> s=arc-20160816;
>  h=content-languag

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

ip=173.249.33.70;
Authentication-Results: mx.google.com;
dkim=fail header.i=@pc.107.jp header.s=1562899936.107 header.b=aNm+dozf;
spf=pass (google.com: domain of i...@pc.107.jp designates 173.249.33.70 
as permitted sender) smtp.mailfrom=i...@pc.107.jp
DKIM-Signature: a=rsa-sha256; 
b=aNm+dozfytLfB/uNWlhYvu4kWF/qpna3hAolNlM8T3ebcoKpsWxZXh0c41uAhWRdsnaPXuxg2Y3AEgc1ZjkKS8LUF/zWjK93u1DdHtIpDjv4lESYP29iAWZ2OFQrJ+KCI7V9i1hB82ggoT5ThcP0IeJ03XJY7WBO+Ua2ilUhHRQ=;
 s=1562899936.107; d=pc.107.jp; v=1; 
bh=bEMak+tyBtAPfnUd01gLR+35V3jP8wbS1BA//AxN7Eo=; 
h=subject:from:to:received:dkim-signature;
MIME-Version: 1.0
X-UserIsAuth: true
Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42])
   by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 567005839
   for ;
   Fri, 12 Jul 2019 09:53:20 +0200 (CEST)
To: jason.tjankili...@gmail.com
From: Mr Sano Mail 
Subject: SHIBA INU
Message-ID: <7ece4147-8575-4ae8-41da-a45774d98...@pc.107.jp>
Date: Fri, 12 Jul 2019 14:53:18 +0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 
Thunderbird/60.7.2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US

SHIBAINU

End of “Original Message”

Weird thing is that I did put the “v” tag in the first in the signature 
template.


v=1; s=1562899936.107._domainkey.pc.107.jp; 
d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=;


[Privkeyhere]



Can someone help me on this one or maybe pinpoint me to any direction?

Thank you and sorry for any wrong word.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 10, 2019 1:13 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I have a guess in the blue: You're try to use a sub-domain / third-level
domain.

As Whois shows up, the main domain is just 107.jp. You are try to use
the sub-domain pc.107.jp. So, there has to be a few extras to be
tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is
beneficial cause they know thier stuff and support should be able to
help to to clean it up.
The main question is: Are you part of 107.jp or is pc.107.jp it's own
thing not really related to 107.jp?

I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70
include:_spf.google.com ~all" - this doesn't seem right.
First: there is A as an IPv4 already set - no need for adding it again.
SPF is designed so if another record(-type) is referenced it has to be
resolved. So, by adding A to SPF this already resolves to
ip4:173.249.33.70 - it should be fine if only A or the ip is present.
Also, as MX is also pc.107.jp it should be possible to use MX instead of A.

173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a
german company Contabo GmbH - this doesn't match neither google nor
cloudflare. So having _spf.google.com in your SPF record doesn't make
sense as you don't use googles mail servers but your own.

There's a lot that just doesn't add/match up - wich on the other side
could be the reason why google flags your mail as spam. As this contabo
thing looks like a v-host or some those lines it should be possible to
set a correct PTR in control panel or ask support if it's possible.
Correct DNS records and also matching PTR is a important part for
correct working mail server. I also ran it against my fav tools
mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff
failed straight away as pc.107.jp isn't a correct implemented sub-level
domain on it's own (misses SOA record and mostly isn't it's own zone) -
so reverse checking this stuff (wich maybe done by google) has this
"somethings not right here"-smell - wich google could take as a reason
"wait, this doesn't add up here - most likely spam from a gone wild
server". There's a lot to be fixed to "clean it up" - I guess it
couldn't hurt to ask google support directly. Maybe they can provide an
explain why the thing your mail is spam and could give advice to set it up.

I can only help so far as I started with a proper set up sub-domain
before I set up my own - the admin really knew what he's doin and the
DNS service he used, although not so cool webinterface, has good support
helping out by setting up stuff like sub-domains and such. Also the
server-provider he used offered fine detail on setting PTR so reverse
also worked.

Guess there's not much this mailing list could help as it seems it's not
the fault of the James software but on DNS and domain stuff only support
of domain registrar can help. Try to ask them and google for advice.

Matt

Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan:

Hiya Matt,

Once again, Thank you very much for the information and reminding me, I always 
forgot that you did mention that in the previous thread and I always forgot to 
take note on that. I w

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

 en-US

SHIBAINU

End of “Original Message”

Weird thing is that I did put the “v” tag in the first in the signature 
template.


   v=1; s=1562899936.107._domainkey.pc.107.jp; 
d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=;
   
   
[Privkeyhere]
   


Can someone help me on this one or maybe pinpoint me to any direction?

Thank you and sorry for any wrong word.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 10, 2019 1:13 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I have a guess in the blue: You're try to use a sub-domain / third-level 
domain.

As Whois shows up, the main domain is just 107.jp. You are try to use 
the sub-domain pc.107.jp. So, there has to be a few extras to be 
tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is 
beneficial cause they know thier stuff and support should be able to 
help to to clean it up.
The main question is: Are you part of 107.jp or is pc.107.jp it's own 
thing not really related to 107.jp?

I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 
include:_spf.google.com ~all" - this doesn't seem right.
First: there is A as an IPv4 already set - no need for adding it again. 
SPF is designed so if another record(-type) is referenced it has to be 
resolved. So, by adding A to SPF this already resolves to 
ip4:173.249.33.70 - it should be fine if only A or the ip is present. 
Also, as MX is also pc.107.jp it should be possible to use MX instead of A.

173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a 
german company Contabo GmbH - this doesn't match neither google nor 
cloudflare. So having _spf.google.com in your SPF record doesn't make 
sense as you don't use googles mail servers but your own.

There's a lot that just doesn't add/match up - wich on the other side 
could be the reason why google flags your mail as spam. As this contabo 
thing looks like a v-host or some those lines it should be possible to 
set a correct PTR in control panel or ask support if it's possible. 
Correct DNS records and also matching PTR is a important part for 
correct working mail server. I also ran it against my fav tools 
mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff 
failed straight away as pc.107.jp isn't a correct implemented sub-level 
domain on it's own (misses SOA record and mostly isn't it's own zone) - 
so reverse checking this stuff (wich maybe done by google) has this 
"somethings not right here"-smell - wich google could take as a reason 
"wait, this doesn't add up here - most likely spam from a gone wild 
server". There's a lot to be fixed to "clean it up" - I guess it 
couldn't hurt to ask google support directly. Maybe they can provide an 
explain why the thing your mail is spam and could give advice to set it up.

I can only help so far as I started with a proper set up sub-domain 
before I set up my own - the admin really knew what he's doin and the 
DNS service he used, although not so cool webinterface, has good support 
helping out by setting up stuff like sub-domains and such. Also the 
server-provider he used offered fine detail on setting PTR so reverse 
also worked.

Guess there's not much this mailing list could help as it seems it's not 
the fault of the James software but on DNS and domain stuff only support 
of domain registrar can help. Try to ask them and google for advice.

Matt

Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Once again, Thank you very much for the information and reminding me, I 
> always forgot that you did mention that in the previous thread and I always 
> forgot to take note on that. I will try to check the DNS.
>
> So I sended a mail from thunderbird to my gmail and it goes to spam, so 
> here’s the of the “Original Message” of the mail:
> --Starts of Original message--
> Delivered-To: pochuf...@gmail.com
> Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje;
>  Tue, 9 Jul 2019 19:33:55 -0700 (PDT)
> X-Google-Smtp-Source: 
> APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd
> X-Received: by 2002:a05:6000:9:: with SMTP id 
> h9mr1329142wrx.271.1562726035666;
>  Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none;
>  d=google.com; s=arc-20160816;
>  b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl
>   xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0
>   50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F
>   s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL
>   aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406
>   gTKA==
> ARC-Mes

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

 en-US

SHIBAINU

End of “Original Message”

Weird thing is that I did put the “v” tag in the first in the signature 
template.


   v=1; s=1562899936.107._domainkey.pc.107.jp; 
d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=;
   
   
[Privkeyhere]
   


Can someone help me on this one or maybe pinpoint me to any direction?

Thank you and sorry for any wrong word.

Sincerely, Jason.

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 10, 2019 1:13 PM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

I have a guess in the blue: You're try to use a sub-domain / third-level 
domain.

As Whois shows up, the main domain is just 107.jp. You are try to use 
the sub-domain pc.107.jp. So, there has to be a few extras to be 
tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is 
beneficial cause they know thier stuff and support should be able to 
help to to clean it up.
The main question is: Are you part of 107.jp or is pc.107.jp it's own 
thing not really related to 107.jp?

I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 
include:_spf.google.com ~all" - this doesn't seem right.
First: there is A as an IPv4 already set - no need for adding it again. 
SPF is designed so if another record(-type) is referenced it has to be 
resolved. So, by adding A to SPF this already resolves to 
ip4:173.249.33.70 - it should be fine if only A or the ip is present. 
Also, as MX is also pc.107.jp it should be possible to use MX instead of A.

173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a 
german company Contabo GmbH - this doesn't match neither google nor 
cloudflare. So having _spf.google.com in your SPF record doesn't make 
sense as you don't use googles mail servers but your own.

There's a lot that just doesn't add/match up - wich on the other side 
could be the reason why google flags your mail as spam. As this contabo 
thing looks like a v-host or some those lines it should be possible to 
set a correct PTR in control panel or ask support if it's possible. 
Correct DNS records and also matching PTR is a important part for 
correct working mail server. I also ran it against my fav tools 
mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff 
failed straight away as pc.107.jp isn't a correct implemented sub-level 
domain on it's own (misses SOA record and mostly isn't it's own zone) - 
so reverse checking this stuff (wich maybe done by google) has this 
"somethings not right here"-smell - wich google could take as a reason 
"wait, this doesn't add up here - most likely spam from a gone wild 
server". There's a lot to be fixed to "clean it up" - I guess it 
couldn't hurt to ask google support directly. Maybe they can provide an 
explain why the thing your mail is spam and could give advice to set it up.

I can only help so far as I started with a proper set up sub-domain 
before I set up my own - the admin really knew what he's doin and the 
DNS service he used, although not so cool webinterface, has good support 
helping out by setting up stuff like sub-domains and such. Also the 
server-provider he used offered fine detail on setting PTR so reverse 
also worked.

Guess there's not much this mailing list could help as it seems it's not 
the fault of the James software but on DNS and domain stuff only support 
of domain registrar can help. Try to ask them and google for advice.

Matt

Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan:
> Hiya Matt,
>
> Once again, Thank you very much for the information and reminding me, I 
> always forgot that you did mention that in the previous thread and I always 
> forgot to take note on that. I will try to check the DNS.
>
> So I sended a mail from thunderbird to my gmail and it goes to spam, so 
> here’s the of the “Original Message” of the mail:
> --Starts of Original message--
> Delivered-To: pochuf...@gmail.com
> Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje;
>  Tue, 9 Jul 2019 19:33:55 -0700 (PDT)
> X-Google-Smtp-Source: 
> APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd
> X-Received: by 2002:a05:6000:9:: with SMTP id 
> h9mr1329142wrx.271.1562726035666;
>  Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none;
>  d=google.com; s=arc-20160816;
>  b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl
>   xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0
>   50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F
>   s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL
>   aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406
>   gTKA==
> ARC-Mes

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

  spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied 
by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp
Return-Path: 
Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70])
 by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55
 for ;
 Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor 
denied by best guess record for domain of i...@pc.107.jp) 
client-ip=173.249.33.70;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied 
by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp
MIME-Version: 1.0
X-UserIsAuth: true
Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42])
   by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993
   for ;
   Wed, 10 Jul 2019 04:33:55 +0200 (CEST)
(*Header right here*)
To: pochuf...@gmail.com
From: Mr Sano Mail 
Subject: Test Send With Thunderbird
Message-ID: 
Date: Wed, 10 Jul 2019 09:33:54 +0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 
Thunderbird/60.7.2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US

Test Send With Thunderbird, will it goes to spam?
--End of Original Message—

I just notice that the SPF said NEUTRAL instead of PASS (I check random mail 
from my inbox and compare see what’s different). So im guessing I have to make 
the SPF say PASS.

For the DNS Record, I will consult my partner since he’s the one who set up the 
MX Record and all that stuff (We use Cloudflare as the mail server).

I will post the result of trying to configuring the DNS Record. As for the DKIM 
Mailet, I have removed it for now and just leave the ConvertTo7Bit Mailet for 
now (The header said the Encoding is 7 bit, it must’ve worked). It still 
produces the “Bad Decryption Password” error and mailetcontainer.xml doesn’t 
allow “--” to be in the comment.

Thank you for the help and sorry for any wrong word.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 10, 2019 2:33 AM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

as said earlier: If Google is marking your mails as spam that's most
likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a
"soft-ignore" policy wich, when no information can be obtained, ignores it.

SPF is set in the zone file belong to your domain, there's no need for
any config related in James (config is only needed if you want to check
incoming mail). A correct SPF record is a TXT record on the domain level
noting every allowed mail server. For my domain cryptearth.de my SPF is
this:

"v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all"
as TXT record directly in the main zone cryptearth.de.
v=spf1 - that's the SPF marker
+ip4 / +ip6 - these IPv4/v6 remote hosts are allowed
-all - all other remote hosts are not allowed

If your domain doesn't have any TXT record begin with v=spf1 Google just
ignore the SPF check. Same goes for DKIM: if you don't provide DKIM
Google ignores to check it. If your mail still get flagged as spam this
could be reason by:

- the mail server has no / an invalid PTR record
- the mail server is located in a dial-up range
- other DNS records doesn't match needed

To help it could be helpful to show us the header of a mail that's
marked as spam by google - we then can try to analyze if we found any
issues.
This is an example for my webserver send with php mail() function >
dropped into sendmail nullclient > forwarded to james > send to google
(I marked the headers):

// all here until return-path header is google internal stuff
Delivered-To: cryptea...@gmail.com
Received: by 2002:a4f:6e52:0:0:0:0:0 with SMTP id j79csp7648569ivc;
     Tue, 9 Jul 2019 12:23:31 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqxFdrccZnMMbSgzmSSr2YFUZ23iQA0se2sQVtyWuH5h/msfARkXQzD5JQP/j7z0vfw5NlOP
X-Received: by 2002:adf:e8cb:: with SMTP id
k11mr26007187wrn.244.1562700211239;
     Tue, 09 Jul 2019 12:23:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562700211; cv=none;
     d=google.com; s=arc-20160816;
b=CW95ECbinyXl5+I6Dmh3AYViWiGAnzsEHq149ZQBGjstvPEVzaAoRojjPoFw2wmoKZ
eiDn7C/4R3Ee1NoiavjUKWZrQiQHjsvvf2f3eO5c0kNmFm1BBjqQUj9ibmIOIuZcGdjS
HCCsdazTSJFJwj+HqkIJQQqCO4yJ8YJ8zVSmyWef7GuVtG9bWcqXK0GYSuC8o4KdDLrn
zoGZQbE/6Bxt2JF9A9hF9BHa0pGdoWM4vKQWg3p2KgmZ58ckBBADCjtXMpv+zxlzzgE3
Qhl0Eal8blMPymECdkUAzSKZVmxDUYzQuBHql079UJQJsnOq+Mk3wANsrazX6FHF7C2k
  nYBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=arc-20160816;
     h=subject:to:message-id:from:date;
     bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=YxxdpYMPG/GWtkqztwbHHI8T3Joli6if1Y3/jl5tNxTYtu1571oCEk/UhhUuqjOw

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt, 

Once again, Thank you very much for the information and reminding me, I always 
forgot that you did mention that in the previous thread and I always forgot to 
take note on that. I will try to check the DNS.

So I sended a mail from thunderbird to my gmail and it goes to spam, so here’s 
the of the “Original Message” of the mail: 
--Starts of Original message--
Delivered-To: pochuf...@gmail.com
Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje;
Tue, 9 Jul 2019 19:33:55 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd
X-Received: by 2002:a05:6000:9:: with SMTP id h9mr1329142wrx.271.1562726035666;
Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none;
d=google.com; s=arc-20160816;
b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl
 xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0
 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F
 s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL
 aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406
 gTKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=content-language:content-transfer-encoding:user-agent:date
 :message-id:subject:from:to:mime-version;
bh=5wfo1H+29jHo4uhiLLqayCA+TQbQEzg1BJDlbD3Zqv8=;
b=fTx9CRHmU7CPabrGxTB1TW7g7CoS2X6Q2vXogTKnwwY2EbZ6KfllSJkj2OD0WFC+2e
 niYXcqouoFoXsxZbBDDqNlwr8rq2wa2OsuwLVsEAnXzGKyFppjW0bGm6lU9IDxZIfcr7
 i5vqBAGsjdVwyr3TvVxPZaIoyh/ySeB44drESxcnTZFa9tkiNxgvMKTkpl6GQfvZJICl
 KZd8VzHBFOGHa4T4ov6oXhX5PuqdFQz7FSuQrzra2xP35cj575vTGWKLo7QSpyZibzvy
 nPmWwoM+/3UZbBJStASz2dglpsJZpAn3NTfBAqfRRd/TVmBXlcfeWVvUNpqTUY5oao+m
 32iA==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied 
by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp
Return-Path: 
Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70])
by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55
for ;
Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor 
denied by best guess record for domain of i...@pc.107.jp) 
client-ip=173.249.33.70;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied 
by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp
MIME-Version: 1.0
X-UserIsAuth: true
Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42])
  by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993
  for ;
  Wed, 10 Jul 2019 04:33:55 +0200 (CEST)
(*Header right here*)
To: pochuf...@gmail.com
From: Mr Sano Mail 
Subject: Test Send With Thunderbird
Message-ID: 
Date: Wed, 10 Jul 2019 09:33:54 +0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 
Thunderbird/60.7.2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US

Test Send With Thunderbird, will it goes to spam?
--End of Original Message—

I just notice that the SPF said NEUTRAL instead of PASS (I check random mail 
from my inbox and compare see what’s different). So im guessing I have to make 
the SPF say PASS.

For the DNS Record, I will consult my partner since he’s the one who set up the 
MX Record and all that stuff (We use Cloudflare as the mail server).

I will post the result of trying to configuring the DNS Record. As for the DKIM 
Mailet, I have removed it for now and just leave the ConvertTo7Bit Mailet for 
now (The header said the Encoding is 7 bit, it must’ve worked). It still 
produces the “Bad Decryption Password” error and mailetcontainer.xml doesn’t 
allow “--” to be in the comment.

Thank you for the help and sorry for any wrong word.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 10, 2019 2:33 AM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

as said earlier: If Google is marking your mails as spam that's most 
likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a 
"soft-ignore" policy wich, when no information can be obtained, ignores it.

SPF is set in the zone file belong to your domain, there's no need for 
any config related in James (config is only needed if you want to check 
incoming mail). A correct SPF record is a TXT record on the domain level 
noting every allowed mail server. For my domain cryptearth.de my SPF is 
this:

"v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all"
as TXT record directly in the main zone cryptearth.de.
v=spf1 - that's

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Matt, 

Once again, Thank you very much for the information and reminding me, I always 
forgot that you did mention that in the previous thread and I always forgot to 
take note on that. I will try to check the DNS.

So I sended a mail from thunderbird to my gmail and it goes to spam, so here’s 
the of the “Original Message” of the mail: 
--Starts of Original message--
Delivered-To: pochuf...@gmail.com
Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje;
Tue, 9 Jul 2019 19:33:55 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd
X-Received: by 2002:a05:6000:9:: with SMTP id h9mr1329142wrx.271.1562726035666;
Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none;
d=google.com; s=arc-20160816;
b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl
 xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0
 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F
 s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL
 aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406
 gTKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=content-language:content-transfer-encoding:user-agent:date
 :message-id:subject:from:to:mime-version;
bh=5wfo1H+29jHo4uhiLLqayCA+TQbQEzg1BJDlbD3Zqv8=;
b=fTx9CRHmU7CPabrGxTB1TW7g7CoS2X6Q2vXogTKnwwY2EbZ6KfllSJkj2OD0WFC+2e
 niYXcqouoFoXsxZbBDDqNlwr8rq2wa2OsuwLVsEAnXzGKyFppjW0bGm6lU9IDxZIfcr7
 i5vqBAGsjdVwyr3TvVxPZaIoyh/ySeB44drESxcnTZFa9tkiNxgvMKTkpl6GQfvZJICl
 KZd8VzHBFOGHa4T4ov6oXhX5PuqdFQz7FSuQrzra2xP35cj575vTGWKLo7QSpyZibzvy
 nPmWwoM+/3UZbBJStASz2dglpsJZpAn3NTfBAqfRRd/TVmBXlcfeWVvUNpqTUY5oao+m
 32iA==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied 
by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp
Return-Path: 
Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70])
by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55
for ;
Tue, 09 Jul 2019 19:33:55 -0700 (PDT)
Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor 
denied by best guess record for domain of i...@pc.107.jp) 
client-ip=173.249.33.70;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied 
by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp
MIME-Version: 1.0
X-UserIsAuth: true
Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42])
  by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993
  for ;
  Wed, 10 Jul 2019 04:33:55 +0200 (CEST)
(*Header right here*)
To: pochuf...@gmail.com
From: Mr Sano Mail 
Subject: Test Send With Thunderbird
Message-ID: 
Date: Wed, 10 Jul 2019 09:33:54 +0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 
Thunderbird/60.7.2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US

Test Send With Thunderbird, will it goes to spam?
--End of Original Message—

I just notice that the SPF said NEUTRAL instead of PASS (I check random mail 
from my inbox and compare see what’s different). So im guessing I have to make 
the SPF say PASS.

For the DNS Record, I will consult my partner since he’s the one who set up the 
MX Record and all that stuff (We use Cloudflare as the mail server).

I will post the result of trying to configuring the DNS Record. As for the DKIM 
Mailet, I have removed it for now and just leave the ConvertTo7Bit Mailet for 
now (The header said the Encoding is 7 bit, it must’ve worked). It still 
produces the “Bad Decryption Password” error and mailetcontainer.xml doesn’t 
allow “--” to be in the comment.

Thank you for the help and sorry for any wrong word.

Sincerely, Jason

Sent from Mail for Windows 10

From: cryptearth
Sent: Wednesday, July 10, 2019 2:33 AM
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hey Jason,

as said earlier: If Google is marking your mails as spam that's most 
likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a 
"soft-ignore" policy wich, when no information can be obtained, ignores it.

SPF is set in the zone file belong to your domain, there's no need for 
any config related in James (config is only needed if you want to check 
incoming mail). A correct SPF record is a TXT record on the domain level 
noting every allowed mail server. For my domain cryptearth.de my SPF is 
this:

"v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all"
as TXT record directly in the main zone cryptearth.de.
v=spf1 - that's

Re: Applying JDKIM and SPF to the Mailets

[cryptearth]

d etc).

I just discovered that you just need to download the zip files from :  
https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar 
file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign 
class. So that;s one problem solved.

Im guessing that since the tutorial ( 
https://james.apache.org/jdkim/mailets/index.html ) said that you must convert 
it to 7 bit and sign the DKIM right before the mail is sended, I need to find 
which mailet has the function to send the mail to put the DKIM and 7Bit Mailet 
before that sending mailet. To my surprise when you explain a bit about the 
matcher, I didn’t know that matcher has anything to do with the DKIM, so 
definitely gonna try to mess and read it when I had the time.
(After checking out the thread, I found this 
https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help 
me understand where to put it)

What I try for the mailet last time is putting these lines after the 
“RemoteDelivery” class mailet in processor state = “transport”, I will try to 
put it before the “RemoteDelivery” and post the result in reply.





 v=1; s=selector; d=pc.107.jp; h=from:to:subject:received; 
a=rsa-sha256; bh=; b=; 
 
 -BEGIN RSA PRIVATE KEY-
 [Private Key Here in PEM Format]
 -END RSA PRIVATE KEY-
 
 
 testpassword
 


But when I try to run it, it produces some error Saying the cannot create the 
RSA Private key because bad decryption password : 
https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0

I created the private key using Letsencrypt and the file type is pem. I copy paste 
the content into the  just as the tutorial did, but maybe something 
wrong with my private key (I think? It works for my SMTP and IMAP server so I doubt 
that) can you/anyone tell me what causing this error?

Just a little more and I’ll be able to implement DKIM and SPF to my mail so 
finally google don’t take it as spam.

Last time I try to build with the mvn clean install ( Following this 
https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the 
james-jdkim yield a lot of error since I never used maven myself, so I guess im 
gonna skip that one and try it some other time.

Lastly, thank you for the help and response, it give me some answer to the 
problem I had right now, I will probably reply to my own mail if I did found 
the solution or someone else.

Again, thank you for the help and sorry for any wrong word.

Sincerely, Jason

Sent from Mail for Windows 10

From: Tellier Benoit
Sent: 09 July 2019 21:54
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hi Jason,

I will try to answer your questions:

1. I don't really understand the question.

You can use matcher to apply actions to emails matching certain
conditions. For instance, upon signing a mail for DKIM, you want to sign
it when the sender is local and authenticated, just before
RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and
the like will do the trick - while all incoming traffic from a non
trusted source needs to be DKIM validated. Again playing with matchers
within mailetcontainer.xml will be needed to do what you want.

2. I don't know the state of the DKIM status in JAMES Spring packaging.
Probably not working (version clashes).

No additional jar is required with Guice packaging.

3. What makes you believe this?

4. mvn clean install + look in target directories

Hope it helps.

Benoit

On 08/07/2019 05:30, Jason Tjankilisan wrote:

Hi,
  
Sorry for the frequent asking but I just hit dead end with the DKIM config.

https://james.apache.org/jdkim/mailets/index.html -> so I just read this as my 
tutorial guidelines to apply DKIM to my mail. From what I understand, that the 
mail needed to be converted to 7 bit before being Sign by DKIM and the DKIM mailet 
has to be the last one. I guess I need to do DKIM so my mail has less chance of 
getting into SPAM + request.
  
So I downloaded the James JDKIM from this one : https://github.com/apache/james-jdkim

And take the DKIMSign.java and ConvertTo7Bit.java and my CustomMeiletTest.java 
(I need to use ANT cause request) and build those 3 using ANT so they become 1 
jar file. But as expected, the file wont compile because some missing files 
from james/lib (probably didn’t have JDKIM Library from the start)

So I download the library from here : 
https://james.apache.org/download.cgi#Apache_jDKIM and I extract the 
apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib and 
put it on james/lib/ and try to compile it. But it still missing some library.
I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and put it 
on james/lib and nothing works also.

For the SPF I there;s already one inside james/lib folder named : 
apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF library 
and just use it in th

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Tellier,

So lately I’ve tried some things to apply DKIM and I finally making some 
progress.

First of all I apologize for the confusion, mainly because I still trying to 
figure things out how everything works (James , Mailet and Matcher and etc).

I just discovered that you just need to download the zip files from :  
https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar 
file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign 
class. So that;s one problem solved.

Im guessing that since the tutorial ( 
https://james.apache.org/jdkim/mailets/index.html ) said that you must convert 
it to 7 bit and sign the DKIM right before the mail is sended, I need to find 
which mailet has the function to send the mail to put the DKIM and 7Bit Mailet 
before that sending mailet. To my surprise when you explain a bit about the 
matcher, I didn’t know that matcher has anything to do with the DKIM, so 
definitely gonna try to mess and read it when I had the time.
(After checking out the thread, I found this 
https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help 
me understand where to put it)

What I try for the mailet last time is putting these lines after the 
“RemoteDelivery” class mailet in processor state = “transport”, I will try to 
put it before the “RemoteDelivery” and post the result in reply.





v=1; s=selector; d=pc.107.jp; 
h=from:to:subject:received; a=rsa-sha256; bh=; b=; 

-BEGIN RSA PRIVATE KEY-
[Private Key Here in PEM Format]
-END RSA PRIVATE KEY-


testpassword



But when I try to run it, it produces some error Saying the cannot create the 
RSA Private key because bad decryption password : 
https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0

I created the private key using Letsencrypt and the file type is pem. I copy 
paste the content into the  just as the tutorial did, but maybe 
something wrong with my private key (I think? It works for my SMTP and IMAP 
server so I doubt that) can you/anyone tell me what causing this error?

Just a little more and I’ll be able to implement DKIM and SPF to my mail so 
finally google don’t take it as spam.

Last time I try to build with the mvn clean install ( Following this 
https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the 
james-jdkim yield a lot of error since I never used maven myself, so I guess im 
gonna skip that one and try it some other time.

Lastly, thank you for the help and response, it give me some answer to the 
problem I had right now, I will probably reply to my own mail if I did found 
the solution or someone else.

Again, thank you for the help and sorry for any wrong word.

Sincerely, Jason

Sent from Mail for Windows 10

From: Tellier Benoit
Sent: 09 July 2019 21:54
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hi Jason,

I will try to answer your questions:

1. I don't really understand the question.

You can use matcher to apply actions to emails matching certain
conditions. For instance, upon signing a mail for DKIM, you want to sign
it when the sender is local and authenticated, just before
RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and
the like will do the trick - while all incoming traffic from a non
trusted source needs to be DKIM validated. Again playing with matchers
within mailetcontainer.xml will be needed to do what you want.

2. I don't know the state of the DKIM status in JAMES Spring packaging.
Probably not working (version clashes).

No additional jar is required with Guice packaging.

3. What makes you believe this?

4. mvn clean install + look in target directories

Hope it helps.

Benoit

On 08/07/2019 05:30, Jason Tjankilisan wrote:
> Hi,
>  
> Sorry for the frequent asking but I just hit dead end with the DKIM config.
> https://james.apache.org/jdkim/mailets/index.html -> so I just read this as 
> my tutorial guidelines to apply DKIM to my mail. From what I understand, that 
> the mail needed to be converted to 7 bit before being Sign by DKIM and the 
> DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has 
> less chance of getting into SPAM + request.
>  
> So I downloaded the James JDKIM from this one : 
> https://github.com/apache/james-jdkim
> And take the DKIMSign.java and ConvertTo7Bit.java and my 
> CustomMeiletTest.java (I need to use ANT cause request) and build those 3 
> using ANT so they become 1 jar file. But as expected, the file wont compile 
> because some missing files from james/lib (probably didn’t have JDKIM Library 
> from the start)
>
> So I download the library from here : 
> https://james.apache.org/download.cgi#Apache_jDKIM and I extract the 
> apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib 
> and put it on james/lib/ and

RE: Applying JDKIM and SPF to the Mailets

[Jason Tjankilisan]

Hiya Tellier,

So lately I’ve tried some things to apply DKIM and I finally making some 
progress.

First of all I apologize for the confusion, mainly because I still trying to 
figure things out how everything works (James , Mailet and Matcher and etc).

I just discovered that you just need to download the zip files from :  
https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar 
file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign 
class. So that;s one problem solved.

Im guessing that since the tutorial ( 
https://james.apache.org/jdkim/mailets/index.html ) said that you must convert 
it to 7 bit and sign the DKIM right before the mail is sended, I need to find 
which mailet has the function to send the mail to put the DKIM and 7Bit Mailet 
before that sending mailet. To my surprise when you explain a bit about the 
matcher, I didn’t know that matcher has anything to do with the DKIM, so 
definitely gonna try to mess and read it when I had the time.
(After checking out the thread, I found this 
https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help 
me understand where to put it)

What I try for the mailet last time is putting these lines after the 
“RemoteDelivery” class mailet in processor state = “transport”, I will try to 
put it before the “RemoteDelivery” and post the result in reply.





v=1; s=selector; d=pc.107.jp; 
h=from:to:subject:received; a=rsa-sha256; bh=; b=; 

-BEGIN RSA PRIVATE KEY-
[Private Key Here in PEM Format]
-END RSA PRIVATE KEY-


testpassword



But when I try to run it, it produces some error Saying the cannot create the 
RSA Private key because bad decryption password : 
https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0

I created the private key using Letsencrypt and the file type is pem. I copy 
paste the content into the  just as the tutorial did, but maybe 
something wrong with my private key (I think? It works for my SMTP and IMAP 
server so I doubt that) can you/anyone tell me what causing this error?

Just a little more and I’ll be able to implement DKIM and SPF to my mail so 
finally google don’t take it as spam.

Last time I try to build with the mvn clean install ( Following this 
https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the 
james-jdkim yield a lot of error since I never used maven myself, so I guess im 
gonna skip that one and try it some other time.

Lastly, thank you for the help and response, it give me some answer to the 
problem I had right now, I will probably reply to my own mail if I did found 
the solution or someone else.

Again, thank you for the help and sorry for any wrong word.

Sincerely, Jason

Sent from Mail for Windows 10

From: Tellier Benoit
Sent: 09 July 2019 21:54
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets

Hi Jason,

I will try to answer your questions:

1. I don't really understand the question.

You can use matcher to apply actions to emails matching certain
conditions. For instance, upon signing a mail for DKIM, you want to sign
it when the sender is local and authenticated, just before
RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and
the like will do the trick - while all incoming traffic from a non
trusted source needs to be DKIM validated. Again playing with matchers
within mailetcontainer.xml will be needed to do what you want.

2. I don't know the state of the DKIM status in JAMES Spring packaging.
Probably not working (version clashes).

No additional jar is required with Guice packaging.

3. What makes you believe this?

4. mvn clean install + look in target directories

Hope it helps.

Benoit

On 08/07/2019 05:30, Jason Tjankilisan wrote:
> Hi,
>  
> Sorry for the frequent asking but I just hit dead end with the DKIM config.
> https://james.apache.org/jdkim/mailets/index.html -> so I just read this as 
> my tutorial guidelines to apply DKIM to my mail. From what I understand, that 
> the mail needed to be converted to 7 bit before being Sign by DKIM and the 
> DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has 
> less chance of getting into SPAM + request.
>  
> So I downloaded the James JDKIM from this one : 
> https://github.com/apache/james-jdkim
> And take the DKIMSign.java and ConvertTo7Bit.java and my 
> CustomMeiletTest.java (I need to use ANT cause request) and build those 3 
> using ANT so they become 1 jar file. But as expected, the file wont compile 
> because some missing files from james/lib (probably didn’t have JDKIM Library 
> from the start)
>
> So I download the library from here : 
> https://james.apache.org/download.cgi#Apache_jDKIM and I extract the 
> apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib 
> and put it on james/lib/ and

Re: Applying JDKIM and SPF to the Mailets

[Tellier Benoit]

Hi Jason,

I will try to answer your questions:

1. I don't really understand the question.

You can use matcher to apply actions to emails matching certain
conditions. For instance, upon signing a mail for DKIM, you want to sign
it when the sender is local and authenticated, just before
RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and
the like will do the trick - while all incoming traffic from a non
trusted source needs to be DKIM validated. Again playing with matchers
within mailetcontainer.xml will be needed to do what you want.

2. I don't know the state of the DKIM status in JAMES Spring packaging.
Probably not working (version clashes).

No additional jar is required with Guice packaging.

3. What makes you believe this?

4. mvn clean install + look in target directories

Hope it helps.

Benoit

On 08/07/2019 05:30, Jason Tjankilisan wrote:
> Hi,
>  
> Sorry for the frequent asking but I just hit dead end with the DKIM config.
> https://james.apache.org/jdkim/mailets/index.html -> so I just read this as 
> my tutorial guidelines to apply DKIM to my mail. From what I understand, that 
> the mail needed to be converted to 7 bit before being Sign by DKIM and the 
> DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has 
> less chance of getting into SPAM + request.
>  
> So I downloaded the James JDKIM from this one : 
> https://github.com/apache/james-jdkim
> And take the DKIMSign.java and ConvertTo7Bit.java and my 
> CustomMeiletTest.java (I need to use ANT cause request) and build those 3 
> using ANT so they become 1 jar file. But as expected, the file wont compile 
> because some missing files from james/lib (probably didn’t have JDKIM Library 
> from the start) 
> 
> So I download the library from here : 
> https://james.apache.org/download.cgi#Apache_jDKIM and I extract the 
> apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib 
> and put it on james/lib/ and try to compile it. But it still missing some 
> library.
> I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and put it 
> on james/lib and nothing works also.
> 
> For the SPF I there;s already one inside james/lib folder named : 
> apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF 
> library and just use it in the mailetcontainer.xml as you mentioned it in the 
> last mail (haven’t tried since it since I didn’t found anything related how 
> to use the SPF, but will search more)
> 
> So my question is : 
> 1. How do I know what is the sending mailet and receiveing mailet? So I can 
> put the DKIMSign Mailet before the sending mailet. (Im guessing the
> 2. From the  https://james.apache.org/download.cgi#Apache_jDKIM, should I 
> also put the Javadoc, source sources also in james/lib?
> 3. Am I adding the wrong library or misunderstood the procedure of adding 
> DKIM and SPF mailets? I really need to know this so I can document this and 
> make a tutorial full from setting apache James to adding DKIM and SPF. 
> 4. Should I really needed the https://github.com/apache/james-jdkim ? all of 
> it was a java files, and I don’t know how to turn all of them into 1 jar so I 
> can use as library I think?
> 
> Im sorry for the lack of understanding and any wrong work, I hope it wasn’t 
> too much.
> 
> thank you for the help.
> 
> Sincerely, Jason
> 
> Sent from Mail for Windows 10
> 
> 

-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org