RE: Applying JDKIM and SPF to the Mailets
Hey Matt, Don’t worry, no offense taken, honest review always been appreciated. Sorry if I sound offended, I kind of expected to get a lot of critique and comment since I did everything in a rush for the deadline, I just needed some time to sort out the information that I get. I did learn a lot from the advice given last time, so thank you again for that and other people who have help. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: 17 July 2019 19:42 To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, in no way I meant to critize or offend you - I just gave you an honest reply how I "felt" when I read your notes. Yes, it's not perfect, and yes, it also just looks more like "personal notes made during the process" than a "well researched common use tutorial" - but hey, as I started to use James (cause the system I used before was discontinued) I struggled the same like you. I just had the advantage as a long time Java developer I could understand the Exception logs and could dig thought the source. But even with that knowledge I needed a lot of help from others. Maybe that's why I felt "cringy" cause I somewhat seen my past self in it. Can this be helpfull to help you? Maybe, I hope. But as I'm not the guru I'd like to be I also can just give as much input as I self learned since started using James. Matt Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan: > Hiya Matt, > > Apology for the “gnarf-cringe” writing. I will try to give some of my > reasoning for each of the problem. I cant say much other than, that I had a > lot of things that I don’t know of, since this is the first time I learn > anything about server-related, how to use ubuntu, so it might comes off “Does > this guy know what he wrote?” and possibly just writing my personal guess of > how things works the best that I know. With that said, I also thank you for > the critique / comment / time for reading the tutorial and giving the point, > I will try to update the tutorial slowly as I try to understand the flaw > point and how things really work. > > Ubuntu for Windows 10 : to be honest since this was an experiment and I never > used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning > it, and since we don’t have server yet, I think its okay just to put it under > my laptop for now, and after that buying a laptop with Ubuntu OS and server > after we get the budget and confident enough to use James. > > Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server > other than sudo reboot and to apply the setting change. I guess I did try to > disable the service, and then run “sudo bash run.sh” everytime I make changes > and that might be enough to actually restart the setting needed. But > sometimes the changes doesn’t apply such as, when changing the port number in > the smtp/imap server xml file, maybe im just doing something wrong. > > Sudo in general : i need to be honest that I’m being ignorant in this case, > since most of the time I tried to move file, use any function, access the > keys file, and they will said “Permission Denied” and I don’t even know why > (Something to do with chown and chgroup because I see all the files belong to > root) so most of the time I “sudo” all my way in. About the port thing, my > mate said that I can only login using one specific port and it was below the > number 1024, it said to give me admin privilege so I can use all the function > with ease, but apparently it was not. I probably need to show him this > response to get a better understanding. > > Extract the lib of jar : Did I write that? Must be a typo, sorry about that I > will look into it. I didn’t meant to say to extract the lib jar. I was meant > to say to copy the .jar file and put it on james/lib (at least that;s the way > I know to add a library to James Server and used the mailets). I didn’t even > know how to create a jar file other than the ANT build. There’s a lot of > java stuff that I need to catch on. > > Manual Download of java runtime : I actually think about it and thought that > it would be easier maybe to just install the java from the ubuntu using > apt-get, but since it’s a request from the upper and I didn’t know better and > afraid something might have changes if I don’t do exactly as the instruction, > I play safe and just do it. I just realized I should probably ask this to my > upper. > > Mysql and Mysql connector : I didn’t know about this and might have to > consult my mate about this > > Ant : as the previous statement I didn’t know anything about making my java > files into .jar, so I just say that "we gonna use ant compile” for now, until > I
RE: Applying JDKIM and SPF to the Mailets
Hey Matt, Don’t worry, no offense taken, honest review always been appreciated. Sorry if I sound offended, I kind of expected to get a lot of critique and comment since I did everything in a rush for the deadline, I just needed some time to sort out the information that I get. I did learn a lot from the advice given last time, so thank you again for that and other people who have help. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: 17 July 2019 19:42 To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, in no way I meant to critize or offend you - I just gave you an honest reply how I "felt" when I read your notes. Yes, it's not perfect, and yes, it also just looks more like "personal notes made during the process" than a "well researched common use tutorial" - but hey, as I started to use James (cause the system I used before was discontinued) I struggled the same like you. I just had the advantage as a long time Java developer I could understand the Exception logs and could dig thought the source. But even with that knowledge I needed a lot of help from others. Maybe that's why I felt "cringy" cause I somewhat seen my past self in it. Can this be helpfull to help you? Maybe, I hope. But as I'm not the guru I'd like to be I also can just give as much input as I self learned since started using James. Matt Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan: > Hiya Matt, > > Apology for the “gnarf-cringe” writing. I will try to give some of my > reasoning for each of the problem. I cant say much other than, that I had a > lot of things that I don’t know of, since this is the first time I learn > anything about server-related, how to use ubuntu, so it might comes off “Does > this guy know what he wrote?” and possibly just writing my personal guess of > how things works the best that I know. With that said, I also thank you for > the critique / comment / time for reading the tutorial and giving the point, > I will try to update the tutorial slowly as I try to understand the flaw > point and how things really work. > > Ubuntu for Windows 10 : to be honest since this was an experiment and I never > used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning > it, and since we don’t have server yet, I think its okay just to put it under > my laptop for now, and after that buying a laptop with Ubuntu OS and server > after we get the budget and confident enough to use James. > > Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server > other than sudo reboot and to apply the setting change. I guess I did try to > disable the service, and then run “sudo bash run.sh” everytime I make changes > and that might be enough to actually restart the setting needed. But > sometimes the changes doesn’t apply such as, when changing the port number in > the smtp/imap server xml file, maybe im just doing something wrong. > > Sudo in general : i need to be honest that I’m being ignorant in this case, > since most of the time I tried to move file, use any function, access the > keys file, and they will said “Permission Denied” and I don’t even know why > (Something to do with chown and chgroup because I see all the files belong to > root) so most of the time I “sudo” all my way in. About the port thing, my > mate said that I can only login using one specific port and it was below the > number 1024, it said to give me admin privilege so I can use all the function > with ease, but apparently it was not. I probably need to show him this > response to get a better understanding. > > Extract the lib of jar : Did I write that? Must be a typo, sorry about that I > will look into it. I didn’t meant to say to extract the lib jar. I was meant > to say to copy the .jar file and put it on james/lib (at least that;s the way > I know to add a library to James Server and used the mailets). I didn’t even > know how to create a jar file other than the ANT build. There’s a lot of > java stuff that I need to catch on. > > Manual Download of java runtime : I actually think about it and thought that > it would be easier maybe to just install the java from the ubuntu using > apt-get, but since it’s a request from the upper and I didn’t know better and > afraid something might have changes if I don’t do exactly as the instruction, > I play safe and just do it. I just realized I should probably ask this to my > upper. > > Mysql and Mysql connector : I didn’t know about this and might have to > consult my mate about this > > Ant : as the previous statement I didn’t know anything about making my java > files into .jar, so I just say that "we gonna use ant compile” for now, until > I
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Don’t worry, no offense taken, sorry if I sounded like offended. I was expecting to get a lot of comments and critique since I did everything in rush for a deadline, and probably why I didn’t put much effort into it. The information / critique / comment is always appreciated, i just need time to understand and sort all the information given. Again, thank you for the information/critique given, I will try to make the best of it and update the tutorial. Sincerely, Jason PS : (if this message sended 2 time, apology, internet probably) Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 17, 2019 7:42 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, in no way I meant to critize or offend you - I just gave you an honest reply how I "felt" when I read your notes. Yes, it's not perfect, and yes, it also just looks more like "personal notes made during the process" than a "well researched common use tutorial" - but hey, as I started to use James (cause the system I used before was discontinued) I struggled the same like you. I just had the advantage as a long time Java developer I could understand the Exception logs and could dig thought the source. But even with that knowledge I needed a lot of help from others. Maybe that's why I felt "cringy" cause I somewhat seen my past self in it. Can this be helpfull to help you? Maybe, I hope. But as I'm not the guru I'd like to be I also can just give as much input as I self learned since started using James. Matt Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan: > Hiya Matt, > > Apology for the “gnarf-cringe” writing. I will try to give some of my > reasoning for each of the problem. I cant say much other than, that I had a > lot of things that I don’t know of, since this is the first time I learn > anything about server-related, how to use ubuntu, so it might comes off “Does > this guy know what he wrote?” and possibly just writing my personal guess of > how things works the best that I know. With that said, I also thank you for > the critique / comment / time for reading the tutorial and giving the point, > I will try to update the tutorial slowly as I try to understand the flaw > point and how things really work. > > Ubuntu for Windows 10 : to be honest since this was an experiment and I never > used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning > it, and since we don’t have server yet, I think its okay just to put it under > my laptop for now, and after that buying a laptop with Ubuntu OS and server > after we get the budget and confident enough to use James. > > Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server > other than sudo reboot and to apply the setting change. I guess I did try to > disable the service, and then run “sudo bash run.sh” everytime I make changes > and that might be enough to actually restart the setting needed. But > sometimes the changes doesn’t apply such as, when changing the port number in > the smtp/imap server xml file, maybe im just doing something wrong. > > Sudo in general : i need to be honest that I’m being ignorant in this case, > since most of the time I tried to move file, use any function, access the > keys file, and they will said “Permission Denied” and I don’t even know why > (Something to do with chown and chgroup because I see all the files belong to > root) so most of the time I “sudo” all my way in. About the port thing, my > mate said that I can only login using one specific port and it was below the > number 1024, it said to give me admin privilege so I can use all the function > with ease, but apparently it was not. I probably need to show him this > response to get a better understanding. > > Extract the lib of jar : Did I write that? Must be a typo, sorry about that I > will look into it. I didn’t meant to say to extract the lib jar. I was meant > to say to copy the .jar file and put it on james/lib (at least that;s the way > I know to add a library to James Server and used the mailets). I didn’t even > know how to create a jar file other than the ANT build. There’s a lot of > java stuff that I need to catch on. > > Manual Download of java runtime : I actually think about it and thought that > it would be easier maybe to just install the java from the ubuntu using > apt-get, but since it’s a request from the upper and I didn’t know better and > afraid something might have changes if I don’t do exactly as the instruction, > I play safe and just do it. I just realized I should probably ask this to my > upper. > > Mysql and Mysql connector : I didn’t know about this and might have to > consult my mate about this > > Ant : as the previ
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Don’t worry, no offense taken, sorry if I sounded like offended. I was expecting to get a lot of comments and critique since I did everything in rush for a deadline, and probably why I didn’t put much effort into it. The information / critique / comment is always appreciated, i just need time to understand and sort all the information given. Again, thank you for the information/critique given, I will try to make the best of it and update the tutorial. Sincerely, Jason PS : (if this message sended 2 time, apology, internet probably) Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 17, 2019 7:42 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, in no way I meant to critize or offend you - I just gave you an honest reply how I "felt" when I read your notes. Yes, it's not perfect, and yes, it also just looks more like "personal notes made during the process" than a "well researched common use tutorial" - but hey, as I started to use James (cause the system I used before was discontinued) I struggled the same like you. I just had the advantage as a long time Java developer I could understand the Exception logs and could dig thought the source. But even with that knowledge I needed a lot of help from others. Maybe that's why I felt "cringy" cause I somewhat seen my past self in it. Can this be helpfull to help you? Maybe, I hope. But as I'm not the guru I'd like to be I also can just give as much input as I self learned since started using James. Matt Am 17.07.2019 um 13:38 schrieb Jason Tjankilisan: > Hiya Matt, > > Apology for the “gnarf-cringe” writing. I will try to give some of my > reasoning for each of the problem. I cant say much other than, that I had a > lot of things that I don’t know of, since this is the first time I learn > anything about server-related, how to use ubuntu, so it might comes off “Does > this guy know what he wrote?” and possibly just writing my personal guess of > how things works the best that I know. With that said, I also thank you for > the critique / comment / time for reading the tutorial and giving the point, > I will try to update the tutorial slowly as I try to understand the flaw > point and how things really work. > > Ubuntu for Windows 10 : to be honest since this was an experiment and I never > used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning > it, and since we don’t have server yet, I think its okay just to put it under > my laptop for now, and after that buying a laptop with Ubuntu OS and server > after we get the budget and confident enough to use James. > > Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server > other than sudo reboot and to apply the setting change. I guess I did try to > disable the service, and then run “sudo bash run.sh” everytime I make changes > and that might be enough to actually restart the setting needed. But > sometimes the changes doesn’t apply such as, when changing the port number in > the smtp/imap server xml file, maybe im just doing something wrong. > > Sudo in general : i need to be honest that I’m being ignorant in this case, > since most of the time I tried to move file, use any function, access the > keys file, and they will said “Permission Denied” and I don’t even know why > (Something to do with chown and chgroup because I see all the files belong to > root) so most of the time I “sudo” all my way in. About the port thing, my > mate said that I can only login using one specific port and it was below the > number 1024, it said to give me admin privilege so I can use all the function > with ease, but apparently it was not. I probably need to show him this > response to get a better understanding. > > Extract the lib of jar : Did I write that? Must be a typo, sorry about that I > will look into it. I didn’t meant to say to extract the lib jar. I was meant > to say to copy the .jar file and put it on james/lib (at least that;s the way > I know to add a library to James Server and used the mailets). I didn’t even > know how to create a jar file other than the ANT build. There’s a lot of > java stuff that I need to catch on. > > Manual Download of java runtime : I actually think about it and thought that > it would be easier maybe to just install the java from the ubuntu using > apt-get, but since it’s a request from the upper and I didn’t know better and > afraid something might have changes if I don’t do exactly as the instruction, > I play safe and just do it. I just realized I should probably ask this to my > upper. > > Mysql and Mysql connector : I didn’t know about this and might have to > consult my mate about this > > Ant : as the previ
Re: Applying JDKIM and SPF to the Mailets
ngs work, I will update the tutorial. Again, thank you for the comment and critique and the response. I will try to put it into good use. Sorry for any wrong word. Since this thread is more about DKIM and SPF, I might have to stop replying after this as to not go off-topic and created a new one if needed. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 17, 2019 5:01 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had a quick look at your notes and had few lines of "gnarf cringe - why?". I will try to go over them: - Ubuntu for Win10 - uhm, ok, although I guess it's possible to run James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the best choice for a server - so either running a Linux native or at least use a Windows Server as host OS - sudo reboot - why you keep rebooting the entire system just for a few configs and such? this shouldn't be needed at all - sudo in general - you keep doin much as root - all can be done as normal user - only start up of james require root as the ports used by james are below 1024 - wich are the so called "well known ports" wich require administrative privileges - even on Windows - you should change to just set up a normal user from the start and do all in that lower priv context - extract of lib jar - this bothered me since you first wrote it here on the list: why you want to extract a lib jar? If you want to build something against it you just have to add it to the classpath at compile time - no need for extracting - manual download of java runtime - also not needed on most Linux distributions as almost any of thier package managers are able to just install different versions aside from mostly java is installed by default at os install - mysql and mysql-connector: although should still be useable most distributions switched to MariaDB due to Oracle (wich bought Sun wich bought MySQL) changed lincese so re-distributing MySQL by Linux isn't as easy as before - so most switched to MariaDB as its license complies to re-distribute it within the repos - I once had a week long heavy trouble cause an update completely crashed my james database - had hard time to recover it - ant - yes, it's always better to use a build system nowdays - but just to compile a single class most java devs would just do it on command line - your notes are written like ant would required - use of third party to generate keypair - first rule of security: never rely on others to generate keys - always do it by yourself - why: cause you can't be sure that the third party is trustworthy / stores the private key - this chapter should be complete reworked to generate the key and signatures on the command line instead of using external services Overall its maybe a personal note on how you did it - but it's not really useable as "general tutorial", wich is covered on apache itself. You only combined a few things like setting up SPF and adding DKIM to a normal James setup. Matt Am 17.07.2019 um 11:21 schrieb Jason Tjankilisan: Hiya Matt, Here is the Github link to the tutorial I created : https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial Firstly I apologize if there;s any wrong word or bad English. I hope the tutorial were clear enough even for those who just learned about James, as I try to make the information as general as it can be. any Comment/Critique are welcome ! Thank you for the help and response. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Tuesday, July 16, 2019 2:55 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I don't know about Google Drive and maybe files get unavailable after some time. If you already have a GitHub account I would recommend you to maybe set up a new repo and publish it this way. This would ensure a general availability and also space for additional resources like examples. Also, the issue and merge functions would allow others to point out issues and possible fixes. About the format: text, html and PDF are good formats, where text and html offer easy editable where PDF would require re-exporting one from what ever source format. Looking forward to read it. Matt - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Apology for the “gnarf-cringe” writing. I will try to give some of my reasoning for each of the problem. I cant say much other than, that I had a lot of things that I don’t know of, since this is the first time I learn anything about server-related, how to use ubuntu, so it might comes off “Does this guy know what he wrote?” and possibly just writing my personal guess of how things works the best that I know. With that said, I also thank you for the critique / comment / time for reading the tutorial and giving the point, I will try to update the tutorial slowly as I try to understand the flaw point and how things really work. Ubuntu for Windows 10 : to be honest since this was an experiment and I never used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning it, and since we don’t have server yet, I think its okay just to put it under my laptop for now, and after that buying a laptop with Ubuntu OS and server after we get the budget and confident enough to use James. Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server other than sudo reboot and to apply the setting change. I guess I did try to disable the service, and then run “sudo bash run.sh” everytime I make changes and that might be enough to actually restart the setting needed. But sometimes the changes doesn’t apply such as, when changing the port number in the smtp/imap server xml file, maybe im just doing something wrong. Sudo in general : i need to be honest that I’m being ignorant in this case, since most of the time I tried to move file, use any function, access the keys file, and they will said “Permission Denied” and I don’t even know why (Something to do with chown and chgroup because I see all the files belong to root) so most of the time I “sudo” all my way in. About the port thing, my mate said that I can only login using one specific port and it was below the number 1024, it said to give me admin privilege so I can use all the function with ease, but apparently it was not. I probably need to show him this response to get a better understanding. Extract the lib of jar : Did I write that? Must be a typo, sorry about that I will look into it. I didn’t meant to say to extract the lib jar. I was meant to say to copy the .jar file and put it on james/lib (at least that;s the way I know to add a library to James Server and used the mailets). I didn’t even know how to create a jar file other than the ANT build. There’s a lot of java stuff that I need to catch on. Manual Download of java runtime : I actually think about it and thought that it would be easier maybe to just install the java from the ubuntu using apt-get, but since it’s a request from the upper and I didn’t know better and afraid something might have changes if I don’t do exactly as the instruction, I play safe and just do it. I just realized I should probably ask this to my upper. Mysql and Mysql connector : I didn’t know about this and might have to consult my mate about this Ant : as the previous statement I didn’t know anything about making my java files into .jar, so I just say that "we gonna use ant compile” for now, until I understand other way to make java files into .jar files. Third-Party Generate Key pair : since this was an experimental and I don’t really mind much about the security (because finding out the way to do it, is more important for me right now). I did read about generating a key using openssl, but probably since I still lack the understanding I didn’t use it, but for future development, of course generating it alone would be better. As you said, I will rework not just the generating the key pair part, but mostly all of the tutorial. Im more of “know what to do first then learning why I should do it and whats the meaning behind it” person, that’s why this general tutorial sound like personal note of how I do it to setup james server. Slowly as I understand things can be done in many other way and know better how things work, I will update the tutorial. Again, thank you for the comment and critique and the response. I will try to put it into good use. Sorry for any wrong word. Since this thread is more about DKIM and SPF, I might have to stop replying after this as to not go off-topic and created a new one if needed. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 17, 2019 5:01 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had a quick look at your notes and had few lines of "gnarf cringe - why?". I will try to go over them: - Ubuntu for Win10 - uhm, ok, although I guess it's possible to run James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the best choice for a server - so either running a Linux native or at least use a Windows Server as host OS - sudo reboot - why you keep rebooting the entire system
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Apology for the “gnarf-cringe” writing. I will try to give some of my reasoning for each of the problem. I cant say much other than, that I had a lot of things that I don’t know of, since this is the first time I learn anything about server-related, how to use ubuntu, so it might comes off “Does this guy know what he wrote?” and possibly just writing my personal guess of how things works the best that I know. With that said, I also thank you for the critique / comment / time for reading the tutorial and giving the point, I will try to update the tutorial slowly as I try to understand the flaw point and how things really work. Ubuntu for Windows 10 : to be honest since this was an experiment and I never used ubuntu, I was suggested to try the ubuntu on my laptop whilst learning it, and since we don’t have server yet, I think its okay just to put it under my laptop for now, and after that buying a laptop with Ubuntu OS and server after we get the budget and confident enough to use James. Sudo Reboot thing : I didn’t know any way better to restart the Ubuntu server other than sudo reboot and to apply the setting change. I guess I did try to disable the service, and then run “sudo bash run.sh” everytime I make changes and that might be enough to actually restart the setting needed. But sometimes the changes doesn’t apply such as, when changing the port number in the smtp/imap server xml file, maybe im just doing something wrong. Sudo in general : i need to be honest that I’m being ignorant in this case, since most of the time I tried to move file, use any function, access the keys file, and they will said “Permission Denied” and I don’t even know why (Something to do with chown and chgroup because I see all the files belong to root) so most of the time I “sudo” all my way in. About the port thing, my mate said that I can only login using one specific port and it was below the number 1024, it said to give me admin privilege so I can use all the function with ease, but apparently it was not. I probably need to show him this response to get a better understanding. Extract the lib of jar : Did I write that? Must be a typo, sorry about that I will look into it. I didn’t meant to say to extract the lib jar. I was meant to say to copy the .jar file and put it on james/lib (at least that;s the way I know to add a library to James Server and used the mailets). I didn’t even know how to create a jar file other than the ANT build. There’s a lot of java stuff that I need to catch on. Manual Download of java runtime : I actually think about it and thought that it would be easier maybe to just install the java from the ubuntu using apt-get, but since it’s a request from the upper and I didn’t know better and afraid something might have changes if I don’t do exactly as the instruction, I play safe and just do it. I just realized I should probably ask this to my upper. Mysql and Mysql connector : I didn’t know about this and might have to consult my mate about this Ant : as the previous statement I didn’t know anything about making my java files into .jar, so I just say that "we gonna use ant compile” for now, until I understand other way to make java files into .jar files. Third-Party Generate Key pair : since this was an experimental and I don’t really mind much about the security (because finding out the way to do it, is more important for me right now). I did read about generating a key using openssl, but probably since I still lack the understanding I didn’t use it, but for future development, of course generating it alone would be better. As you said, I will rework not just the generating the key pair part, but mostly all of the tutorial. Im more of “know what to do first then learning why I should do it and whats the meaning behind it” person, that’s why this general tutorial sound like personal note of how I do it to setup james server. Slowly as I understand things can be done in many other way and know better how things work, I will update the tutorial. Again, thank you for the comment and critique and the response. I will try to put it into good use. Sorry for any wrong word. Since this thread is more about DKIM and SPF, I might have to stop replying after this as to not go off-topic and created a new one if needed. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 17, 2019 5:01 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had a quick look at your notes and had few lines of "gnarf cringe - why?". I will try to go over them: - Ubuntu for Win10 - uhm, ok, although I guess it's possible to run James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the best choice for a server - so either running a Linux native or at least use a Windows Server as host OS - sudo reboot - why you keep rebooting the entire system
Re: Applying JDKIM and SPF to the Mailets
Hey Jason, I had a quick look at your notes and had few lines of "gnarf cringe - why?". I will try to go over them: - Ubuntu for Win10 - uhm, ok, although I guess it's possible to run James on a virtualized Ubuntu on top of a Win10 - a desktop OS isn't the best choice for a server - so either running a Linux native or at least use a Windows Server as host OS - sudo reboot - why you keep rebooting the entire system just for a few configs and such? this shouldn't be needed at all - sudo in general - you keep doin much as root - all can be done as normal user - only start up of james require root as the ports used by james are below 1024 - wich are the so called "well known ports" wich require administrative privileges - even on Windows - you should change to just set up a normal user from the start and do all in that lower priv context - extract of lib jar - this bothered me since you first wrote it here on the list: why you want to extract a lib jar? If you want to build something against it you just have to add it to the classpath at compile time - no need for extracting - manual download of java runtime - also not needed on most Linux distributions as almost any of thier package managers are able to just install different versions aside from mostly java is installed by default at os install - mysql and mysql-connector: although should still be useable most distributions switched to MariaDB due to Oracle (wich bought Sun wich bought MySQL) changed lincese so re-distributing MySQL by Linux isn't as easy as before - so most switched to MariaDB as its license complies to re-distribute it within the repos - I once had a week long heavy trouble cause an update completely crashed my james database - had hard time to recover it - ant - yes, it's always better to use a build system nowdays - but just to compile a single class most java devs would just do it on command line - your notes are written like ant would required - use of third party to generate keypair - first rule of security: never rely on others to generate keys - always do it by yourself - why: cause you can't be sure that the third party is trustworthy / stores the private key - this chapter should be complete reworked to generate the key and signatures on the command line instead of using external services Overall its maybe a personal note on how you did it - but it's not really useable as "general tutorial", wich is covered on apache itself. You only combined a few things like setting up SPF and adding DKIM to a normal James setup. Matt Am 17.07.2019 um 11:21 schrieb Jason Tjankilisan: Hiya Matt, Here is the Github link to the tutorial I created : https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial Firstly I apologize if there;s any wrong word or bad English. I hope the tutorial were clear enough even for those who just learned about James, as I try to make the information as general as it can be. any Comment/Critique are welcome ! Thank you for the help and response. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Tuesday, July 16, 2019 2:55 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I don't know about Google Drive and maybe files get unavailable after some time. If you already have a GitHub account I would recommend you to maybe set up a new repo and publish it this way. This would ensure a general availability and also space for additional resources like examples. Also, the issue and merge functions would allow others to point out issues and possible fixes. About the format: text, html and PDF are good formats, where text and html offer easy editable where PDF would require re-exporting one from what ever source format. Looking forward to read it. Matt - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Here is the Github link to the tutorial I created : https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial Firstly I apologize if there;s any wrong word or bad English. I hope the tutorial were clear enough even for those who just learned about James, as I try to make the information as general as it can be. any Comment/Critique are welcome ! Thank you for the help and response. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Tuesday, July 16, 2019 2:55 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I don't know about Google Drive and maybe files get unavailable after some time. If you already have a GitHub account I would recommend you to maybe set up a new repo and publish it this way. This would ensure a general availability and also space for additional resources like examples. Also, the issue and merge functions would allow others to point out issues and possible fixes. About the format: text, html and PDF are good formats, where text and html offer easy editable where PDF would require re-exporting one from what ever source format. Looking forward to read it. Matt
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Here is the Github link to the tutorial I created : https://github.com/JasonTjankilisan/James-3.3.0-setup_tutorial Firstly I apologize if there;s any wrong word or bad English. I hope the tutorial were clear enough even for those who just learned about James, as I try to make the information as general as it can be. any Comment/Critique are welcome ! Thank you for the help and response. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Tuesday, July 16, 2019 2:55 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I don't know about Google Drive and maybe files get unavailable after some time. If you already have a GitHub account I would recommend you to maybe set up a new repo and publish it this way. This would ensure a general availability and also space for additional resources like examples. Also, the issue and merge functions would allow others to point out issues and possible fixes. About the format: text, html and PDF are good formats, where text and html offer easy editable where PDF would require re-exporting one from what ever source format. Looking forward to read it. Matt
Re: Applying JDKIM and SPF to the Mailets
Hey Jason, I don't know about Google Drive and maybe files get unavailable after some time. If you already have a GitHub account I would recommend you to maybe set up a new repo and publish it this way. This would ensure a general availability and also space for additional resources like examples. Also, the issue and merge functions would allow others to point out issues and possible fixes. About the format: text, html and PDF are good formats, where text and html offer easy editable where PDF would require re-exporting one from what ever source format. Looking forward to read it. Matt Am 16.07.2019 um 08:54 schrieb Jason Tjankilisan: Halo Matt, Surely I don’t mind to share the tutorial and I have asked the permission from my team to share it and get a permission. The problem is i still don’t know where to put the tutorial to share it since all of it was on Notepad text file and im planning to add picture so people wont get confused.For now, I probably use Google Drive to share the File Text and gonna fix some of the words before uploading. Its kinda off topic, so apology for that. And with that the topic of applying JDKIM and SPF is done. I will reply as soon as possible once the tutorial done. Thank you so much for everyone that has been helping. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Monday, July 15, 2019 5:03 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, glad to hear you got it working in the end. About keys: I don't think the Exception was caused by re-using the same key you used for secure the connection, but it's always a good idea to use different keys for different usages. I'm looking towards reading your tutorial. Would be nice if you link it when done. Maybe we can give additional input if someone spots issues. Matt Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan: Hiya Matt, Last time I check, the selector DKIM didn’t show up either in MXLookup even though I copy paste the name of the selector to the DNS Record. So I rename the TXT DKIM and create new public key in the DNS Record and suddenly it works, now my mail has DKIM and SPF Approval. I apologize, but apparently the private key used for SSL/TLS are not the same as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class to have error such as “Bad Password”. That’s why I generate new one from DKIMCore and finally it works. Took me longer than I expected to know this. Finally I can make the tutorial for it. Sorry for any wrong and thank you for the help and information. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Friday, July 12, 2019 6:10 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had to read to RFC and test a bit with google, but it seems you still have a DNS issue: Your selector is: 1562899936.107 Your domain is: pc.107.jp As by RFC you need to have a TXT record at: 1562899936.107._domainkey.pc.107.jp But when I look up this domain with ANY as type I get this: 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" If you look at google for example, they have set thier selector to: 20161025 and thier domain to: googlemail.com. When you lookup 20161025._domainkey.googlemail.com you get this: 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" So, again, it's a DNS problem. This time a missing record. That's DKIM verify fail. Matt Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: Hiya Matt, Sorry took a long time to reply, was making sure that I did alli could think of before posting. Thank you also for providing information and the support given, it was really helpful. I am a part of 107.jp and indeed it was a sub-domain so im guessing the setting is different? I will make sure to contact my co-worker After some more testing and experimenting, I finally made some progress. I Successfully implement SPF (I removed the A and the Include google stuff from the TXT record just as you said) and it was relatively easy. But for the DKIM its another whole story : - Apparently, Letsencrypt private key used for Keystore is not the same key as your DKIM key (Ref: https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I generate one using DKIMCore, and the error was resolved. - About the DNS Reverse, we try to get in contact with Contabo about the PTR record, so its just a matter of time I hope I still don’t understand why the DKIM F
RE: Applying JDKIM and SPF to the Mailets
Halo Matt, Surely I don’t mind to share the tutorial and I have asked the permission from my team to share it and get a permission. The problem is i still don’t know where to put the tutorial to share it since all of it was on Notepad text file and im planning to add picture so people wont get confused.For now, I probably use Google Drive to share the File Text and gonna fix some of the words before uploading. Its kinda off topic, so apology for that. And with that the topic of applying JDKIM and SPF is done. I will reply as soon as possible once the tutorial done. Thank you so much for everyone that has been helping. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Monday, July 15, 2019 5:03 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, glad to hear you got it working in the end. About keys: I don't think the Exception was caused by re-using the same key you used for secure the connection, but it's always a good idea to use different keys for different usages. I'm looking towards reading your tutorial. Would be nice if you link it when done. Maybe we can give additional input if someone spots issues. Matt Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan: > Hiya Matt, > > Last time I check, the selector DKIM didn’t show up either in MXLookup even > though I copy paste the name of the selector to the DNS Record. So I rename > the TXT DKIM and create new public key in the DNS Record and suddenly it > works, now my mail has DKIM and SPF Approval. > > I apologize, but apparently the private key used for SSL/TLS are not the same > as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class > to have error such as “Bad Password”. That’s why I generate new one from > DKIMCore and finally it works. Took me longer than I expected to know this. > > Finally I can make the tutorial for it. > > Sorry for any wrong and thank you for the help and information. > > Sincerely, Jason > > Sent from Mail for Windows 10 > > From: cryptearth > Sent: Friday, July 12, 2019 6:10 PM > To: server-user@james.apache.org > Subject: Re: Applying JDKIM and SPF to the Mailets > > Hey Jason, > > I had to read to RFC and test a bit with google, but it seems you still > have a DNS issue: > > Your selector is: 1562899936.107 > Your domain is: pc.107.jp > > As by RFC you need to have a TXT record at: > 1562899936.107._domainkey.pc.107.jp > But when I look up this domain with ANY as type I get this: > > 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" > > If you look at google for example, they have set thier selector to: > 20161025 and thier domain to: googlemail.com. When you lookup > 20161025._domainkey.googlemail.com you get this: > > 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; > p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" > "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" > > So, again, it's a DNS problem. This time a missing record. That's DKIM > verify fail. > > Matt > > Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: >> Hiya Matt, >> >> Sorry took a long time to reply, was making sure that I did alli could think >> of before posting. Thank you also for providing information and the support >> given, it was really helpful. >> >> I am a part of 107.jp and indeed it was a sub-domain so im guessing the >> setting is different? I will make sure to contact my co-worker >> >> After some more testing and experimenting, I finally made some progress. I >> Successfully implement SPF (I removed the A and the Include google stuff >> from the TXT record just as you said) and it was relatively easy. But for >> the DKIM its another whole story : >> - Apparently, Letsencrypt private key used for Keystore is not the same key >> as your DKIM key (Ref: >> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I >> generate one using DKIMCore, and the error was resolved. >> - About the DNS Reverse, we try to get in contact with Contabo about the PTR >> record, so its just a matter of time I hope >> >> I still don’t understand why the DKIM Failed, But I did try to compare my >> gmail sending to my other gmail “original message” and I see that : >> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” >> tag must be the first.
RE: Applying JDKIM and SPF to the Mailets
Halo Matt, Surely I don’t mind to share the tutorial and I have asked the permission from my team to share it and get a permission. The problem is i still don’t know where to put the tutorial to share it since all of it was on Notepad text file and im planning to add picture so people wont get confused.For now, I probably use Google Drive to share the File Text and gonna fix some of the words before uploading. Its kinda off topic, so apology for that. And with that the topic of applying JDKIM and SPF is done. I will reply as soon as possible once the tutorial done. Thank you so much for everyone that has been helping. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Monday, July 15, 2019 5:03 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, glad to hear you got it working in the end. About keys: I don't think the Exception was caused by re-using the same key you used for secure the connection, but it's always a good idea to use different keys for different usages. I'm looking towards reading your tutorial. Would be nice if you link it when done. Maybe we can give additional input if someone spots issues. Matt Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan: > Hiya Matt, > > Last time I check, the selector DKIM didn’t show up either in MXLookup even > though I copy paste the name of the selector to the DNS Record. So I rename > the TXT DKIM and create new public key in the DNS Record and suddenly it > works, now my mail has DKIM and SPF Approval. > > I apologize, but apparently the private key used for SSL/TLS are not the same > as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class > to have error such as “Bad Password”. That’s why I generate new one from > DKIMCore and finally it works. Took me longer than I expected to know this. > > Finally I can make the tutorial for it. > > Sorry for any wrong and thank you for the help and information. > > Sincerely, Jason > > Sent from Mail for Windows 10 > > From: cryptearth > Sent: Friday, July 12, 2019 6:10 PM > To: server-user@james.apache.org > Subject: Re: Applying JDKIM and SPF to the Mailets > > Hey Jason, > > I had to read to RFC and test a bit with google, but it seems you still > have a DNS issue: > > Your selector is: 1562899936.107 > Your domain is: pc.107.jp > > As by RFC you need to have a TXT record at: > 1562899936.107._domainkey.pc.107.jp > But when I look up this domain with ANY as type I get this: > > 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" > > If you look at google for example, they have set thier selector to: > 20161025 and thier domain to: googlemail.com. When you lookup > 20161025._domainkey.googlemail.com you get this: > > 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; > p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" > "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" > > So, again, it's a DNS problem. This time a missing record. That's DKIM > verify fail. > > Matt > > Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: >> Hiya Matt, >> >> Sorry took a long time to reply, was making sure that I did alli could think >> of before posting. Thank you also for providing information and the support >> given, it was really helpful. >> >> I am a part of 107.jp and indeed it was a sub-domain so im guessing the >> setting is different? I will make sure to contact my co-worker >> >> After some more testing and experimenting, I finally made some progress. I >> Successfully implement SPF (I removed the A and the Include google stuff >> from the TXT record just as you said) and it was relatively easy. But for >> the DKIM its another whole story : >> - Apparently, Letsencrypt private key used for Keystore is not the same key >> as your DKIM key (Ref: >> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I >> generate one using DKIMCore, and the error was resolved. >> - About the DNS Reverse, we try to get in contact with Contabo about the PTR >> record, so its just a matter of time I hope >> >> I still don’t understand why the DKIM Failed, But I did try to compare my >> gmail sending to my other gmail “original message” and I see that : >> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” >> tag must be the first.
Re: Applying JDKIM and SPF to the Mailets
Hey Jason, glad to hear you got it working in the end. About keys: I don't think the Exception was caused by re-using the same key you used for secure the connection, but it's always a good idea to use different keys for different usages. I'm looking towards reading your tutorial. Would be nice if you link it when done. Maybe we can give additional input if someone spots issues. Matt Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan: Hiya Matt, Last time I check, the selector DKIM didn’t show up either in MXLookup even though I copy paste the name of the selector to the DNS Record. So I rename the TXT DKIM and create new public key in the DNS Record and suddenly it works, now my mail has DKIM and SPF Approval. I apologize, but apparently the private key used for SSL/TLS are not the same as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class to have error such as “Bad Password”. That’s why I generate new one from DKIMCore and finally it works. Took me longer than I expected to know this. Finally I can make the tutorial for it. Sorry for any wrong and thank you for the help and information. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Friday, July 12, 2019 6:10 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had to read to RFC and test a bit with google, but it seems you still have a DNS issue: Your selector is: 1562899936.107 Your domain is: pc.107.jp As by RFC you need to have a TXT record at: 1562899936.107._domainkey.pc.107.jp But when I look up this domain with ANY as type I get this: 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" If you look at google for example, they have set thier selector to: 20161025 and thier domain to: googlemail.com. When you lookup 20161025._domainkey.googlemail.com you get this: 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" So, again, it's a DNS problem. This time a missing record. That's DKIM verify fail. Matt Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: Hiya Matt, Sorry took a long time to reply, was making sure that I did alli could think of before posting. Thank you also for providing information and the support given, it was really helpful. I am a part of 107.jp and indeed it was a sub-domain so im guessing the setting is different? I will make sure to contact my co-worker After some more testing and experimenting, I finally made some progress. I Successfully implement SPF (I removed the A and the Include google stuff from the TXT record just as you said) and it was relatively easy. But for the DKIM its another whole story : - Apparently, Letsencrypt private key used for Keystore is not the same key as your DKIM key (Ref: https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I generate one using DKIMCore, and the error was resolved. - About the DNS Reverse, we try to get in contact with Contabo about the PTR record, so its just a matter of time I hope I still don’t understand why the DKIM Failed, But I did try to compare my gmail sending to my other gmail “original message” and I see that : - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” tag must be the first. - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it say its failed even though there is DKIM Signature in the original messsage. - I checked the DNS Record using dnschecker.org and see that the selector TXT did not show up for the DKIM, is it supposed to be like that? Given the name of the TXT record must be [string]._domainkey.[host name]. Here is the “Original message” : Delivered-To: jason.tjankili...@gmail.com Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq; Fri, 12 Jul 2019 00:53:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2 X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863; Fri, 12 Jul 2019 00:53:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none; d=google.com; s=arc-20160816; b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK 00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6 xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Last time I check, the selector DKIM didn’t show up either in MXLookup even though I copy paste the name of the selector to the DNS Record. So I rename the TXT DKIM and create new public key in the DNS Record and suddenly it works, now my mail has DKIM and SPF Approval. I apologize, but apparently the private key used for SSL/TLS are not the same as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class to have error such as “Bad Password”. That’s why I generate new one from DKIMCore and finally it works. Took me longer than I expected to know this. Finally I can make the tutorial for it. Sorry for any wrong and thank you for the help and information. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Friday, July 12, 2019 6:10 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had to read to RFC and test a bit with google, but it seems you still have a DNS issue: Your selector is: 1562899936.107 Your domain is: pc.107.jp As by RFC you need to have a TXT record at: 1562899936.107._domainkey.pc.107.jp But when I look up this domain with ANY as type I get this: 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" If you look at google for example, they have set thier selector to: 20161025 and thier domain to: googlemail.com. When you lookup 20161025._domainkey.googlemail.com you get this: 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" So, again, it's a DNS problem. This time a missing record. That's DKIM verify fail. Matt Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: > Hiya Matt, > > Sorry took a long time to reply, was making sure that I did alli could think > of before posting. Thank you also for providing information and the support > given, it was really helpful. > > I am a part of 107.jp and indeed it was a sub-domain so im guessing the > setting is different? I will make sure to contact my co-worker > > After some more testing and experimenting, I finally made some progress. I > Successfully implement SPF (I removed the A and the Include google stuff from > the TXT record just as you said) and it was relatively easy. But for the DKIM > its another whole story : > - Apparently, Letsencrypt private key used for Keystore is not the same key > as your DKIM key (Ref: > https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I > generate one using DKIMCore, and the error was resolved. > - About the DNS Reverse, we try to get in contact with Contabo about the PTR > record, so its just a matter of time I hope > > I still don’t understand why the DKIM Failed, But I did try to compare my > gmail sending to my other gmail “original message” and I see that : > - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” > tag must be the first. > - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it > say its failed even though there is DKIM Signature in the original messsage. > - I checked the DNS Record using dnschecker.org and see that the selector TXT > did not show up for the DKIM, is it supposed to be like that? Given the name > of the TXT record must be [string]._domainkey.[host name]. > > Here is the “Original message” : > > Delivered-To: jason.tjankili...@gmail.com > Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > X-Google-Smtp-Source: > APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2 > X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none; > d=google.com; s=arc-20160816; > b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF > J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK > 00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz > ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6 > xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6tBhwkpJqCU > j6TQ== > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; > s=arc-20160816; > h=content-languag
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Last time I check, the selector DKIM didn’t show up either in MXLookup even though I copy paste the name of the selector to the DNS Record. So I rename the TXT DKIM and create new public key in the DNS Record and suddenly it works, now my mail has DKIM and SPF Approval. I apologize, but apparently the private key used for SSL/TLS are not the same as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class to have error such as “Bad Password”. That’s why I generate new one from DKIMCore and finally it works. Took me longer than I expected to know this. Finally I can make the tutorial for it. Sorry for any wrong and thank you for the help and information. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Friday, July 12, 2019 6:10 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had to read to RFC and test a bit with google, but it seems you still have a DNS issue: Your selector is: 1562899936.107 Your domain is: pc.107.jp As by RFC you need to have a TXT record at: 1562899936.107._domainkey.pc.107.jp But when I look up this domain with ANY as type I get this: 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" If you look at google for example, they have set thier selector to: 20161025 and thier domain to: googlemail.com. When you lookup 20161025._domainkey.googlemail.com you get this: 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" So, again, it's a DNS problem. This time a missing record. That's DKIM verify fail. Matt Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: > Hiya Matt, > > Sorry took a long time to reply, was making sure that I did alli could think > of before posting. Thank you also for providing information and the support > given, it was really helpful. > > I am a part of 107.jp and indeed it was a sub-domain so im guessing the > setting is different? I will make sure to contact my co-worker > > After some more testing and experimenting, I finally made some progress. I > Successfully implement SPF (I removed the A and the Include google stuff from > the TXT record just as you said) and it was relatively easy. But for the DKIM > its another whole story : > - Apparently, Letsencrypt private key used for Keystore is not the same key > as your DKIM key (Ref: > https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I > generate one using DKIMCore, and the error was resolved. > - About the DNS Reverse, we try to get in contact with Contabo about the PTR > record, so its just a matter of time I hope > > I still don’t understand why the DKIM Failed, But I did try to compare my > gmail sending to my other gmail “original message” and I see that : > - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” > tag must be the first. > - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it > say its failed even though there is DKIM Signature in the original messsage. > - I checked the DNS Record using dnschecker.org and see that the selector TXT > did not show up for the DKIM, is it supposed to be like that? Given the name > of the TXT record must be [string]._domainkey.[host name]. > > Here is the “Original message” : > > Delivered-To: jason.tjankili...@gmail.com > Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > X-Google-Smtp-Source: > APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2 > X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none; > d=google.com; s=arc-20160816; > b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF > J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK > 00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz > ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6 > xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6tBhwkpJqCU > j6TQ== > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; > s=arc-20160816; > h=content-languag
Re: Applying JDKIM and SPF to the Mailets
ip=173.249.33.70; Authentication-Results: mx.google.com; dkim=fail header.i=@pc.107.jp header.s=1562899936.107 header.b=aNm+dozf; spf=pass (google.com: domain of i...@pc.107.jp designates 173.249.33.70 as permitted sender) smtp.mailfrom=i...@pc.107.jp DKIM-Signature: a=rsa-sha256; b=aNm+dozfytLfB/uNWlhYvu4kWF/qpna3hAolNlM8T3ebcoKpsWxZXh0c41uAhWRdsnaPXuxg2Y3AEgc1ZjkKS8LUF/zWjK93u1DdHtIpDjv4lESYP29iAWZ2OFQrJ+KCI7V9i1hB82ggoT5ThcP0IeJ03XJY7WBO+Ua2ilUhHRQ=; s=1562899936.107; d=pc.107.jp; v=1; bh=bEMak+tyBtAPfnUd01gLR+35V3jP8wbS1BA//AxN7Eo=; h=subject:from:to:received:dkim-signature; MIME-Version: 1.0 X-UserIsAuth: true Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 567005839 for ; Fri, 12 Jul 2019 09:53:20 +0200 (CEST) To: jason.tjankili...@gmail.com From: Mr Sano Mail Subject: SHIBA INU Message-ID: <7ece4147-8575-4ae8-41da-a45774d98...@pc.107.jp> Date: Fri, 12 Jul 2019 14:53:18 +0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US SHIBAINU End of “Original Message” Weird thing is that I did put the “v” tag in the first in the signature template. v=1; s=1562899936.107._domainkey.pc.107.jp; d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=; [Privkeyhere] Can someone help me on this one or maybe pinpoint me to any direction? Thank you and sorry for any wrong word. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 10, 2019 1:13 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I have a guess in the blue: You're try to use a sub-domain / third-level domain. As Whois shows up, the main domain is just 107.jp. You are try to use the sub-domain pc.107.jp. So, there has to be a few extras to be tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is beneficial cause they know thier stuff and support should be able to help to to clean it up. The main question is: Are you part of 107.jp or is pc.107.jp it's own thing not really related to 107.jp? I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 include:_spf.google.com ~all" - this doesn't seem right. First: there is A as an IPv4 already set - no need for adding it again. SPF is designed so if another record(-type) is referenced it has to be resolved. So, by adding A to SPF this already resolves to ip4:173.249.33.70 - it should be fine if only A or the ip is present. Also, as MX is also pc.107.jp it should be possible to use MX instead of A. 173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a german company Contabo GmbH - this doesn't match neither google nor cloudflare. So having _spf.google.com in your SPF record doesn't make sense as you don't use googles mail servers but your own. There's a lot that just doesn't add/match up - wich on the other side could be the reason why google flags your mail as spam. As this contabo thing looks like a v-host or some those lines it should be possible to set a correct PTR in control panel or ask support if it's possible. Correct DNS records and also matching PTR is a important part for correct working mail server. I also ran it against my fav tools mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff failed straight away as pc.107.jp isn't a correct implemented sub-level domain on it's own (misses SOA record and mostly isn't it's own zone) - so reverse checking this stuff (wich maybe done by google) has this "somethings not right here"-smell - wich google could take as a reason "wait, this doesn't add up here - most likely spam from a gone wild server". There's a lot to be fixed to "clean it up" - I guess it couldn't hurt to ask google support directly. Maybe they can provide an explain why the thing your mail is spam and could give advice to set it up. I can only help so far as I started with a proper set up sub-domain before I set up my own - the admin really knew what he's doin and the DNS service he used, although not so cool webinterface, has good support helping out by setting up stuff like sub-domains and such. Also the server-provider he used offered fine detail on setting PTR so reverse also worked. Guess there's not much this mailing list could help as it seems it's not the fault of the James software but on DNS and domain stuff only support of domain registrar can help. Try to ask them and google for advice. Matt Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan: Hiya Matt, Once again, Thank you very much for the information and reminding me, I always forgot that you did mention that in the previous thread and I always forgot to take note on that. I w
RE: Applying JDKIM and SPF to the Mailets
en-US SHIBAINU End of “Original Message” Weird thing is that I did put the “v” tag in the first in the signature template. v=1; s=1562899936.107._domainkey.pc.107.jp; d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=; [Privkeyhere] Can someone help me on this one or maybe pinpoint me to any direction? Thank you and sorry for any wrong word. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 10, 2019 1:13 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I have a guess in the blue: You're try to use a sub-domain / third-level domain. As Whois shows up, the main domain is just 107.jp. You are try to use the sub-domain pc.107.jp. So, there has to be a few extras to be tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is beneficial cause they know thier stuff and support should be able to help to to clean it up. The main question is: Are you part of 107.jp or is pc.107.jp it's own thing not really related to 107.jp? I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 include:_spf.google.com ~all" - this doesn't seem right. First: there is A as an IPv4 already set - no need for adding it again. SPF is designed so if another record(-type) is referenced it has to be resolved. So, by adding A to SPF this already resolves to ip4:173.249.33.70 - it should be fine if only A or the ip is present. Also, as MX is also pc.107.jp it should be possible to use MX instead of A. 173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a german company Contabo GmbH - this doesn't match neither google nor cloudflare. So having _spf.google.com in your SPF record doesn't make sense as you don't use googles mail servers but your own. There's a lot that just doesn't add/match up - wich on the other side could be the reason why google flags your mail as spam. As this contabo thing looks like a v-host or some those lines it should be possible to set a correct PTR in control panel or ask support if it's possible. Correct DNS records and also matching PTR is a important part for correct working mail server. I also ran it against my fav tools mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff failed straight away as pc.107.jp isn't a correct implemented sub-level domain on it's own (misses SOA record and mostly isn't it's own zone) - so reverse checking this stuff (wich maybe done by google) has this "somethings not right here"-smell - wich google could take as a reason "wait, this doesn't add up here - most likely spam from a gone wild server". There's a lot to be fixed to "clean it up" - I guess it couldn't hurt to ask google support directly. Maybe they can provide an explain why the thing your mail is spam and could give advice to set it up. I can only help so far as I started with a proper set up sub-domain before I set up my own - the admin really knew what he's doin and the DNS service he used, although not so cool webinterface, has good support helping out by setting up stuff like sub-domains and such. Also the server-provider he used offered fine detail on setting PTR so reverse also worked. Guess there's not much this mailing list could help as it seems it's not the fault of the James software but on DNS and domain stuff only support of domain registrar can help. Try to ask them and google for advice. Matt Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan: > Hiya Matt, > > Once again, Thank you very much for the information and reminding me, I > always forgot that you did mention that in the previous thread and I always > forgot to take note on that. I will try to check the DNS. > > So I sended a mail from thunderbird to my gmail and it goes to spam, so > here’s the of the “Original Message” of the mail: > --Starts of Original message-- > Delivered-To: pochuf...@gmail.com > Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje; > Tue, 9 Jul 2019 19:33:55 -0700 (PDT) > X-Google-Smtp-Source: > APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd > X-Received: by 2002:a05:6000:9:: with SMTP id > h9mr1329142wrx.271.1562726035666; > Tue, 09 Jul 2019 19:33:55 -0700 (PDT) > ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none; > d=google.com; s=arc-20160816; > b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl > xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0 > 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F > s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL > aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406 > gTKA== > ARC-Mes
RE: Applying JDKIM and SPF to the Mailets
en-US SHIBAINU End of “Original Message” Weird thing is that I did put the “v” tag in the first in the signature template. v=1; s=1562899936.107._domainkey.pc.107.jp; d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=; [Privkeyhere] Can someone help me on this one or maybe pinpoint me to any direction? Thank you and sorry for any wrong word. Sincerely, Jason. Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 10, 2019 1:13 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I have a guess in the blue: You're try to use a sub-domain / third-level domain. As Whois shows up, the main domain is just 107.jp. You are try to use the sub-domain pc.107.jp. So, there has to be a few extras to be tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is beneficial cause they know thier stuff and support should be able to help to to clean it up. The main question is: Are you part of 107.jp or is pc.107.jp it's own thing not really related to 107.jp? I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 include:_spf.google.com ~all" - this doesn't seem right. First: there is A as an IPv4 already set - no need for adding it again. SPF is designed so if another record(-type) is referenced it has to be resolved. So, by adding A to SPF this already resolves to ip4:173.249.33.70 - it should be fine if only A or the ip is present. Also, as MX is also pc.107.jp it should be possible to use MX instead of A. 173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a german company Contabo GmbH - this doesn't match neither google nor cloudflare. So having _spf.google.com in your SPF record doesn't make sense as you don't use googles mail servers but your own. There's a lot that just doesn't add/match up - wich on the other side could be the reason why google flags your mail as spam. As this contabo thing looks like a v-host or some those lines it should be possible to set a correct PTR in control panel or ask support if it's possible. Correct DNS records and also matching PTR is a important part for correct working mail server. I also ran it against my fav tools mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff failed straight away as pc.107.jp isn't a correct implemented sub-level domain on it's own (misses SOA record and mostly isn't it's own zone) - so reverse checking this stuff (wich maybe done by google) has this "somethings not right here"-smell - wich google could take as a reason "wait, this doesn't add up here - most likely spam from a gone wild server". There's a lot to be fixed to "clean it up" - I guess it couldn't hurt to ask google support directly. Maybe they can provide an explain why the thing your mail is spam and could give advice to set it up. I can only help so far as I started with a proper set up sub-domain before I set up my own - the admin really knew what he's doin and the DNS service he used, although not so cool webinterface, has good support helping out by setting up stuff like sub-domains and such. Also the server-provider he used offered fine detail on setting PTR so reverse also worked. Guess there's not much this mailing list could help as it seems it's not the fault of the James software but on DNS and domain stuff only support of domain registrar can help. Try to ask them and google for advice. Matt Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan: > Hiya Matt, > > Once again, Thank you very much for the information and reminding me, I > always forgot that you did mention that in the previous thread and I always > forgot to take note on that. I will try to check the DNS. > > So I sended a mail from thunderbird to my gmail and it goes to spam, so > here’s the of the “Original Message” of the mail: > --Starts of Original message-- > Delivered-To: pochuf...@gmail.com > Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje; > Tue, 9 Jul 2019 19:33:55 -0700 (PDT) > X-Google-Smtp-Source: > APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd > X-Received: by 2002:a05:6000:9:: with SMTP id > h9mr1329142wrx.271.1562726035666; > Tue, 09 Jul 2019 19:33:55 -0700 (PDT) > ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none; > d=google.com; s=arc-20160816; > b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl > xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0 > 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F > s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL > aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406 > gTKA== > ARC-Mes
Re: Applying JDKIM and SPF to the Mailets
spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp Return-Path: Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55 for ; Tue, 09 Jul 2019 19:33:55 -0700 (PDT) Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) client-ip=173.249.33.70; Authentication-Results: mx.google.com; spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp MIME-Version: 1.0 X-UserIsAuth: true Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993 for ; Wed, 10 Jul 2019 04:33:55 +0200 (CEST) (*Header right here*) To: pochuf...@gmail.com From: Mr Sano Mail Subject: Test Send With Thunderbird Message-ID: Date: Wed, 10 Jul 2019 09:33:54 +0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Test Send With Thunderbird, will it goes to spam? --End of Original Message— I just notice that the SPF said NEUTRAL instead of PASS (I check random mail from my inbox and compare see what’s different). So im guessing I have to make the SPF say PASS. For the DNS Record, I will consult my partner since he’s the one who set up the MX Record and all that stuff (We use Cloudflare as the mail server). I will post the result of trying to configuring the DNS Record. As for the DKIM Mailet, I have removed it for now and just leave the ConvertTo7Bit Mailet for now (The header said the Encoding is 7 bit, it must’ve worked). It still produces the “Bad Decryption Password” error and mailetcontainer.xml doesn’t allow “--” to be in the comment. Thank you for the help and sorry for any wrong word. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 10, 2019 2:33 AM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, as said earlier: If Google is marking your mails as spam that's most likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a "soft-ignore" policy wich, when no information can be obtained, ignores it. SPF is set in the zone file belong to your domain, there's no need for any config related in James (config is only needed if you want to check incoming mail). A correct SPF record is a TXT record on the domain level noting every allowed mail server. For my domain cryptearth.de my SPF is this: "v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all" as TXT record directly in the main zone cryptearth.de. v=spf1 - that's the SPF marker +ip4 / +ip6 - these IPv4/v6 remote hosts are allowed -all - all other remote hosts are not allowed If your domain doesn't have any TXT record begin with v=spf1 Google just ignore the SPF check. Same goes for DKIM: if you don't provide DKIM Google ignores to check it. If your mail still get flagged as spam this could be reason by: - the mail server has no / an invalid PTR record - the mail server is located in a dial-up range - other DNS records doesn't match needed To help it could be helpful to show us the header of a mail that's marked as spam by google - we then can try to analyze if we found any issues. This is an example for my webserver send with php mail() function > dropped into sendmail nullclient > forwarded to james > send to google (I marked the headers): // all here until return-path header is google internal stuff Delivered-To: cryptea...@gmail.com Received: by 2002:a4f:6e52:0:0:0:0:0 with SMTP id j79csp7648569ivc; Tue, 9 Jul 2019 12:23:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqxFdrccZnMMbSgzmSSr2YFUZ23iQA0se2sQVtyWuH5h/msfARkXQzD5JQP/j7z0vfw5NlOP X-Received: by 2002:adf:e8cb:: with SMTP id k11mr26007187wrn.244.1562700211239; Tue, 09 Jul 2019 12:23:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562700211; cv=none; d=google.com; s=arc-20160816; b=CW95ECbinyXl5+I6Dmh3AYViWiGAnzsEHq149ZQBGjstvPEVzaAoRojjPoFw2wmoKZ eiDn7C/4R3Ee1NoiavjUKWZrQiQHjsvvf2f3eO5c0kNmFm1BBjqQUj9ibmIOIuZcGdjS HCCsdazTSJFJwj+HqkIJQQqCO4yJ8YJ8zVSmyWef7GuVtG9bWcqXK0GYSuC8o4KdDLrn zoGZQbE/6Bxt2JF9A9hF9BHa0pGdoWM4vKQWg3p2KgmZ58ckBBADCjtXMpv+zxlzzgE3 Qhl0Eal8blMPymECdkUAzSKZVmxDUYzQuBHql079UJQJsnOq+Mk3wANsrazX6FHF7C2k nYBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:to:message-id:from:date; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; b=YxxdpYMPG/GWtkqztwbHHI8T3Joli6if1Y3/jl5tNxTYtu1571oCEk/UhhUuqjOw
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Once again, Thank you very much for the information and reminding me, I always forgot that you did mention that in the previous thread and I always forgot to take note on that. I will try to check the DNS. So I sended a mail from thunderbird to my gmail and it goes to spam, so here’s the of the “Original Message” of the mail: --Starts of Original message-- Delivered-To: pochuf...@gmail.com Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje; Tue, 9 Jul 2019 19:33:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd X-Received: by 2002:a05:6000:9:: with SMTP id h9mr1329142wrx.271.1562726035666; Tue, 09 Jul 2019 19:33:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none; d=google.com; s=arc-20160816; b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406 gTKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-language:content-transfer-encoding:user-agent:date :message-id:subject:from:to:mime-version; bh=5wfo1H+29jHo4uhiLLqayCA+TQbQEzg1BJDlbD3Zqv8=; b=fTx9CRHmU7CPabrGxTB1TW7g7CoS2X6Q2vXogTKnwwY2EbZ6KfllSJkj2OD0WFC+2e niYXcqouoFoXsxZbBDDqNlwr8rq2wa2OsuwLVsEAnXzGKyFppjW0bGm6lU9IDxZIfcr7 i5vqBAGsjdVwyr3TvVxPZaIoyh/ySeB44drESxcnTZFa9tkiNxgvMKTkpl6GQfvZJICl KZd8VzHBFOGHa4T4ov6oXhX5PuqdFQz7FSuQrzra2xP35cj575vTGWKLo7QSpyZibzvy nPmWwoM+/3UZbBJStASz2dglpsJZpAn3NTfBAqfRRd/TVmBXlcfeWVvUNpqTUY5oao+m 32iA== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp Return-Path: Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55 for ; Tue, 09 Jul 2019 19:33:55 -0700 (PDT) Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) client-ip=173.249.33.70; Authentication-Results: mx.google.com; spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp MIME-Version: 1.0 X-UserIsAuth: true Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993 for ; Wed, 10 Jul 2019 04:33:55 +0200 (CEST) (*Header right here*) To: pochuf...@gmail.com From: Mr Sano Mail Subject: Test Send With Thunderbird Message-ID: Date: Wed, 10 Jul 2019 09:33:54 +0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Test Send With Thunderbird, will it goes to spam? --End of Original Message— I just notice that the SPF said NEUTRAL instead of PASS (I check random mail from my inbox and compare see what’s different). So im guessing I have to make the SPF say PASS. For the DNS Record, I will consult my partner since he’s the one who set up the MX Record and all that stuff (We use Cloudflare as the mail server). I will post the result of trying to configuring the DNS Record. As for the DKIM Mailet, I have removed it for now and just leave the ConvertTo7Bit Mailet for now (The header said the Encoding is 7 bit, it must’ve worked). It still produces the “Bad Decryption Password” error and mailetcontainer.xml doesn’t allow “--” to be in the comment. Thank you for the help and sorry for any wrong word. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 10, 2019 2:33 AM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, as said earlier: If Google is marking your mails as spam that's most likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a "soft-ignore" policy wich, when no information can be obtained, ignores it. SPF is set in the zone file belong to your domain, there's no need for any config related in James (config is only needed if you want to check incoming mail). A correct SPF record is a TXT record on the domain level noting every allowed mail server. For my domain cryptearth.de my SPF is this: "v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all" as TXT record directly in the main zone cryptearth.de. v=spf1 - that's
RE: Applying JDKIM and SPF to the Mailets
Hiya Matt, Once again, Thank you very much for the information and reminding me, I always forgot that you did mention that in the previous thread and I always forgot to take note on that. I will try to check the DNS. So I sended a mail from thunderbird to my gmail and it goes to spam, so here’s the of the “Original Message” of the mail: --Starts of Original message-- Delivered-To: pochuf...@gmail.com Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje; Tue, 9 Jul 2019 19:33:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd X-Received: by 2002:a05:6000:9:: with SMTP id h9mr1329142wrx.271.1562726035666; Tue, 09 Jul 2019 19:33:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none; d=google.com; s=arc-20160816; b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406 gTKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-language:content-transfer-encoding:user-agent:date :message-id:subject:from:to:mime-version; bh=5wfo1H+29jHo4uhiLLqayCA+TQbQEzg1BJDlbD3Zqv8=; b=fTx9CRHmU7CPabrGxTB1TW7g7CoS2X6Q2vXogTKnwwY2EbZ6KfllSJkj2OD0WFC+2e niYXcqouoFoXsxZbBDDqNlwr8rq2wa2OsuwLVsEAnXzGKyFppjW0bGm6lU9IDxZIfcr7 i5vqBAGsjdVwyr3TvVxPZaIoyh/ySeB44drESxcnTZFa9tkiNxgvMKTkpl6GQfvZJICl KZd8VzHBFOGHa4T4ov6oXhX5PuqdFQz7FSuQrzra2xP35cj575vTGWKLo7QSpyZibzvy nPmWwoM+/3UZbBJStASz2dglpsJZpAn3NTfBAqfRRd/TVmBXlcfeWVvUNpqTUY5oao+m 32iA== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp Return-Path: Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55 for ; Tue, 09 Jul 2019 19:33:55 -0700 (PDT) Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) client-ip=173.249.33.70; Authentication-Results: mx.google.com; spf=neutral (google.com: 173.249.33.70 is neither permitted nor denied by best guess record for domain of i...@pc.107.jp) smtp.mailfrom=i...@pc.107.jp MIME-Version: 1.0 X-UserIsAuth: true Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993 for ; Wed, 10 Jul 2019 04:33:55 +0200 (CEST) (*Header right here*) To: pochuf...@gmail.com From: Mr Sano Mail Subject: Test Send With Thunderbird Message-ID: Date: Wed, 10 Jul 2019 09:33:54 +0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Test Send With Thunderbird, will it goes to spam? --End of Original Message— I just notice that the SPF said NEUTRAL instead of PASS (I check random mail from my inbox and compare see what’s different). So im guessing I have to make the SPF say PASS. For the DNS Record, I will consult my partner since he’s the one who set up the MX Record and all that stuff (We use Cloudflare as the mail server). I will post the result of trying to configuring the DNS Record. As for the DKIM Mailet, I have removed it for now and just leave the ConvertTo7Bit Mailet for now (The header said the Encoding is 7 bit, it must’ve worked). It still produces the “Bad Decryption Password” error and mailetcontainer.xml doesn’t allow “--” to be in the comment. Thank you for the help and sorry for any wrong word. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Wednesday, July 10, 2019 2:33 AM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, as said earlier: If Google is marking your mails as spam that's most likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a "soft-ignore" policy wich, when no information can be obtained, ignores it. SPF is set in the zone file belong to your domain, there's no need for any config related in James (config is only needed if you want to check incoming mail). A correct SPF record is a TXT record on the domain level noting every allowed mail server. For my domain cryptearth.de my SPF is this: "v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all" as TXT record directly in the main zone cryptearth.de. v=spf1 - that's
Re: Applying JDKIM and SPF to the Mailets
d etc). I just discovered that you just need to download the zip files from : https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign class. So that;s one problem solved. Im guessing that since the tutorial ( https://james.apache.org/jdkim/mailets/index.html ) said that you must convert it to 7 bit and sign the DKIM right before the mail is sended, I need to find which mailet has the function to send the mail to put the DKIM and 7Bit Mailet before that sending mailet. To my surprise when you explain a bit about the matcher, I didn’t know that matcher has anything to do with the DKIM, so definitely gonna try to mess and read it when I had the time. (After checking out the thread, I found this https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help me understand where to put it) What I try for the mailet last time is putting these lines after the “RemoteDelivery” class mailet in processor state = “transport”, I will try to put it before the “RemoteDelivery” and post the result in reply. v=1; s=selector; d=pc.107.jp; h=from:to:subject:received; a=rsa-sha256; bh=; b=; -BEGIN RSA PRIVATE KEY- [Private Key Here in PEM Format] -END RSA PRIVATE KEY- testpassword But when I try to run it, it produces some error Saying the cannot create the RSA Private key because bad decryption password : https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0 I created the private key using Letsencrypt and the file type is pem. I copy paste the content into the just as the tutorial did, but maybe something wrong with my private key (I think? It works for my SMTP and IMAP server so I doubt that) can you/anyone tell me what causing this error? Just a little more and I’ll be able to implement DKIM and SPF to my mail so finally google don’t take it as spam. Last time I try to build with the mvn clean install ( Following this https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the james-jdkim yield a lot of error since I never used maven myself, so I guess im gonna skip that one and try it some other time. Lastly, thank you for the help and response, it give me some answer to the problem I had right now, I will probably reply to my own mail if I did found the solution or someone else. Again, thank you for the help and sorry for any wrong word. Sincerely, Jason Sent from Mail for Windows 10 From: Tellier Benoit Sent: 09 July 2019 21:54 To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hi Jason, I will try to answer your questions: 1. I don't really understand the question. You can use matcher to apply actions to emails matching certain conditions. For instance, upon signing a mail for DKIM, you want to sign it when the sender is local and authenticated, just before RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and the like will do the trick - while all incoming traffic from a non trusted source needs to be DKIM validated. Again playing with matchers within mailetcontainer.xml will be needed to do what you want. 2. I don't know the state of the DKIM status in JAMES Spring packaging. Probably not working (version clashes). No additional jar is required with Guice packaging. 3. What makes you believe this? 4. mvn clean install + look in target directories Hope it helps. Benoit On 08/07/2019 05:30, Jason Tjankilisan wrote: Hi, Sorry for the frequent asking but I just hit dead end with the DKIM config. https://james.apache.org/jdkim/mailets/index.html -> so I just read this as my tutorial guidelines to apply DKIM to my mail. From what I understand, that the mail needed to be converted to 7 bit before being Sign by DKIM and the DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has less chance of getting into SPAM + request. So I downloaded the James JDKIM from this one : https://github.com/apache/james-jdkim And take the DKIMSign.java and ConvertTo7Bit.java and my CustomMeiletTest.java (I need to use ANT cause request) and build those 3 using ANT so they become 1 jar file. But as expected, the file wont compile because some missing files from james/lib (probably didn’t have JDKIM Library from the start) So I download the library from here : https://james.apache.org/download.cgi#Apache_jDKIM and I extract the apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib and put it on james/lib/ and try to compile it. But it still missing some library. I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and put it on james/lib and nothing works also. For the SPF I there;s already one inside james/lib folder named : apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF library and just use it in th
RE: Applying JDKIM and SPF to the Mailets
Hiya Tellier, So lately I’ve tried some things to apply DKIM and I finally making some progress. First of all I apologize for the confusion, mainly because I still trying to figure things out how everything works (James , Mailet and Matcher and etc). I just discovered that you just need to download the zip files from : https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign class. So that;s one problem solved. Im guessing that since the tutorial ( https://james.apache.org/jdkim/mailets/index.html ) said that you must convert it to 7 bit and sign the DKIM right before the mail is sended, I need to find which mailet has the function to send the mail to put the DKIM and 7Bit Mailet before that sending mailet. To my surprise when you explain a bit about the matcher, I didn’t know that matcher has anything to do with the DKIM, so definitely gonna try to mess and read it when I had the time. (After checking out the thread, I found this https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help me understand where to put it) What I try for the mailet last time is putting these lines after the “RemoteDelivery” class mailet in processor state = “transport”, I will try to put it before the “RemoteDelivery” and post the result in reply. v=1; s=selector; d=pc.107.jp; h=from:to:subject:received; a=rsa-sha256; bh=; b=; -BEGIN RSA PRIVATE KEY- [Private Key Here in PEM Format] -END RSA PRIVATE KEY- testpassword But when I try to run it, it produces some error Saying the cannot create the RSA Private key because bad decryption password : https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0 I created the private key using Letsencrypt and the file type is pem. I copy paste the content into the just as the tutorial did, but maybe something wrong with my private key (I think? It works for my SMTP and IMAP server so I doubt that) can you/anyone tell me what causing this error? Just a little more and I’ll be able to implement DKIM and SPF to my mail so finally google don’t take it as spam. Last time I try to build with the mvn clean install ( Following this https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the james-jdkim yield a lot of error since I never used maven myself, so I guess im gonna skip that one and try it some other time. Lastly, thank you for the help and response, it give me some answer to the problem I had right now, I will probably reply to my own mail if I did found the solution or someone else. Again, thank you for the help and sorry for any wrong word. Sincerely, Jason Sent from Mail for Windows 10 From: Tellier Benoit Sent: 09 July 2019 21:54 To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hi Jason, I will try to answer your questions: 1. I don't really understand the question. You can use matcher to apply actions to emails matching certain conditions. For instance, upon signing a mail for DKIM, you want to sign it when the sender is local and authenticated, just before RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and the like will do the trick - while all incoming traffic from a non trusted source needs to be DKIM validated. Again playing with matchers within mailetcontainer.xml will be needed to do what you want. 2. I don't know the state of the DKIM status in JAMES Spring packaging. Probably not working (version clashes). No additional jar is required with Guice packaging. 3. What makes you believe this? 4. mvn clean install + look in target directories Hope it helps. Benoit On 08/07/2019 05:30, Jason Tjankilisan wrote: > Hi, > > Sorry for the frequent asking but I just hit dead end with the DKIM config. > https://james.apache.org/jdkim/mailets/index.html -> so I just read this as > my tutorial guidelines to apply DKIM to my mail. From what I understand, that > the mail needed to be converted to 7 bit before being Sign by DKIM and the > DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has > less chance of getting into SPAM + request. > > So I downloaded the James JDKIM from this one : > https://github.com/apache/james-jdkim > And take the DKIMSign.java and ConvertTo7Bit.java and my > CustomMeiletTest.java (I need to use ANT cause request) and build those 3 > using ANT so they become 1 jar file. But as expected, the file wont compile > because some missing files from james/lib (probably didn’t have JDKIM Library > from the start) > > So I download the library from here : > https://james.apache.org/download.cgi#Apache_jDKIM and I extract the > apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib > and put it on james/lib/ and
RE: Applying JDKIM and SPF to the Mailets
Hiya Tellier, So lately I’ve tried some things to apply DKIM and I finally making some progress. First of all I apologize for the confusion, mainly because I still trying to figure things out how everything works (James , Mailet and Matcher and etc). I just discovered that you just need to download the zip files from : https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign class. So that;s one problem solved. Im guessing that since the tutorial ( https://james.apache.org/jdkim/mailets/index.html ) said that you must convert it to 7 bit and sign the DKIM right before the mail is sended, I need to find which mailet has the function to send the mail to put the DKIM and 7Bit Mailet before that sending mailet. To my surprise when you explain a bit about the matcher, I didn’t know that matcher has anything to do with the DKIM, so definitely gonna try to mess and read it when I had the time. (After checking out the thread, I found this https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help me understand where to put it) What I try for the mailet last time is putting these lines after the “RemoteDelivery” class mailet in processor state = “transport”, I will try to put it before the “RemoteDelivery” and post the result in reply. v=1; s=selector; d=pc.107.jp; h=from:to:subject:received; a=rsa-sha256; bh=; b=; -BEGIN RSA PRIVATE KEY- [Private Key Here in PEM Format] -END RSA PRIVATE KEY- testpassword But when I try to run it, it produces some error Saying the cannot create the RSA Private key because bad decryption password : https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0 I created the private key using Letsencrypt and the file type is pem. I copy paste the content into the just as the tutorial did, but maybe something wrong with my private key (I think? It works for my SMTP and IMAP server so I doubt that) can you/anyone tell me what causing this error? Just a little more and I’ll be able to implement DKIM and SPF to my mail so finally google don’t take it as spam. Last time I try to build with the mvn clean install ( Following this https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the james-jdkim yield a lot of error since I never used maven myself, so I guess im gonna skip that one and try it some other time. Lastly, thank you for the help and response, it give me some answer to the problem I had right now, I will probably reply to my own mail if I did found the solution or someone else. Again, thank you for the help and sorry for any wrong word. Sincerely, Jason Sent from Mail for Windows 10 From: Tellier Benoit Sent: 09 July 2019 21:54 To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hi Jason, I will try to answer your questions: 1. I don't really understand the question. You can use matcher to apply actions to emails matching certain conditions. For instance, upon signing a mail for DKIM, you want to sign it when the sender is local and authenticated, just before RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and the like will do the trick - while all incoming traffic from a non trusted source needs to be DKIM validated. Again playing with matchers within mailetcontainer.xml will be needed to do what you want. 2. I don't know the state of the DKIM status in JAMES Spring packaging. Probably not working (version clashes). No additional jar is required with Guice packaging. 3. What makes you believe this? 4. mvn clean install + look in target directories Hope it helps. Benoit On 08/07/2019 05:30, Jason Tjankilisan wrote: > Hi, > > Sorry for the frequent asking but I just hit dead end with the DKIM config. > https://james.apache.org/jdkim/mailets/index.html -> so I just read this as > my tutorial guidelines to apply DKIM to my mail. From what I understand, that > the mail needed to be converted to 7 bit before being Sign by DKIM and the > DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has > less chance of getting into SPAM + request. > > So I downloaded the James JDKIM from this one : > https://github.com/apache/james-jdkim > And take the DKIMSign.java and ConvertTo7Bit.java and my > CustomMeiletTest.java (I need to use ANT cause request) and build those 3 > using ANT so they become 1 jar file. But as expected, the file wont compile > because some missing files from james/lib (probably didn’t have JDKIM Library > from the start) > > So I download the library from here : > https://james.apache.org/download.cgi#Apache_jDKIM and I extract the > apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib > and put it on james/lib/ and
Re: Applying JDKIM and SPF to the Mailets
Hi Jason, I will try to answer your questions: 1. I don't really understand the question. You can use matcher to apply actions to emails matching certain conditions. For instance, upon signing a mail for DKIM, you want to sign it when the sender is local and authenticated, just before RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and the like will do the trick - while all incoming traffic from a non trusted source needs to be DKIM validated. Again playing with matchers within mailetcontainer.xml will be needed to do what you want. 2. I don't know the state of the DKIM status in JAMES Spring packaging. Probably not working (version clashes). No additional jar is required with Guice packaging. 3. What makes you believe this? 4. mvn clean install + look in target directories Hope it helps. Benoit On 08/07/2019 05:30, Jason Tjankilisan wrote: > Hi, > > Sorry for the frequent asking but I just hit dead end with the DKIM config. > https://james.apache.org/jdkim/mailets/index.html -> so I just read this as > my tutorial guidelines to apply DKIM to my mail. From what I understand, that > the mail needed to be converted to 7 bit before being Sign by DKIM and the > DKIM mailet has to be the last one. I guess I need to do DKIM so my mail has > less chance of getting into SPAM + request. > > So I downloaded the James JDKIM from this one : > https://github.com/apache/james-jdkim > And take the DKIMSign.java and ConvertTo7Bit.java and my > CustomMeiletTest.java (I need to use ANT cause request) and build those 3 > using ANT so they become 1 jar file. But as expected, the file wont compile > because some missing files from james/lib (probably didn’t have JDKIM Library > from the start) > > So I download the library from here : > https://james.apache.org/download.cgi#Apache_jDKIM and I extract the > apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib > and put it on james/lib/ and try to compile it. But it still missing some > library. > I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and put it > on james/lib and nothing works also. > > For the SPF I there;s already one inside james/lib folder named : > apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF > library and just use it in the mailetcontainer.xml as you mentioned it in the > last mail (haven’t tried since it since I didn’t found anything related how > to use the SPF, but will search more) > > So my question is : > 1. How do I know what is the sending mailet and receiveing mailet? So I can > put the DKIMSign Mailet before the sending mailet. (Im guessing the > 2. From the https://james.apache.org/download.cgi#Apache_jDKIM, should I > also put the Javadoc, source sources also in james/lib? > 3. Am I adding the wrong library or misunderstood the procedure of adding > DKIM and SPF mailets? I really need to know this so I can document this and > make a tutorial full from setting apache James to adding DKIM and SPF. > 4. Should I really needed the https://github.com/apache/james-jdkim ? all of > it was a java files, and I don’t know how to turn all of them into 1 jar so I > can use as library I think? > > Im sorry for the lack of understanding and any wrong work, I hope it wasn’t > too much. > > thank you for the help. > > Sincerely, Jason > > Sent from Mail for Windows 10 > > - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org