Hey Jason,
as said earlier: If Google is marking your mails as spam that's most
likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a
"soft-ignore" policy wich, when no information can be obtained, ignores it.
SPF is set in the zone file belong to your domain, there's no need for
any config related in James (config is only needed if you want to check
incoming mail). A correct SPF record is a TXT record on the domain level
noting every allowed mail server. For my domain cryptearth.de my SPF is
this:
"v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all"
as TXT record directly in the main zone cryptearth.de.
v=spf1 - that's the SPF marker
+ip4 / +ip6 - these IPv4/v6 remote hosts are allowed
-all - all other remote hosts are not allowed
If your domain doesn't have any TXT record begin with v=spf1 Google just
ignore the SPF check. Same goes for DKIM: if you don't provide DKIM
Google ignores to check it. If your mail still get flagged as spam this
could be reason by:
- the mail server has no / an invalid PTR record
- the mail server is located in a dial-up range
- other DNS records doesn't match needed
To help it could be helpful to show us the header of a mail that's
marked as spam by google - we then can try to analyze if we found any
issues.
This is an example for my webserver send with php mail() function >
dropped into sendmail nullclient > forwarded to james > send to google
(I marked the headers):
// all here until return-path header is google internal stuff
Delivered-To: cryptea...@gmail.com
Received: by 2002:a4f:6e52:0:0:0:0:0 with SMTP id j79csp7648569ivc;
Tue, 9 Jul 2019 12:23:31 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqxFdrccZnMMbSgzmSSr2YFUZ23iQA0se2sQVtyWuH5h/msfARkXQzD5JQP/j7z0vfw5NlOP
X-Received: by 2002:adf:e8cb:: with SMTP id
k11mr26007187wrn.244.1562700211239;
Tue, 09 Jul 2019 12:23:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562700211; cv=none;
d=google.com; s=arc-20160816;
b=CW95ECbinyXl5+I6Dmh3AYViWiGAnzsEHq149ZQBGjstvPEVzaAoRojjPoFw2wmoKZ
eiDn7C/4R3Ee1NoiavjUKWZrQiQHjsvvf2f3eO5c0kNmFm1BBjqQUj9ibmIOIuZcGdjS
HCCsdazTSJFJwj+HqkIJQQqCO4yJ8YJ8zVSmyWef7GuVtG9bWcqXK0GYSuC8o4KdDLrn
zoGZQbE/6Bxt2JF9A9hF9BHa0pGdoWM4vKQWg3p2KgmZ58ckBBADCjtXMpv+zxlzzgE3
Qhl0Eal8blMPymECdkUAzSKZVmxDUYzQuBHql079UJQJsnOq+Mk3wANsrazX6FHF7C2k
nYBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=arc-20160816;
h=subject:to:message-id:from:date;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=YxxdpYMPG/GWtkqztwbHHI8T3Joli6if1Y3/jl5tNxTYtu1571oCEk/UhhUuqjOwtA
cGN8+H/y4wEAnpuAioqhYeMCp8RbxXLCE2MVnYyGY/GUkz8PvFxV+1zcelW+xRQwdj+A
+aFjWnZP9xmH1UThe6FDnUVdPu1txs2fgE6Euu2NFPJuyGovD0zwL2+xFqnNZXE4QBrb
5KTkNx9h5Q7cu+XUiQeVFYJjico6P87UPUJXoVYrAVxwF6CtLKPgzn1I8iaIySiJF+xl
FlXQD+8OIcQhkVka6/xQMZNEfyYZiI+CanAKzR3vyYyvUbdWapWD4+DiSyw0iygn3tEs
7AUQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of webmas...@cryptearth.de
designates 91.121.4.115 as permitted sender)
smtp.mailfrom=webmas...@cryptearth.de
// google main mail server receives mail from James on my root and
checks SPF
Return-Path: <webmas...@cryptearth.de>
Received: from cryptearth.de (cryptearth.de. [91.121.4.115])
by mx.google.com with ESMTPS id
s84si2873797wmf.151.2019.07.09.12.23.30
for <cryptea...@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 09 Jul 2019 12:23:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of webmas...@cryptearth.de
designates 91.121.4.115 as permitted sender) client-ip=91.121.4.115;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of webmas...@cryptearth.de
designates 91.121.4.115 as permitted sender)
smtp.mailfrom=webmas...@cryptearth.de
// james getting mail forwarded from sendmail nullclient
Received: from localhost (EHLO root1.cryptearth.de) ([127.0.0.1])
by root1 (JAMES SMTP Server ) with ESMTP ID -1249001323
for <cryptea...@googlemail.com>;
Tue, 09 Jul 2019 21:23:30 +0200 (CEST)
// sendmail
Received: (from wwwrun@localhost) by root1.cryptearth.de
(8.15.2/8.15.2/Submit) id x69JNUWS017954; Tue, 9 Jul 2019 21:23:30 +0200
// mail header generated by php mail()
Date: Tue, 9 Jul 2019 21:23:30 +0200
From: webmas...@cryptearth.de
Message-Id: <201907091923.x69jnuws017...@root1.cryptearth.de>
To: cryptea...@googlemail.com
Subject: test
test
// EOF
So, to get mail received by google without spam flag, all I had to do is
to setup my DNS records correctly - the only config I did in James is to
enable StartTLS on remoteDelievery - but this isn't needed.
Matt
Am 09.07.2019 um 21:04 schrieb Jason Tjankilisan:
Hiya Tellier,
So lately I’ve tried some things to apply DKIM and I finally making some
progress.
First of all I apologize for the confusion, mainly because I still trying to
figure things out how everything works (James , Mailet and Matcher and etc).
I just discovered that you just need to download the zip files from :
https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar
file inside the lib directory to james/lib to use ConvertTo7Bit and DKIMSign
class. So that;s one problem solved.
Im guessing that since the tutorial (
https://james.apache.org/jdkim/mailets/index.html ) said that you must convert
it to 7 bit and sign the DKIM right before the mail is sended, I need to find
which mailet has the function to send the mail to put the DKIM and 7Bit Mailet
before that sending mailet. To my surprise when you explain a bit about the
matcher, I didn’t know that matcher has anything to do with the DKIM, so
definitely gonna try to mess and read it when I had the time.
(After checking out the thread, I found this
https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to help
me understand where to put it)
What I try for the mailet last time is putting these lines after the
“RemoteDelivery” class mailet in processor state = “transport”, I will try to
put it before the “RemoteDelivery” and post the result in reply.
<mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit">
</mailet>
<mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign">
<signatureTemplate>v=1; s=selector; d=pc.107.jp; h=from:to:subject:received;
a=rsa-sha256; bh=; b=; </signatureTemplate>
<privateKey>
-----BEGIN RSA PRIVATE KEY-----
[Private Key Here in PEM Format]
-----END RSA PRIVATE KEY-----
</privateKey>
<privateKeyPassword>
testpassword
</privateKeyPassword>
</mailet>
But when I try to run it, it produces some error Saying the cannot create the
RSA Private key because bad decryption password :
https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0
I created the private key using Letsencrypt and the file type is pem. I copy paste
the content into the <privateKey> just as the tutorial did, but maybe something
wrong with my private key (I think? It works for my SMTP and IMAP server so I doubt
that) can you/anyone tell me what causing this error?
Just a little more and I’ll be able to implement DKIM and SPF to my mail so
finally google don’t take it as spam.
Last time I try to build with the mvn clean install ( Following this
https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the
james-jdkim yield a lot of error since I never used maven myself, so I guess im
gonna skip that one and try it some other time.
Lastly, thank you for the help and response, it give me some answer to the
problem I had right now, I will probably reply to my own mail if I did found
the solution or someone else.
Again, thank you for the help and sorry for any wrong word.
Sincerely, Jason
Sent from Mail for Windows 10
From: Tellier Benoit
Sent: 09 July 2019 21:54
To: server-user@james.apache.org
Subject: Re: Applying JDKIM and SPF to the Mailets
Hi Jason,
I will try to answer your questions:
1. I don't really understand the question.
You can use matcher to apply actions to emails matching certain
conditions. For instance, upon signing a mail for DKIM, you want to sign
it when the sender is local and authenticated, just before
RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and
the like will do the trick - while all incoming traffic from a non
trusted source needs to be DKIM validated. Again playing with matchers
within mailetcontainer.xml will be needed to do what you want.
2. I don't know the state of the DKIM status in JAMES Spring packaging.
Probably not working (version clashes).
No additional jar is required with Guice packaging.
3. What makes you believe this?
4. mvn clean install + look in target directories
Hope it helps.
Benoit
On 08/07/2019 05:30, Jason Tjankilisan wrote:
Hi,
Sorry for the frequent asking but I just hit dead end with the DKIM config.
https://james.apache.org/jdkim/mailets/index.html -> so I just read this as my
tutorial guidelines to apply DKIM to my mail. From what I understand, that the
mail needed to be converted to 7 bit before being Sign by DKIM and the DKIM mailet
has to be the last one. I guess I need to do DKIM so my mail has less chance of
getting into SPAM + request.
So I downloaded the James JDKIM from this one : https://github.com/apache/james-jdkim
And take the DKIMSign.java and ConvertTo7Bit.java and my CustomMeiletTest.java
(I need to use ANT cause request) and build those 3 using ANT so they become 1
jar file. But as expected, the file wont compile because some missing files
from james/lib (probably didn’t have JDKIM Library from the start)
So I download the library from here :
https://james.apache.org/download.cgi#Apache_jDKIM and I extract the
apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the /lib and
put it on james/lib/ and try to compile it. But it still missing some library.
I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and put it
on james/lib and nothing works also.
For the SPF I there;s already one inside james/lib folder named :
apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF library
and just use it in the mailetcontainer.xml as you mentioned it in the last mail
(haven’t tried since it since I didn’t found anything related how to use the
SPF, but will search more)
So my question is :
1. How do I know what is the sending mailet and receiveing mailet? So I can put
the DKIMSign Mailet before the sending mailet. (Im guessing the
2. From the https://james.apache.org/download.cgi#Apache_jDKIM, should I also
put the Javadoc, source sources also in james/lib?
3. Am I adding the wrong library or misunderstood the procedure of adding DKIM
and SPF mailets? I really need to know this so I can document this and make a
tutorial full from setting apache James to adding DKIM and SPF.
4. Should I really needed the https://github.com/apache/james-jdkim ? all of it
was a java files, and I don’t know how to turn all of them into 1 jar so I can
use as library I think?
Im sorry for the lack of understanding and any wrong work, I hope it wasn’t too
much.
thank you for the help.
Sincerely, Jason
Sent from Mail for Windows 10
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---
This email has been checked for viruses by AVG.
https://www.avg.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
