Hiya Matt, Last time I check, the selector DKIM didn’t show up either in MXLookup even though I copy paste the name of the selector to the DNS Record. So I rename the TXT DKIM and create new public key in the DNS Record and suddenly it works, now my mail has DKIM and SPF Approval.
I apologize, but apparently the private key used for SSL/TLS are not the same as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class to have error such as “Bad Password”. That’s why I generate new one from DKIMCore and finally it works. Took me longer than I expected to know this. Finally I can make the tutorial for it. Sorry for any wrong and thank you for the help and information. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Friday, July 12, 2019 6:10 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, I had to read to RFC and test a bit with google, but it seems you still have a DNS issue: Your selector is: 1562899936.107 Your domain is: pc.107.jp As by RFC you need to have a TXT record at: 1562899936.107._domainkey.pc.107.jp But when I look up this domain with ANY as type I get this: 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" If you look at google for example, they have set thier selector to: 20161025 and thier domain to: googlemail.com. When you lookup 20161025._domainkey.googlemail.com you get this: 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" So, again, it's a DNS problem. This time a missing record. That's DKIM verify fail. Matt Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: > Hiya Matt, > > Sorry took a long time to reply, was making sure that I did alli could think > of before posting. Thank you also for providing information and the support > given, it was really helpful. > > I am a part of 107.jp and indeed it was a sub-domain so im guessing the > setting is different? I will make sure to contact my co-worker > > After some more testing and experimenting, I finally made some progress. I > Successfully implement SPF (I removed the A and the Include google stuff from > the TXT record just as you said) and it was relatively easy. But for the DKIM > its another whole story : > - Apparently, Letsencrypt private key used for Keystore is not the same key > as your DKIM key (Ref: > https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I > generate one using DKIMCore, and the error was resolved. > - About the DNS Reverse, we try to get in contact with Contabo about the PTR > record, so its just a matter of time I hope > > I still don’t understand why the DKIM Failed, But I did try to compare my > gmail sending to my other gmail “original message” and I see that : > - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” > tag must be the first. > - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but it > say its failed even though there is DKIM Signature in the original messsage. > - I checked the DNS Record using dnschecker.org and see that the selector TXT > did not show up for the DKIM, is it supposed to be like that? Given the name > of the TXT record must be [string]._domainkey.[host name]. > > Here is the “Original message” : > //////// > Delivered-To: jason.tjankili...@gmail.com > Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > X-Google-Smtp-Source: > APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2 > X-Received: by 2002:a7b:c954:: with SMTP id i20mr8397417wml.169.1562918001863; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none; > d=google.com; s=arc-20160816; > b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF > J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK > 00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz > ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6 > xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6tBhwkpJqCU > j6TQ== > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; > s=arc-20160816; > h=content-language:content-transfer-encoding:user-agent:date > :message-id:subject:from:to:mime-version:dkim-signature; > bh=bEMak+tyBtAPfnUd01gLR+35V3jP8wbS1BA//AxN7Eo=; > b=wRgD/3oj9Lexlm35bopImhQNYdMUDMis3taW2zMUnWU7wVtgZ78hb1sRZbWalbNJ8M > bmDrrMkH0Cn01/H0cxkPfw1+9NwswqBjmvPs+fWCgsbG/cVRj8qSQCzWA/NCLReOkilg > SXCikhs8iMWxj9LM+BftXC2+MWuBU/AO6yz9+U0rRv9dFMLLIoI7wYLPGc4rGXx8ucUA > GiPNnbX3A4k9+bgNx+5tI1ZHnk1TaF9dUGRBTUqPHVnhEnQHBrsGYVqcqVKab+y37MBO > Tx2Q4IWPWZJdGXZEGmNnFr5dt0Hw7PRhEsgfDx6IzdMHP7VykJ0sC7lIAMqo0u7lgeyb > fnog== > ARC-Authentication-Results: i=1; mx.google.com; > dkim=fail header.i=@pc.107.jp header.s=1562899936.107 > header.b=aNm+dozf; > spf=pass (google.com: domain of i...@pc.107.jp designates > 173.249.33.70 as permitted sender) smtp.mailfrom=i...@pc.107.jp > Return-Path: <i...@pc.107.jp> > Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) > by mx.google.com with ESMTP id g1si7958555wrw.30.2019.07.12.00.53.21 > for <jason.tjankili...@gmail.com>; > Fri, 12 Jul 2019 00:53:21 -0700 (PDT) > Received-SPF: pass (google.com: domain of i...@pc.107.jp designates > 173.249.33.70 as permitted sender) client-ip=173.249.33.70; > Authentication-Results: mx.google.com; > dkim=fail header.i=@pc.107.jp header.s=1562899936.107 > header.b=aNm+dozf; > spf=pass (google.com: domain of i...@pc.107.jp designates > 173.249.33.70 as permitted sender) smtp.mailfrom=i...@pc.107.jp > DKIM-Signature: a=rsa-sha256; > b=aNm+dozfytLfB/uNWlhYvu4kWF/qpna3hAolNlM8T3ebcoKpsWxZXh0c41uAhWRdsnaPXuxg2Y3AEgc1ZjkKS8LUF/zWjK93u1DdHtIpDjv4lESYP29iAWZ2OFQrJ+KCI7V9i1hB82ggoT5ThcP0IeJ03XJY7WBO+Ua2ilUhHRQ=; > s=1562899936.107; d=pc.107.jp; v=1; > bh=bEMak+tyBtAPfnUd01gLR+35V3jP8wbS1BA//AxN7Eo=; > h=subject:from:to:received:dkim-signature; > MIME-Version: 1.0 > X-UserIsAuth: true > Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) > by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 567005839 > for <jason.tjankili...@gmail.com>; > Fri, 12 Jul 2019 09:53:20 +0200 (CEST) > To: jason.tjankili...@gmail.com > From: Mr Sano Mail <i...@pc.107.jp> > Subject: SHIBA INU > Message-ID: <7ece4147-8575-4ae8-41da-a45774d98...@pc.107.jp> > Date: Fri, 12 Jul 2019 14:53:18 +0700 > User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 > Thunderbird/60.7.2 > Content-Type: text/plain; charset=utf-8; format=flowed > Content-Transfer-Encoding: 7bit > Content-Language: en-US > > SHIBAINU > //////// > End of “Original Message” > > Weird thing is that I did put the “v” tag in the first in the signature > template. > > <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign"> > <signatureTemplate>v=1; s=1562899936.107._domainkey.pc.107.jp; > d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=; > </signatureTemplate> > <privateKey> > [Privkeyhere] > </privateKey> > </mailet> > > Can someone help me on this one or maybe pinpoint me to any direction? > > Thank you and sorry for any wrong word. > > Sincerely, Jason. > > Sent from Mail for Windows 10 > > From: cryptearth > Sent: Wednesday, July 10, 2019 1:13 PM > To: server-user@james.apache.org > Subject: Re: Applying JDKIM and SPF to the Mailets > > Hey Jason, > > I have a guess in the blue: You're try to use a sub-domain / third-level > domain. > > As Whois shows up, the main domain is just 107.jp. You are try to use > the sub-domain pc.107.jp. So, there has to be a few extras to be > tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is > beneficial cause they know thier stuff and support should be able to > help to to clean it up. > The main question is: Are you part of 107.jp or is pc.107.jp it's own > thing not really related to 107.jp? > > I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 > include:_spf.google.com ~all" - this doesn't seem right. > First: there is A as an IPv4 already set - no need for adding it again. > SPF is designed so if another record(-type) is referenced it has to be > resolved. So, by adding A to SPF this already resolves to > ip4:173.249.33.70 - it should be fine if only A or the ip is present. > Also, as MX is also pc.107.jp it should be possible to use MX instead of A. > > 173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a > german company Contabo GmbH - this doesn't match neither google nor > cloudflare. So having _spf.google.com in your SPF record doesn't make > sense as you don't use googles mail servers but your own. > > There's a lot that just doesn't add/match up - wich on the other side > could be the reason why google flags your mail as spam. As this contabo > thing looks like a v-host or some those lines it should be possible to > set a correct PTR in control panel or ask support if it's possible. > Correct DNS records and also matching PTR is a important part for > correct working mail server. I also ran it against my fav tools > mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff > failed straight away as pc.107.jp isn't a correct implemented sub-level > domain on it's own (misses SOA record and mostly isn't it's own zone) - > so reverse checking this stuff (wich maybe done by google) has this > "somethings not right here"-smell - wich google could take as a reason > "wait, this doesn't add up here - most likely spam from a gone wild > server". There's a lot to be fixed to "clean it up" - I guess it > couldn't hurt to ask google support directly. Maybe they can provide an > explain why the thing your mail is spam and could give advice to set it up. > > I can only help so far as I started with a proper set up sub-domain > before I set up my own - the admin really knew what he's doin and the > DNS service he used, although not so cool webinterface, has good support > helping out by setting up stuff like sub-domains and such. Also the > server-provider he used offered fine detail on setting PTR so reverse > also worked. > > Guess there's not much this mailing list could help as it seems it's not > the fault of the James software but on DNS and domain stuff only support > of domain registrar can help. Try to ask them and google for advice. > > Matt > > Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan: >> Hiya Matt, >> >> Once again, Thank you very much for the information and reminding me, I >> always forgot that you did mention that in the previous thread and I always >> forgot to take note on that. I will try to check the DNS. >> >> So I sended a mail from thunderbird to my gmail and it goes to spam, so >> here’s the of the “Original Message” of the mail: >> --Starts of Original message-- >> Delivered-To: pochuf...@gmail.com >> Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje; >> Tue, 9 Jul 2019 19:33:55 -0700 (PDT) >> X-Google-Smtp-Source: >> APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd >> X-Received: by 2002:a05:6000:9:: with SMTP id >> h9mr1329142wrx.271.1562726035666; >> Tue, 09 Jul 2019 19:33:55 -0700 (PDT) >> ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none; >> d=google.com; s=arc-20160816; >> >> b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl >> >> xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0 >> >> 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F >> >> s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL >> >> aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406 >> gTKA== >> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; >> s=arc-20160816; >> h=content-language:content-transfer-encoding:user-agent:date >> :message-id:subject:from:to:mime-version; >> bh=5wfo1H+29jHo4uhiLLqayCA+TQbQEzg1BJDlbD3Zqv8=; >> >> b=fTx9CRHmU7CPabrGxTB1TW7g7CoS2X6Q2vXogTKnwwY2EbZ6KfllSJkj2OD0WFC+2e >> >> niYXcqouoFoXsxZbBDDqNlwr8rq2wa2OsuwLVsEAnXzGKyFppjW0bGm6lU9IDxZIfcr7 >> >> i5vqBAGsjdVwyr3TvVxPZaIoyh/ySeB44drESxcnTZFa9tkiNxgvMKTkpl6GQfvZJICl >> >> KZd8VzHBFOGHa4T4ov6oXhX5PuqdFQz7FSuQrzra2xP35cj575vTGWKLo7QSpyZibzvy >> >> nPmWwoM+/3UZbBJStASz2dglpsJZpAn3NTfBAqfRRd/TVmBXlcfeWVvUNpqTUY5oao+m >> 32iA== >> ARC-Authentication-Results: i=1; mx.google.com; >> spf=neutral (google.com: 173.249.33.70 is neither permitted nor >> denied by best guess record for domain of i...@pc.107.jp) >> smtp.mailfrom=i...@pc.107.jp >> Return-Path: <i...@pc.107.jp> >> Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) >> by mx.google.com with ESMTP id l3si735050wrw.0.2019.07.09.19.33.55 >> for <pochuf...@gmail.com>; >> Tue, 09 Jul 2019 19:33:55 -0700 (PDT) >> Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor >> denied by best guess record for domain of i...@pc.107.jp) >> client-ip=173.249.33.70; >> Authentication-Results: mx.google.com; >> spf=neutral (google.com: 173.249.33.70 is neither permitted nor >> denied by best guess record for domain of i...@pc.107.jp) >> smtp.mailfrom=i...@pc.107.jp >> MIME-Version: 1.0 >> X-UserIsAuth: true >> Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) >> by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993 >> for <pochuf...@gmail.com>; >> Wed, 10 Jul 2019 04:33:55 +0200 (CEST) >> (*Header right here*) >> To: pochuf...@gmail.com >> From: Mr Sano Mail <i...@pc.107.jp> >> Subject: Test Send With Thunderbird >> Message-ID: <dace3df1-b5af-5d52-e3a2-413aed2a8...@pc.107.jp> >> Date: Wed, 10 Jul 2019 09:33:54 +0700 >> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 >> Thunderbird/60.7.2 >> Content-Type: text/plain; charset=utf-8; format=flowed >> Content-Transfer-Encoding: 7bit >> Content-Language: en-US >> >> Test Send With Thunderbird, will it goes to spam? >> --End of Original Message— >> >> I just notice that the SPF said NEUTRAL instead of PASS (I check random mail >> from my inbox and compare see what’s different). So im guessing I have to >> make the SPF say PASS. >> >> For the DNS Record, I will consult my partner since he’s the one who set up >> the MX Record and all that stuff (We use Cloudflare as the mail server). >> >> I will post the result of trying to configuring the DNS Record. As for the >> DKIM Mailet, I have removed it for now and just leave the ConvertTo7Bit >> Mailet for now (The header said the Encoding is 7 bit, it must’ve worked). >> It still produces the “Bad Decryption Password” error and >> mailetcontainer.xml doesn’t allow “--” to be in the comment. >> >> Thank you for the help and sorry for any wrong word. >> >> Sincerely, Jason >> >> Sent from Mail for Windows 10 >> >> From: cryptearth >> Sent: Wednesday, July 10, 2019 2:33 AM >> To: server-user@james.apache.org >> Subject: Re: Applying JDKIM and SPF to the Mailets >> >> Hey Jason, >> >> as said earlier: If Google is marking your mails as spam that's most >> likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a >> "soft-ignore" policy wich, when no information can be obtained, ignores it. >> >> SPF is set in the zone file belong to your domain, there's no need for >> any config related in James (config is only needed if you want to check >> incoming mail). A correct SPF record is a TXT record on the domain level >> noting every allowed mail server. For my domain cryptearth.de my SPF is >> this: >> >> "v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all" >> as TXT record directly in the main zone cryptearth.de. >> v=spf1 - that's the SPF marker >> +ip4 / +ip6 - these IPv4/v6 remote hosts are allowed >> -all - all other remote hosts are not allowed >> >> If your domain doesn't have any TXT record begin with v=spf1 Google just >> ignore the SPF check. Same goes for DKIM: if you don't provide DKIM >> Google ignores to check it. If your mail still get flagged as spam this >> could be reason by: >> >> - the mail server has no / an invalid PTR record >> - the mail server is located in a dial-up range >> - other DNS records doesn't match needed >> >> To help it could be helpful to show us the header of a mail that's >> marked as spam by google - we then can try to analyze if we found any >> issues. >> This is an example for my webserver send with php mail() function > >> dropped into sendmail nullclient > forwarded to james > send to google >> (I marked the headers): >> >> // all here until return-path header is google internal stuff >> Delivered-To: cryptea...@gmail.com >> Received: by 2002:a4f:6e52:0:0:0:0:0 with SMTP id j79csp7648569ivc; >> Tue, 9 Jul 2019 12:23:31 -0700 (PDT) >> X-Google-Smtp-Source: >> APXvYqxFdrccZnMMbSgzmSSr2YFUZ23iQA0se2sQVtyWuH5h/msfARkXQzD5JQP/j7z0vfw5NlOP >> X-Received: by 2002:adf:e8cb:: with SMTP id >> k11mr26007187wrn.244.1562700211239; >> Tue, 09 Jul 2019 12:23:31 -0700 (PDT) >> ARC-Seal: i=1; a=rsa-sha256; t=1562700211; cv=none; >> d=google.com; s=arc-20160816; >> b=CW95ECbinyXl5+I6Dmh3AYViWiGAnzsEHq149ZQBGjstvPEVzaAoRojjPoFw2wmoKZ >> eiDn7C/4R3Ee1NoiavjUKWZrQiQHjsvvf2f3eO5c0kNmFm1BBjqQUj9ibmIOIuZcGdjS >> HCCsdazTSJFJwj+HqkIJQQqCO4yJ8YJ8zVSmyWef7GuVtG9bWcqXK0GYSuC8o4KdDLrn >> zoGZQbE/6Bxt2JF9A9hF9BHa0pGdoWM4vKQWg3p2KgmZ58ckBBADCjtXMpv+zxlzzgE3 >> Qhl0Eal8blMPymECdkUAzSKZVmxDUYzQuBHql079UJQJsnOq+Mk3wANsrazX6FHF7C2k >> nYBg== >> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; >> d=google.com; s=arc-20160816; >> h=subject:to:message-id:from:date; >> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; >> b=YxxdpYMPG/GWtkqztwbHHI8T3Joli6if1Y3/jl5tNxTYtu1571oCEk/UhhUuqjOwtA >> cGN8+H/y4wEAnpuAioqhYeMCp8RbxXLCE2MVnYyGY/GUkz8PvFxV+1zcelW+xRQwdj+A >> +aFjWnZP9xmH1UThe6FDnUVdPu1txs2fgE6Euu2NFPJuyGovD0zwL2+xFqnNZXE4QBrb >> 5KTkNx9h5Q7cu+XUiQeVFYJjico6P87UPUJXoVYrAVxwF6CtLKPgzn1I8iaIySiJF+xl >> FlXQD+8OIcQhkVka6/xQMZNEfyYZiI+CanAKzR3vyYyvUbdWapWD4+DiSyw0iygn3tEs >> 7AUQ== >> ARC-Authentication-Results: i=1; mx.google.com; >> spf=pass (google.com: domain of webmas...@cryptearth.de >> designates 91.121.4.115 as permitted sender) >> smtp.mailfrom=webmas...@cryptearth.de >> >> // google main mail server receives mail from James on my root and >> checks SPF >> Return-Path: <webmas...@cryptearth.de> >> Received: from cryptearth.de (cryptearth.de. [91.121.4.115]) >> by mx.google.com with ESMTPS id >> s84si2873797wmf.151.2019.07.09.12.23.30 >> for <cryptea...@gmail.com> >> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); >> Tue, 09 Jul 2019 12:23:31 -0700 (PDT) >> Received-SPF: pass (google.com: domain of webmas...@cryptearth.de >> designates 91.121.4.115 as permitted sender) client-ip=91.121.4.115; >> Authentication-Results: mx.google.com; >> spf=pass (google.com: domain of webmas...@cryptearth.de >> designates 91.121.4.115 as permitted sender) >> smtp.mailfrom=webmas...@cryptearth.de >> >> // james getting mail forwarded from sendmail nullclient >> Received: from localhost (EHLO root1.cryptearth.de) ([127.0.0.1]) >> by root1 (JAMES SMTP Server ) with ESMTP ID -1249001323 >> for <cryptea...@googlemail.com>; >> Tue, 09 Jul 2019 21:23:30 +0200 (CEST) >> >> // sendmail >> Received: (from wwwrun@localhost) by root1.cryptearth.de >> (8.15.2/8.15.2/Submit) id x69JNUWS017954; Tue, 9 Jul 2019 21:23:30 +0200 >> >> // mail header generated by php mail() >> Date: Tue, 9 Jul 2019 21:23:30 +0200 >> From: webmas...@cryptearth.de >> Message-Id: <201907091923.x69jnuws017...@root1.cryptearth.de> >> To: cryptea...@googlemail.com >> Subject: test >> >> test >> // EOF >> >> So, to get mail received by google without spam flag, all I had to do is >> to setup my DNS records correctly - the only config I did in James is to >> enable StartTLS on remoteDelievery - but this isn't needed. >> >> Matt >> >> Am 09.07.2019 um 21:04 schrieb Jason Tjankilisan: >>> Hiya Tellier, >>> >>> So lately I’ve tried some things to apply DKIM and I finally making some >>> progress. >>> >>> First of all I apologize for the confusion, mainly because I still trying >>> to figure things out how everything works (James , Mailet and Matcher and >>> etc). >>> >>> I just discovered that you just need to download the zip files from : >>> https://james.apache.org/download.cgi#Apache_jDKIM and then extract the jar >>> file inside the lib directory to james/lib to use ConvertTo7Bit and >>> DKIMSign class. So that;s one problem solved. >>> >>> Im guessing that since the tutorial ( >>> https://james.apache.org/jdkim/mailets/index.html ) said that you must >>> convert it to 7 bit and sign the DKIM right before the mail is sended, I >>> need to find which mailet has the function to send the mail to put the DKIM >>> and 7Bit Mailet before that sending mailet. To my surprise when you explain >>> a bit about the matcher, I didn’t know that matcher has anything to do with >>> the DKIM, so definitely gonna try to mess and read it when I had the time. >>> (After checking out the thread, I found this >>> https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to >>> help me understand where to put it) >>> >>> What I try for the mailet last time is putting these lines after the >>> “RemoteDelivery” class mailet in processor state = “transport”, I will try >>> to put it before the “RemoteDelivery” and post the result in reply. >>> >>> <mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"> >>> </mailet> >>> >>> <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign"> >>> <signatureTemplate>v=1; s=selector; d=pc.107.jp; >>> h=from:to:subject:received; a=rsa-sha256; bh=; b=; </signatureTemplate> >>> <privateKey> >>> -----BEGIN RSA PRIVATE KEY----- >>> [Private Key Here in PEM Format] >>> -----END RSA PRIVATE KEY----- >>> </privateKey> >>> <privateKeyPassword> >>> testpassword >>> </privateKeyPassword> >>> </mailet> >>> >>> But when I try to run it, it produces some error Saying the cannot create >>> the RSA Private key because bad decryption password : >>> https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0 >>> >>> I created the private key using Letsencrypt and the file type is pem. I >>> copy paste the content into the <privateKey> just as the tutorial did, but >>> maybe something wrong with my private key (I think? It works for my SMTP >>> and IMAP server so I doubt that) can you/anyone tell me what causing this >>> error? >>> >>> Just a little more and I’ll be able to implement DKIM and SPF to my mail so >>> finally google don’t take it as spam. >>> >>> Last time I try to build with the mvn clean install ( Following this >>> https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the >>> james-jdkim yield a lot of error since I never used maven myself, so I >>> guess im gonna skip that one and try it some other time. >>> >>> Lastly, thank you for the help and response, it give me some answer to the >>> problem I had right now, I will probably reply to my own mail if I did >>> found the solution or someone else. >>> >>> Again, thank you for the help and sorry for any wrong word. >>> >>> Sincerely, Jason >>> >>> Sent from Mail for Windows 10 >>> >>> From: Tellier Benoit >>> Sent: 09 July 2019 21:54 >>> To: server-user@james.apache.org >>> Subject: Re: Applying JDKIM and SPF to the Mailets >>> >>> Hi Jason, >>> >>> I will try to answer your questions: >>> >>> 1. I don't really understand the question. >>> >>> You can use matcher to apply actions to emails matching certain >>> conditions. For instance, upon signing a mail for DKIM, you want to sign >>> it when the sender is local and authenticated, just before >>> RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and >>> the like will do the trick - while all incoming traffic from a non >>> trusted source needs to be DKIM validated. Again playing with matchers >>> within mailetcontainer.xml will be needed to do what you want. >>> >>> 2. I don't know the state of the DKIM status in JAMES Spring packaging. >>> Probably not working (version clashes). >>> >>> No additional jar is required with Guice packaging. >>> >>> 3. What makes you believe this? >>> >>> 4. mvn clean install + look in target directories >>> >>> Hope it helps. >>> >>> Benoit >>> >>> On 08/07/2019 05:30, Jason Tjankilisan wrote: >>>> Hi, >>>> >>>> Sorry for the frequent asking but I just hit dead end with the DKIM config. >>>> https://james.apache.org/jdkim/mailets/index.html -> so I just read this >>>> as my tutorial guidelines to apply DKIM to my mail. From what I >>>> understand, that the mail needed to be converted to 7 bit before being >>>> Sign by DKIM and the DKIM mailet has to be the last one. I guess I need to >>>> do DKIM so my mail has less chance of getting into SPAM + request. >>>> >>>> So I downloaded the James JDKIM from this one : >>>> https://github.com/apache/james-jdkim >>>> And take the DKIMSign.java and ConvertTo7Bit.java and my >>>> CustomMeiletTest.java (I need to use ANT cause request) and build those 3 >>>> using ANT so they become 1 jar file. But as expected, the file wont >>>> compile because some missing files from james/lib (probably didn’t have >>>> JDKIM Library from the start) >>>> >>>> So I download the library from here : >>>> https://james.apache.org/download.cgi#Apache_jDKIM and I extract the >>>> apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the >>>> /lib and put it on james/lib/ and try to compile it. But it still missing >>>> some library. >>>> I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and put >>>> it on james/lib and nothing works also. >>>> >>>> For the SPF I there;s already one inside james/lib folder named : >>>> apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF >>>> library and just use it in the mailetcontainer.xml as you mentioned it in >>>> the last mail (haven’t tried since it since I didn’t found anything >>>> related how to use the SPF, but will search more) >>>> >>>> So my question is : >>>> 1. How do I know what is the sending mailet and receiveing mailet? So I >>>> can put the DKIMSign Mailet before the sending mailet. (Im guessing the >>>> 2. From the https://james.apache.org/download.cgi#Apache_jDKIM, should I >>>> also put the Javadoc, source sources also in james/lib? >>>> 3. Am I adding the wrong library or misunderstood the procedure of adding >>>> DKIM and SPF mailets? I really need to know this so I can document this >>>> and make a tutorial full from setting apache James to adding DKIM and SPF. >>>> 4. Should I really needed the https://github.com/apache/james-jdkim ? all >>>> of it was a java files, and I don’t know how to turn all of them into 1 >>>> jar so I can use as library I think? >>>> >>>> Im sorry for the lack of understanding and any wrong work, I hope it >>>> wasn’t too much. >>>> >>>> thank you for the help. >>>> >>>> Sincerely, Jason >>>> >>>> Sent from Mail for Windows 10 >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>> For additional commands, e-mail: server-user-h...@james.apache.org >>> >>> >>> >>> >>> --- >>> This email has been checked for viruses by AVG. >>> https://www.avg.com >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> For additional commands, e-mail: server-user-h...@james.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
