Halo Matt, Surely I don’t mind to share the tutorial and I have asked the permission from my team to share it and get a permission. The problem is i still don’t know where to put the tutorial to share it since all of it was on Notepad text file and im planning to add picture so people wont get confused.For now, I probably use Google Drive to share the File Text and gonna fix some of the words before uploading. Its kinda off topic, so apology for that. And with that the topic of applying JDKIM and SPF is done.
I will reply as soon as possible once the tutorial done. Thank you so much for everyone that has been helping. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Monday, July 15, 2019 5:03 PM To: server-user@james.apache.org Subject: Re: Applying JDKIM and SPF to the Mailets Hey Jason, glad to hear you got it working in the end. About keys: I don't think the Exception was caused by re-using the same key you used for secure the connection, but it's always a good idea to use different keys for different usages. I'm looking towards reading your tutorial. Would be nice if you link it when done. Maybe we can give additional input if someone spots issues. Matt Am 15.07.2019 um 04:35 schrieb Jason Tjankilisan: > Hiya Matt, > > Last time I check, the selector DKIM didn’t show up either in MXLookup even > though I copy paste the name of the selector to the DNS Record. So I rename > the TXT DKIM and create new public key in the DNS Record and suddenly it > works, now my mail has DKIM and SPF Approval. > > I apologize, but apparently the private key used for SSL/TLS are not the same > as the one used in DKIM key, so my bad. That’s what caused the DKIMSign class > to have error such as “Bad Password”. That’s why I generate new one from > DKIMCore and finally it works. Took me longer than I expected to know this. > > Finally I can make the tutorial for it. > > Sorry for any wrong and thank you for the help and information. > > Sincerely, Jason > > Sent from Mail for Windows 10 > > From: cryptearth > Sent: Friday, July 12, 2019 6:10 PM > To: server-user@james.apache.org > Subject: Re: Applying JDKIM and SPF to the Mailets > > Hey Jason, > > I had to read to RFC and test a bit with google, but it seems you still > have a DNS issue: > > Your selector is: 1562899936.107 > Your domain is: pc.107.jp > > As by RFC you need to have a TXT record at: > 1562899936.107._domainkey.pc.107.jp > But when I look up this domain with ANY as type I get this: > > 1562899936.107._domainkey.pc.107.jp. 3382 IN HINFO "RFC8482" "" > > If you look at google for example, they have set thier selector to: > 20161025 and thier domain to: googlemail.com. When you lookup > 20161025._domainkey.googlemail.com you get this: > > 20161025._domainkey.googlemail.com. 300 IN TXT "k=rsa; > p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" > "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" > > So, again, it's a DNS problem. This time a missing record. That's DKIM > verify fail. > > Matt > > Am 12.07.2019 um 11:17 schrieb Jason Tjankilisan: >> Hiya Matt, >> >> Sorry took a long time to reply, was making sure that I did alli could think >> of before posting. Thank you also for providing information and the support >> given, it was really helpful. >> >> I am a part of 107.jp and indeed it was a sub-domain so im guessing the >> setting is different? I will make sure to contact my co-worker >> >> After some more testing and experimenting, I finally made some progress. I >> Successfully implement SPF (I removed the A and the Include google stuff >> from the TXT record just as you said) and it was relatively easy. But for >> the DKIM its another whole story : >> - Apparently, Letsencrypt private key used for Keystore is not the same key >> as your DKIM key (Ref: >> https://community.letsencrypt.org/t/questions-around-dkim1/43130/5 ). So I >> generate one using DKIMCore, and the error was resolved. >> - About the DNS Reverse, we try to get in contact with Contabo about the PTR >> record, so its just a matter of time I hope >> >> I still don’t understand why the DKIM Failed, But I did try to compare my >> gmail sending to my other gmail “original message” and I see that : >> - The DKIM-Signature show the “a” tag was first. According to sparkpost, “v” >> tag must be the first. >> - Im using https://tools.sparkpost.com/dkim to check if my DKIM works, but >> it say its failed even though there is DKIM Signature in the original >> messsage. >> - I checked the DNS Record using dnschecker.org and see that the selector >> TXT did not show up for the DKIM, is it supposed to be like that? Given the >> name of the TXT record must be [string]._domainkey.[host name]. >> >> Here is the “Original message” : >> //////// >> Delivered-To: jason.tjankili...@gmail.com >> Received: by 2002:ac9:7457:0:0:0:0:0 with SMTP id a23csp623112ocq; >> Fri, 12 Jul 2019 00:53:21 -0700 (PDT) >> X-Google-Smtp-Source: >> APXvYqybXnbC7NmeakiGMIFRnploRo6UI4ynHaQfAGF+TzfFYQ7CZ8S6MzoOkvVViUEMiX4idxv2 >> X-Received: by 2002:a7b:c954:: with SMTP id >> i20mr8397417wml.169.1562918001863; >> Fri, 12 Jul 2019 00:53:21 -0700 (PDT) >> ARC-Seal: i=1; a=rsa-sha256; t=1562918001; cv=none; >> d=google.com; s=arc-20160816; >> >> b=D9lB2qMK2Hz6L4hilcQmUdnlVR5gFc0q8ai+6sNdFK0yrdExHoYoIdTJ5nGJH98ScF >> >> J5iAAqMr+zNcq6er5LuUIa2FfnXZ5sIhhOq59bYSYFDZg8H9VGwDHwi9u6EPEhoX2hnK >> >> 00KZal1Mb74vHSDHlLNQSuTARlTXiR8DCkxIwajXHa9hwA4QVUOW0NZovavjsAJz8Nrz >> >> ZiK/2QHniYS88kvl3V5OnnHhptMWz+HqJuSTO4bTJj+w5LhFD2lOSPZRTGNz1/HZmPN6 >> >> xxbBk0BFkeCA6LUiQ4T6rKB7RVjqQt48zLBYdcJoRykB8b6T9l+KJnEqN6tBhwkpJqCU >> j6TQ== >> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; >> s=arc-20160816; >> h=content-language:content-transfer-encoding:user-agent:date >> :message-id:subject:from:to:mime-version:dkim-signature; >> bh=bEMak+tyBtAPfnUd01gLR+35V3jP8wbS1BA//AxN7Eo=; >> >> b=wRgD/3oj9Lexlm35bopImhQNYdMUDMis3taW2zMUnWU7wVtgZ78hb1sRZbWalbNJ8M >> >> bmDrrMkH0Cn01/H0cxkPfw1+9NwswqBjmvPs+fWCgsbG/cVRj8qSQCzWA/NCLReOkilg >> >> SXCikhs8iMWxj9LM+BftXC2+MWuBU/AO6yz9+U0rRv9dFMLLIoI7wYLPGc4rGXx8ucUA >> >> GiPNnbX3A4k9+bgNx+5tI1ZHnk1TaF9dUGRBTUqPHVnhEnQHBrsGYVqcqVKab+y37MBO >> >> Tx2Q4IWPWZJdGXZEGmNnFr5dt0Hw7PRhEsgfDx6IzdMHP7VykJ0sC7lIAMqo0u7lgeyb >> fnog== >> ARC-Authentication-Results: i=1; mx.google.com; >> dkim=fail header.i=@pc.107.jp header.s=1562899936.107 >> header.b=aNm+dozf; >> spf=pass (google.com: domain of i...@pc.107.jp designates >> 173.249.33.70 as permitted sender) smtp.mailfrom=i...@pc.107.jp >> Return-Path: <i...@pc.107.jp> >> Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) >> by mx.google.com with ESMTP id >> g1si7958555wrw.30.2019.07.12.00.53.21 >> for <jason.tjankili...@gmail.com>; >> Fri, 12 Jul 2019 00:53:21 -0700 (PDT) >> Received-SPF: pass (google.com: domain of i...@pc.107.jp designates >> 173.249.33.70 as permitted sender) client-ip=173.249.33.70; >> Authentication-Results: mx.google.com; >> dkim=fail header.i=@pc.107.jp header.s=1562899936.107 >> header.b=aNm+dozf; >> spf=pass (google.com: domain of i...@pc.107.jp designates >> 173.249.33.70 as permitted sender) smtp.mailfrom=i...@pc.107.jp >> DKIM-Signature: a=rsa-sha256; >> b=aNm+dozfytLfB/uNWlhYvu4kWF/qpna3hAolNlM8T3ebcoKpsWxZXh0c41uAhWRdsnaPXuxg2Y3AEgc1ZjkKS8LUF/zWjK93u1DdHtIpDjv4lESYP29iAWZ2OFQrJ+KCI7V9i1hB82ggoT5ThcP0IeJ03XJY7WBO+Ua2ilUhHRQ=; >> s=1562899936.107; d=pc.107.jp; v=1; >> bh=bEMak+tyBtAPfnUd01gLR+35V3jP8wbS1BA//AxN7Eo=; >> h=subject:from:to:received:dkim-signature; >> MIME-Version: 1.0 >> X-UserIsAuth: true >> Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) >> by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 567005839 >> for <jason.tjankili...@gmail.com>; >> Fri, 12 Jul 2019 09:53:20 +0200 (CEST) >> To: jason.tjankili...@gmail.com >> From: Mr Sano Mail <i...@pc.107.jp> >> Subject: SHIBA INU >> Message-ID: <7ece4147-8575-4ae8-41da-a45774d98...@pc.107.jp> >> Date: Fri, 12 Jul 2019 14:53:18 +0700 >> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 >> Thunderbird/60.7.2 >> Content-Type: text/plain; charset=utf-8; format=flowed >> Content-Transfer-Encoding: 7bit >> Content-Language: en-US >> >> SHIBAINU >> //////// >> End of “Original Message” >> >> Weird thing is that I did put the “v” tag in the first in the signature >> template. >> >> <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign"> >> <signatureTemplate>v=1; s=1562899936.107._domainkey.pc.107.jp; >> d=pc.107.jp; h=subject:from:to:received; a=rsa-sha256; bh=; b=; >> </signatureTemplate> >> <privateKey> >> [Privkeyhere] >> </privateKey> >> </mailet> >> >> Can someone help me on this one or maybe pinpoint me to any direction? >> >> Thank you and sorry for any wrong word. >> >> Sincerely, Jason. >> >> Sent from Mail for Windows 10 >> >> From: cryptearth >> Sent: Wednesday, July 10, 2019 1:13 PM >> To: server-user@james.apache.org >> Subject: Re: Applying JDKIM and SPF to the Mailets >> >> Hey Jason, >> >> I have a guess in the blue: You're try to use a sub-domain / third-level >> domain. >> >> As Whois shows up, the main domain is just 107.jp. You are try to use >> the sub-domain pc.107.jp. So, there has to be a few extras to be >> tweaked. Using CloudFlare shouldn't matter. In fact, I guess this is >> beneficial cause they know thier stuff and support should be able to >> help to to clean it up. >> The main question is: Are you part of 107.jp or is pc.107.jp it's own >> thing not really related to 107.jp? >> >> I took a try to read out your DNS: "v=spf1 a +ip4:173.249.33.70 >> include:_spf.google.com ~all" - this doesn't seem right. >> First: there is A as an IPv4 already set - no need for adding it again. >> SPF is designed so if another record(-type) is referenced it has to be >> resolved. So, by adding A to SPF this already resolves to >> ip4:173.249.33.70 - it should be fine if only A or the ip is present. >> Also, as MX is also pc.107.jp it should be possible to use MX instead of A. >> >> 173.249.33.70 PTR to vmi269656.contaboserver.net - a domain belong to a >> german company Contabo GmbH - this doesn't match neither google nor >> cloudflare. So having _spf.google.com in your SPF record doesn't make >> sense as you don't use googles mail servers but your own. >> >> There's a lot that just doesn't add/match up - wich on the other side >> could be the reason why google flags your mail as spam. As this contabo >> thing looks like a v-host or some those lines it should be possible to >> set a correct PTR in control panel or ask support if it's possible. >> Correct DNS records and also matching PTR is a important part for >> correct working mail server. I also ran it against my fav tools >> mxtoolbox and dnsstuff - mxtoolbox didn't show any issues - but dnsstuff >> failed straight away as pc.107.jp isn't a correct implemented sub-level >> domain on it's own (misses SOA record and mostly isn't it's own zone) - >> so reverse checking this stuff (wich maybe done by google) has this >> "somethings not right here"-smell - wich google could take as a reason >> "wait, this doesn't add up here - most likely spam from a gone wild >> server". There's a lot to be fixed to "clean it up" - I guess it >> couldn't hurt to ask google support directly. Maybe they can provide an >> explain why the thing your mail is spam and could give advice to set it up. >> >> I can only help so far as I started with a proper set up sub-domain >> before I set up my own - the admin really knew what he's doin and the >> DNS service he used, although not so cool webinterface, has good support >> helping out by setting up stuff like sub-domains and such. Also the >> server-provider he used offered fine detail on setting PTR so reverse >> also worked. >> >> Guess there's not much this mailing list could help as it seems it's not >> the fault of the James software but on DNS and domain stuff only support >> of domain registrar can help. Try to ask them and google for advice. >> >> Matt >> >> Am 10.07.2019 um 05:37 schrieb Jason Tjankilisan: >>> Hiya Matt, >>> >>> Once again, Thank you very much for the information and reminding me, I >>> always forgot that you did mention that in the previous thread and I always >>> forgot to take note on that. I will try to check the DNS. >>> >>> So I sended a mail from thunderbird to my gmail and it goes to spam, so >>> here’s the of the “Original Message” of the mail: >>> --Starts of Original message-- >>> Delivered-To: pochuf...@gmail.com >>> Received: by 2002:a2e:a308:0:0:0:0:0 with SMTP id l8csp8462142lje; >>> Tue, 9 Jul 2019 19:33:55 -0700 (PDT) >>> X-Google-Smtp-Source: >>> APXvYqz2Pvu7dnv1bNtBtkjraYHKl+VdAxxe6+MyZLxqGuajgEZz5FSJ7lblFfGiOnxW28OiQmBd >>> X-Received: by 2002:a05:6000:9:: with SMTP id >>> h9mr1329142wrx.271.1562726035666; >>> Tue, 09 Jul 2019 19:33:55 -0700 (PDT) >>> ARC-Seal: i=1; a=rsa-sha256; t=1562726035; cv=none; >>> d=google.com; s=arc-20160816; >>> >>> b=hxt9MA20Il62uGMvpeoIKYM7NvUS69phJNlI2EtRzKHZ1pxSmmmHEkNbet+ox+qyXl >>> >>> xH25lbOW73Z9Z03GFQZ7TDPp0tRC2dgB+cFQUxN4xrYveEDFpfIH0oIeqOYhr+p0Bwi0 >>> >>> 50vEC39FMNpxuvVoKWdt219JU3cGaCtpbkdmql0W33rvQQjttgJhkbEBy4/niSqKMR8F >>> >>> s3waE7r1MzHkAPVdZpU0NDnJjJM6uY5Mq37KiALOkQfWg2Sn8ZpN9BV+BeFlcdbNo9kL >>> >>> aDHi33veJ41o1vZndh1VJGypXMgxriyV7REMQBg3J5NS72cj4guaf5q7bWM1rjn6I406 >>> gTKA== >>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; >>> s=arc-20160816; >>> h=content-language:content-transfer-encoding:user-agent:date >>> :message-id:subject:from:to:mime-version; >>> bh=5wfo1H+29jHo4uhiLLqayCA+TQbQEzg1BJDlbD3Zqv8=; >>> >>> b=fTx9CRHmU7CPabrGxTB1TW7g7CoS2X6Q2vXogTKnwwY2EbZ6KfllSJkj2OD0WFC+2e >>> >>> niYXcqouoFoXsxZbBDDqNlwr8rq2wa2OsuwLVsEAnXzGKyFppjW0bGm6lU9IDxZIfcr7 >>> >>> i5vqBAGsjdVwyr3TvVxPZaIoyh/ySeB44drESxcnTZFa9tkiNxgvMKTkpl6GQfvZJICl >>> >>> KZd8VzHBFOGHa4T4ov6oXhX5PuqdFQz7FSuQrzra2xP35cj575vTGWKLo7QSpyZibzvy >>> >>> nPmWwoM+/3UZbBJStASz2dglpsJZpAn3NTfBAqfRRd/TVmBXlcfeWVvUNpqTUY5oao+m >>> 32iA== >>> ARC-Authentication-Results: i=1; mx.google.com; >>> spf=neutral (google.com: 173.249.33.70 is neither permitted nor >>> denied by best guess record for domain of i...@pc.107.jp) >>> smtp.mailfrom=i...@pc.107.jp >>> Return-Path: <i...@pc.107.jp> >>> Received: from pc.107.jp (vmi269656.contaboserver.net. [173.249.33.70]) >>> by mx.google.com with ESMTP id >>> l3si735050wrw.0.2019.07.09.19.33.55 >>> for <pochuf...@gmail.com>; >>> Tue, 09 Jul 2019 19:33:55 -0700 (PDT) >>> Received-SPF: neutral (google.com: 173.249.33.70 is neither permitted nor >>> denied by best guess record for domain of i...@pc.107.jp) >>> client-ip=173.249.33.70; >>> Authentication-Results: mx.google.com; >>> spf=neutral (google.com: 173.249.33.70 is neither permitted nor >>> denied by best guess record for domain of i...@pc.107.jp) >>> smtp.mailfrom=i...@pc.107.jp >>> MIME-Version: 1.0 >>> X-UserIsAuth: true >>> Received: from 103.121.18.42 (EHLO [192.168.100.26]) ([103.121.18.42]) >>> by pc.107.jp (JAMES SMTP Server ) with ESMTPA ID 51347993 >>> for <pochuf...@gmail.com>; >>> Wed, 10 Jul 2019 04:33:55 +0200 (CEST) >>> (*Header right here*) >>> To: pochuf...@gmail.com >>> From: Mr Sano Mail <i...@pc.107.jp> >>> Subject: Test Send With Thunderbird >>> Message-ID: <dace3df1-b5af-5d52-e3a2-413aed2a8...@pc.107.jp> >>> Date: Wed, 10 Jul 2019 09:33:54 +0700 >>> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 >>> Thunderbird/60.7.2 >>> Content-Type: text/plain; charset=utf-8; format=flowed >>> Content-Transfer-Encoding: 7bit >>> Content-Language: en-US >>> >>> Test Send With Thunderbird, will it goes to spam? >>> --End of Original Message— >>> >>> I just notice that the SPF said NEUTRAL instead of PASS (I check random >>> mail from my inbox and compare see what’s different). So im guessing I have >>> to make the SPF say PASS. >>> >>> For the DNS Record, I will consult my partner since he’s the one who set up >>> the MX Record and all that stuff (We use Cloudflare as the mail server). >>> >>> I will post the result of trying to configuring the DNS Record. As for the >>> DKIM Mailet, I have removed it for now and just leave the ConvertTo7Bit >>> Mailet for now (The header said the Encoding is 7 bit, it must’ve worked). >>> It still produces the “Bad Decryption Password” error and >>> mailetcontainer.xml doesn’t allow “--” to be in the comment. >>> >>> Thank you for the help and sorry for any wrong word. >>> >>> Sincerely, Jason >>> >>> Sent from Mail for Windows 10 >>> >>> From: cryptearth >>> Sent: Wednesday, July 10, 2019 2:33 AM >>> To: server-user@james.apache.org >>> Subject: Re: Applying JDKIM and SPF to the Mailets >>> >>> Hey Jason, >>> >>> as said earlier: If Google is marking your mails as spam that's most >>> likely issue with DNS. Neither DKIM nor SPF is needed, Google uses a >>> "soft-ignore" policy wich, when no information can be obtained, ignores it. >>> >>> SPF is set in the zone file belong to your domain, there's no need for >>> any config related in James (config is only needed if you want to check >>> incoming mail). A correct SPF record is a TXT record on the domain level >>> noting every allowed mail server. For my domain cryptearth.de my SPF is >>> this: >>> >>> "v=spf1 +ip4:213.211.219.9 +ip4:91.121.4.115 +ip6:2001:41d0:1:5773::1 -all" >>> as TXT record directly in the main zone cryptearth.de. >>> v=spf1 - that's the SPF marker >>> +ip4 / +ip6 - these IPv4/v6 remote hosts are allowed >>> -all - all other remote hosts are not allowed >>> >>> If your domain doesn't have any TXT record begin with v=spf1 Google just >>> ignore the SPF check. Same goes for DKIM: if you don't provide DKIM >>> Google ignores to check it. If your mail still get flagged as spam this >>> could be reason by: >>> >>> - the mail server has no / an invalid PTR record >>> - the mail server is located in a dial-up range >>> - other DNS records doesn't match needed >>> >>> To help it could be helpful to show us the header of a mail that's >>> marked as spam by google - we then can try to analyze if we found any >>> issues. >>> This is an example for my webserver send with php mail() function > >>> dropped into sendmail nullclient > forwarded to james > send to google >>> (I marked the headers): >>> >>> // all here until return-path header is google internal stuff >>> Delivered-To: cryptea...@gmail.com >>> Received: by 2002:a4f:6e52:0:0:0:0:0 with SMTP id j79csp7648569ivc; >>> Tue, 9 Jul 2019 12:23:31 -0700 (PDT) >>> X-Google-Smtp-Source: >>> APXvYqxFdrccZnMMbSgzmSSr2YFUZ23iQA0se2sQVtyWuH5h/msfARkXQzD5JQP/j7z0vfw5NlOP >>> X-Received: by 2002:adf:e8cb:: with SMTP id >>> k11mr26007187wrn.244.1562700211239; >>> Tue, 09 Jul 2019 12:23:31 -0700 (PDT) >>> ARC-Seal: i=1; a=rsa-sha256; t=1562700211; cv=none; >>> d=google.com; s=arc-20160816; >>> b=CW95ECbinyXl5+I6Dmh3AYViWiGAnzsEHq149ZQBGjstvPEVzaAoRojjPoFw2wmoKZ >>> eiDn7C/4R3Ee1NoiavjUKWZrQiQHjsvvf2f3eO5c0kNmFm1BBjqQUj9ibmIOIuZcGdjS >>> HCCsdazTSJFJwj+HqkIJQQqCO4yJ8YJ8zVSmyWef7GuVtG9bWcqXK0GYSuC8o4KdDLrn >>> zoGZQbE/6Bxt2JF9A9hF9BHa0pGdoWM4vKQWg3p2KgmZ58ckBBADCjtXMpv+zxlzzgE3 >>> Qhl0Eal8blMPymECdkUAzSKZVmxDUYzQuBHql079UJQJsnOq+Mk3wANsrazX6FHF7C2k >>> nYBg== >>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; >>> d=google.com; s=arc-20160816; >>> h=subject:to:message-id:from:date; >>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; >>> b=YxxdpYMPG/GWtkqztwbHHI8T3Joli6if1Y3/jl5tNxTYtu1571oCEk/UhhUuqjOwtA >>> cGN8+H/y4wEAnpuAioqhYeMCp8RbxXLCE2MVnYyGY/GUkz8PvFxV+1zcelW+xRQwdj+A >>> +aFjWnZP9xmH1UThe6FDnUVdPu1txs2fgE6Euu2NFPJuyGovD0zwL2+xFqnNZXE4QBrb >>> 5KTkNx9h5Q7cu+XUiQeVFYJjico6P87UPUJXoVYrAVxwF6CtLKPgzn1I8iaIySiJF+xl >>> FlXQD+8OIcQhkVka6/xQMZNEfyYZiI+CanAKzR3vyYyvUbdWapWD4+DiSyw0iygn3tEs >>> 7AUQ== >>> ARC-Authentication-Results: i=1; mx.google.com; >>> spf=pass (google.com: domain of webmas...@cryptearth.de >>> designates 91.121.4.115 as permitted sender) >>> smtp.mailfrom=webmas...@cryptearth.de >>> >>> // google main mail server receives mail from James on my root and >>> checks SPF >>> Return-Path: <webmas...@cryptearth.de> >>> Received: from cryptearth.de (cryptearth.de. [91.121.4.115]) >>> by mx.google.com with ESMTPS id >>> s84si2873797wmf.151.2019.07.09.12.23.30 >>> for <cryptea...@gmail.com> >>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); >>> Tue, 09 Jul 2019 12:23:31 -0700 (PDT) >>> Received-SPF: pass (google.com: domain of webmas...@cryptearth.de >>> designates 91.121.4.115 as permitted sender) client-ip=91.121.4.115; >>> Authentication-Results: mx.google.com; >>> spf=pass (google.com: domain of webmas...@cryptearth.de >>> designates 91.121.4.115 as permitted sender) >>> smtp.mailfrom=webmas...@cryptearth.de >>> >>> // james getting mail forwarded from sendmail nullclient >>> Received: from localhost (EHLO root1.cryptearth.de) ([127.0.0.1]) >>> by root1 (JAMES SMTP Server ) with ESMTP ID -1249001323 >>> for <cryptea...@googlemail.com>; >>> Tue, 09 Jul 2019 21:23:30 +0200 (CEST) >>> >>> // sendmail >>> Received: (from wwwrun@localhost) by root1.cryptearth.de >>> (8.15.2/8.15.2/Submit) id x69JNUWS017954; Tue, 9 Jul 2019 21:23:30 +0200 >>> >>> // mail header generated by php mail() >>> Date: Tue, 9 Jul 2019 21:23:30 +0200 >>> From: webmas...@cryptearth.de >>> Message-Id: <201907091923.x69jnuws017...@root1.cryptearth.de> >>> To: cryptea...@googlemail.com >>> Subject: test >>> >>> test >>> // EOF >>> >>> So, to get mail received by google without spam flag, all I had to do is >>> to setup my DNS records correctly - the only config I did in James is to >>> enable StartTLS on remoteDelievery - but this isn't needed. >>> >>> Matt >>> >>> Am 09.07.2019 um 21:04 schrieb Jason Tjankilisan: >>>> Hiya Tellier, >>>> >>>> So lately I’ve tried some things to apply DKIM and I finally making some >>>> progress. >>>> >>>> First of all I apologize for the confusion, mainly because I still trying >>>> to figure things out how everything works (James , Mailet and Matcher and >>>> etc). >>>> >>>> I just discovered that you just need to download the zip files from : >>>> https://james.apache.org/download.cgi#Apache_jDKIM and then extract the >>>> jar file inside the lib directory to james/lib to use ConvertTo7Bit and >>>> DKIMSign class. So that;s one problem solved. >>>> >>>> Im guessing that since the tutorial ( >>>> https://james.apache.org/jdkim/mailets/index.html ) said that you must >>>> convert it to 7 bit and sign the DKIM right before the mail is sended, I >>>> need to find which mailet has the function to send the mail to put the >>>> DKIM and 7Bit Mailet before that sending mailet. To my surprise when you >>>> explain a bit about the matcher, I didn’t know that matcher has anything >>>> to do with the DKIM, so definitely gonna try to mess and read it when I >>>> had the time. >>>> (After checking out the thread, I found this >>>> https://www.mail-archive.com/server-user@james.apache.org/msg11597.html to >>>> help me understand where to put it) >>>> >>>> What I try for the mailet last time is putting these lines after the >>>> “RemoteDelivery” class mailet in processor state = “transport”, I will try >>>> to put it before the “RemoteDelivery” and post the result in reply. >>>> >>>> <mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"> >>>> </mailet> >>>> >>>> <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign"> >>>> <signatureTemplate>v=1; s=selector; d=pc.107.jp; >>>> h=from:to:subject:received; a=rsa-sha256; bh=; b=; </signatureTemplate> >>>> <privateKey> >>>> -----BEGIN RSA PRIVATE KEY----- >>>> [Private Key Here in PEM Format] >>>> -----END RSA PRIVATE KEY----- >>>> </privateKey> >>>> <privateKeyPassword> >>>> testpassword >>>> </privateKeyPassword> >>>> </mailet> >>>> >>>> But when I try to run it, it produces some error Saying the cannot create >>>> the RSA Private key because bad decryption password : >>>> https://www.dropbox.com/s/b3gnc3894zn57fb/JamesError-CannotCreateRSAKey.txt?dl=0 >>>> >>>> I created the private key using Letsencrypt and the file type is pem. I >>>> copy paste the content into the <privateKey> just as the tutorial did, but >>>> maybe something wrong with my private key (I think? It works for my SMTP >>>> and IMAP server so I doubt that) can you/anyone tell me what causing this >>>> error? >>>> >>>> Just a little more and I’ll be able to implement DKIM and SPF to my mail >>>> so finally google don’t take it as spam. >>>> >>>> Last time I try to build with the mvn clean install ( Following this >>>> https://nozaki.me/roller/kyle/entry/configuring-james-to-sign-dkim ), the >>>> james-jdkim yield a lot of error since I never used maven myself, so I >>>> guess im gonna skip that one and try it some other time. >>>> >>>> Lastly, thank you for the help and response, it give me some answer to the >>>> problem I had right now, I will probably reply to my own mail if I did >>>> found the solution or someone else. >>>> >>>> Again, thank you for the help and sorry for any wrong word. >>>> >>>> Sincerely, Jason >>>> >>>> Sent from Mail for Windows 10 >>>> >>>> From: Tellier Benoit >>>> Sent: 09 July 2019 21:54 >>>> To: server-user@james.apache.org >>>> Subject: Re: Applying JDKIM and SPF to the Mailets >>>> >>>> Hi Jason, >>>> >>>> I will try to answer your questions: >>>> >>>> 1. I don't really understand the question. >>>> >>>> You can use matcher to apply actions to emails matching certain >>>> conditions. For instance, upon signing a mail for DKIM, you want to sign >>>> it when the sender is local and authenticated, just before >>>> RemoteDelivery. Combining `SenderIsLocal` with `SmtpAuthSuccessFull` and >>>> the like will do the trick - while all incoming traffic from a non >>>> trusted source needs to be DKIM validated. Again playing with matchers >>>> within mailetcontainer.xml will be needed to do what you want. >>>> >>>> 2. I don't know the state of the DKIM status in JAMES Spring packaging. >>>> Probably not working (version clashes). >>>> >>>> No additional jar is required with Guice packaging. >>>> >>>> 3. What makes you believe this? >>>> >>>> 4. mvn clean install + look in target directories >>>> >>>> Hope it helps. >>>> >>>> Benoit >>>> >>>> On 08/07/2019 05:30, Jason Tjankilisan wrote: >>>>> Hi, >>>>> >>>>> Sorry for the frequent asking but I just hit dead end with the DKIM >>>>> config. >>>>> https://james.apache.org/jdkim/mailets/index.html -> so I just read this >>>>> as my tutorial guidelines to apply DKIM to my mail. From what I >>>>> understand, that the mail needed to be converted to 7 bit before being >>>>> Sign by DKIM and the DKIM mailet has to be the last one. I guess I need >>>>> to do DKIM so my mail has less chance of getting into SPAM + request. >>>>> >>>>> So I downloaded the James JDKIM from this one : >>>>> https://github.com/apache/james-jdkim >>>>> And take the DKIMSign.java and ConvertTo7Bit.java and my >>>>> CustomMeiletTest.java (I need to use ANT cause request) and build those 3 >>>>> using ANT so they become 1 jar file. But as expected, the file wont >>>>> compile because some missing files from james/lib (probably didn’t have >>>>> JDKIM Library from the start) >>>>> >>>>> So I download the library from here : >>>>> https://james.apache.org/download.cgi#Apache_jDKIM and I extract the >>>>> apache-jdkim-library-0.2.jar and apache-jdkim-mailets-0.2.jar from the >>>>> /lib and put it on james/lib/ and try to compile it. But it still missing >>>>> some library. >>>>> I also downloaded this jar files http://www.badpenguin.co.uk/dkim/ and >>>>> put it on james/lib and nothing works also. >>>>> >>>>> For the SPF I there;s already one inside james/lib folder named : >>>>> apache-jspf-resolver-1.0.1.jar so I guess I don’t need to find for SPF >>>>> library and just use it in the mailetcontainer.xml as you mentioned it in >>>>> the last mail (haven’t tried since it since I didn’t found anything >>>>> related how to use the SPF, but will search more) >>>>> >>>>> So my question is : >>>>> 1. How do I know what is the sending mailet and receiveing mailet? So I >>>>> can put the DKIMSign Mailet before the sending mailet. (Im guessing the >>>>> 2. From the https://james.apache.org/download.cgi#Apache_jDKIM, should I >>>>> also put the Javadoc, source sources also in james/lib? >>>>> 3. Am I adding the wrong library or misunderstood the procedure of adding >>>>> DKIM and SPF mailets? I really need to know this so I can document this >>>>> and make a tutorial full from setting apache James to adding DKIM and SPF. >>>>> 4. Should I really needed the https://github.com/apache/james-jdkim ? all >>>>> of it was a java files, and I don’t know how to turn all of them into 1 >>>>> jar so I can use as library I think? >>>>> >>>>> Im sorry for the lack of understanding and any wrong work, I hope it >>>>> wasn’t too much. >>>>> >>>>> thank you for the help. >>>>> >>>>> Sincerely, Jason >>>>> >>>>> Sent from Mail for Windows 10 >>>>> >>>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>>> For additional commands, e-mail: server-user-h...@james.apache.org >>>> >>>> >>>> >>>> >>>> --- >>>> This email has been checked for viruses by AVG. >>>> https://www.avg.com >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>> For additional commands, e-mail: server-user-h...@james.apache.org >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> For additional commands, e-mail: server-user-h...@james.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
