I want to setup a cert for each client with lets so there is no issue with some other problems I have but not sure if you can have multiple cert on dovecote and qmail.
> Il giorno 27 ago 2019, alle ore 21:04, ChandranManikandan <kand...@gmail.com> > ha scritto: > > > Hi Friends, > > As per Andrew stats, i have checked all those points in my server. > I have installed letsencrypt certificate in past two years without any issue > and spf record validated and configured on the DNS server. > DKIM also installed on my server well. > > When users send an email to gmail, some emails are going to inbox and some > going to spam with the same my domain. > > I have no clue to setup the dmarc record in the dns server. > > Could anyone help me for the process of creating dmarc record. > Do i need to create my server or dns server. > > My domain result for the reputation. > > MEDIUM REPUTATION > Not suspicious. We have not seen any direct references to this email address, > but the sender domain is highly reputable, and the email is deliverable. > We've observed no malicious or suspicious activity from this address. > > curl emailrep.io/m...@panasiagroup.net > { > "email": "x...@xxx.net", > "reputation": "medium", > "suspicious": false, > "references": 0, > "details": { > "blacklisted": false, > "malicious_activity": false, > "malicious_activity_recent": false, > "credentials_leaked": false, > "credentials_leaked_recent": false, > "data_breach": false, > "first_seen": "never", > "last_seen": "never", > "domain_exists": true, > "domain_reputation": "high", > "new_domain": false, > "days_since_domain_creation": 5524, > "suspicious_tld": false, > "spam": false, > "free_provider": false, > "disposable": false, > "deliverable": true, > "accept_all": false, > "valid_mx": true, > "spoofable": true, > "spf_strict": true, > "dmarc_enforced": false, > "profiles": [] > } > } > > Appreciate of all your supporting. > >> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz <awswa...@acsalaska.net> wrote: >> This seems an issue mostly with server "suspiciousness", of which >> reputation is a component. >> >> Of the factors effecting suspiciousness, only two are local to the smtp >> server: >> 1. DKIM signatures >> 2. TLS certificates >> >> To address these, confirm that both are working properly: >> 1. DKIM: send an email to a "dkim reflector" and then examine the email >> you get back. This pages discusses: >> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html >> >> 2. Use a proper TLS certificate. By proper, I mean one that verifies. >> Therefore you need to either purchase one or use "Let's Encrypt". I've >> been using Lets Encrypt certs for the last year without any problems. >> Setting up the client is not difficult, and it subsequently auto-renews >> every 60 days. >> >> The remaining factors are outside your server, but just as important: >> 1. Reverse-DNS yields same result as the domain MX record. This is >> known as FCRDNS (forward-confirmed reverse DNS). Additionally, that >> result must not resemble a dynamic IP address (i.e. have the IP address >> in the domain name). >> 2. SPF is properly set up. >> 3. DMARC set up and working properly. >> 4. Age of the domain name. If created recently, that looks bad. >> 5. Presence of IP on blacklists. That is not hard to check. If you >> acquired an IP recently, it's former owner may have earned it a place on >> a blacklist. Easiest fix for that seems to be to get a different IP. >> >> I'm curious to hear what others might add to this. >> >> A good place for ideas is to browse through the spamdyke.conf file and >> think about all of the things it checks. Gmail is certainly using >> similar data points, but with neural network analysis rather than simple >> pass/fail rules. >> >> For those who have set up a second server to test things, there is a >> good chance something above is not set up or does not support the new >> server. Gone are the days when you can bring a new parallel server >> online and start sending mails immediately. There are lots of "i's" to >> dot and "t's" to cross before other servers will confidently accept your >> mail. >> >> Another thought: >> https://emailrep.io/ will give you a report about an email ADDRESS's >> reputation. It is interesting. Here is the result for mine (I replaced >> my email address for posting): >> >> curl emailrep.io/first.l...@example.tld >> { >> "email": "first.l...@example.tld", >> "reputation": "low", >> "suspicious": true, >> "references": 1, >> "details": { >> "blacklisted": false, >> "malicious_activity": false, >> "malicious_activity_recent": false, >> "credentials_leaked": false, >> "credentials_leaked_recent": false, >> "data_breach": false, >> "first_seen": "never", >> "last_seen": "never", >> "domain_exists": true, >> "domain_reputation": "low", >> "new_domain": false, >> "days_since_domain_creation": 5654, >> "suspicious_tld": false, >> "spam": false, >> "free_provider": false, >> "disposable": false, >> "deliverable": false, >> "accept_all": false, >> "valid_mx": true, >> "spoofable": false, >> "spf_strict": true, >> "dmarc_enforced": true, >> "profiles": [] >> } >> } >> >> >> Though my domain and address are over 10 years old and never been >> blacklisted, the address gets a "low" reputation. I'm quite sure that >> is because it has determined that my email address cannot accept emails. >> But it is incorrect. After testing it a few times, I'm fairly >> confident that it decides that mostly because it tries to connect to my >> server from smtp25a.kickboxio.net, whose IP (72.249.58.154) is blocked >> by Spamdyke due to being on some blacklist. Therefore it concludes that >> I'm "risky". Also, they feel the risk is increased because my email has >> never been seen on social media, in credential breaches, etc. But I >> feel it is a triumph that I've kept my email address off of places where >> spammers harvest addresses. >> >> Gmail is almost certainly considering all these factor and many more in >> deciding whether an email is rejected, sent to spam folder, or sent to >> inbox. That said, my wife uses gmail and we send numerous emails back >> and forth daily without any problem. >> >> It used to be that setting up an smtp server was the hard part of >> running your own server. But times have changed, and now factors >> external to your network seem far more complicated and consequential >> than the server itself. >> >> Again, I'm curious to hear other people thoughts. >> >> >> -Andy >> >> PS: regarding the question of multiple certs, I do not see how that >> could work on the toaster. And in general, smtp does not work that way. >> The cert merely needs to be for the domain name pointed to by the MX >> record of the destination domain. There is no requirement that the >> destination domain be the name on the server certificate. Thus numerous >> virtual domains all have MX records which point to the same server; that >> server's cert merely needs to be for its own domain name, not those of >> all its virtual domains. For incoming mail, when connecting to a server >> and upgrading an smtp connection to a STARTTLS session, I don't think >> that the STARTTLS command has a way to specify the destination address's >> domain. That would need to happen for a server to know which >> certificate to use. For outgoing mail, it is theoretically easy to do, >> but someone would need to write a qmail patch to implement it. >> >> DKIM works differently: each virtual domain has it's own dkim signing >> key. The toaster supports that, but it must be done manually (i.e. it >> does not occur when creating domains with vqadmin). Adding that >> functionality into vqadmin might be a good project for someone. >> >> I did not intend for this to be so long. It just happened. >> >> >> >> >> >> >> >> >> On 8/26/2019 11:05 PM, Remo Mattei wrote: >> > Ok guys.. needs some suggestions.. >> > I found out that the client (apple Mail) does not honor the DKIM since >> > gmail said failed. I tested with Outlook and web round cube and that >> > does pass the email DKIM and the message does not go into the spam >> > folder in fact. >> > >> > Any help will be great.. I also wonder if there is a way to setup >> > multiple certs for the SMTP (per domain). >> > >> > Remo >> > >> >> On Aug 26, 2019, at 12:03, Tahnan Al Anas <tah...@gmail.com >> >> <mailto:tah...@gmail.com>> wrote: >> >> >> >> Basically Gmail put mail in spam folder for various reasons, I have >> >> found after hosing new domain in my qmail server, I need to check spf, >> >> dkim dmarc settings, even if all are ok, still gmail sent mail to spam >> >> folder, I need to check reverse forward record and also need to work >> >> to improve domain reputation, this is not an issue with qmail server, >> >> rather it is related with gmail's filtering. You have to work to >> >> improve server and domain's reputation for that. >> >> >> >> Sometime I chat with google to get my other domain's mail in inbox by >> >> sending them to gsuite account. >> >> >> >> >> >> -- >> >> -- >> >> >> >> Best Regards >> >> Muhammad Tahnan Al Anas >> >> >> >> >> >> On Mon, Aug 26, 2019 at 11:01 PM Eric Broch <ebroch.w...@gmail.com >> >> <mailto:ebroch.w...@gmail.com>> wrote: >> >> >> >> Create a google (gmail) account if you don't have one. Send an >> >> email to that account from the postmaster of the problematic >> >> domain. Open message, go to three vertical dots to the upper right >> >> of the interface, find 'show original', there you will see why >> >> gmail spammed your message. >> >> >> >> On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei <r...@mattei.org >> >> <mailto:r...@mattei.org>> wrote: >> >> >> >> I just tested and I built a new qmail box >> >> >> >> >> >> qmail-1.03-3.1.qt.el7.x86_64 >> >> >> >> The other two boxes >> >> With >> >> qmail-1.03-3.1.qt.el7.x86_64 >> >> qmail-1.03-3.1.qt.el7.x86_64 >> >> >> >> So when sending from the new env which does not have any load >> >> no production etc.. the gmail gets the message in the inbox >> >> from the other two I get the msg on the spam folder.. I >> >> wonder.. how is Google…. Check the messages.. The new box I >> >> have even a domain called testdomain.com >> >> <http://testdomain.com/> which it’s bogus!! But still in the >> >> inbox. >> >> >> >> Any tips? >> >> >> >> Thanks >> >> >> >>> On Aug 25, 2019, at 21:10, ChandranManikandan >> >>> <kand...@gmail.com <mailto:kand...@gmail.com>> wrote: >> >>> >> >>> Hi Folks, >> >>> >> >>> Emails are delivering to the spam or junk folder when users >> >>> send to the recipients. >> >>> Mostly it's all public domain like gmail,yahoo etc.. >> >>> How to fix this issue in our server. >> >>> Am using Centos 6 32 bit with qmailtoaster. >> >>> Could anyone help me. >> >>> >> >>> -- >> >>> */Regards, >> >>> Manikandan.C >> >>> /* >> >> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> > > > -- > Regards, > Manikandan.C
--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com