I want to setup a cert for each client with lets so there is no issue with some
other problems I have but not sure if you can have multiple cert on dovecote
and qmail.
> Il giorno 27 ago 2019, alle ore 21:04, ChandranManikandan <kand...@gmail.com>
> ha scritto:
>
>
> Hi Friends,
>
> As per Andrew stats, i have checked all those points in my server.
> I have installed letsencrypt certificate in past two years without any issue
> and spf record validated and configured on the DNS server.
> DKIM also installed on my server well.
>
> When users send an email to gmail, some emails are going to inbox and some
> going to spam with the same my domain.
>
> I have no clue to setup the dmarc record in the dns server.
>
> Could anyone help me for the process of creating dmarc record.
> Do i need to create my server or dns server.
>
> My domain result for the reputation.
>
> MEDIUM REPUTATION
> Not suspicious. We have not seen any direct references to this email address,
> but the sender domain is highly reputable, and the email is deliverable.
> We've observed no malicious or suspicious activity from this address.
>
> curl emailrep.io/m...@panasiagroup.net
> {
> "email": "x...@xxx.net",
> "reputation": "medium",
> "suspicious": false,
> "references": 0,
> "details": {
> "blacklisted": false,
> "malicious_activity": false,
> "malicious_activity_recent": false,
> "credentials_leaked": false,
> "credentials_leaked_recent": false,
> "data_breach": false,
> "first_seen": "never",
> "last_seen": "never",
> "domain_exists": true,
> "domain_reputation": "high",
> "new_domain": false,
> "days_since_domain_creation": 5524,
> "suspicious_tld": false,
> "spam": false,
> "free_provider": false,
> "disposable": false,
> "deliverable": true,
> "accept_all": false,
> "valid_mx": true,
> "spoofable": true,
> "spf_strict": true,
> "dmarc_enforced": false,
> "profiles": []
> }
> }
>
> Appreciate of all your supporting.
>
>> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz <awswa...@acsalaska.net> wrote:
>> This seems an issue mostly with server "suspiciousness", of which
>> reputation is a component.
>>
>> Of the factors effecting suspiciousness, only two are local to the smtp
>> server:
>> 1. DKIM signatures
>> 2. TLS certificates
>>
>> To address these, confirm that both are working properly:
>> 1. DKIM: send an email to a "dkim reflector" and then examine the email
>> you get back. This pages discusses:
>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>>
>> 2. Use a proper TLS certificate. By proper, I mean one that verifies.
>> Therefore you need to either purchase one or use "Let's Encrypt". I've
>> been using Lets Encrypt certs for the last year without any problems.
>> Setting up the client is not difficult, and it subsequently auto-renews
>> every 60 days.
>>
>> The remaining factors are outside your server, but just as important:
>> 1. Reverse-DNS yields same result as the domain MX record. This is
>> known as FCRDNS (forward-confirmed reverse DNS). Additionally, that
>> result must not resemble a dynamic IP address (i.e. have the IP address
>> in the domain name).
>> 2. SPF is properly set up.
>> 3. DMARC set up and working properly.
>> 4. Age of the domain name. If created recently, that looks bad.
>> 5. Presence of IP on blacklists. That is not hard to check. If you
>> acquired an IP recently, it's former owner may have earned it a place on
>> a blacklist. Easiest fix for that seems to be to get a different IP.
>>
>> I'm curious to hear what others might add to this.
>>
>> A good place for ideas is to browse through the spamdyke.conf file and
>> think about all of the things it checks. Gmail is certainly using
>> similar data points, but with neural network analysis rather than simple
>> pass/fail rules.
>>
>> For those who have set up a second server to test things, there is a
>> good chance something above is not set up or does not support the new
>> server. Gone are the days when you can bring a new parallel server
>> online and start sending mails immediately. There are lots of "i's" to
>> dot and "t's" to cross before other servers will confidently accept your
>> mail.
>>
>> Another thought:
>> https://emailrep.io/ will give you a report about an email ADDRESS's
>> reputation. It is interesting. Here is the result for mine (I replaced
>> my email address for posting):
>>
>> curl emailrep.io/first.l...@example.tld
>> {
>> "email": "first.l...@example.tld",
>> "reputation": "low",
>> "suspicious": true,
>> "references": 1,
>> "details": {
>> "blacklisted": false,
>> "malicious_activity": false,
>> "malicious_activity_recent": false,
>> "credentials_leaked": false,
>> "credentials_leaked_recent": false,
>> "data_breach": false,
>> "first_seen": "never",
>> "last_seen": "never",
>> "domain_exists": true,
>> "domain_reputation": "low",
>> "new_domain": false,
>> "days_since_domain_creation": 5654,
>> "suspicious_tld": false,
>> "spam": false,
>> "free_provider": false,
>> "disposable": false,
>> "deliverable": false,
>> "accept_all": false,
>> "valid_mx": true,
>> "spoofable": false,
>> "spf_strict": true,
>> "dmarc_enforced": true,
>> "profiles": []
>> }
>> }
>>
>>
>> Though my domain and address are over 10 years old and never been
>> blacklisted, the address gets a "low" reputation. I'm quite sure that
>> is because it has determined that my email address cannot accept emails.
>> But it is incorrect. After testing it a few times, I'm fairly
>> confident that it decides that mostly because it tries to connect to my
>> server from smtp25a.kickboxio.net, whose IP (72.249.58.154) is blocked
>> by Spamdyke due to being on some blacklist. Therefore it concludes that
>> I'm "risky". Also, they feel the risk is increased because my email has
>> never been seen on social media, in credential breaches, etc. But I
>> feel it is a triumph that I've kept my email address off of places where
>> spammers harvest addresses.
>>
>> Gmail is almost certainly considering all these factor and many more in
>> deciding whether an email is rejected, sent to spam folder, or sent to
>> inbox. That said, my wife uses gmail and we send numerous emails back
>> and forth daily without any problem.
>>
>> It used to be that setting up an smtp server was the hard part of
>> running your own server. But times have changed, and now factors
>> external to your network seem far more complicated and consequential
>> than the server itself.
>>
>> Again, I'm curious to hear other people thoughts.
>>
>>
>> -Andy
>>
>> PS: regarding the question of multiple certs, I do not see how that
>> could work on the toaster. And in general, smtp does not work that way.
>> The cert merely needs to be for the domain name pointed to by the MX
>> record of the destination domain. There is no requirement that the
>> destination domain be the name on the server certificate. Thus numerous
>> virtual domains all have MX records which point to the same server; that
>> server's cert merely needs to be for its own domain name, not those of
>> all its virtual domains. For incoming mail, when connecting to a server
>> and upgrading an smtp connection to a STARTTLS session, I don't think
>> that the STARTTLS command has a way to specify the destination address's
>> domain. That would need to happen for a server to know which
>> certificate to use. For outgoing mail, it is theoretically easy to do,
>> but someone would need to write a qmail patch to implement it.
>>
>> DKIM works differently: each virtual domain has it's own dkim signing
>> key. The toaster supports that, but it must be done manually (i.e. it
>> does not occur when creating domains with vqadmin). Adding that
>> functionality into vqadmin might be a good project for someone.
>>
>> I did not intend for this to be so long. It just happened.
>>
>>
>>
>>
>>
>>
>>
>>
>> On 8/26/2019 11:05 PM, Remo Mattei wrote:
>> > Ok guys.. needs some suggestions..
>> > I found out that the client (apple Mail) does not honor the DKIM since
>> > gmail said failed. I tested with Outlook and web round cube and that
>> > does pass the email DKIM and the message does not go into the spam
>> > folder in fact.
>> >
>> > Any help will be great.. I also wonder if there is a way to setup
>> > multiple certs for the SMTP (per domain).
>> >
>> > Remo
>> >
>> >> On Aug 26, 2019, at 12:03, Tahnan Al Anas <tah...@gmail.com
>> >> <mailto:tah...@gmail.com>> wrote:
>> >>
>> >> Basically Gmail put mail in spam folder for various reasons, I have
>> >> found after hosing new domain in my qmail server, I need to check spf,
>> >> dkim dmarc settings, even if all are ok, still gmail sent mail to spam
>> >> folder, I need to check reverse forward record and also need to work
>> >> to improve domain reputation, this is not an issue with qmail server,
>> >> rather it is related with gmail's filtering. You have to work to
>> >> improve server and domain's reputation for that.
>> >>
>> >> Sometime I chat with google to get my other domain's mail in inbox by
>> >> sending them to gsuite account.
>> >>
>> >>
>> >> --
>> >> --
>> >>
>> >> Best Regards
>> >> Muhammad Tahnan Al Anas
>> >>
>> >>
>> >> On Mon, Aug 26, 2019 at 11:01 PM Eric Broch <ebroch.w...@gmail.com
>> >> <mailto:ebroch.w...@gmail.com>> wrote:
>> >>
>> >> Create a google (gmail) account if you don't have one. Send an
>> >> email to that account from the postmaster of the problematic
>> >> domain. Open message, go to three vertical dots to the upper right
>> >> of the interface, find 'show original', there you will see why
>> >> gmail spammed your message.
>> >>
>> >> On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei <r...@mattei.org
>> >> <mailto:r...@mattei.org>> wrote:
>> >>
>> >> I just tested and I built a new qmail box
>> >>
>> >>
>> >> qmail-1.03-3.1.qt.el7.x86_64
>> >>
>> >> The other two boxes
>> >> With
>> >> qmail-1.03-3.1.qt.el7.x86_64
>> >> qmail-1.03-3.1.qt.el7.x86_64
>> >>
>> >> So when sending from the new env which does not have any load
>> >> no production etc.. the gmail gets the message in the inbox
>> >> from the other two I get the msg on the spam folder.. I
>> >> wonder.. how is Google…. Check the messages.. The new box I
>> >> have even a domain called testdomain.com
>> >> <http://testdomain.com/> which it’s bogus!! But still in the
>> >> inbox.
>> >>
>> >> Any tips?
>> >>
>> >> Thanks
>> >>
>> >>> On Aug 25, 2019, at 21:10, ChandranManikandan
>> >>> <kand...@gmail.com <mailto:kand...@gmail.com>> wrote:
>> >>>
>> >>> Hi Folks,
>> >>>
>> >>> Emails are delivering to the spam or junk folder when users
>> >>> send to the recipients.
>> >>> Mostly it's all public domain like gmail,yahoo etc..
>> >>> How to fix this issue in our server.
>> >>> Am using Centos 6 32 bit with qmailtoaster.
>> >>> Could anyone help me.
>> >>>
>> >>> --
>> >>> */Regards,
>> >>> Manikandan.C
>> >>> /*
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>
>
> --
> Regards,
> Manikandan.C
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
