[CentOS] DKIM mails from this mailing lists
Hi, I've got some problem receiving mails from this list. Now and then the mails received from this list have an invalid dkim header. Therefore they are rejected by my MTA. This causes me missing same mails and from time to time I get some mail saying: Your membership in the mailing list CentOS has been disabled due to excessive bounces. What is going wromg here? Can the Mailing List Software be optimized to handle DKIM properly? Thanks Markus Steinborn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail - Solved !!!
on 5/2/2012 9:36 AM Prabhpal S. Mavi spake the following: ntpdate should be run just once and then just have ntpd on.. the nptdate should bring the server to the proper time and cause dovecot to fail..you should only need to run it once (assuming the server is left on and not off for long periods). I run ntpd as a daemon, but not ntpdate... you do have to set up ntp as you have done to get in the pools, but leaving ntp on as a daemon should not affect it...at least it does not with mine. Dear BOB. H, Thanks for your response, you are right, it is ntpdate that create the problem after reboot not ntpd. once the time is corrected by ntpdate after that no issues as long as server is up. there are other solution, who wish to run both daemons. bash script can monitor dovecot every 5min through cron. when dovecot will stop due to time shifted error after reboot, script will start it again. and would be fine as long as server does not reboot again. Thanks / Regards Prabh S. Mavi NTPD will slowly and constantly keep your clock in sync... You do not need to run dtpdate constantly as it will force the large time jumps... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] DKIM Pass - Fail
Hi Dear Community Friends, it is few days now, i am trying to figure out why DKIM is working / not working. Any assistance would be very much appreciable. Server IP is not blacklisted ever, MX, PTR SPF, DKIM records are available in DNS. why it is working at Gmail, why failing at Yahoo? Gmail dkim=pass header.i=@digital-infotech.net Yahoo: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) Prabh S. Mavi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail
Hi Dear Community Friends, it is few days now, i am trying to figure out why DKIM is working / not working. Any assistance would be very much appreciable. Server IP is not blacklisted ever, MX, PTR SPF, DKIM records are available in DNS. why it is working at Gmail, why failing at Yahoo? Gmail dkim=pass header.i=@digital-infotech.net Yahoo: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) Hello, Prabh. Your answer lies in the info you provided: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) Yahoo appears to think that your timestamp is off by some amount of time in the future. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org http://dogpound2.citadel.org https://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email to: site-update-subscr...@bubbanfriends.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail
Hello, Prabh. Your answer lies in the info you provided: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) Yahoo appears to think that your timestamp is off by some amount of time in the future. -- Mike Burger http://www.bubbanfriends.org Dear Mike, Thank you very much for your response, do you mean i should configure NTP client ? Thanks - Prabh Prabh S. Mavi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail
Hello, Prabh. Your answer lies in the info you provided: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) Yahoo appears to think that your timestamp is off by some amount of time in the future. -- Mike Burger http://www.bubbanfriends.org Configured NTP, restarted server, sent new mail and i have. Authentication-Results: mta1217.mail.mud.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail
Hello, Prabh. Your answer lies in the info you provided: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp) Yahoo appears to think that your timestamp is off by some amount of time in the future. -- Mike Burger Hello Mike, that actually worked!! i configured ntpd ntpdate restarted the server. But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error. dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now. immediately then, i tried to send one email from command line, here are the results. WORKED !! mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok) i am sure i can deal with dovecot problem. Thanks / Regards Prabh S. Mavi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail
On 5/2/2012 7:51 AM, Prabhpal S. Mavi wrote: Hello Mike, that actually worked!! i configured ntpd ntpdate restarted the server. But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error. dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now. immediately then, i tried to send one email from command line, here are the results. WORKED !! mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok) i am sure i can deal with dovecot problem. When you use ntpdate and move the time by a large amount I found some programs did not like that, dovecot being one of them. All you have to do is start/restart it and it will be fine. Best make sure nothing else failed in your logs or just reboot after such a large time fix. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail - Solved !!!
But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error. dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now. immediately then, i tried to send one email from command line, here are the results. WORKED !! mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok) i am sure i can deal with dovecot problem. When you use ntpdate and move the time by a large amount I found some programs did not like that, dovecot being one of them. All you have to do is start/restart it and it will be fine. Best make sure nothing else failed in your logs or just reboot after such a large time fix. Dear BOB. H Thank you very much for your response. i found some work around. Here it is, might help someone. if i do not enable ntpd / ntpdate to set the time correctly. Yahoo Reports dkim check error = future_time_stemps. dkim=fail But if i enable ntpdate ntpd then dovecot fails with time shifted backwards errors. dovecot kills it self Objective: dkim must pass and dovecot must not stop Solution: Disable these daemons -- ntpd and ntpdate 1. Configure ESXi Server to receive the time from following servers 0.CC.pool.ntp.org 1.CC.pool.ntp.org 2.CC.pool.ntp.org 2. Restart NTP service on ESX Note: Make sure upd:123 is open on corporate firewall for ESX IP to synchronize with above servers Right click virtual machine, click settings then Options - VMware Tools select synchronize guest time with host time is now set correctly dkim=pass (ok) Authentication-Results: mta1224.mail.ac4.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok) Prabh S. Mavi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM Pass - Fail - Solved !!!
ntpdate should be run just once and then just have ntpd on.. the nptdate should bring the server to the proper time and cause dovecot to fail..you should only need to run it once (assuming the server is left on and not off for long periods). I run ntpd as a daemon, but not ntpdate... you do have to set up ntp as you have done to get in the pools, but leaving ntp on as a daemon should not affect it...at least it does not with mine. Dear BOB. H, Thanks for your response, you are right, it is ntpdate that create the problem after reboot not ntpd. once the time is corrected by ntpdate after that no issues as long as server is up. there are other solution, who wish to run both daemons. bash script can monitor dovecot every 5min through cron. when dovecot will stop due to time shifted error after reboot, script will start it again. and would be fine as long as server does not reboot again. Thanks / Regards Prabh S. Mavi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dkim-milter-2.7.2 and Centos 5.2
Gregory P. Ennis wrote on Sun, 28 Dec 2008 15:58:53 -0600: Great link but he does not have the lastest version of dkim for i386. Do you have any experience with dkim and the revisions? I don't use it. There's a src.rpm, so you can rebuild it. You will need gcc for this as well. This tutorial by the same person who built those rpms might be of general help with dkim-milter: http://www.howtoforge.com/postfix-dkim-with-dkim-milter-centos5.1 You could also contact the rpm builder and ask for an i386 rpm of 2.7.2. After all, he asks for feedback. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Bill Campbell wrote on Thu, 25 Sep 2008 09:46:54 -0700: We are on the AOL feedback, I once was. However, it became evident after a while that a lot of their spam was not spam, was not deemed by their customer to be spam (I contacted several of them) or was not originating from our servers. It became just a waste of time. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Mouss wrote on Thu, 25 Sep 2008 16:20:09 +0200: oh please no. hotmail don't delete my mail and I don't have an SPF record. no do yahoo/gmail. and this was before I implemented DKIM. and I've recently worked for a project where SPF didn't help with hotmail Well, then they have some other obscure reason to silently delete all mail from me to my daughter's Hotmail account. I thought it might be the missing SPF record on that specific domain I used. Their support is not able to tell the reason. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
On Fri, 26 Sep 2008 19:31:13 +0200 Kai Schaetzl [EMAIL PROTECTED] wrote: Well, then they have some other obscure reason to silently delete all mail from me to my daughter's Hotmail account. I have found hotmail to be about the least reliable of the free webmail providers in terms of actually getting email through to their users. I think I average maybe 25% of sent email that actually arrives when the destination is hotmail.com -- the rest is usually silently dropped, though I occasionally get a mailbox is unavailable bounce message. Avoid hotmail is the best solution. I've given up on hotmail users and pretty much ignore it. If you're using hotmail and you need to get in touch with me, phone me or send me a fax if you didn't get a reply to your email. -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Kai Schaetzl wrote: Mouss wrote on Thu, 25 Sep 2008 16:20:09 +0200: oh please no. hotmail don't delete my mail and I don't have an SPF record. no do yahoo/gmail. and this was before I implemented DKIM. and I've recently worked for a project where SPF didn't help with hotmail Well, then they have some other obscure reason to silently delete all mail from me to my daughter's Hotmail account. I thought it might be the missing SPF record on that specific domain I used. Their support is not able to tell the reason. like all the gorillas, they have complex filtering mechanisms, mostly based on reputation. among the freemail trilogy (gmail, yahoo, hotmail): - gmail is more or less workable. in short, they have better filtering mechanisms in the sense that if you don't have too much problems in your network, you can get your mail delivered provided you do some (reasonable) efforts. - yahoo are lost in space. their filters probably block a lot of junk, but they also block a lot of legitimate mail, and it's hard to get around this. but at least, they either block you at smtp time or file your mail to a junk folder. - hotmail is the worst. they simply discard mail. This is not surprising, because MS has never showed any attachment' to standards. they still believe that they are the gods on earth and they can discard your mail frivoulously (to use the RFC term). in short, if your business targets freemail users, it's time to review your target or your business. or do whatever you want, but accept this: we will not be able to help you. it's their server and their slaves. you can't talk to the kids if the parents don't agree. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Ralph Angenendt wrote on Wed, 24 Sep 2008 20:23:50 +0200: That's supposed to help with what regarding his problem? Hotmail seems to delete all mail from domains without SPF if it's not coming from the MX. Yahoo might be doing the same. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
mouss wrote: Andrew Norris wrote: Or am I missing something? double lookup is IP - name - IP. you don't do name - IP - name. Ok, I guess I've always thought about it backwards. Thanks for setting me straight. -- Andrew Norris Systems Administrator Locus Telecommunications [EMAIL PROTECTED] (201)-947-2807 ext. 1135 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Kai Schaetzl wrote: Ralph Angenendt wrote on Wed, 24 Sep 2008 20:23:50 +0200: That's supposed to help with what regarding his problem? Hotmail seems to delete all mail from domains without SPF if it's not coming from the MX. Yahoo might be doing the same. oh please no. hotmail don't delete my mail and I don't have an SPF record. no do yahoo/gmail. and this was before I implemented DKIM. and I've recently worked for a project where SPF didn't help with hotmail (delivery from an old server was ok, so we had to keep relaying to hotmail via the old server). all the gorillas have complex filtering methods. An important part of this is the reputation of the sending IP. In particular: - if you inherit an IP with a bad reputation, don't be surprised to start with a bad reputation. - if you get a new IP for your domain, be ready to get ignored. the default for a new IP is this is probably not a mail server. you'll have to do some work to move to this may be a mail server. - if your IP is in a range and your IP is unknown, then you inherit the range reputation. This should be clear, whether you think it's good or not. - if your range is unknown (no reputation data), the reputation is computed automatically. A range where a lot of IPs are unknown will get a bad reputation. A range where a lot of IPs look dynamic will get a bad reputation. the common I am innocent until proven guilty doesn't apply here. sure, you're innocent and I am not going to put you in jail. but I am not going to let you in if I don't feel it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
On Thu, Sep 25, 2008, Kai Schaetzl wrote: Ralph Angenendt wrote on Wed, 24 Sep 2008 20:23:50 +0200: That's supposed to help with what regarding his problem? Hotmail seems to delete all mail from domains without SPF if it's not coming from the MX. Yahoo might be doing the same. I don't think this is the case as we host several Mailman mailing lists with hotmail and yahoo subscribers, don't have SPF, and would *NEVER* send mail from an MX IP (they're for receiving mail, not sending it). Where the same machine is receiving messages as an MX, we configure postfix to listen on the MX IP address and send on a different IP. We also have postfix configured to reject e-mail from servers that announce themselves as one of our MX servers in HELO/EHLO as that is guaranteed to be a spammer. Checking one of these lists, I see quite a few hotmail and yahoo addresses, all of which are getting mail from our server on a regular basis. Many of the large ISPs (e.g. AOL, Road Runner, etc.) have feedback loops where one can sign up, providing an e-mail address to address their customer's complaints, and a list of e-mail servers from which your domain's mail originates. The ISP will send notifications when their customer hits the ``this is spam'' button. In the case of AOL, this notification includes the message with the recipient's address redactied, and they expect you to cease sending messages to that address. This requires that one use VERP so that each outgoing message has the recipient address somewhat munged in the headers so it's possible to identify the correct address to remove. We are on the AOL feedback, but not on hotmail or yahoo so they're not accepting mail from our servers based on signing up for the feedback. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Microsoft is to computers what Phillip Morris is to lungs. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
Okay, Yahoo is bumming me. Only system my mail is having an issue with. All mail is accepted, but junked. I can only think it is the DKIM/Domain keys. It is apparent that the dkim-milter is not part of the centos 5.x distro nor is it part of the mirrors, as far as I can tell. So...have any of you done it with your servers for sendmail? There are some sites that claim to have rpms and I have downloaded the tar from sendmail. But I would rather hear from anyone who has an opinion before I go with one or the other. I do not trust any rpms except for their mirrors, so not sure if I want to do that. But maybe it is fine. Open to suggestions, ideas for what works for you and yahoo. No, I do not want to install postfix, thank you - /ninja'd ya Bob Setup proper SPF records for your domain(s) for one. As far as the dk or dkim stuff, there should be some howto's out there in relation to centos and other mailservers acceptance of signed emails - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Bob Hoffman wrote: Okay, Yahoo is bumming me. Only system my mail is having an issue with. All mail is accepted, but junked. I can only think it is the DKIM/Domain keys. It is apparent that the dkim-milter is not part of the centos 5.x distro nor is it part of the mirrors, as far as I can tell. So...have any of you done it with your servers for sendmail? There are some sites that claim to have rpms and I have downloaded the tar from sendmail. But I would rather hear from anyone who has an opinion before I go with one or the other. I do not trust any rpms except for their mirrors, so not sure if I want to do that. But maybe it is fine. Open to suggestions, ideas for what works for you and yahoo. No, I do not want to install postfix, thank you - /ninja'd ya I'm running sendmail. The single number one issue is to never bounce email. Reject is fine, but if you have anything doing bounce you'll likely wind up on their blocklist for a day or few. Spammers love to use yahoo addresses as from addresses, so if you are bouncing any mail, you'll likely be spamming yahoo in their eyes and in fact most people's eyes these days. I have multiple hosting accounts and not all have SPF records, although this might help as well, but if you keep outgoing clean, you'll get through to yahoo users as well. And if it winds up in their spam box, it is their responsibility to move it out and approve the sender. Yahoo does run extremely strict filtering and that's just how it is for everyone. If anything in an email is at all spammy (and it's really easy to cross that fine line), it'll wind up in the spam box. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
RobertH wrote: Okay, Yahoo is bumming me. Only system my mail is having an issue with. All mail is accepted, but junked. I can only think it is the DKIM/Domain keys. Setup proper SPF records for your domain(s) for one. That's supposed to help with what regarding his problem? OTOH I have no idea which problem SPF solves anyway other than making it harder for others to use your domain for fake adresses (if receiving mail servers do some sort of check against SPF). Ralph pgpl3TxRMOJD1.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
Okay, Yahoo is bumming me. Only system my mail is having an issue with. All mail is accepted, but junked. I can only think it is the DKIM/Domain keys. Just a WAG, but make sure you have a PTR record for your machine that is sending email. If you actually got the bounce, check the headers, it is the first best place to look. -John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Bob Hoffman wrote: Okay, Yahoo is bumming me. Only system my mail is having an issue with. All mail is accepted, but junked. I can only think it is the DKIM/Domain keys. You might want to show some logs or other evidence if you want people to help you. Ralph pgpdUBgyDVKoY.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
I'm running sendmail. The single number one issue is to never bounce email. Reject is fine, but if you have anything doing bounce you'll likely wind up on their blocklist for a day or few. Spammers love to use yahoo addresses as from addresses, so if you are bouncing any mail, you'll likely be spamming yahoo in their eyes and in fact most people's eyes these days. I have multiple hosting accounts and not all have SPF records, although this might help as well, but if you keep outgoing clean, you'll get through to yahoo users as well. And if it winds up in their spam box, it is their responsibility to move it out and approve the sender. Yahoo does run extremely strict filtering and that's just how it is for everyone. If anything in an email is at all spammy (and it's really easy to cross that fine line), it'll wind up in the spam box. John, I am pretty sure I am not bouncing mails...I have catchalls and they go to devnull..however I could be wrong since that only affects my domain mails only. I am sure there is something else I should do. Yahoo is a propenent of DKIM and they say they would like mail better with it. Infact, I think it almost whitelists you with them, until you screw up. They highly suggest it if you are sending bulk mails or have large user lists. They say you should do it. I am starting to look at headers from other mailings from other sites. So far all that have been tagged as spam do not DKIM/domain keys set up. So far... Yahoo will not answer my question. One work around is to force all users to give a non yahoo mailing address... :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
Setup proper SPF records for your domain(s) for one. That's supposed to help with what regarding his problem? OTOH I have no idea which problem SPF solves anyway other than making it harder for others to use your domain for fake adresses (if receiving mail servers do some sort of check against SPF). Ralph I think google/gmail pays attention to it and they add points for it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
Just a WAG, but make sure you have a PTR record for your machine that is sending email. If you actually got the bounce, check the headers, it is the first best place to look. No, no bounce. They get delivered. Just show up in the spam folder everytime. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
You might want to show some logs or other evidence if you want people to help you. Ralph You need logs to say you use DKIM/domain keys on your servers and how you did it, rpm or compile? Well, if it will help you tell me on your experience with DKIM I am up for it! YAHOO HEADERS Return-Path: [EMAIL PROTECTED] Authentication-Results: mta108.mail.re1.yahoo.com from=bobhoffman.com; domainkeys=neutral (no sig) Received: from 72.35.68.59 (EHLO mail.bobhoffman.com) (72.35.68.59) by mta108.mail.re1.yahoo.com with SMTP; Wed, 24 Sep 2008 09:28:44 -0700 Received: from obiwan2 ([98.64.115.101]) (authenticated bits=0) by mail.creativeprogramdesigners.com (8.13.8/8.13.8) with ESMTP id m8OGSCwJ014172 for [EMAIL PROTECTED]; Wed, 24 Sep 2008 12:28:12 -0400 From: Bob Hoffman [EMAIL PROTECTED] This is a virtualhost account, sent via smtp from my home, through the server. The mail.creativ...com is the hostname of the server. When sending from a php application, all the info is about the same, however the 'received from' obviously says [EMAIL PROTECTED] and the ip address of the server is listed instead of the website. It is my contention that DKIM will tip it for yahoo, but not sure it is worth the work. As well as spf. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
And to let you know what the gmail headers look like when downloaded via pop3 Return-Path: [EMAIL PROTECTED] Received: from mail.bobhoffman.com (bobhoffman.com [72.35.68.59]) by mx.google.com with ESMTP id j13si11089358rne.4.2008.09.24.11.36.36; Wed, 24 Sep 2008 11:36:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of [EMAIL PROTECTED] designates 72.35.68.59 as permitted sender) client-ip=72.35.68.59; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [EMAIL PROTECTED] designates 72.35.68.59 as permitted sender) [EMAIL PROTECTED] Received: from obiwan2 (adsl-233-181-10.mia.bellsouth.net [74.233.181.10]) (authenticated bits=0) by mail.creativeprogramdesigners.com (8.13.8/8.13.8) with ESMTP id m8OIaGou027661 for [EMAIL PROTECTED]; Wed, 24 Sep 2008 14:36:16 -0400 From: Bob Hoffman [EMAIL PROTECTED] To: [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
That's supposed to help with what regarding his problem? OTOH I have no idea which problem SPF solves anyway other than making it harder for others to use your domain for fake adresses (if receiving mail servers do some sort of check against SPF). Ralph Ralph, He asked for help with yahoo re: dkim and any other advice... So I groped his dns a little and checked forward and reverse and then txt records etc etc Then I said Setup proper SPF records for your domain(s) for one. Most properly setup mail servers do some sort of SPF checking nowadays and use the info at SMTP time or later in something like spamassasssin scoring etc - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
I am pretty sure I am not bouncing mails...I have catchalls and they go to devnull..however I could be wrong since that only affects my domain mails only. I am sure there is something else I should do. Bob I am not sure why or what your basic policy on it is yet I think it is better to not accept an email for an email address that does not exist than to blanket accept anything and /dev/null it Just an observation that might save you some abuse headaches in the future. - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Back to the PTR RR: $ dig +short MX bobhoffman.com 10 mail.bobhoffman.com. $ dig +short A mail.bobhoffman.com 72.35.68.59 $ dig +short -x 72.35.68.59 bobhoffman.com. ^^^ mail.bobhoffman.com != bobhoffman.com This may not be your main problem, but it certainly isn't helping matters. Yahoo seems to be pretty picky on reverse DNS. I had a VPS running a mail server where the PTR matched the host. I was relegated to yahoo's spam folder until changed from the default PTR which looked mildly like a dialup. Bob Hoffman wrote: Just a WAG, but make sure you have a PTR record for your machine that is sending email. If you actually got the bounce, check the headers, it is the first best place to look. No, no bounce. They get delivered. Just show up in the spam folder everytime. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Andrew Norris Systems Administrator Locus Telecommunications [EMAIL PROTECTED] (201)-947-2807 ext. 1135 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Andrew Norris wrote: Back to the PTR RR: $ dig +short MX bobhoffman.com 10 mail.bobhoffman.com. $ dig +short A mail.bobhoffman.com 72.35.68.59 $ dig +short -x 72.35.68.59 bobhoffman.com. ^^^ mail.bobhoffman.com != bobhoffman.com so what? mail.bobhoffman.com is the MX. bobhoffman.com is an RMX. $ host -t mx yahoo.com yahoo.com mail is handled by 1 e.mx.mail.yahoo.com. yahoo.com mail is handled by 1 f.mx.mail.yahoo.com. yahoo.com mail is handled by 1 g.mx.mail.yahoo.com. yahoo.com mail is handled by 1 a.mx.mail.yahoo.com. yahoo.com mail is handled by 1 b.mx.mail.yahoo.com. yahoo.com mail is handled by 1 c.mx.mail.yahoo.com. yahoo.com mail is handled by 1 d.mx.mail.yahoo.com. no one of these is web23004.mail.ird.yahoo.com, ... This may not be your main problem, but it certainly isn't helping matters. If we ignore the surrounding IPs (too many without rDNS), he has a very simple setup, that should not cause any problems. Yahoo seems to be pretty picky on reverse DNS. I had a VPS running a mail server where the PTR matched the host. I was relegated to yahoo's spam folder until changed from the default PTR which looked mildly like a dialup. generic PTRs are a different matter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
If we ignore the surrounding IPs (too many without rDNS), he has a very simple setup, that should not cause any problems. generic PTRs are a different matter. Surrounding ips? A lot was from my computer to the smtp server..the rest was just mine. It is really simple, not much in there at all. However I have full control over my ips...almost. The datacenter has to add a PTR record for each domain. They said they only need to add mydomain.com, only one record per ip and not anything like mail or ftp, etc. Doing dns checks at pingbilly (strange ass name) Show everything is groovy. http://pingability.com/zoneinfo.jsp?domain=bobhoffman.com I think tonight we will see about spf. I also read that sometimes it takes a while, like a week or so before yahoo will respond joyfully to your spf. No instant happiness it seems. I should just send letters via usps to yahoo and have them scan them to their usersbe easier. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
Back to the PTR RR: $ dig +short MX bobhoffman.com 10 mail.bobhoffman.com. $ dig +short A mail.bobhoffman.com 72.35.68.59 $ dig +short -x 72.35.68.59 bobhoffman.com. ^^^ mail.bobhoffman.com != bobhoffman.com Careful here. Email senders have nothing to do with MX records. Email receivers do. I believe bobhoffman.com is the email sender in this case. I would doubt this is an issue. Any split in/out mail server is going to have a different host for receipt (MX) than send. -John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
RobertH wrote: Then I said Setup proper SPF records for your domain(s) for one. Most properly setup mail servers do some sort of SPF checking nowadays and use the info at SMTP time or later in something like spamassasssin scoring etc That's probably the reason why much spam has valid spf records. Get yourself a throwaway domain, so you're getting through the domain check and give that domain a valid spf record which allows all machines in the world to send mail for that domain. Voilà - valid SPF record. That's why I asked which problem SPF is trying to solve. Ralph pgpA3KdGwY96F.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
That's probably the reason why much spam has valid spf records. Get yourself a throwaway domain, so you're getting through the domain check and give that domain a valid spf record which allows all machines in the world to send mail for that domain. Voilà - valid SPF record. That's why I asked which problem SPF is trying to solve. Ralph Then you would get greeylisted, then blacklisted since they can trace the domain and ip for sure It is helpful to let them know mail is not from you...however, if a spammer were to legitimize him/herself, then I would assume blacklist of ip and domain would soon follow everywhere. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Andrew Norris wrote: Back to the PTR RR: $ dig +short MX bobhoffman.com 10 mail.bobhoffman.com. $ dig +short A mail.bobhoffman.com 72.35.68.59 $ dig +short -x 72.35.68.59 bobhoffman.com. ^^^ mail.bobhoffman.com != bobhoffman.com So why should the MX for a domain have the same name as the mailout for a domain has? And the name/ip of the mailout is what the receiving side sees. This may not be your main problem, but it certainly isn't helping matters. Yahoo seems to be pretty picky on reverse DNS. I had a VPS running a mail server where the PTR matched the host. I was relegated to yahoo's spam folder until changed from the default PTR which looked mildly like a dialup. That's something different (and still bad, but Yahoo is one of the gorillas who can decide not to follow RFCs when receiving mails). But scoring mails down because you don't like the hostname the PTR points to is plain bad and stupid. At least they don't reject those mails. I'd still like to see logs or headers of mails which have been put into spam quarantine, because ALL people do here is GUESS what could go wrong and give advice which makes my toe nails curl up. As long as he is adhering to RFCs it's not him doing something wrong, it's Yahoo doing something wrong. But to know that some evidence is needed. Ralph pgphZ1URFli0Z.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
I have to say, in the 7 months or so since I got into this whole linux webserver, this is the most active thread I have ever encountered. I would assume most of us are a little unsure about the whole dkim/spf/sender id thing. And even according to the websites themselves, they are not sure of their own standards. I think it would be safe to assume you need to program/configure for the mass email systems like gmail, yahoo, hotmail, aol, etcand assume (quite rightly) that everyone else will not have any problems with your mail at all. So I think anything done to the mail config at this point is just to make yahoo happy. Oh, cause nothing I like more than to make yahoo happy. Ask their shareholders is yahoo makes them happy...lol ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Bob Hoffman wrote: If we ignore the surrounding IPs (too many without rDNS), he has a very simple setup, that should not cause any problems. generic PTRs are a different matter. Surrounding ips? A lot was from my computer to the smtp server..the rest was just mine. It is really simple, not much in there at all. $ host 72.35.68.56 Host 56.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) $ host 72.35.68.57 Host 57.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) $ host 72.35.68.62 Host 62.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) same for the IPs that don't belong to you in that network. anyway, that's not a big issue, except if your provider has a bad reputation... However I have full control over my ips...almost. The datacenter has to add a PTR record for each domain. They said they only need to add mydomain.com, only one record per ip and not anything like mail or ftp, etc. reverse DNS is to identify the machine, not the services running on it. Doing dns checks at pingbilly (strange ass name) Show everything is groovy. http://pingability.com/zoneinfo.jsp?domain=bobhoffman.com I think tonight we will see about spf. I also read that sometimes it takes a while, like a week or so before yahoo will respond joyfully to your spf. No instant happiness it seems. Go fill their web form (the bulk one. yes, even if you don't send bulk) and ask some of your recipients (you can setup yahoo accounts yourself) to unmark mail marked as spam, and to reply to your mail. These actions may move it from probably not a mail server to may be a mail server status. I should just send letters via usps to yahoo and have them scan them to their usersbe easier. how about publishing the mail on TV? Attention yahoo users, here is the mail you missed today... ;-p ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
That's something different (and still bad, but Yahoo is one of the gorillas who can decide not to follow RFCs when receiving mails). But scoring mails down because you don't like the hostname the PTR points to is plain bad and stupid. At least they don't reject those mails. I'd still like to see logs or headers of mails which have been put into spam quarantine, because ALL people do here is GUESS what could go wrong and give advice which makes my toe nails curl up. As long as he is adhering to RFCs it's not him doing something wrong, it's Yahoo doing something wrong. But to know that some evidence is needed. Ralph I sent the headers in a previous mail from yahoo and from gmail. I took out the useless stuff after the from line... You can see it looks for the DKIM and sees none so treats it neutral. Nothing about spf at all. This mail just had a normal message like hi how ya doing in it. It went straight to the spam box folder. The last receive before the From header is the one sent from my computer to my smtp server. YAHOO HEADERS Return-Path: [EMAIL PROTECTED] Authentication-Results: mta108.mail.re1.yahoo.com from=bobhoffman.com; domainkeys=neutral (no sig) Received: from 72.35.68.59 (EHLO mail.bobhoffman.com) (72.35.68.59) by mta108.mail.re1.yahoo.com with SMTP; Wed, 24 Sep 2008 09:28:44 -0700 Received: from obiwan2 ([98.64.115.101]) (authenticated bits=0) by mail.creativeprogramdesigners.com (8.13.8/8.13.8) with ESMTP id m8OGSCwJ014172 for [EMAIL PROTECTED]; Wed, 24 Sep 2008 12:28:12 -0400 From: Bob Hoffman [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Bob Hoffman wrote: I have to say, in the 7 months or so since I got into this whole linux webserver, this is the most active thread I have ever encountered. I would assume most of us are a little unsure about the whole dkim/spf/sender id thing. And even according to the websites themselves, they are not sure of their own standards. No, I'm very sure about SPF. It's crap. Utter crap. And it can break mails in a very funny way. Let's say you send me a mail to [EMAIL PROTECTED] That mail is just forwarded to a different mail account. Now I get a mail from [EMAIL PROTECTED], but I get it via mail.centos.org which clearly isn't a server you would allow to send mails out as @hoffman.com when you set up SPF for your domain. So if I drop mails which don't have a correct SPF record - I'd drop that mail. Although your domain has correct SPF records. And yes, there are ways around it which make the whole thing even uglier. Ralph pgpVKE6mYd50j.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] DKIM
$ host 72.35.68.56 Host 56.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) $ host 72.35.68.57 Host 57.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) $ host 72.35.68.62 Host 62.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) same for the IPs that don't belong to you in that network. anyway, that's not a big issue, except if your provider has a bad reputation... Interesting. Where did you get that from? This is what my datacenter gave me.. IP Assignment: 72.35.68.56/29 Gateway:72.35.68.57 Useable:72.35.68.58 - 62 I only can use 58-62. 62 is not set up for any domain. Where and how did those nubmers come up for me? Now I is a scared...oh boy. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
RobertH wrote: That's why I asked which problem SPF is trying to solve. The SPF Qmail patch we use on CentOS Opsys has a special case for SPF from ALL And we discard on that signal... I'd turn off the mail server if I don't want to get mails. So if I'm roaming and am not sure which mail server I can use to send out mails from, I'd also set the SPF record to +all (or - as I do now - don't set it at all). So I'm doing everything according to the book and still can't get mails through to you. Ralph pgpzQhzypUtdB.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
John Kordash wrote: mail.bobhoffman.com != bobhoffman.com Careful here. Email senders have nothing to do with MX records. Email receivers do. I believe bobhoffman.com is the email sender in this case. I would doubt this is an issue. Any split in/out mail server is going to have a different host for receipt (MX) than send. -John You're right, I was making an assumption I shouldn't have. Namely that there was a single host/ip for both sending and receiving email. Going back to the logs he posted I'd say that assumption was correct in the end. From the yahoo headers: Received: from 72.35.68.59 (EHLO mail.bobhoffman.com) So his MTA is EHLOing as mail.bobhoffman.com mail.bobhoffman.com resolves to 72.35.68.59 (matches the incoming ip) 72.35.68.59 reverses to bobhoffman.com (which doesn't match the host) As far as I can tell this will hurt his score. Or am I missing something? -- Andrew Norris Systems Administrator Locus Telecommunications [EMAIL PROTECTED] (201)-947-2807 ext. 1135 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Bob Hoffman wrote: $ host 72.35.68.56 Host 56.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) $ host 72.35.68.57 Host 57.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) $ host 72.35.68.62 Host 62.68.35.72.in-addr.arpa. not found: 3(NXDOMAIN) same for the IPs that don't belong to you in that network. anyway, that's not a big issue, except if your provider has a bad reputation... Interesting. Where did you get that from? This is what my datacenter gave me.. IP Assignment: 72.35.68.56/29 Gateway:72.35.68.57 Useable:72.35.68.58 - 62 I only can use 58-62. 62 is not set up for any domain. Where and how did those nubmers come up for me? they are near your server IP. some people check ranges and will give a reputation to a range instead of to each IP. Now I is a scared...oh boy. there's no reason to be scared. it's just that some people want all IPs to have a reverse DNS (well, IPv6 is gonna change this...). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Andrew Norris wrote: John Kordash wrote: mail.bobhoffman.com != bobhoffman.com Careful here. Email senders have nothing to do with MX records. Email receivers do. I believe bobhoffman.com is the email sender in this case. I would doubt this is an issue. Any split in/out mail server is going to have a different host for receipt (MX) than send. -John You're right, I was making an assumption I shouldn't have. Namely that there was a single host/ip for both sending and receiving email. Going back to the logs he posted I'd say that assumption was correct in the end. From the yahoo headers: Received: from 72.35.68.59 (EHLO mail.bobhoffman.com) So his MTA is EHLOing as mail.bobhoffman.com mail.bobhoffman.com resolves to 72.35.68.59 (matches the incoming ip) 72.35.68.59 reverses to bobhoffman.com (which doesn't match the host) As far as I can tell this will hurt his score. no, it won't. - his IP is 72.35.68.59. This resolves to bobhoffman.com, which resolves back to the IP. all good. - his helo is mail.bobhoffman.com, which resolves to 72.35.68.59, which is the server that sends mail. that's more than perfect. - his helo starts with mail.. He gets a bonus in some places. Or am I missing something? double lookup is IP - name - IP. you don't do name - IP - name. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DKIM
Andrew Norris wrote: John Kordash wrote: mail.bobhoffman.com != bobhoffman.com Careful here. Email senders have nothing to do with MX records. Email receivers do. I believe bobhoffman.com is the email sender in this case. I would doubt this is an issue. Any split in/out mail server is going to have a different host for receipt (MX) than send. -John You're right, I was making an assumption I shouldn't have. Namely that there was a single host/ip for both sending and receiving email. Going back to the logs he posted I'd say that assumption was correct in the end. From the yahoo headers: Received: from 72.35.68.59 (EHLO mail.bobhoffman.com) So his MTA is EHLOing as mail.bobhoffman.com mail.bobhoffman.com resolves to 72.35.68.59 (matches the incoming ip) 72.35.68.59 reverses to bobhoffman.com (which doesn't match the host) As far as I can tell this will hurt his score. Or am I missing something? If that were the case, every domain would need a unique IP address and we'd be long out of numbers. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
