[qmailtoaster] DKIM and SPF configurations

[Gary Bowling]

  
  


The recent questions about setting up DKIM prompted me to review
  my setup and see if I needed to tighten things up a bit. ALL of my
  config surrounding these things is very old, so what are the best
  practices in 2019?



On the receiving side of things, my server has spfbehavior set to
  2 and I believe the default is 3. I seem to recall many years ago
  having problems rejecting email, that I didn't want rejected, with
  it set to 3. But that's been so long ago, it's not worth
  considering. Do most of you have it set to 3? And have you had any
  problems with that if you do?


For DKIM receiving, I'm doing that in spamassassin/spamd. But it
  appears that spamassassin just assigns a score if there is a
  DKIM_INVALID situation and that score seems to be pretty low. Is
  this really the right way to handle receiving messages where DKIM
  is concerned? I'm sure there is a way to increase the DKIM_INVALID
  score, but not sure of the ramifications of that. Do any of you
  change those settings? Or do DKIM checking somewhere else for
  improvements?



On the outbound side of things. 

For my DNS, I have SPF records that have been there for years,
  that affects other domains receiving mail from my server. So not
  sure how much good it does, but it's there.



I do not have DKIM set up. Many years ago it seemed pretty
  useless from what I read, so I didn't bother with it. From what I
  understand, if the receiving end doesn't check for DKIM, then it
  does nothing. Or like in my servers case, it just adds a tiny bit
  of score to spamassasin, so minimal help. But maybe enough are
  doing something more robust now for it to be useful. Maybe I
  should implement this now?



What are everyone's thoughts on all this in 2019? Should I be
  doing stricter checking of spf? Does DKIM actually provide a
  useful service? And are there better ways to handle DKIM checking?


All discussion and help is greatly appreciated!


Thanks Gary 

-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] spam folder into gmail

[Eric Broch]

DKIM is not DomainKeys


On 9/27/2019 3:54 AM, ChandranManikandan wrote:

Hi Eric,

I have setup Global key (default for all domains)from your link and 
also configured in dns server then i checked in mxtoolbox and getting 
the result of the domain key. after that i tried to send an email to 
gmail it is showing the error. the email header is below.


Do i need to follow the all 4 steps.

I will wait one day for the dns propagation and will update you.
Meanwhile could you look at the message header below.

Delivered-To:kand...@gmail.com  
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
 Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481;
 Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
 d=google.com  ; s=arc-20160816;
 b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
  YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
  +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
  KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
  PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
  zMzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com  
; s=arc-20160816;
 h=importance:content-transfer-encoding:mime-version:user-agent:to
  :from:subject:date:message-id:dkim-signature;
 bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
 b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
  O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
  xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
  a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
  BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
  zbSg==
ARC-Authentication-Results: i=1;mx.google.com  ;
dkim=temperror (no key for signature) header.i=@mail.pan-asia.in  
  header.s=dkim1 header.b=ia7qahkm;
spf=pass (google.com  : domain ofm...@reliancehrconsulting.com  
  designates 49.128.33.86 as permitted sender) 
smtp.mailfrom=m...@reliancehrconsulting.com  ;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com  

Return-Path: mailto:m...@reliancehrconsulting.com>>
Received: frommail.pan-asia.in    ([49.128.33.86])
 bymx.google.com    with ESMTPS id 
70si2236946plc.139.2019.09.27.02.46.34
 for mailto:kand...@gmail.com>>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
Received-SPF: pass (google.com  : domain 
ofm...@reliancehrconsulting.com    designates 
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results:mx.google.com  ;
dkim=temperror (no key for signature) header.i=@mail.pan-asia.in  
  header.s=dkim1 header.b=ia7qahkm;
spf=pass (google.com  : domain ofm...@reliancehrconsulting.com  
  designates 49.128.33.86 as permitted sender) 
smtp.mailfrom=m...@reliancehrconsulting.com  ;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com  

DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in  
; h= 
message-id:date:subject:from:to:mime-version:content-type :content-transfer-encoding; 
s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; 
b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O 
UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE 
RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -
Received: from unknown (HELOmail.reliancehrconsulting.com  
) (m...@reliancehrconsulting.com@127.0.0.1  
)
   bymail.pan-asia.in    with ESMTPA; 27 Sep 2019 
09:46:33 -
Received: from 129.126.169.22
 (SquirrelMail authenticated userm...@reliancehrconsulting.com  
)
 bymail.reliancehrconsulting.com  
  with HTTP;
 Fri, 27 Sep 2019 17:46:33 +0800
Message-ID: 

Re: [qmailtoaster] dovecot CVE-2019-11500

[Eric Broch]

In Dovecot before 2.2.36.4 and 2.3.x /*before*/ 2.3.7.2 (and Pigeonhole 
before 0.5.7.2), protocol processing can fail for quoted strings. This 
occurs because '\0' characters are mishandled, and can lead to 
out-of-bounds writes and remote code execution.


On 9/27/2019 3:10 AM, Ionut Hoza wrote:

Hi all,

Are there any plans to address this security vulnerability and publish 
a patched package in the qmt current repository ?

https://nvd.nist.gov/vuln/detail/CVE-2019-11500

Currently I'm using 2.2.35-23 (built in 2018).

I saw there is dovecot 2.3.7.2 rpm package in testing repository, does 
that contains the fix ? Any advices (issues) regarding upgrading 
dovecot from 2.2.35 to 2.3.7.2 ?


Thanks in advance,
-I.

Re: [qmailtoaster] spam folder into gmail

[ChandranManikandan]

Hi Eric,

I have setup Global key (default for all domains)from your link and also
configured in dns server then i checked in mxtoolbox and getting the result
of the domain key. after that i tried to send an email to gmail it is
showing the error. the email header is below.

Do i need to follow the all 4 steps.

I will wait one day for the dns propagation and will update you.
Meanwhile could you look at the message header below.

Delivered-To: kand...@gmail.com
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481;
Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
d=google.com; s=arc-20160816;
b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
 YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
 +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
 KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
 PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
 zMzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=arc-20160816;
h=importance:content-transfer-encoding:mime-version:user-agent:to
 :from:subject:date:message-id:dkim-signature;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
 O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
 xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
 a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
 BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
 zbSg==
ARC-Authentication-Results: i=1; mx.google.com;
   dkim=temperror (no key for signature)
header.i=@mail.pan-asia.in header.s=dkim1 header.b=ia7qahkm;
   spf=pass (google.com: domain of m...@reliancehrconsulting.com
designates 49.128.33.86 as permitted sender)
smtp.mailfrom=m...@reliancehrconsulting.com;
   dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
Return-Path: 
Received: from mail.pan-asia.in ([49.128.33.86])
by mx.google.com with ESMTPS id 70si2236946plc.139.2019.09.27.02.46.34
for 
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of
m...@reliancehrconsulting.com designates 49.128.33.86 as permitted
sender) client-ip=49.128.33.86;
Authentication-Results: mx.google.com;
   dkim=temperror (no key for signature)
header.i=@mail.pan-asia.in header.s=dkim1 header.b=ia7qahkm;
   spf=pass (google.com: domain of m...@reliancehrconsulting.com
designates 49.128.33.86 as permitted sender)
smtp.mailfrom=m...@reliancehrconsulting.com;
   dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in; h=
message-id:date:subject:from:to:mime-version:content-type
:content-transfer-encoding; s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=;
b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O
UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE
RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -
Received: from unknown (HELO mail.reliancehrconsulting.com)
(m...@reliancehrconsulting.com@127.0.0.1)
  by mail.pan-asia.in with ESMTPA; 27 Sep 2019 09:46:33 -
Received: from 129.126.169.22
(SquirrelMail authenticated user m...@reliancehrconsulting.com)
by mail.reliancehrconsulting.com with HTTP;
Fri, 27 Sep 2019 17:46:33 +0800
Message-ID: 
<21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com>
Date: Fri, 27 Sep 2019 17:46:33 +0800
Subject: test
From: m...@reliancehrconsulting.com
To: kand...@gmail.com
User-Agent: SquirrelMail/1.4.22-0.qt.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

test




On Fri, Sep 27, 2019 at 2:53 PM Eric's mail  wrote:

> http://www.qmailtoaster.com/dkim.html
>
> Get Outlook for Android 
>
>
>
>
> On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" <
> kand...@gmail.com> wrote:
>
> Hi Andy,
>>
>> I have installed DKIM in our server and there is private and public key
>> on our server.
>> I have added the public like below in our dns hosting provider (Godaddy)
>> control panel
>>
>> TXT
>> Host: rhc._domainkey.domainname
>> TXT value:  k=rsa; p=private key
>> TTL 1 hour
>>
>> But it's not signed in the email.
>>
>> I have configured MX,SPF,DMARC and DKIM in DNS 

[qmailtoaster] dovecot CVE-2019-11500

[Ionut Hoza]

Hi all,

Are there any plans to address this security vulnerability and publish a
patched package in the qmt current repository ?
https://nvd.nist.gov/vuln/detail/CVE-2019-11500

Currently I'm using 2.2.35-23 (built in 2018).

I saw there is dovecot 2.3.7.2 rpm package in testing repository, does that
contains the fix ? Any advices (issues) regarding upgrading dovecot from
2.2.35 to 2.3.7.2 ?

Thanks in advance,
-I.

Re: [qmailtoaster] spam folder into gmail

[ChandranManikandan]

Hi Eric,

I have used this link http://wiki.qmailtoaster.com/index.php/Domainkeys when
i installed qmailtoaster on my machine earlier.

On Fri, Sep 27, 2019 at 3:36 PM ChandranManikandan 
wrote:

> Hi Eric,
>
> Thanks for sharing the link for domainkey.
> I have already installed domainkey from older qmailtoaster with domainkeys
> folder under /var/qmail/control/domainkeys.
> Do i need to reinstall as per your guidance?
> http://www.qmailtoaster.com/dkim.html
> Is it suit for centos 6.7 32 and 64 bit.
>
>
> On Fri, Sep 27, 2019 at 2:53 PM Eric's mail 
> wrote:
>
>> http://www.qmailtoaster.com/dkim.html
>>
>> Get Outlook for Android 
>>
>>
>>
>>
>> On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" <
>> kand...@gmail.com> wrote:
>>
>> Hi Andy,
>>>
>>> I have installed DKIM in our server and there is private and public key
>>> on our server.
>>> I have added the public like below in our dns hosting provider (Godaddy)
>>> control panel
>>>
>>> TXT
>>> Host: rhc._domainkey.domainname
>>> TXT value:  k=rsa; p=private key
>>> TTL 1 hour
>>>
>>> But it's not signed in the email.
>>>
>>> I have configured MX,SPF,DMARC and DKIM in DNS server settings.
>>>
>>> Did i made a mistake in DNS settings?
>>>
>>> Could you help me
>>>
>>> On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz 
>>> wrote:
>>>
 Your email does not contain a DKIM signature.

 The ARC* headers are signatures added by gmail after receipt.

 If you had a DKIM signature, it would be below this part of the header
 chain:

 Received: from mail.pan-asia.in ([49.128.33.86])
 by mx.google.com with ESMTPS id 
 t6si1129421pgt.557.2019.09.25.21.12.54
 for 
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
 Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
 designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
 Authentication-Results: mx.google.com;
spf=pass (google.com: domain of m...@reliancehrconsulting.com 
 designates 49.128.33.86 as permitted sender) 
 smtp.mailfrom=m...@reliancehrconsulting.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) 
 header.from=reliancehrconsulting.com


 That and everything above it was added by gmail.

 You may have set up the DNS part of DKIM, but your server does not seem
 to be signing the emails.

 When you get it working, you can test by sending an email to a
 reflector, like this:

 sa-t...@sendmail.net

 It will analyze the smtp session and the email and then email the
 results back to you.

 There are several other reflectors listed at the bottom of this page:


 https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html


 Hope this helps,

 -Andy



 On 9/25/2019 8:39 PM, ChandranManikandan wrote:

 Hi Friends,

 I have tried to send an test email from my domain to gmail.
 It is going the gmail spam folder and i have configured SPF and DMARC
 in dns.

 Could you look at the below message header in gmail and help me to
 solve this problem.

 Delivered-To: kand...@gmail.com
 Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk;
 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
 X-Google-Smtp-Source: 
 APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
 X-Received: by 2002:a63:1720:: with SMTP id 
 x32mr1332168pgl.289.1569471175444;
 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
 ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
 d=google.com; s=arc-20160816;
 
 b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
  
 a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
  
 bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
  
 dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
  
 JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
  g6Ng==
 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
 s=arc-20160816;
 
 h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
  :from:subject:date:message-id;
 bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
 
 b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
  
 5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
  
 /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
  
 VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
  
 

Re: [qmailtoaster] spam folder into gmail

[ChandranManikandan]

Hi Eric,

Thanks for sharing the link for domainkey.
I have already installed domainkey from older qmailtoaster with domainkeys
folder under /var/qmail/control/domainkeys.
Do i need to reinstall as per your guidance?
http://www.qmailtoaster.com/dkim.html
Is it suit for centos 6.7 32 and 64 bit.


On Fri, Sep 27, 2019 at 2:53 PM Eric's mail  wrote:

> http://www.qmailtoaster.com/dkim.html
>
> Get Outlook for Android 
>
>
>
>
> On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" <
> kand...@gmail.com> wrote:
>
> Hi Andy,
>>
>> I have installed DKIM in our server and there is private and public key
>> on our server.
>> I have added the public like below in our dns hosting provider (Godaddy)
>> control panel
>>
>> TXT
>> Host: rhc._domainkey.domainname
>> TXT value:  k=rsa; p=private key
>> TTL 1 hour
>>
>> But it's not signed in the email.
>>
>> I have configured MX,SPF,DMARC and DKIM in DNS server settings.
>>
>> Did i made a mistake in DNS settings?
>>
>> Could you help me
>>
>> On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz 
>> wrote:
>>
>>> Your email does not contain a DKIM signature.
>>>
>>> The ARC* headers are signatures added by gmail after receipt.
>>>
>>> If you had a DKIM signature, it would be below this part of the header
>>> chain:
>>>
>>> Received: from mail.pan-asia.in ([49.128.33.86])
>>> by mx.google.com with ESMTPS id 
>>> t6si1129421pgt.557.2019.09.25.21.12.54
>>> for 
>>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>> Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
>>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
>>> Authentication-Results: mx.google.com;
>>>spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>>> designates 49.128.33.86 as permitted sender) 
>>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>>dmarc=pass (p=NONE sp=NONE dis=NONE) 
>>> header.from=reliancehrconsulting.com
>>>
>>>
>>> That and everything above it was added by gmail.
>>>
>>> You may have set up the DNS part of DKIM, but your server does not seem
>>> to be signing the emails.
>>>
>>> When you get it working, you can test by sending an email to a
>>> reflector, like this:
>>>
>>> sa-t...@sendmail.net
>>>
>>> It will analyze the smtp session and the email and then email the
>>> results back to you.
>>>
>>> There are several other reflectors listed at the bottom of this page:
>>>
>>>
>>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>>>
>>>
>>> Hope this helps,
>>>
>>> -Andy
>>>
>>>
>>>
>>> On 9/25/2019 8:39 PM, ChandranManikandan wrote:
>>>
>>> Hi Friends,
>>>
>>> I have tried to send an test email from my domain to gmail.
>>> It is going the gmail spam folder and i have configured SPF and DMARC in
>>> dns.
>>>
>>> Could you look at the below message header in gmail and help me to solve
>>> this problem.
>>>
>>> Delivered-To: kand...@gmail.com
>>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk;
>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>> X-Google-Smtp-Source: 
>>> APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
>>> X-Received: by 2002:a63:1720:: with SMTP id 
>>> x32mr1332168pgl.289.1569471175444;
>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>> ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
>>> d=google.com; s=arc-20160816;
>>> b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
>>>  
>>> a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
>>>  
>>> bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
>>>  
>>> dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
>>>  
>>> JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
>>>  g6Ng==
>>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
>>> s=arc-20160816;
>>> h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
>>>  :from:subject:date:message-id;
>>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>>> b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
>>>  
>>> 5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
>>>  
>>> /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
>>>  
>>> VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
>>>  
>>> hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io
>>>  vIpg==
>>> ARC-Authentication-Results: i=1; mx.google.com;
>>>spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>>> designates 49.128.33.86 as permitted sender) 
>>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>>dmarc=pass (p=NONE sp=NONE dis=NONE) 
>>> 

Re: [qmailtoaster] spam folder into gmail

[Eric's mail]

http://www.qmailtoaster.com/dkim.html




Get Outlook for Android







On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" 
 wrote:










Hi Andy,
I have installed DKIM in our server and there is private and public key on our 
server.I have added the public like below in our dns hosting provider (Godaddy) 
control panel
TXTHost: rhc._domainkey.domainnameTXT value:  k=rsa; p=private keyTTL 1 hour
But it's not signed in the email.
I have configured MX,SPF,DMARC and DKIM in DNS server settings.
Did i made a mistake in DNS settings?
Could you help me
On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz  wrote:

  

  
  


Your email does not contain a DKIM signature.


The ARC* headers are signatures added by gmail after receipt.


If you had a DKIM signature, it would be below this part of the
  header chain:
Received: from mail.pan-asia.in ([49.128.33.86])
by mx.google.com with ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
for 
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results: mx.google.com;
   spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
   dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com







That and everything above it was added by gmail.


You may have set up the DNS part of DKIM, but your server does
  not seem to be signing the emails.


When you get it working, you can test by sending an email to a
  reflector, like this:


sa-t...@sendmail.net


It will analyze the smtp session and the email and then email the
  results back to you.  




There are several other reflectors listed at the bottom of this
  page:  




https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html







Hope this helps,


-Andy










On 9/25/2019 8:39 PM,
  ChandranManikandan wrote:



  
  Hi Friends,



I have tried to send an test email from my domain to gmail.
It is going the gmail spam folder and i have configured SPF
  and DMARC in dns.



Could you look at the below message header in gmail and
  help me to solve this problem.

  Delivered-To: kand...@gmail.com
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk;
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
X-Received: by 2002:a63:1720:: with SMTP id x32mr1332168pgl.289.1569471175444;
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
d=google.com; s=arc-20160816;
b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
 a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
 bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
 dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
 JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
 g6Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
 :from:subject:date:message-id;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
 5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
 /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
 VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
 hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io
 vIpg==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
   dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
Return-Path: 
Received: from mail.pan-asia.in ([49.128.33.86])
by mx.google.com with ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
for 
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results: mx.google.com;
   spf=pass (google.com: domain of m...@reliancehrconsulting.com