Re: [qmailtoaster] spam folder into gmail

2019-09-29 Thread ChandranManikandan 
Hi Remo,
This default settings are there. My doubt is do i need to replace this line
DKSIGN="/var/qmail/control/domainkeys/%/private to DKSIGN="/var/qmail/
control/dkim/%/public.txt.
Because now i am replacing the folder domainkeys to dkim.
Please correct me if i am wrong.

On Mon, Sep 30, 2019 at 1:00 PM Remo Mattei  wrote:

> here is mine
>
>
> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private”
>
>
>
>
>
> On Sunday, Sep 29, 2019 at 21:57, ChandranManikandan 
> wrote:
> Hi Eric,
>
> Thanks for your help.
> I have successfully rectified the issue with the following your steps
> above and tested in Gmail account from squirrel webmail.
> It is working now.
>
> I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i need
> amend the lines in this file. please let me know.
>
> DKSIGN="/var/qmail/control/domainkeys/%/private"
>
> On Sun, Sep 29, 2019 at 10:47 PM Eric Broch  wrote:
>
>> Step 2) from http://www.qmailtoaster.com/dkim.html
>>
>> At the command line first create the key and txt record for the domain
>> you want signed (replace otherdomain.com with the domain you want in
>> every command below).
>> So if your domain is mydomain.com the command would be, '# dknewkey
>> /var/qmail/control/dkim/mydomain.com.key 1024 >
>> /var/qmail/control/dkim/mydomain.com.txt'
>> # dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 >
>> /var/qmail/control/dkim/otherdomain.com.txt
>>
>> At command line change the selector in the txt record from
>> 'otherdomain.com.key._domainkey'  to  'dkim1._domainkey'
>> # perl -pi -e 's/^.*\.key/dkim1/'
>> /var/qmail/control/dkim/otherdomain.com.txt
>>
>> Check the file to see if substitution happened.
>> # cat /var/qmail/control/dkim/otherdomain.com.txt
>>dkim1._domainkey   IN  TXT "k=rsa;
>> p=**"
>>
>>
>> Create DNS TXT record for otherdomain.com using the output from the text
>> file 'otherdomain.com.txt' where your DNS settings are managed, usually
>> your ISP (mine are Godaddy).
>>HostText
>>dkim1._domainkey   IN   TXT v=DKIM1; k=rsa;
>> p=*
>>
>> Edit the signature file and add your domain. This is what the perl script
>> 'qmail-remote' will read and then call the original qmail-remote now
>> renamed to qmail-remote.orig.
>> # vi /var/qmail/control/dkim/signconf.xml
>>   > keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
>> 
>> 
>>   
>>
>> So file looks like this:
>>
>> 
>>   
>>   > keyfile="/var/qmail/control/dkim/global.key" method="simple"
>> selector="dkim1">
>> 
>>   
>>   > keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
>> 
>> 
>>   
>> 
>>
>>
>> Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com
>> with your domain).
>> # yum install epel-release opendkim
>> # opendkim-testkey - -d otherdomain.com  -k
>> /var/qmail/control/dkim/otherdomain.com.key -s dkim1
>>
>> On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan 
>> wrote:
>>
>>> Hi Eric,
>>>
>>> How do i implement DKIM for my domain. Really need your help.
>>> I have followed your 1 step only. do i need to follow all the four steps
>>> and how do i configure in DNS server.
>>> why the gmail marked into spam folder of my domains emails.
>>>
>>> Appreciate discussions and help.
>>>
>>>
>>> On Fri, Sep 27, 2019 at 11:51 PM Eric Broch 
>>> wrote:
>>>
 DKIM is not DomainKeys


 On 9/27/2019 3:54 AM, ChandranManikandan wrote:

 Hi Eric,

 I have setup Global key (default for all domains)from your link and
 also configured in dns server then i checked in mxtoolbox and getting the
 result of the domain key. after that i tried to send an email to gmail it
 is showing the error. the email header is below.

 Do i need to follow the all 4 steps.

 I will wait one day for the dns propagation and will update you.
 Meanwhile could you look at the message header below.

 Delivered-To: kand...@gmail.com Received: by 2002:ac0:bf91:0:0:0:0:0 with 
 SMTP id o17csp3358759imk; Fri, 27 Sep 2019 02:46:35 -0700 (PDT) 
 X-Google-Smtp-Source: 
 APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
  X-Received: by 2002:a65:5043:: with SMTP id 
 k3mr8485146pgo.406.1569577595481; Fri, 27 Sep 2019 02:46:35 -0700 (PDT) 
 ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none; d=google.com; 
 s=arc-20160816; 
 b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg 
 YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7 
 +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX 
 KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd

Re: [qmailtoaster] spam folder into gmail

2019-09-29 Thread Remo Mattei 
here is mine

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private”

> On Sunday, Sep 29, 2019 at 21:57, ChandranManikandan  (mailto:kand...@gmail.com)> wrote:
> Hi Eric,
>
> Thanks for your help.
> I have successfully rectified the issue with the following your steps above 
> and tested in Gmail account from squirrel webmail.
> It is working now.
>
> I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i need 
> amend the lines in this file. please let me know.
>
> DKSIGN="/var/qmail/control/domainkeys/%/private"
>
> On Sun, Sep 29, 2019 at 10:47 PM Eric Broch  (mailto:ebroch.w...@gmail.com)> wrote:
> > Step 2) from http://www.qmailtoaster.com/dkim.html
> >
> > At the command line first create the key and txt record for the domain you 
> > want signed (replace otherdomain.com (http://otherdomain.com) with the 
> > domain you want in every command below).
> > So if your domain is mydomain.com (http://mydomain.com) the command would 
> > be, '# dknewkey /var/qmail/control/dkim/mydomain.com.key 1024 > 
> > /var/qmail/control/dkim/mydomain.com.txt'
> > # dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 > 
> > /var/qmail/control/dkim/otherdomain.com.txt
> >
> > At command line change the selector in the txt record from 
> > 'otherdomain.com.key._domainkey' to 'dkim1._domainkey'
> > # perl -pi -e 's/^.*\.key/dkim1/' 
> > /var/qmail/control/dkim/otherdomain.com.txt
> >
> > Check the file to see if substitution happened.
> > # cat /var/qmail/control/dkim/otherdomain.com.txt
> > dkim1._domainkey IN TXT "k=rsa; p=**"
> >
> >
> > Create DNS TXT record for otherdomain.com (http://otherdomain.com) using 
> > the output from the text file 'otherdomain.com.txt' where your DNS settings 
> > are managed, usually your ISP (mine are Godaddy).
> > Host Text
> > dkim1._domainkey IN TXT v=DKIM1; k=rsa; p=*
> >
> > Edit the signature file and add your domain. This is what the perl script 
> > 'qmail-remote' will read and then call the original qmail-remote now 
> > renamed to qmail-remote.orig.
> > # vi /var/qmail/control/dkim/signconf.xml
> > http://otherdomain.com) domain="otherdomain.com 
> > (http://otherdomain.com)" 
> > keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
> > 
> > 
> > http://otherdomain.com)>
> >
> > So file looks like this:
> >
> > 
> > 
> >  > keyfile="/var/qmail/control/dkim/global.key" method="simple" 
> > selector="dkim1">
> > 
> > 
> > http://otherdomain.com) domain="otherdomain.com 
> > (http://otherdomain.com)" 
> > keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
> > 
> > 
> > http://otherdomain.com)>
> > 
> >
> >
> >
> > Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com 
> > (http://otherdomain.com) with your domain).
> > # yum install epel-release opendkim
> > # opendkim-testkey - -d otherdomain.com (http://otherdomain.com) -k 
> > /var/qmail/control/dkim/otherdomain.com.key -s dkim1
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan  > (mailto:kand...@gmail.com)> wrote:
> > > Hi Eric,
> > >
> > > How do i implement DKIM for my domain. Really need your help.
> > > I have followed your 1 step only. do i need to follow all the four steps 
> > > and how do i configure in DNS server.
> > > why the gmail marked into spam folder of my domains emails.
> > >
> > > Appreciate discussions and help.
> > >
> > >
> > > On Fri, Sep 27, 2019 at 11:51 PM Eric Broch  > > (mailto:ebr...@whitehorsetc.com)> wrote:
> > > >
> > > > DKIM is not DomainKeys
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On 9/27/2019 3:54 AM, ChandranManikandan wrote:
> > > > > Hi Eric,
> > > > >
> > > > > I have setup Global key (default for all domains)from your link and 
> > > > > also configured in dns server then i checked in mxtoolbox and getting 
> > > > > the result of the domain key. after that i tried to send an email to 
> > > > > gmail it is showing the error. the email header is below.
> > > > >
> > > > > Do i need to follow the all 4 steps.
> > > > >
> > > > > I will wait one day for the dns propagation and will update you.
> > > > > Meanwhile could you look at the message header below.
> > > > >
> > > > > Delivered-To: kand...@gmail.com (mailto:kand...@gmail.com) Received: 
> > > > > by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk; Fri, 27 Sep 
> > > > > 2019 02:46:35 -0700 (PDT) X-Google-Smtp-Source: 
> > > > > APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
> > > > >  X-Received: by 2002:a65:5043:: with SMTP id 
> > > > > k3mr8485146pgo.406.1569577595481; Fri, 27 Sep 2019 02:46:35 -0700 
> > > > > (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none; 
> > > > > d=google.com (http://google.com);

Re: [qmailtoaster] spam folder into gmail

2019-09-29 Thread ChandranManikandan 
Hi Eric,

Thanks for your help.
I have successfully rectified the issue with the following your steps above
and tested in Gmail account from squirrel webmail.
It is working now.

I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i need
amend the lines in this file. please let me know.

DKSIGN="/var/qmail/control/domainkeys/%/private"

On Sun, Sep 29, 2019 at 10:47 PM Eric Broch  wrote:

> Step 2) from http://www.qmailtoaster.com/dkim.html
>
> At the command line first create the key and txt record for the domain you
> want signed (replace otherdomain.com with the domain you want in every
> command below).
> So if your domain is mydomain.com the command would be, '# dknewkey
> /var/qmail/control/dkim/mydomain.com.key 1024 >
> /var/qmail/control/dkim/mydomain.com.txt'
> # dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 >
> /var/qmail/control/dkim/otherdomain.com.txt
>
> At command line change the selector in the txt record from
> 'otherdomain.com.key._domainkey'  to  'dkim1._domainkey'
> # perl -pi -e 's/^.*\.key/dkim1/'
> /var/qmail/control/dkim/otherdomain.com.txt
>
> Check the file to see if substitution happened.
> # cat /var/qmail/control/dkim/otherdomain.com.txt
>dkim1._domainkey   IN  TXT "k=rsa;
> p=**"
>
>
> Create DNS TXT record for otherdomain.com using the output from the text
> file 'otherdomain.com.txt' where your DNS settings are managed, usually
> your ISP (mine are Godaddy).
>HostText
>dkim1._domainkey   IN   TXT v=DKIM1; k=rsa;
> p=*
>
> Edit the signature file and add your domain. This is what the perl script
> 'qmail-remote' will read and then call the original qmail-remote now
> renamed to qmail-remote.orig.
> # vi /var/qmail/control/dkim/signconf.xml
>keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
> 
> 
>   
>
> So file looks like this:
>
> 
>   
>keyfile="/var/qmail/control/dkim/global.key" method="simple"
> selector="dkim1">
> 
>   
>keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
> 
> 
>   
> 
>
>
> Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com
> with your domain).
> # yum install epel-release opendkim
> # opendkim-testkey - -d otherdomain.com  -k
> /var/qmail/control/dkim/otherdomain.com.key -s dkim1
>
> On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan 
> wrote:
>
>> Hi Eric,
>>
>> How do i implement DKIM for my domain. Really need your help.
>> I have followed your 1 step only. do i need to follow all the four steps
>> and how do i configure in DNS server.
>> why the gmail marked into spam folder of my domains emails.
>>
>> Appreciate discussions and help.
>>
>>
>> On Fri, Sep 27, 2019 at 11:51 PM Eric Broch 
>> wrote:
>>
>>> DKIM is not DomainKeys
>>>
>>>
>>> On 9/27/2019 3:54 AM, ChandranManikandan wrote:
>>>
>>> Hi Eric,
>>>
>>> I have setup Global key (default for all domains)from your link and
>>> also configured in dns server then i checked in mxtoolbox and getting the
>>> result of the domain key. after that i tried to send an email to gmail it
>>> is showing the error. the email header is below.
>>>
>>> Do i need to follow the all 4 steps.
>>>
>>> I will wait one day for the dns propagation and will update you.
>>> Meanwhile could you look at the message header below.
>>>
>>> Delivered-To: kand...@gmail.com
>>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
>>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>>> X-Google-Smtp-Source: 
>>> APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
>>> X-Received: by 2002:a65:5043:: with SMTP id 
>>> k3mr8485146pgo.406.1569577595481;
>>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>>> ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
>>> d=google.com; s=arc-20160816;
>>> b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
>>>  
>>> YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
>>>  
>>> +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
>>>  
>>> KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
>>>  
>>> PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
>>>  zMzQ==
>>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
>>> s=arc-20160816;
>>> h=importance:content-transfer-encoding:mime-version:user-agent:to
>>>  :from:subject:date:message-id:dkim-signature;
>>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>>> b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
>>>  
>>> O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
>>>  
>>> xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
>>>  
>>>

Re: [qmailtoaster] DKIM and SPF configurations

2019-09-29 Thread Eric Broch 
The latest qmail implementation (development tree) has a spam throttle (not
tested) which you can read about here (http://spamthrottle.qmail.ca) to see
if it will fit your needs.
Eric

On Sun, Sep 29, 2019 at 2:23 AM Tahnan Al Anas  wrote:

> Hi Eric,
>
> Is there any way we can implement per hour mail limit per user per domain?
> Exim has this feature.
>
>
> --
> --
>
> Best Regards
> Muhammad Tahnan Al Anas
>
>
> On Sat, Sep 28, 2019 at 11:29 PM Eric Broch  wrote:
>
>> Hi Gary,
>>
>> If you have spf, and dkim set up the only other thing you might do is add
>> a dmarc record and make sure all servers sending email are included in you
>> spf record. I decided to allow spamassassin to check dkim as well and don't
>> think it would be wise to reject email in absence of such a record.
>>
>> Eric
>>
>> On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling  wrote:
>>
>>>
>>> The recent questions about setting up DKIM prompted me to review my
>>> setup and see if I needed to tighten things up a bit. ALL of my config
>>> surrounding these things is very old, so what are the best practices in
>>> 2019?
>>>
>>>
>>> On the receiving side of things, my server has spfbehavior set to 2 and
>>> I believe the default is 3. I seem to recall many years ago having problems
>>> rejecting email, that I didn't want rejected, with it set to 3. But that's
>>> been so long ago, it's not worth considering. Do most of you have it set to
>>> 3? And have you had any problems with that if you do?
>>>
>>>
>>> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears
>>> that spamassassin just assigns a score if there is a DKIM_INVALID situation
>>> and that score seems to be pretty low. Is this really the right way to
>>> handle receiving messages where DKIM is concerned? I'm sure there is a way
>>> to increase the DKIM_INVALID score, but not sure of the ramifications of
>>> that. Do any of you change those settings? Or do DKIM checking somewhere
>>> else for improvements?
>>>
>>>
>>> On the outbound side of things.
>>>
>>> For my DNS, I have SPF records that have been there for years, that
>>> affects other domains receiving mail from my server. So not sure how much
>>> good it does, but it's there.
>>>
>>>
>>> I do not have DKIM set up. Many years ago it seemed pretty useless from
>>> what I read, so I didn't bother with it. From what I understand, if the
>>> receiving end doesn't check for DKIM, then it does nothing. Or like in my
>>> servers case, it just adds a tiny bit of score to spamassasin, so minimal
>>> help. But maybe enough are doing something more robust now for it to be
>>> useful. Maybe I should implement this now?
>>>
>>>
>>> What are everyone's thoughts on all this in 2019? Should I be doing
>>> stricter checking of spf? Does DKIM actually provide a useful service? And
>>> are there better ways to handle DKIM checking?
>>>
>>>
>>> All discussion and help is greatly appreciated!
>>>
>>>
>>> Thanks Gary
>>> --
>>> 
>>> Gary Bowling
>>> The Moderns on Spotify
>>> 
>>> 
>>> - To
>>> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
>>> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>

Re: [qmailtoaster] spam folder into gmail

2019-09-29 Thread Eric Broch 
Step 2) from http://www.qmailtoaster.com/dkim.html

At the command line first create the key and txt record for the domain you
want signed (replace otherdomain.com with the domain you want in every
command below).
So if your domain is mydomain.com the command would be, '# dknewkey
/var/qmail/control/dkim/mydomain.com.key 1024 >
/var/qmail/control/dkim/mydomain.com.txt'
# dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 >
/var/qmail/control/dkim/otherdomain.com.txt

At command line change the selector in the txt record from
'otherdomain.com.key._domainkey'  to  'dkim1._domainkey'
# perl -pi -e 's/^.*\.key/dkim1/'
/var/qmail/control/dkim/otherdomain.com.txt

Check the file to see if substitution happened.
# cat /var/qmail/control/dkim/otherdomain.com.txt
   dkim1._domainkey   IN  TXT "k=rsa;
p=**"


Create DNS TXT record for otherdomain.com using the output from the text
file 'otherdomain.com.txt' where your DNS settings are managed, usually
your ISP (mine are Godaddy).
   HostText
   dkim1._domainkey   IN   TXT v=DKIM1; k=rsa;
p=*

Edit the signature file and add your domain. This is what the perl script
'qmail-remote' will read and then call the original qmail-remote now
renamed to qmail-remote.orig.
# vi /var/qmail/control/dkim/signconf.xml
  


  

So file looks like this:


  
  

  
  


  



Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com
with your domain).
# yum install epel-release opendkim
# opendkim-testkey - -d otherdomain.com  -k
/var/qmail/control/dkim/otherdomain.com.key -s dkim1

On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan 
wrote:

> Hi Eric,
>
> How do i implement DKIM for my domain. Really need your help.
> I have followed your 1 step only. do i need to follow all the four steps
> and how do i configure in DNS server.
> why the gmail marked into spam folder of my domains emails.
>
> Appreciate discussions and help.
>
>
> On Fri, Sep 27, 2019 at 11:51 PM Eric Broch 
> wrote:
>
>> DKIM is not DomainKeys
>>
>>
>> On 9/27/2019 3:54 AM, ChandranManikandan wrote:
>>
>> Hi Eric,
>>
>> I have setup Global key (default for all domains)from your link and also
>> configured in dns server then i checked in mxtoolbox and getting the result
>> of the domain key. after that i tried to send an email to gmail it is
>> showing the error. the email header is below.
>>
>> Do i need to follow the all 4 steps.
>>
>> I will wait one day for the dns propagation and will update you.
>> Meanwhile could you look at the message header below.
>>
>> Delivered-To: kand...@gmail.com
>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>> X-Google-Smtp-Source: 
>> APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
>> X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481;
>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>> ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
>> d=google.com; s=arc-20160816;
>> b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
>>  YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
>>  +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
>>  KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
>>  PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
>>  zMzQ==
>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
>> s=arc-20160816;
>> h=importance:content-transfer-encoding:mime-version:user-agent:to
>>  :from:subject:date:message-id:dkim-signature;
>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>> b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
>>  O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
>>  xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
>>  a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
>>  BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
>>  zbSg==
>> ARC-Authentication-Results: i=1; mx.google.com;
>>dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
>> header.s=dkim1 header.b=ia7qahkm;
>>spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>> designates 49.128.33.86 as permitted sender) 
>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>dmarc=pass (p=NONE sp=NONE dis=NONE) 
>> header.from=reliancehrconsulting.com
>> Return-Path: 
>> Received: from mail.pan-asia.in ([49.128.33.86])
>> by mx.google.com with ESMTPS id 
>> 70si2236946plc.139.2019.09.27.02.46.34
>> for 
>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>>

Re: [qmailtoaster] spam folder into gmail

2019-09-29 Thread ChandranManikandan 
Hi Eric,

How do i implement DKIM for my domain. Really need your help.
I have followed your 1 step only. do i need to follow all the four steps
and how do i configure in DNS server.
why the gmail marked into spam folder of my domains emails.

Appreciate discussions and help.


On Fri, Sep 27, 2019 at 11:51 PM Eric Broch  wrote:

> DKIM is not DomainKeys
>
>
> On 9/27/2019 3:54 AM, ChandranManikandan wrote:
>
> Hi Eric,
>
> I have setup Global key (default for all domains)from your link and also
> configured in dns server then i checked in mxtoolbox and getting the result
> of the domain key. after that i tried to send an email to gmail it is
> showing the error. the email header is below.
>
> Do i need to follow the all 4 steps.
>
> I will wait one day for the dns propagation and will update you.
> Meanwhile could you look at the message header below.
>
> Delivered-To: kand...@gmail.com
> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
> X-Google-Smtp-Source: 
> APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
> X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481;
> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
> d=google.com; s=arc-20160816;
> b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
>  YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
>  +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
>  KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
>  PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
>  zMzQ==
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
> s=arc-20160816;
> h=importance:content-transfer-encoding:mime-version:user-agent:to
>  :from:subject:date:message-id:dkim-signature;
> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
> b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
>  O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
>  xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
>  a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
>  BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
>  zbSg==
> ARC-Authentication-Results: i=1; mx.google.com;
>dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
> header.s=dkim1 header.b=ia7qahkm;
>spf=pass (google.com: domain of m...@reliancehrconsulting.com 
> designates 49.128.33.86 as permitted sender) 
> smtp.mailfrom=m...@reliancehrconsulting.com;
>dmarc=pass (p=NONE sp=NONE dis=NONE) 
> header.from=reliancehrconsulting.com
> Return-Path: 
> Received: from mail.pan-asia.in ([49.128.33.86])
> by mx.google.com with ESMTPS id 70si2236946plc.139.2019.09.27.02.46.34
> for 
> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
> Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
> Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
> Authentication-Results: mx.google.com;
>dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
> header.s=dkim1 header.b=ia7qahkm;
>spf=pass (google.com: domain of m...@reliancehrconsulting.com 
> designates 49.128.33.86 as permitted sender) 
> smtp.mailfrom=m...@reliancehrconsulting.com;
>dmarc=pass (p=NONE sp=NONE dis=NONE) 
> header.from=reliancehrconsulting.com
> DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in; h= 
> message-id:date:subject:from:to:mime-version:content-type 
> :content-transfer-encoding; s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; 
> b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O 
> UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE 
> RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
> Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -
> Received: from unknown (HELO mail.reliancehrconsulting.com) 
> (m...@reliancehrconsulting.com@127.0.0.1)
>   by mail.pan-asia.in with ESMTPA; 27 Sep 2019 09:46:33 -
> Received: from 129.126.169.22
> (SquirrelMail authenticated user m...@reliancehrconsulting.com)
> by mail.reliancehrconsulting.com with HTTP;
> Fri, 27 Sep 2019 17:46:33 +0800
> Message-ID: 
> <21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com>
> Date: Fri, 27 Sep 2019 17:46:33 +0800
> Subject: test
> From: m...@reliancehrconsulting.com
> To: kand...@gmail.com
> User-Agent: SquirrelMail/1.4.22-0.qt.el6
> MIME-Version: 1.0
> Content-Type: text/plain;charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> Importance: Normal
>
> test
>
>
>
>
> On Fri, Sep 27, 2019 at 2:53

Re: [qmailtoaster] DKIM and SPF configurations

2019-09-29 Thread Tahnan Al Anas 
Hi Eric,

Is there any way we can implement per hour mail limit per user per domain?
Exim has this feature.


--
--

Best Regards
Muhammad Tahnan Al Anas


On Sat, Sep 28, 2019 at 11:29 PM Eric Broch  wrote:

> Hi Gary,
>
> If you have spf, and dkim set up the only other thing you might do is add
> a dmarc record and make sure all servers sending email are included in you
> spf record. I decided to allow spamassassin to check dkim as well and don't
> think it would be wise to reject email in absence of such a record.
>
> Eric
>
> On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling  wrote:
>
>>
>> The recent questions about setting up DKIM prompted me to review my setup
>> and see if I needed to tighten things up a bit. ALL of my config
>> surrounding these things is very old, so what are the best practices in
>> 2019?
>>
>>
>> On the receiving side of things, my server has spfbehavior set to 2 and I
>> believe the default is 3. I seem to recall many years ago having problems
>> rejecting email, that I didn't want rejected, with it set to 3. But that's
>> been so long ago, it's not worth considering. Do most of you have it set to
>> 3? And have you had any problems with that if you do?
>>
>>
>> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears
>> that spamassassin just assigns a score if there is a DKIM_INVALID situation
>> and that score seems to be pretty low. Is this really the right way to
>> handle receiving messages where DKIM is concerned? I'm sure there is a way
>> to increase the DKIM_INVALID score, but not sure of the ramifications of
>> that. Do any of you change those settings? Or do DKIM checking somewhere
>> else for improvements?
>>
>>
>> On the outbound side of things.
>>
>> For my DNS, I have SPF records that have been there for years, that
>> affects other domains receiving mail from my server. So not sure how much
>> good it does, but it's there.
>>
>>
>> I do not have DKIM set up. Many years ago it seemed pretty useless from
>> what I read, so I didn't bother with it. From what I understand, if the
>> receiving end doesn't check for DKIM, then it does nothing. Or like in my
>> servers case, it just adds a tiny bit of score to spamassasin, so minimal
>> help. But maybe enough are doing something more robust now for it to be
>> useful. Maybe I should implement this now?
>>
>>
>> What are everyone's thoughts on all this in 2019? Should I be doing
>> stricter checking of spf? Does DKIM actually provide a useful service? And
>> are there better ways to handle DKIM checking?
>>
>>
>> All discussion and help is greatly appreciated!
>>
>>
>> Thanks Gary
>> --
>> 
>> Gary Bowling
>> The Moderns on Spotify
>> 
>> 
>> - To
>> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
>> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>