Re: [qmailtoaster] Emails to Spam folder

2019-09-06 Thread Eric Broch 

Can you clarify?

On 9/6/2019 12:30 PM, Remo Mattei wrote:

Ok guys question I found this tool

https://toolbox.googleapps.com/apps/checkmx/check?domain=mattei.org&dkim_selector=DKIM1

Which if I add the DKIM optional as DKIM1 then it does not complain 
but if I leave it empty it does and I think that’s what Google is 
using to check some of those issues.. What would be the best way to 
setup this up with going out with DKIM instead of DKIM just editing 
the file?


Thanks

On Aug 30, 2019, at 09:18, Eric Broch > wrote:


Thanks, Andrew.

I was testing my DKIM record with all my email client interfaces 
against Gmail, all passed except Roundcube sending in text format. 
Roundcube sending in html format passed DKIM check at Gmail. Posted a 
question about it on the Roundcube mailling list and never got back 
to it. Anyway, strange DKIM reject.


Eric

On Fri, Aug 30, 2019 at 10:12 AM Andrew Swartz 
mailto:awswa...@acsalaska.net>> wrote:


I send a lot of email to people with gmail accounts.  I can
testify that
gmail will send you a daily DMARC report with pass/fail stats for
the
preceeding 24 hours.  This was really cool at first.  I turned it
off
(i.e. changed the DMARC record) after about 2-3 wks because it
quickly
became an annoyance.

Gmail definitely follows the rules that you specify.  If you specify
"reject", it will reject any email which fails the spf check or
where
the dkim signature does not verify.  Mine has been set to
"reject" for a
couple years.  But you should leave it set to "none" for a couple
weeks
and read the reports to make darn sure that everything is working
properly.

When I was monitoring this, I was surprised that about 5% of
emails end
up with an invalid DKIM signature for unclear reasons.  But it is
not a
problem when the receiving servers check the signature during the
smtp
transaction and reject the mail, because the sending server will
just
try again and it will go through then.  But if the receiving server
accepts the mail and filters it after the transaction, and the dkim
signature fails to verify, the mail will likely get a bad rating
and go
to a spam folder.

-Andy


On 8/30/2019 7:36 AM, Eric Broch wrote:
> Hi Chandran,
>
> This email landed in my spam folder sorry to say (gmail).
>
> Never set up a DMARC record...any tutorials you recommend (anyone)?
>
> Eric
>
> On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan
 > wrote:
>
>     Hi Friends,
>
>     I have updated SPF and DMARC record into my DNS server
after that
>     the email is delivered to inbox instead spam/junk folder.
>
>     Please try to create SPF and DMARC record in your DNS servers
>
>     On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
>      wrote:
>
>         Hi Friends,
>
>         As per Andrew stats, i have checked all those points in
my server.
>         I have installed letsencrypt certificate in past two years
>         without any issue and spf record validated and
configured on the
>         DNS server.
>         DKIM also installed on my server well.
>
>         When users send an email to gmail, some emails are going to
>         inbox and some going to spam with the same my domain.
>
>         I have no clue to setup the dmarc record in the dns server.
>
>         Could anyone help me for the process of creating dmarc
record.
>         Do i need to create my server or dns server.
>
>         My domain result for the reputation.
>
>         MEDIUM REPUTATION
>
>         Not suspicious. We have not seen any direct references
to this
>         email address, but the sender domain is highly
reputable, and
>         the email is deliverable. We've observed no malicious or
>         suspicious activity from this address.
>
>         curl emailrep.io/m...@panasiagroup.net
>
>         {
>
>         "email": "x...@xxx.net",
>
>         "reputation": "medium",
>
>         "suspicious": false,
>
>         "references": 0,
>
>         "details": {
>
>         "blacklisted": false,
>
>         "malicious_activity": false,
>
>         "malicious_activity_recent": false,
>
>         "credentials_leaked": false,
>
>         "credentials_leaked_recent": false,
>
>         "data_breach": false,
>
>         "first_seen": "never",
>
>         "last_seen": "never",
>
>         "domain_exists": true,
>
>         "domain_reputation": "high",
>
>         "new_domain": false,
>
>         "days_since_domain_creation": 5524,
>
>         "suspicious_tld": false,
>

Re: [qmailtoaster] Emails to Spam folder

2019-09-06 Thread Remo Mattei 
Just an update. 

Looks like Apple Mail is broken and does not pass the right DKIM info. I tested 
Outlook :( and that just shows up correctly.

Remo 

> On Sep 6, 2019, at 11:30, Remo Mattei  wrote:
> 
> Ok guys question I found this tool
> 
> https://toolbox.googleapps.com/apps/checkmx/check?domain=mattei.org&dkim_selector=DKIM1
>  
> 
> 
> Which if I add the DKIM optional as DKIM1 then it does not complain but if I 
> leave it empty it does and I think that’s what Google is using to check some 
> of those issues.. What would be the best way to setup this up with going out 
> with DKIM instead of DKIM just editing the file?
> 
> Thanks 
> 
>> On Aug 30, 2019, at 09:18, Eric Broch > > wrote:
>> 
>> Thanks, Andrew.
>> 
>> I was testing my DKIM record with all my email client interfaces against 
>> Gmail, all passed except Roundcube sending in text format. Roundcube sending 
>> in html format passed DKIM check at Gmail. Posted a question about it on the 
>> Roundcube mailling list and never got back to it. Anyway, strange DKIM 
>> reject.
>> 
>> Eric
>> 
>> On Fri, Aug 30, 2019 at 10:12 AM Andrew Swartz > > wrote:
>> I send a lot of email to people with gmail accounts.  I can testify that 
>> gmail will send you a daily DMARC report with pass/fail stats for the 
>> preceeding 24 hours.  This was really cool at first.  I turned it off 
>> (i.e. changed the DMARC record) after about 2-3 wks because it quickly 
>> became an annoyance.
>> 
>> Gmail definitely follows the rules that you specify.  If you specify 
>> "reject", it will reject any email which fails the spf check or where 
>> the dkim signature does not verify.  Mine has been set to "reject" for a 
>> couple years.  But you should leave it set to "none" for a couple weeks 
>> and read the reports to make darn sure that everything is working properly.
>> 
>> When I was monitoring this, I was surprised that about 5% of emails end 
>> up with an invalid DKIM signature for unclear reasons.  But it is not a 
>> problem when the receiving servers check the signature during the smtp 
>> transaction and reject the mail, because the sending server will just 
>> try again and it will go through then.  But if the receiving server 
>> accepts the mail and filters it after the transaction, and the dkim 
>> signature fails to verify, the mail will likely get a bad rating and go 
>> to a spam folder.
>> 
>> -Andy
>> 
>> 
>> On 8/30/2019 7:36 AM, Eric Broch wrote:
>> > Hi Chandran,
>> > 
>> > This email landed in my spam folder sorry to say (gmail).
>> > 
>> > Never set up a DMARC record...any tutorials you recommend (anyone)?
>> > 
>> > Eric
>> > 
>> > On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan  
>> > >> wrote:
>> > 
>> > Hi Friends,
>> > 
>> > I have updated SPF and DMARC record into my DNS server after that
>> > the email is delivered to inbox instead spam/junk folder.
>> > 
>> > Please try to create SPF and DMARC record in your DNS servers
>> > 
>> > On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
>> > > wrote:
>> > 
>> > Hi Friends,
>> > 
>> > As per Andrew stats, i have checked all those points in my server.
>> > I have installed letsencrypt certificate in past two years
>> > without any issue and spf record validated and configured on the
>> > DNS server.
>> > DKIM also installed on my server well.
>> > 
>> > When users send an email to gmail, some emails are going to
>> > inbox and some going to spam with the same my domain.
>> > 
>> > I have no clue to setup the dmarc record in the dns server.
>> > 
>> > Could anyone help me for the process of creating dmarc record.
>> > Do i need to create my server or dns server.
>> > 
>> > My domain result for the reputation.
>> > 
>> > MEDIUM REPUTATION
>> > 
>> > Not suspicious. We have not seen any direct references to this
>> > email address, but the sender domain is highly reputable, and
>> > the email is deliverable. We've observed no malicious or
>> > suspicious activity from this address.
>> > 
>> > curl emailrep.io/m...@panasiagroup.net <>
>> > 
>> > {
>> > 
>> > "email": "x...@xxx.net <>",
>> > 
>> > "reputation": "medium",
>> > 
>> > "suspicious": false,
>> > 
>> > "references": 0,
>> > 
>> > "details": {
>> > 
>> > "blacklisted": false,
>> > 
>> > "malicious_activity": false,
>> > 
>> > "malicious_activity_recent": false,
>> > 
>> > "credentials_leaked": false,
>> > 
>> > "credentials_leaked_recent": false,
>> > 
>> > "data_breach": false,
>> > 
>> > "first_seen": "never",
>> > 
>> > "last_seen": "never",
>> > 
>> > "domain_exists": true,

Re: [qmailtoaster] Emails to Spam folder

2019-09-06 Thread Remo Mattei 
Ok guys question I found this tool

https://toolbox.googleapps.com/apps/checkmx/check?domain=mattei.org&dkim_selector=DKIM1
 


Which if I add the DKIM optional as DKIM1 then it does not complain but if I 
leave it empty it does and I think that’s what Google is using to check some of 
those issues.. What would be the best way to setup this up with going out with 
DKIM instead of DKIM just editing the file?

Thanks 

> On Aug 30, 2019, at 09:18, Eric Broch  > wrote:
> 
> Thanks, Andrew.
> 
> I was testing my DKIM record with all my email client interfaces against 
> Gmail, all passed except Roundcube sending in text format. Roundcube sending 
> in html format passed DKIM check at Gmail. Posted a question about it on the 
> Roundcube mailling list and never got back to it. Anyway, strange DKIM reject.
> 
> Eric
> 
> On Fri, Aug 30, 2019 at 10:12 AM Andrew Swartz  > wrote:
> I send a lot of email to people with gmail accounts.  I can testify that 
> gmail will send you a daily DMARC report with pass/fail stats for the 
> preceeding 24 hours.  This was really cool at first.  I turned it off 
> (i.e. changed the DMARC record) after about 2-3 wks because it quickly 
> became an annoyance.
> 
> Gmail definitely follows the rules that you specify.  If you specify 
> "reject", it will reject any email which fails the spf check or where 
> the dkim signature does not verify.  Mine has been set to "reject" for a 
> couple years.  But you should leave it set to "none" for a couple weeks 
> and read the reports to make darn sure that everything is working properly.
> 
> When I was monitoring this, I was surprised that about 5% of emails end 
> up with an invalid DKIM signature for unclear reasons.  But it is not a 
> problem when the receiving servers check the signature during the smtp 
> transaction and reject the mail, because the sending server will just 
> try again and it will go through then.  But if the receiving server 
> accepts the mail and filters it after the transaction, and the dkim 
> signature fails to verify, the mail will likely get a bad rating and go 
> to a spam folder.
> 
> -Andy
> 
> 
> On 8/30/2019 7:36 AM, Eric Broch wrote:
> > Hi Chandran,
> > 
> > This email landed in my spam folder sorry to say (gmail).
> > 
> > Never set up a DMARC record...any tutorials you recommend (anyone)?
> > 
> > Eric
> > 
> > On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan  
> > >> wrote:
> > 
> > Hi Friends,
> > 
> > I have updated SPF and DMARC record into my DNS server after that
> > the email is delivered to inbox instead spam/junk folder.
> > 
> > Please try to create SPF and DMARC record in your DNS servers
> > 
> > On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
> > > wrote:
> > 
> > Hi Friends,
> > 
> > As per Andrew stats, i have checked all those points in my server.
> > I have installed letsencrypt certificate in past two years
> > without any issue and spf record validated and configured on the
> > DNS server.
> > DKIM also installed on my server well.
> > 
> > When users send an email to gmail, some emails are going to
> > inbox and some going to spam with the same my domain.
> > 
> > I have no clue to setup the dmarc record in the dns server.
> > 
> > Could anyone help me for the process of creating dmarc record.
> > Do i need to create my server or dns server.
> > 
> > My domain result for the reputation.
> > 
> > MEDIUM REPUTATION
> > 
> > Not suspicious. We have not seen any direct references to this
> > email address, but the sender domain is highly reputable, and
> > the email is deliverable. We've observed no malicious or
> > suspicious activity from this address.
> > 
> > curl emailrep.io/m...@panasiagroup.net <>
> > 
> > {
> > 
> > "email": "x...@xxx.net <>",
> > 
> > "reputation": "medium",
> > 
> > "suspicious": false,
> > 
> > "references": 0,
> > 
> > "details": {
> > 
> > "blacklisted": false,
> > 
> > "malicious_activity": false,
> > 
> > "malicious_activity_recent": false,
> > 
> > "credentials_leaked": false,
> > 
> > "credentials_leaked_recent": false,
> > 
> > "data_breach": false,
> > 
> > "first_seen": "never",
> > 
> > "last_seen": "never",
> > 
> > "domain_exists": true,
> > 
> > "domain_reputation": "high",
> > 
> > "new_domain": false,
> > 
> > "days_since_domain_creation": 5524,
> > 
> > "suspicious_tld": false,
> > 
> > "spam": false,
> > 
> > "free_provider": false,
> > 
> > "disposable": false,
> > 
> > "deliverable": true,
> > 
> > "acc

Re: [qmailtoaster] Emails to Spam folder

2019-08-30 Thread Eric Broch 
Thanks, Andrew.

I was testing my DKIM record with all my email client interfaces against
Gmail, all passed except Roundcube sending in text format. Roundcube
sending in html format passed DKIM check at Gmail. Posted a question about
it on the Roundcube mailling list and never got back to it. Anyway, strange
DKIM reject.

Eric

On Fri, Aug 30, 2019 at 10:12 AM Andrew Swartz 
wrote:

> I send a lot of email to people with gmail accounts.  I can testify that
> gmail will send you a daily DMARC report with pass/fail stats for the
> preceeding 24 hours.  This was really cool at first.  I turned it off
> (i.e. changed the DMARC record) after about 2-3 wks because it quickly
> became an annoyance.
>
> Gmail definitely follows the rules that you specify.  If you specify
> "reject", it will reject any email which fails the spf check or where
> the dkim signature does not verify.  Mine has been set to "reject" for a
> couple years.  But you should leave it set to "none" for a couple weeks
> and read the reports to make darn sure that everything is working properly.
>
> When I was monitoring this, I was surprised that about 5% of emails end
> up with an invalid DKIM signature for unclear reasons.  But it is not a
> problem when the receiving servers check the signature during the smtp
> transaction and reject the mail, because the sending server will just
> try again and it will go through then.  But if the receiving server
> accepts the mail and filters it after the transaction, and the dkim
> signature fails to verify, the mail will likely get a bad rating and go
> to a spam folder.
>
> -Andy
>
>
> On 8/30/2019 7:36 AM, Eric Broch wrote:
> > Hi Chandran,
> >
> > This email landed in my spam folder sorry to say (gmail).
> >
> > Never set up a DMARC record...any tutorials you recommend (anyone)?
> >
> > Eric
> >
> > On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan  > > wrote:
> >
> > Hi Friends,
> >
> > I have updated SPF and DMARC record into my DNS server after that
> > the email is delivered to inbox instead spam/junk folder.
> >
> > Please try to create SPF and DMARC record in your DNS servers
> >
> > On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
> >  wrote:
> >
> > Hi Friends,
> >
> > As per Andrew stats, i have checked all those points in my
> server.
> > I have installed letsencrypt certificate in past two years
> > without any issue and spf record validated and configured on the
> > DNS server.
> > DKIM also installed on my server well.
> >
> > When users send an email to gmail, some emails are going to
> > inbox and some going to spam with the same my domain.
> >
> > I have no clue to setup the dmarc record in the dns server.
> >
> > Could anyone help me for the process of creating dmarc record.
> > Do i need to create my server or dns server.
> >
> > My domain result for the reputation.
> >
> > MEDIUM REPUTATION
> >
> > Not suspicious. We have not seen any direct references to this
> > email address, but the sender domain is highly reputable, and
> > the email is deliverable. We've observed no malicious or
> > suspicious activity from this address.
> >
> > curl emailrep.io/m...@panasiagroup.net
> >
> > {
> >
> > "email": "x...@xxx.net",
> >
> > "reputation": "medium",
> >
> > "suspicious": false,
> >
> > "references": 0,
> >
> > "details": {
> >
> > "blacklisted": false,
> >
> > "malicious_activity": false,
> >
> > "malicious_activity_recent": false,
> >
> > "credentials_leaked": false,
> >
> > "credentials_leaked_recent": false,
> >
> > "data_breach": false,
> >
> > "first_seen": "never",
> >
> > "last_seen": "never",
> >
> > "domain_exists": true,
> >
> > "domain_reputation": "high",
> >
> > "new_domain": false,
> >
> > "days_since_domain_creation": 5524,
> >
> > "suspicious_tld": false,
> >
> > "spam": false,
> >
> > "free_provider": false,
> >
> > "disposable": false,
> >
> > "deliverable": true,
> >
> > "accept_all": false,
> >
> > "valid_mx": true,
> >
> > "spoofable": true,
> >
> > "spf_strict": true,
> >
> > "dmarc_enforced": false,
> >
> > "profiles": []
> >
> > }
> >
> > }
> >
> >
> > Appreciate of all your supporting.
> >
> >
> > On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz
> >  wrote:
> >
> > This seems an issue mostly with server "suspiciousness", of
> > which
> > reputation is a component.
> >
> > Of the factors effecting suspiciousness, only two are local
> > to the smtp
> > server:
> > 1.  DKIM signatures
> > 2.  TLS certificates

Re: [qmailtoaster] Emails to Spam folder

2019-08-30 Thread Andrew Swartz 
I send a lot of email to people with gmail accounts.  I can testify that 
gmail will send you a daily DMARC report with pass/fail stats for the 
preceeding 24 hours.  This was really cool at first.  I turned it off 
(i.e. changed the DMARC record) after about 2-3 wks because it quickly 
became an annoyance.


Gmail definitely follows the rules that you specify.  If you specify 
"reject", it will reject any email which fails the spf check or where 
the dkim signature does not verify.  Mine has been set to "reject" for a 
couple years.  But you should leave it set to "none" for a couple weeks 
and read the reports to make darn sure that everything is working properly.


When I was monitoring this, I was surprised that about 5% of emails end 
up with an invalid DKIM signature for unclear reasons.  But it is not a 
problem when the receiving servers check the signature during the smtp 
transaction and reject the mail, because the sending server will just 
try again and it will go through then.  But if the receiving server 
accepts the mail and filters it after the transaction, and the dkim 
signature fails to verify, the mail will likely get a bad rating and go 
to a spam folder.


-Andy


On 8/30/2019 7:36 AM, Eric Broch wrote:

Hi Chandran,

This email landed in my spam folder sorry to say (gmail).

Never set up a DMARC record...any tutorials you recommend (anyone)?

Eric

On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan > wrote:


Hi Friends,

I have updated SPF and DMARC record into my DNS server after that
the email is delivered to inbox instead spam/junk folder.

Please try to create SPF and DMARC record in your DNS servers

On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
 wrote:

Hi Friends,

As per Andrew stats, i have checked all those points in my server.
I have installed letsencrypt certificate in past two years
without any issue and spf record validated and configured on the
DNS server.
DKIM also installed on my server well.

When users send an email to gmail, some emails are going to
inbox and some going to spam with the same my domain.

I have no clue to setup the dmarc record in the dns server.

Could anyone help me for the process of creating dmarc record.
Do i need to create my server or dns server.

My domain result for the reputation.

MEDIUM REPUTATION

Not suspicious. We have not seen any direct references to this
email address, but the sender domain is highly reputable, and
the email is deliverable. We've observed no malicious or
suspicious activity from this address.

curl emailrep.io/m...@panasiagroup.net

{

"email": "x...@xxx.net",

"reputation": "medium",

"suspicious": false,

"references": 0,

"details": {

"blacklisted": false,

"malicious_activity": false,

"malicious_activity_recent": false,

"credentials_leaked": false,

"credentials_leaked_recent": false,

"data_breach": false,

"first_seen": "never",

"last_seen": "never",

"domain_exists": true,

"domain_reputation": "high",

"new_domain": false,

"days_since_domain_creation": 5524,

"suspicious_tld": false,

"spam": false,

"free_provider": false,

"disposable": false,

"deliverable": true,

"accept_all": false,

"valid_mx": true,

"spoofable": true,

"spf_strict": true,

"dmarc_enforced": false,

"profiles": []

}

}


Appreciate of all your supporting.


On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz
 wrote:

This seems an issue mostly with server "suspiciousness", of
which
reputation is a component.

Of the factors effecting suspiciousness, only two are local
to the smtp
server:
1.  DKIM signatures
2.  TLS certificates

To address these, confirm that both are working properly:
1.  DKIM: send an email to a "dkim reflector" and then
examine the email
you get back.  This pages discusses:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html

2.  Use a proper TLS certificate.  By proper, I mean one
that verifies.
Therefore you need to either purchase one or use "Let's
Encrypt".  I've
been using Lets Encrypt certs for the last year without any
problems.
Setting up the client is not difficult, and it subsequently
auto-renews
every 60 days.

The remaining factors are outside your server, but just as
important:
1.  Rever

Re: [qmailtoaster] Emails to Spam folder

2019-08-30 Thread Andrew Swartz 

https://www.techrepublic.com/blog/google-in-the-enterprise/reduce-spoofed-email-from-your-domain-with-dmarc/

-Andy



On 8/30/2019 7:36 AM, Eric Broch wrote:

Hi Chandran,

This email landed in my spam folder sorry to say (gmail).

Never set up a DMARC record...any tutorials you recommend (anyone)?

Eric

On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan > wrote:


Hi Friends,

I have updated SPF and DMARC record into my DNS server after that
the email is delivered to inbox instead spam/junk folder.

Please try to create SPF and DMARC record in your DNS servers

On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan
 wrote:

Hi Friends,

As per Andrew stats, i have checked all those points in my server.
I have installed letsencrypt certificate in past two years
without any issue and spf record validated and configured on the
DNS server.
DKIM also installed on my server well.

When users send an email to gmail, some emails are going to
inbox and some going to spam with the same my domain.

I have no clue to setup the dmarc record in the dns server.

Could anyone help me for the process of creating dmarc record.
Do i need to create my server or dns server.

My domain result for the reputation.

MEDIUM REPUTATION

Not suspicious. We have not seen any direct references to this
email address, but the sender domain is highly reputable, and
the email is deliverable. We've observed no malicious or
suspicious activity from this address.

curl emailrep.io/m...@panasiagroup.net

{

"email": "x...@xxx.net",

"reputation": "medium",

"suspicious": false,

"references": 0,

"details": {

"blacklisted": false,

"malicious_activity": false,

"malicious_activity_recent": false,

"credentials_leaked": false,

"credentials_leaked_recent": false,

"data_breach": false,

"first_seen": "never",

"last_seen": "never",

"domain_exists": true,

"domain_reputation": "high",

"new_domain": false,

"days_since_domain_creation": 5524,

"suspicious_tld": false,

"spam": false,

"free_provider": false,

"disposable": false,

"deliverable": true,

"accept_all": false,

"valid_mx": true,

"spoofable": true,

"spf_strict": true,

"dmarc_enforced": false,

"profiles": []

}

}


Appreciate of all your supporting.


On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz
 wrote:

This seems an issue mostly with server "suspiciousness", of
which
reputation is a component.

Of the factors effecting suspiciousness, only two are local
to the smtp
server:
1.  DKIM signatures
2.  TLS certificates

To address these, confirm that both are working properly:
1.  DKIM: send an email to a "dkim reflector" and then
examine the email
you get back.  This pages discusses:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html

2.  Use a proper TLS certificate.  By proper, I mean one
that verifies.
Therefore you need to either purchase one or use "Let's
Encrypt".  I've
been using Lets Encrypt certs for the last year without any
problems.
Setting up the client is not difficult, and it subsequently
auto-renews
every 60 days.

The remaining factors are outside your server, but just as
important:
1.  Reverse-DNS yields same result as the domain MX record. 
This is
known as FCRDNS (forward-confirmed reverse DNS). 
Additionally, that

result must not resemble a dynamic IP address (i.e. have the
IP address
in the domain name).
2.  SPF is properly set up.
3.  DMARC set up and working properly.
4.  Age of the domain name.  If created recently, that looks
bad.
5.  Presence of IP on blacklists.  That is not hard to
check.  If you
acquired an IP recently, it's former owner may have earned
it a place on
a blacklist.  Easiest fix for that seems to be to get a
different IP.

I'm curious to hear what others might add to this.

A good place for ideas is to browse through the
spamdyke.conf file and
think about all of the things it checks.  Gmail is certainly
using
similar data points, but with neural network analysis rather

Re: [qmailtoaster] Emails to Spam folder

2019-08-30 Thread Eric Broch 
Hi Chandran,

This email landed in my spam folder sorry to say (gmail).

Never set up a DMARC record...any tutorials you recommend (anyone)?

Eric

On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan 
wrote:

> Hi Friends,
>
> I have updated SPF and DMARC record into my DNS server after that the
> email is delivered to inbox instead spam/junk folder.
>
> Please try to create SPF and DMARC record in your DNS servers
>
> On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan 
> wrote:
>
>> Hi Friends,
>>
>> As per Andrew stats, i have checked all those points in my server.
>> I have installed letsencrypt certificate in past two years without any
>> issue and spf record validated and configured on the DNS server.
>> DKIM also installed on my server well.
>>
>> When users send an email to gmail, some emails are going to inbox and
>> some going to spam with the same my domain.
>>
>> I have no clue to setup the dmarc record in the dns server.
>>
>> Could anyone help me for the process of creating dmarc record.
>> Do i need to create my server or dns server.
>>
>> My domain result for the reputation.
>>
>> MEDIUM REPUTATION
>>
>> Not suspicious. We have not seen any direct references to this email
>> address, but the sender domain is highly reputable, and the email is
>> deliverable. We've observed no malicious or suspicious activity from this
>> address.
>>
>>
>>
>> curl emailrep.io/m...@panasiagroup.net
>>
>> {
>>
>> "email": "x...@xxx.net",
>>
>> "reputation": "medium",
>>
>> "suspicious": false,
>>
>> "references": 0,
>>
>> "details": {
>>
>> "blacklisted": false,
>>
>> "malicious_activity": false,
>>
>> "malicious_activity_recent": false,
>>
>> "credentials_leaked": false,
>>
>> "credentials_leaked_recent": false,
>>
>> "data_breach": false,
>>
>> "first_seen": "never",
>>
>> "last_seen": "never",
>>
>> "domain_exists": true,
>>
>> "domain_reputation": "high",
>>
>> "new_domain": false,
>>
>> "days_since_domain_creation": 5524,
>>
>> "suspicious_tld": false,
>>
>> "spam": false,
>>
>> "free_provider": false,
>>
>> "disposable": false,
>>
>> "deliverable": true,
>>
>> "accept_all": false,
>>
>> "valid_mx": true,
>>
>> "spoofable": true,
>>
>> "spf_strict": true,
>>
>> "dmarc_enforced": false,
>>
>> "profiles": []
>>
>> }
>>
>> }
>>
>>
>> Appreciate of all your supporting.
>>
>> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz 
>> wrote:
>>
>>> This seems an issue mostly with server "suspiciousness", of which
>>> reputation is a component.
>>>
>>> Of the factors effecting suspiciousness, only two are local to the smtp
>>> server:
>>> 1.  DKIM signatures
>>> 2.  TLS certificates
>>>
>>> To address these, confirm that both are working properly:
>>> 1.  DKIM: send an email to a "dkim reflector" and then examine the email
>>> you get back.  This pages discusses:
>>>
>>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>>>
>>> 2.  Use a proper TLS certificate.  By proper, I mean one that verifies.
>>> Therefore you need to either purchase one or use "Let's Encrypt".  I've
>>> been using Lets Encrypt certs for the last year without any problems.
>>> Setting up the client is not difficult, and it subsequently auto-renews
>>> every 60 days.
>>>
>>> The remaining factors are outside your server, but just as important:
>>> 1.  Reverse-DNS yields same result as the domain MX record.  This is
>>> known as FCRDNS (forward-confirmed reverse DNS).  Additionally, that
>>> result must not resemble a dynamic IP address (i.e. have the IP address
>>> in the domain name).
>>> 2.  SPF is properly set up.
>>> 3.  DMARC set up and working properly.
>>> 4.  Age of the domain name.  If created recently, that looks bad.
>>> 5.  Presence of IP on blacklists.  That is not hard to check.  If you
>>> acquired an IP recently, it's former owner may have earned it a place on
>>> a blacklist.  Easiest fix for that seems to be to get a different IP.
>>>
>>> I'm curious to hear what others might add to this.
>>>
>>> A good place for ideas is to browse through the spamdyke.conf file and
>>> think about all of the things it checks.  Gmail is certainly using
>>> similar data points, but with neural network analysis rather than simple
>>> pass/fail rules.
>>>
>>> For those who have set up a second server to test things, there is a
>>> good chance something above is not set up or does not support the new
>>> server.  Gone are the days when you can bring a new parallel server
>>> online and start sending mails immediately.  There are lots of "i's" to
>>> dot and "t's" to cross before other servers will confidently accept your
>>> mail.
>>>
>>> Another thought:
>>> https://emailrep.io/ will give you a report about an email ADDRESS's
>>> reputation.  It is interesting.  Here is the result for mine (I

Re: [qmailtoaster] Emails to Spam folder

2019-08-28 Thread ChandranManikandan 
Hi Friends,

I have updated SPF and DMARC record into my DNS server after that the email
is delivered to inbox instead spam/junk folder.

Please try to create SPF and DMARC record in your DNS servers

On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan 
wrote:

> Hi Friends,
>
> As per Andrew stats, i have checked all those points in my server.
> I have installed letsencrypt certificate in past two years without any
> issue and spf record validated and configured on the DNS server.
> DKIM also installed on my server well.
>
> When users send an email to gmail, some emails are going to inbox and some
> going to spam with the same my domain.
>
> I have no clue to setup the dmarc record in the dns server.
>
> Could anyone help me for the process of creating dmarc record.
> Do i need to create my server or dns server.
>
> My domain result for the reputation.
>
> MEDIUM REPUTATION
>
> Not suspicious. We have not seen any direct references to this email
> address, but the sender domain is highly reputable, and the email is
> deliverable. We've observed no malicious or suspicious activity from this
> address.
>
>
>
> curl emailrep.io/m...@panasiagroup.net
>
> {
>
> "email": "x...@xxx.net",
>
> "reputation": "medium",
>
> "suspicious": false,
>
> "references": 0,
>
> "details": {
>
> "blacklisted": false,
>
> "malicious_activity": false,
>
> "malicious_activity_recent": false,
>
> "credentials_leaked": false,
>
> "credentials_leaked_recent": false,
>
> "data_breach": false,
>
> "first_seen": "never",
>
> "last_seen": "never",
>
> "domain_exists": true,
>
> "domain_reputation": "high",
>
> "new_domain": false,
>
> "days_since_domain_creation": 5524,
>
> "suspicious_tld": false,
>
> "spam": false,
>
> "free_provider": false,
>
> "disposable": false,
>
> "deliverable": true,
>
> "accept_all": false,
>
> "valid_mx": true,
>
> "spoofable": true,
>
> "spf_strict": true,
>
> "dmarc_enforced": false,
>
> "profiles": []
>
> }
>
> }
>
>
> Appreciate of all your supporting.
>
> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz 
> wrote:
>
>> This seems an issue mostly with server "suspiciousness", of which
>> reputation is a component.
>>
>> Of the factors effecting suspiciousness, only two are local to the smtp
>> server:
>> 1.  DKIM signatures
>> 2.  TLS certificates
>>
>> To address these, confirm that both are working properly:
>> 1.  DKIM: send an email to a "dkim reflector" and then examine the email
>> you get back.  This pages discusses:
>>
>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>>
>> 2.  Use a proper TLS certificate.  By proper, I mean one that verifies.
>> Therefore you need to either purchase one or use "Let's Encrypt".  I've
>> been using Lets Encrypt certs for the last year without any problems.
>> Setting up the client is not difficult, and it subsequently auto-renews
>> every 60 days.
>>
>> The remaining factors are outside your server, but just as important:
>> 1.  Reverse-DNS yields same result as the domain MX record.  This is
>> known as FCRDNS (forward-confirmed reverse DNS).  Additionally, that
>> result must not resemble a dynamic IP address (i.e. have the IP address
>> in the domain name).
>> 2.  SPF is properly set up.
>> 3.  DMARC set up and working properly.
>> 4.  Age of the domain name.  If created recently, that looks bad.
>> 5.  Presence of IP on blacklists.  That is not hard to check.  If you
>> acquired an IP recently, it's former owner may have earned it a place on
>> a blacklist.  Easiest fix for that seems to be to get a different IP.
>>
>> I'm curious to hear what others might add to this.
>>
>> A good place for ideas is to browse through the spamdyke.conf file and
>> think about all of the things it checks.  Gmail is certainly using
>> similar data points, but with neural network analysis rather than simple
>> pass/fail rules.
>>
>> For those who have set up a second server to test things, there is a
>> good chance something above is not set up or does not support the new
>> server.  Gone are the days when you can bring a new parallel server
>> online and start sending mails immediately.  There are lots of "i's" to
>> dot and "t's" to cross before other servers will confidently accept your
>> mail.
>>
>> Another thought:
>> https://emailrep.io/ will give you a report about an email ADDRESS's
>> reputation.  It is interesting.  Here is the result for mine (I replaced
>> my email address for posting):
>>
>> curl emailrep.io/first.l...@example.tld
>> {
>>  "email": "first.l...@example.tld",
>>  "reputation": "low",
>>  "suspicious": true,
>>  "references": 1,
>>  "details": {
>>  "blacklisted": false,
>>  "malicious_activity": false,
>>  "malicious_activity_recent": false,
>>

Re: [qmailtoaster] Emails to Spam folder

2019-08-28 Thread Eric Broch 
The very email I'm replying to ended up in my spam folder with this message:

Be careful with this message

Gmail could not verify that it actually came from kand...@gmail.com. Avoid
clicking links, downloading attachments, or replying with personal
information.
Report spamReport phishing

As do most email that come from kand...@gmail.com


On Tue, Aug 27, 2019 at 10:05 PM ChandranManikandan 
wrote:

> Hi Friends,
>
> As per Andrew stats, i have checked all those points in my server.
> I have installed letsencrypt certificate in past two years without any
> issue and spf record validated and configured on the DNS server.
> DKIM also installed on my server well.
>
> When users send an email to gmail, some emails are going to inbox and some
> going to spam with the same my domain.
>
> I have no clue to setup the dmarc record in the dns server.
>
> Could anyone help me for the process of creating dmarc record.
> Do i need to create my server or dns server.
>
> My domain result for the reputation.
>
> MEDIUM REPUTATION
>
> Not suspicious. We have not seen any direct references to this email
> address, but the sender domain is highly reputable, and the email is
> deliverable. We've observed no malicious or suspicious activity from this
> address.
>
>
>
> curl emailrep.io/m...@panasiagroup.net
>
> {
>
> "email": "x...@xxx.net",
>
> "reputation": "medium",
>
> "suspicious": false,
>
> "references": 0,
>
> "details": {
>
> "blacklisted": false,
>
> "malicious_activity": false,
>
> "malicious_activity_recent": false,
>
> "credentials_leaked": false,
>
> "credentials_leaked_recent": false,
>
> "data_breach": false,
>
> "first_seen": "never",
>
> "last_seen": "never",
>
> "domain_exists": true,
>
> "domain_reputation": "high",
>
> "new_domain": false,
>
> "days_since_domain_creation": 5524,
>
> "suspicious_tld": false,
>
> "spam": false,
>
> "free_provider": false,
>
> "disposable": false,
>
> "deliverable": true,
>
> "accept_all": false,
>
> "valid_mx": true,
>
> "spoofable": true,
>
> "spf_strict": true,
>
> "dmarc_enforced": false,
>
> "profiles": []
>
> }
>
> }
>
>
> Appreciate of all your supporting.
>
> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz 
> wrote:
>
>> This seems an issue mostly with server "suspiciousness", of which
>> reputation is a component.
>>
>> Of the factors effecting suspiciousness, only two are local to the smtp
>> server:
>> 1.  DKIM signatures
>> 2.  TLS certificates
>>
>> To address these, confirm that both are working properly:
>> 1.  DKIM: send an email to a "dkim reflector" and then examine the email
>> you get back.  This pages discusses:
>>
>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>>
>> 2.  Use a proper TLS certificate.  By proper, I mean one that verifies.
>> Therefore you need to either purchase one or use "Let's Encrypt".  I've
>> been using Lets Encrypt certs for the last year without any problems.
>> Setting up the client is not difficult, and it subsequently auto-renews
>> every 60 days.
>>
>> The remaining factors are outside your server, but just as important:
>> 1.  Reverse-DNS yields same result as the domain MX record.  This is
>> known as FCRDNS (forward-confirmed reverse DNS).  Additionally, that
>> result must not resemble a dynamic IP address (i.e. have the IP address
>> in the domain name).
>> 2.  SPF is properly set up.
>> 3.  DMARC set up and working properly.
>> 4.  Age of the domain name.  If created recently, that looks bad.
>> 5.  Presence of IP on blacklists.  That is not hard to check.  If you
>> acquired an IP recently, it's former owner may have earned it a place on
>> a blacklist.  Easiest fix for that seems to be to get a different IP.
>>
>> I'm curious to hear what others might add to this.
>>
>> A good place for ideas is to browse through the spamdyke.conf file and
>> think about all of the things it checks.  Gmail is certainly using
>> similar data points, but with neural network analysis rather than simple
>> pass/fail rules.
>>
>> For those who have set up a second server to test things, there is a
>> good chance something above is not set up or does not support the new
>> server.  Gone are the days when you can bring a new parallel server
>> online and start sending mails immediately.  There are lots of "i's" to
>> dot and "t's" to cross before other servers will confidently accept your
>> mail.
>>
>> Another thought:
>> https://emailrep.io/ will give you a report about an email ADDRESS's
>> reputation.  It is interesting.  Here is the result for mine (I replaced
>> my email address for posting):
>>
>> curl emailrep.io/first.l...@example.tld
>> {
>>  "email": "first.l...@example.tld",
>>  "reputation": "low",
>>  "suspicious": true,
>>  "references": 1,
>>  "

Re: [qmailtoaster] Emails to Spam folder

2019-08-27 Thread remo 
I want to setup a cert for each client with lets so there is no issue with some 
other problems I have but not sure if you can have multiple cert on dovecote 
and qmail. 

> Il giorno 27 ago 2019, alle ore 21:04, ChandranManikandan  
> ha scritto:
> 
> 
> Hi Friends,
> 
> As per Andrew stats, i have checked all those points in my server.
> I have installed letsencrypt certificate in past two years without any issue 
> and spf record validated and configured on the DNS server.
> DKIM also installed on my server well.
> 
> When users send an email to gmail, some emails are going to inbox and some 
> going to spam with the same my domain.
> 
> I have no clue to setup the dmarc record in the dns server.
> 
> Could anyone help me for the process of creating dmarc record.
> Do i need to create my server or dns server.
> 
> My domain result for the reputation.
> 
> MEDIUM REPUTATION
> Not suspicious. We have not seen any direct references to this email address, 
> but the sender domain is highly reputable, and the email is deliverable. 
> We've observed no malicious or suspicious activity from this address.
>  
> curl emailrep.io/m...@panasiagroup.net
> {
> "email": "x...@xxx.net",
> "reputation": "medium",
> "suspicious": false,
> "references": 0,
> "details": {
> "blacklisted": false,
> "malicious_activity": false,
> "malicious_activity_recent": false,
> "credentials_leaked": false,
> "credentials_leaked_recent": false,
> "data_breach": false,
> "first_seen": "never",
> "last_seen": "never",
> "domain_exists": true,
> "domain_reputation": "high",
> "new_domain": false,
> "days_since_domain_creation": 5524,
> "suspicious_tld": false,
> "spam": false,
> "free_provider": false,
> "disposable": false,
> "deliverable": true,
> "accept_all": false,
> "valid_mx": true,
> "spoofable": true,
> "spf_strict": true,
> "dmarc_enforced": false,
> "profiles": []
> }
> }
> 
> Appreciate of all your supporting.
> 
>> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz  wrote:
>> This seems an issue mostly with server "suspiciousness", of which 
>> reputation is a component.
>> 
>> Of the factors effecting suspiciousness, only two are local to the smtp 
>> server:
>> 1.  DKIM signatures
>> 2.  TLS certificates
>> 
>> To address these, confirm that both are working properly:
>> 1.  DKIM: send an email to a "dkim reflector" and then examine the email 
>> you get back.  This pages discusses:
>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>> 
>> 2.  Use a proper TLS certificate.  By proper, I mean one that verifies. 
>> Therefore you need to either purchase one or use "Let's Encrypt".  I've 
>> been using Lets Encrypt certs for the last year without any problems. 
>> Setting up the client is not difficult, and it subsequently auto-renews 
>> every 60 days.
>> 
>> The remaining factors are outside your server, but just as important:
>> 1.  Reverse-DNS yields same result as the domain MX record.  This is 
>> known as FCRDNS (forward-confirmed reverse DNS).  Additionally, that 
>> result must not resemble a dynamic IP address (i.e. have the IP address 
>> in the domain name).
>> 2.  SPF is properly set up.
>> 3.  DMARC set up and working properly.
>> 4.  Age of the domain name.  If created recently, that looks bad.
>> 5.  Presence of IP on blacklists.  That is not hard to check.  If you 
>> acquired an IP recently, it's former owner may have earned it a place on 
>> a blacklist.  Easiest fix for that seems to be to get a different IP.
>> 
>> I'm curious to hear what others might add to this.
>> 
>> A good place for ideas is to browse through the spamdyke.conf file and 
>> think about all of the things it checks.  Gmail is certainly using 
>> similar data points, but with neural network analysis rather than simple 
>> pass/fail rules.
>> 
>> For those who have set up a second server to test things, there is a 
>> good chance something above is not set up or does not support the new 
>> server.  Gone are the days when you can bring a new parallel server 
>> online and start sending mails immediately.  There are lots of "i's" to 
>> dot and "t's" to cross before other servers will confidently accept your 
>> mail.
>> 
>> Another thought:
>> https://emailrep.io/ will give you a report about an email ADDRESS's 
>> reputation.  It is interesting.  Here is the result for mine (I replaced 
>> my email address for posting):
>> 
>> curl emailrep.io/first.l...@example.tld
>> {
>>  "email": "first.l...@example.tld",
>>  "reputation": "low",
>>  "suspicious": true,
>>  "references": 1,
>>  "details": {
>>  "blacklisted": false,
>>  "malicious_activity": false,
>>  "malicious_activity_recent": false,
>>  "credentials_leaked": false,
>>

Re: [qmailtoaster] Emails to Spam folder

2019-08-27 Thread ChandranManikandan 
Hi Friends,

As per Andrew stats, i have checked all those points in my server.
I have installed letsencrypt certificate in past two years without any
issue and spf record validated and configured on the DNS server.
DKIM also installed on my server well.

When users send an email to gmail, some emails are going to inbox and some
going to spam with the same my domain.

I have no clue to setup the dmarc record in the dns server.

Could anyone help me for the process of creating dmarc record.
Do i need to create my server or dns server.

My domain result for the reputation.

MEDIUM REPUTATION

Not suspicious. We have not seen any direct references to this email
address, but the sender domain is highly reputable, and the email is
deliverable. We've observed no malicious or suspicious activity from this
address.



curl emailrep.io/m...@panasiagroup.net

{

"email": "x...@xxx.net",

"reputation": "medium",

"suspicious": false,

"references": 0,

"details": {

"blacklisted": false,

"malicious_activity": false,

"malicious_activity_recent": false,

"credentials_leaked": false,

"credentials_leaked_recent": false,

"data_breach": false,

"first_seen": "never",

"last_seen": "never",

"domain_exists": true,

"domain_reputation": "high",

"new_domain": false,

"days_since_domain_creation": 5524,

"suspicious_tld": false,

"spam": false,

"free_provider": false,

"disposable": false,

"deliverable": true,

"accept_all": false,

"valid_mx": true,

"spoofable": true,

"spf_strict": true,

"dmarc_enforced": false,

"profiles": []

}

}


Appreciate of all your supporting.

On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz 
wrote:

> This seems an issue mostly with server "suspiciousness", of which
> reputation is a component.
>
> Of the factors effecting suspiciousness, only two are local to the smtp
> server:
> 1.  DKIM signatures
> 2.  TLS certificates
>
> To address these, confirm that both are working properly:
> 1.  DKIM: send an email to a "dkim reflector" and then examine the email
> you get back.  This pages discusses:
>
> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>
> 2.  Use a proper TLS certificate.  By proper, I mean one that verifies.
> Therefore you need to either purchase one or use "Let's Encrypt".  I've
> been using Lets Encrypt certs for the last year without any problems.
> Setting up the client is not difficult, and it subsequently auto-renews
> every 60 days.
>
> The remaining factors are outside your server, but just as important:
> 1.  Reverse-DNS yields same result as the domain MX record.  This is
> known as FCRDNS (forward-confirmed reverse DNS).  Additionally, that
> result must not resemble a dynamic IP address (i.e. have the IP address
> in the domain name).
> 2.  SPF is properly set up.
> 3.  DMARC set up and working properly.
> 4.  Age of the domain name.  If created recently, that looks bad.
> 5.  Presence of IP on blacklists.  That is not hard to check.  If you
> acquired an IP recently, it's former owner may have earned it a place on
> a blacklist.  Easiest fix for that seems to be to get a different IP.
>
> I'm curious to hear what others might add to this.
>
> A good place for ideas is to browse through the spamdyke.conf file and
> think about all of the things it checks.  Gmail is certainly using
> similar data points, but with neural network analysis rather than simple
> pass/fail rules.
>
> For those who have set up a second server to test things, there is a
> good chance something above is not set up or does not support the new
> server.  Gone are the days when you can bring a new parallel server
> online and start sending mails immediately.  There are lots of "i's" to
> dot and "t's" to cross before other servers will confidently accept your
> mail.
>
> Another thought:
> https://emailrep.io/ will give you a report about an email ADDRESS's
> reputation.  It is interesting.  Here is the result for mine (I replaced
> my email address for posting):
>
> curl emailrep.io/first.l...@example.tld
> {
>  "email": "first.l...@example.tld",
>  "reputation": "low",
>  "suspicious": true,
>  "references": 1,
>  "details": {
>  "blacklisted": false,
>  "malicious_activity": false,
>  "malicious_activity_recent": false,
>  "credentials_leaked": false,
>  "credentials_leaked_recent": false,
>  "data_breach": false,
>  "first_seen": "never",
>  "last_seen": "never",
>  "domain_exists": true,
>  "domain_reputation": "low",
>  "new_domain": false,
>  "days_since_domain_creation": 5654,
>  "suspicious_tld": false,
>  "spam": false,
>  "free_provider": false,
>  "disposable": false,
>

Re: [qmailtoaster] Emails to Spam folder

2019-08-27 Thread Andrew Swartz 
This seems an issue mostly with server "suspiciousness", of which 
reputation is a component.


Of the factors effecting suspiciousness, only two are local to the smtp 
server:

1.  DKIM signatures
2.  TLS certificates

To address these, confirm that both are working properly:
1.  DKIM: send an email to a "dkim reflector" and then examine the email 
you get back.  This pages discusses:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html

2.  Use a proper TLS certificate.  By proper, I mean one that verifies. 
Therefore you need to either purchase one or use "Let's Encrypt".  I've 
been using Lets Encrypt certs for the last year without any problems. 
Setting up the client is not difficult, and it subsequently auto-renews 
every 60 days.


The remaining factors are outside your server, but just as important:
1.  Reverse-DNS yields same result as the domain MX record.  This is 
known as FCRDNS (forward-confirmed reverse DNS).  Additionally, that 
result must not resemble a dynamic IP address (i.e. have the IP address 
in the domain name).

2.  SPF is properly set up.
3.  DMARC set up and working properly.
4.  Age of the domain name.  If created recently, that looks bad.
5.  Presence of IP on blacklists.  That is not hard to check.  If you 
acquired an IP recently, it's former owner may have earned it a place on 
a blacklist.  Easiest fix for that seems to be to get a different IP.


I'm curious to hear what others might add to this.

A good place for ideas is to browse through the spamdyke.conf file and 
think about all of the things it checks.  Gmail is certainly using 
similar data points, but with neural network analysis rather than simple 
pass/fail rules.


For those who have set up a second server to test things, there is a 
good chance something above is not set up or does not support the new 
server.  Gone are the days when you can bring a new parallel server 
online and start sending mails immediately.  There are lots of "i's" to 
dot and "t's" to cross before other servers will confidently accept your 
mail.


Another thought:
https://emailrep.io/ will give you a report about an email ADDRESS's 
reputation.  It is interesting.  Here is the result for mine (I replaced 
my email address for posting):


curl emailrep.io/first.l...@example.tld
{
"email": "first.l...@example.tld",
"reputation": "low",
"suspicious": true,
"references": 1,
"details": {
"blacklisted": false,
"malicious_activity": false,
"malicious_activity_recent": false,
"credentials_leaked": false,
"credentials_leaked_recent": false,
"data_breach": false,
"first_seen": "never",
"last_seen": "never",
"domain_exists": true,
"domain_reputation": "low",
"new_domain": false,
"days_since_domain_creation": 5654,
"suspicious_tld": false,
"spam": false,
"free_provider": false,
"disposable": false,
"deliverable": false,
"accept_all": false,
"valid_mx": true,
"spoofable": false,
"spf_strict": true,
"dmarc_enforced": true,
"profiles": []
}
}


Though my domain and address are over 10 years old and never been 
blacklisted, the address gets a "low" reputation.  I'm quite sure that 
is because it has determined that my email address cannot accept emails. 
 But it is incorrect.  After testing it a few times, I'm fairly 
confident that it decides that mostly because it tries to connect to my 
server from smtp25a.kickboxio.net, whose IP (72.249.58.154) is blocked 
by Spamdyke due to being on some blacklist.  Therefore it concludes that 
I'm "risky".  Also, they feel the risk is increased because my email has 
never been seen on social media, in credential breaches, etc.  But I 
feel it is a triumph that I've kept my email address off of places where 
spammers harvest addresses.


Gmail is almost certainly considering all these factor and many more in 
deciding whether an email is rejected, sent to spam folder, or sent to 
inbox.  That said, my wife uses gmail and we send numerous emails back 
and forth daily without any problem.


It used to be that setting up an smtp server was the hard part of 
running your own server.  But times have changed, and now factors 
external to your network seem far more complicated and consequential 
than the server itself.


Again, I'm curious to hear other people thoughts.


-Andy

PS: regarding the question of multiple certs, I do not see how that 
could work on the toaster.  And in general, smtp does not work that way. 
 The cert merely needs to be for the domain name pointed to by the MX 
record of the destination domain.  There is no requirement that the 
destination domain be the name on the server certificate.  Thus numerous 
virtual domains all have MX records which point to the same server; that 
server's cert merely needs to be for its own domain name, not

Re: [qmailtoaster] Emails to Spam folder

2019-08-27 Thread Remo Mattei 
Ok guys.. needs some suggestions.. 
I found out that the client (apple Mail) does not honor the DKIM since gmail 
said failed. I tested with Outlook and web round cube and that does pass the 
email DKIM and the message does not go into the spam folder in fact. 

Any help will be great.. I also wonder if there is a way to setup multiple 
certs for the SMTP (per domain). 

Remo 

> On Aug 26, 2019, at 12:03, Tahnan Al Anas  wrote:
> 
> Basically Gmail put mail in spam folder for various reasons, I have found 
> after hosing new domain in my qmail server, I need to check spf, dkim dmarc 
> settings, even if all are ok, still gmail sent mail to spam folder, I need to 
> check reverse forward record and also need to work to improve domain 
> reputation, this is not an issue with qmail server, rather it is related with 
> gmail's filtering. You have to work to improve server and domain's reputation 
> for that.
> 
> Sometime I chat with google to get my other domain's mail in inbox by sending 
> them to gsuite account. 
> 
> 
> --
> --
> 
> Best Regards
> Muhammad Tahnan Al Anas
> 
> 
> On Mon, Aug 26, 2019 at 11:01 PM Eric Broch  > wrote:
> Create a google (gmail) account if you don't have one. Send an email to that 
> account from the postmaster of the problematic domain. Open message, go to 
> three vertical dots to the upper right of the interface, find 'show 
> original', there you will see why gmail spammed your message.
> 
> On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei  > wrote:
> I just tested and I built a new qmail box 
> 
> 
> qmail-1.03-3.1.qt.el7.x86_64
> 
> The other two boxes 
> With 
> qmail-1.03-3.1.qt.el7.x86_64
> qmail-1.03-3.1.qt.el7.x86_64
> 
> So when sending from the new env which does not have any load no production 
> etc.. the gmail gets the message in the inbox from the other two I get the 
> msg on the spam folder.. I wonder.. how is Google…. Check the messages.. The 
> new box I have even a domain called testdomain.com  
> which it’s bogus!! But still in the inbox.
> 
> Any tips?
> 
> Thanks 
> 
>> On Aug 25, 2019, at 21:10, ChandranManikandan > > wrote:
>> 
>> Hi Folks,
>> 
>> Emails are delivering to the spam or junk folder when users send to the 
>> recipients.
>> Mostly  it's all public domain like gmail,yahoo etc..
>> How to fix this issue in our server.
>> Am using Centos 6 32 bit with qmailtoaster.
>> Could anyone help me.
>> 
>> -- 
>> Regards,
>> Manikandan.C
>

Re: [qmailtoaster] Emails to Spam folder

2019-08-26 Thread Tahnan Al Anas 
Basically Gmail put mail in spam folder for various reasons, I have found
after hosing new domain in my qmail server, I need to check spf, dkim dmarc
settings, even if all are ok, still gmail sent mail to spam folder, I need
to check reverse forward record and also need to work to improve domain
reputation, this is not an issue with qmail server, rather it is related
with gmail's filtering. You have to work to improve server and domain's
reputation for that.

Sometime I chat with google to get my other domain's mail in inbox by
sending them to gsuite account.


--
--

Best Regards
Muhammad Tahnan Al Anas


On Mon, Aug 26, 2019 at 11:01 PM Eric Broch  wrote:

> Create a google (gmail) account if you don't have one. Send an email to
> that account from the postmaster of the problematic domain. Open message,
> go to three vertical dots to the upper right of the interface, find 'show
> original', there you will see why gmail spammed your message.
>
> On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei  wrote:
>
>> I just tested and I built a new qmail box
>>
>>
>> qmail-1.03-3.1.qt.el7.x86_64
>>
>> The other two boxes
>> With
>> qmail-1.03-3.1.qt.el7.x86_64
>> qmail-1.03-3.1.qt.el7.x86_64
>>
>> So when sending from the new env which does not have any load no
>> production etc.. the gmail gets the message in the inbox from the other two
>> I get the msg on the spam folder.. I wonder.. how is Google…. Check the
>> messages.. The new box I have even a domain called testdomain.com which
>> it’s bogus!! But still in the inbox.
>>
>> Any tips?
>>
>> Thanks
>>
>> On Aug 25, 2019, at 21:10, ChandranManikandan  wrote:
>>
>> Hi Folks,
>>
>> Emails are delivering to the spam or junk folder when users send to the
>> recipients.
>> Mostly  it's all public domain like gmail,yahoo etc..
>> How to fix this issue in our server.
>> Am using Centos 6 32 bit with qmailtoaster.
>> Could anyone help me.
>>
>> --
>>
>>
>> *Regards,Manikandan.C*
>>
>>
>>

Re: [qmailtoaster] Emails to Spam folder

2019-08-26 Thread Eric Broch 
Create a google (gmail) account if you don't have one. Send an email to
that account from the postmaster of the problematic domain. Open message,
go to three vertical dots to the upper right of the interface, find 'show
original', there you will see why gmail spammed your message.

On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei  wrote:

> I just tested and I built a new qmail box
>
>
> qmail-1.03-3.1.qt.el7.x86_64
>
> The other two boxes
> With
> qmail-1.03-3.1.qt.el7.x86_64
> qmail-1.03-3.1.qt.el7.x86_64
>
> So when sending from the new env which does not have any load no
> production etc.. the gmail gets the message in the inbox from the other two
> I get the msg on the spam folder.. I wonder.. how is Google…. Check the
> messages.. The new box I have even a domain called testdomain.com which
> it’s bogus!! But still in the inbox.
>
> Any tips?
>
> Thanks
>
> On Aug 25, 2019, at 21:10, ChandranManikandan  wrote:
>
> Hi Folks,
>
> Emails are delivering to the spam or junk folder when users send to the
> recipients.
> Mostly  it's all public domain like gmail,yahoo etc..
> How to fix this issue in our server.
> Am using Centos 6 32 bit with qmailtoaster.
> Could anyone help me.
>
> --
>
>
> *Regards,Manikandan.C*
>
>
>

Re: [qmailtoaster] Emails to Spam folder

2019-08-26 Thread Remo Mattei 
I just tested and I built a new qmail box 


qmail-1.03-3.1.qt.el7.x86_64

The other two boxes 
With 
qmail-1.03-3.1.qt.el7.x86_64
qmail-1.03-3.1.qt.el7.x86_64

So when sending from the new env which does not have any load no production 
etc.. the gmail gets the message in the inbox from the other two I get the msg 
on the spam folder.. I wonder.. how is Google…. Check the messages.. The new 
box I have even a domain called testdomain.com which it’s bogus!! But still in 
the inbox.

Any tips?

Thanks 

> On Aug 25, 2019, at 21:10, ChandranManikandan  wrote:
> 
> Hi Folks,
> 
> Emails are delivering to the spam or junk folder when users send to the 
> recipients.
> Mostly  it's all public domain like gmail,yahoo etc..
> How to fix this issue in our server.
> Am using Centos 6 32 bit with qmailtoaster.
> Could anyone help me.
> 
> -- 
> Regards,
> Manikandan.C

Re: [qmailtoaster] Emails to Spam folder

2019-08-26 Thread qmailtoaster 

Hi Manikandan

If you can grab the mail header on a "spam" mail, the spam filter may 
have made some comments as to why it's spam.


You can also try testing your server with this online tool: 
https://dkimvalidator.com/


Regards,
Allan Dukat


On 2019-08-26 06:10, ChandranManikandan wrote:

Hi Folks,

Emails are delivering to the spam or junk folder when users send to
the recipients.
Mostly  it's all public domain like gmail,yahoo etc..
How to fix this issue in our server.
Am using Centos 6 32 bit with qmailtoaster.
Could anyone help me.

--

Regards,
Manikandan.C


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Emails to Spam folder

2019-08-25 Thread ChandranManikandan 
Hi Folks,

Emails are delivering to the spam or junk folder when users send to the
recipients.
Mostly  it's all public domain like gmail,yahoo etc..
How to fix this issue in our server.
Am using Centos 6 32 bit with qmailtoaster.
Could anyone help me.

-- 


*Regards,Manikandan.C*