Re: Sending Unencrypted E-mails

2021-12-23 Thread Bs Serge 
It seems like your shared mailetcontainer.xml file is not of 3.6.0 version,

This is my RemoteDelivery mailet in mailetcontainer.xml and


   
   
  outgoing

  
  
  5000, 10, 50
  3

  
  
  0

  
  10

  
  true

  
  
  
  bounces

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

  
  
   


I added this last part :

true
false
${env:OP_JAMES_REMOTE_DELIVERY_HELO}

and James emails could not reach the destination,

I'm still looking
Regards,

On Thu, Dec 23, 2021 at 3:57 AM btell...@apache.org 
wrote:

>   class="RemoteDelivery"> outgoing
> 5000, 10, 23*50
> 25
> 0
> 10 true
> bounces true
> true false
> ${env:OP_JAMES_REMOTE_DELIVERY_HELO} 
> 
>
> (sample taken from mailetcontainer.xml of one of my environments.)
>
> The important thing here is startTLS true as it enable opportunistic
> connection upgrades.
>
> Your very next problem is GMail complaining about your self signed
> certificates used for RemoteDelivery: You need to set up javax.mail to
> use your regular certificates.
>
> Regards,
>
> Benoit
>
> On 22/12/2021 19:04, Bs Serge wrote:
> > Hi again,
> >
> > After configuring Reverse DNS PTR record, SPF, DKIM and DMARC, emails I
> > send are now out of spam and inside the inbox (of GMAIL, ...)
> >
> > But they are still marked as unencrypted as you can see here:
> > https://ibb.co/FsLF6Lr
> >
> > Even though I configured STARTTLS and generated an SSL certificate using
> > Letsencrypt (certbot)
> >
> > I have added screenshots of other checks as well  :
> >
> > - mxtoolbox.com : https://ibb.co/StSwwtP
> > - checktls.com : https://ibb.co/f8KHj0t
> > - GMAIL show original: https://ibb.co/jRwcs1w
> > - DMARC: https://ibb.co/VBJ0SZ1
> >
> > Kindly let me know what I might be missing.
> >
> > Any comments or thoughts would be appreciated.
> >
> > Best Regards,
> >
>

Re: Sending Unencrypted E-mails

2021-12-22 Thread btell...@apache.org 
  outgoing
5000, 10, 23*50
25
0
10 true
bounces true
true false
${env:OP_JAMES_REMOTE_DELIVERY_HELO} 


(sample taken from mailetcontainer.xml of one of my environments.)

The important thing here is startTLS true as it enable opportunistic
connection upgrades.

Your very next problem is GMail complaining about your self signed
certificates used for RemoteDelivery: You need to set up javax.mail to
use your regular certificates.

Regards,

Benoit

On 22/12/2021 19:04, Bs Serge wrote:
> Hi again,
>
> After configuring Reverse DNS PTR record, SPF, DKIM and DMARC, emails I
> send are now out of spam and inside the inbox (of GMAIL, ...)
>
> But they are still marked as unencrypted as you can see here:
> https://ibb.co/FsLF6Lr
>
> Even though I configured STARTTLS and generated an SSL certificate using
> Letsencrypt (certbot)
>
> I have added screenshots of other checks as well  :
>
> - mxtoolbox.com : https://ibb.co/StSwwtP
> - checktls.com : https://ibb.co/f8KHj0t
> - GMAIL show original: https://ibb.co/jRwcs1w
> - DMARC: https://ibb.co/VBJ0SZ1
>
> Kindly let me know what I might be missing.
>
> Any comments or thoughts would be appreciated.
>
> Best Regards,
>

Re: Sending Unencrypted E-mails

2021-12-22 Thread Bs Serge 
The “Learn more” link from GMAIL leads to this page :
https://support.google.com/mail/answer/6330403?visit_id=637757678589778136-970944847=tls=en=1#zippy=%2Cwhy-some-emails-might-not-be-encrypted

On Wed, Dec 22, 2021 at 2:04 PM Bs Serge  wrote:

> Hi again,
>
> After configuring Reverse DNS PTR record, SPF, DKIM and DMARC, emails I
> send are now out of spam and inside the inbox (of GMAIL, ...)
>
> But they are still marked as unencrypted as you can see here:
> https://ibb.co/FsLF6Lr
>
> Even though I configured STARTTLS and generated an SSL certificate using
> Letsencrypt (certbot)
>
> I have added screenshots of other checks as well  :
>
> - mxtoolbox.com : https://ibb.co/StSwwtP
> - checktls.com : https://ibb.co/f8KHj0t
> - GMAIL show original: https://ibb.co/jRwcs1w
> - DMARC: https://ibb.co/VBJ0SZ1
>
> Kindly let me know what I might be missing.
>
> Any comments or thoughts would be appreciated.
>
> Best Regards,
>
>
>

Re: Sending Unencrypted E-mails

2021-12-20 Thread Bs Serge 
Hi Benoit and David,

You are right,

Seems like I'm missing the Reverse DNS entry for my IP address as well as
SPF  and DKIM configuration for my domain

Thank you very much I'll let you know how it goes

Best Regards,

On Sat, Dec 18, 2021 at 11:27 AM David Matthews 
wrote:

> >https://dmatthews.org/java_email.html
>
> is out of date with James, but probably still ok DKIM wise
>
> also
>
> https://dmatthews.org/email_auth.html
>
> My confident guess is if you do "Show original" on the message in the
> gmail spam box, it will complain about SPF and/or DKIM. These days that's
> simply an essential extra tech hurdle if you want to run an email server.
>
> While you're at it, you may as well fix DMARC as well, although I seem no
> merit in it an d nobody has explained to me why I'm wrong. When I last
> looked gmail *would* deliver mail to inboxes without a DMARC pass, although
> that would be noted in the "Show original" view. Maybe hotmail or some
> other mega provider will insist on it though.
>
> Incidentally, only DKIM is a James issue and only partly so, the rest is
> DNS
>
> --
> David Matthews
> m...@dmatthews.org
>
>
> -
> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
> For additional commands, e-mail: server-user-h...@james.apache.org
>
>

Re: Sending Unencrypted E-mails

2021-12-20 Thread Bs Serge 
Hi Benoit and David,

You are right,

Seems like I'm missing the Reverse DNS entry for my IP address as well as
SPF  and DKIM configuration for my domain

Thank you very much I'll let you know how it goes

Best Regards,


On Sat, Dec 18, 2021 at 11:27 AM David Matthews 
wrote:

> >https://dmatthews.org/java_email.html
>
> is out of date with James, but probably still ok DKIM wise
>
> also
>
> https://dmatthews.org/email_auth.html
>
> My confident guess is if you do "Show original" on the message in the
> gmail spam box, it will complain about SPF and/or DKIM. These days that's
> simply an essential extra tech hurdle if you want to run an email server.
>
> While you're at it, you may as well fix DMARC as well, although I seem no
> merit in it an d nobody has explained to me why I'm wrong. When I last
> looked gmail *would* deliver mail to inboxes without a DMARC pass, although
> that would be noted in the "Show original" view. Maybe hotmail or some
> other mega provider will insist on it though.
>
> Incidentally, only DKIM is a James issue and only partly so, the rest is
> DNS
>
> --
> David Matthews
> m...@dmatthews.org
>
>
> -
> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
> For additional commands, e-mail: server-user-h...@james.apache.org
>
>

Re: Sending Unencrypted E-mails

2021-12-18 Thread David Matthews 
>https://dmatthews.org/java_email.html

is out of date with James, but probably still ok DKIM wise

also

https://dmatthews.org/email_auth.html

My confident guess is if you do "Show original" on the message in the gmail 
spam box, it will complain about SPF and/or DKIM. These days that's simply an 
essential extra tech hurdle if you want to run an email server.

While you're at it, you may as well fix DMARC as well, although I seem no merit 
in it an d nobody has explained to me why I'm wrong. When I last looked gmail 
*would* deliver mail to inboxes without a DMARC pass, although that would be 
noted in the "Show original" view. Maybe hotmail or some other mega provider 
will insist on it though.

Incidentally, only DKIM is a James issue and only partly so, the rest is DNS

--
David Matthews
m...@dmatthews.org


-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org

Re: Sending Unencrypted E-mails

2021-12-17 Thread btell...@apache.org 
Hello.

Incoming SMTP (receiving emails) is intrinsequely different from sending
emails.

Sending emails is govern by RemoteDelivery mailet within
mailetcontainer.xml. To get RemoteDelivery trusted by third parties you can:

 - Enable optimistic STARTTLS upgrades - email relaying happens on port
25 wich is not encrypted by default.
 - Specify valid certificates for the javax SMTP lib:
-D/javax/.net.ssl./trustStore=...
 - /Have a reasonnable reverse DNS being resolved for the IP of your
outgoing mail server.../
 - /Configure SPF [1] and DKIM [2] for your domain

[1] https://james.apache.org/howTo/spf.html
[2] https://james.apache.org/howTo/dkim.html

Good luck, sending emails is a challenging topic!

Best regards,

Benoit
//

On 18/12/2021 04:17, Bs Serge wrote:
> Hi all,
>
> I configured SSL in james server with my domain name and everything is
> going well, I can send and receive emails with users of the domain name
> from outside SMTP servers. I followed this guide[1]
>
> But the emails I send go directly into the spam folder (of GMAIL,  )
> and are marked as unencrypted while I'm using STARTTLS and i'm passing all
> TLS checks here[2] with 114 max score and the thunderbird client is not
> giving any security warnings.
>
> Any idea why this might happen?
>
> Any comment or thoughts would be appreciated!
>
> [1] https://robertmunn.com/blog/configuring-ssl-in-apache-james/
> [2] https://www.checktls.com/TestReceiver
>
> Best Regards,
>