Re: Sending Unencrypted E-mails
It seems like your shared mailetcontainer.xml file is not of 3.6.0 version, This is my RemoteDelivery mailet in mailetcontainer.xml and outgoing 5000, 10, 50 3 0 10 true bounces I added this last part : true false ${env:OP_JAMES_REMOTE_DELIVERY_HELO} and James emails could not reach the destination, I'm still looking Regards, On Thu, Dec 23, 2021 at 3:57 AM btell...@apache.org wrote: > class="RemoteDelivery"> outgoing > 5000, 10, 23*50 > 25 > 0 > 10 true > bounces true > true false > ${env:OP_JAMES_REMOTE_DELIVERY_HELO} > > > (sample taken from mailetcontainer.xml of one of my environments.) > > The important thing here is startTLS true as it enable opportunistic > connection upgrades. > > Your very next problem is GMail complaining about your self signed > certificates used for RemoteDelivery: You need to set up javax.mail to > use your regular certificates. > > Regards, > > Benoit > > On 22/12/2021 19:04, Bs Serge wrote: > > Hi again, > > > > After configuring Reverse DNS PTR record, SPF, DKIM and DMARC, emails I > > send are now out of spam and inside the inbox (of GMAIL, ...) > > > > But they are still marked as unencrypted as you can see here: > > https://ibb.co/FsLF6Lr > > > > Even though I configured STARTTLS and generated an SSL certificate using > > Letsencrypt (certbot) > > > > I have added screenshots of other checks as well : > > > > - mxtoolbox.com : https://ibb.co/StSwwtP > > - checktls.com : https://ibb.co/f8KHj0t > > - GMAIL show original: https://ibb.co/jRwcs1w > > - DMARC: https://ibb.co/VBJ0SZ1 > > > > Kindly let me know what I might be missing. > > > > Any comments or thoughts would be appreciated. > > > > Best Regards, > > >
Re: Sending Unencrypted E-mails
outgoing 5000, 10, 23*50 25 0 10 true bounces true true false ${env:OP_JAMES_REMOTE_DELIVERY_HELO} (sample taken from mailetcontainer.xml of one of my environments.) The important thing here is startTLS true as it enable opportunistic connection upgrades. Your very next problem is GMail complaining about your self signed certificates used for RemoteDelivery: You need to set up javax.mail to use your regular certificates. Regards, Benoit On 22/12/2021 19:04, Bs Serge wrote: > Hi again, > > After configuring Reverse DNS PTR record, SPF, DKIM and DMARC, emails I > send are now out of spam and inside the inbox (of GMAIL, ...) > > But they are still marked as unencrypted as you can see here: > https://ibb.co/FsLF6Lr > > Even though I configured STARTTLS and generated an SSL certificate using > Letsencrypt (certbot) > > I have added screenshots of other checks as well : > > - mxtoolbox.com : https://ibb.co/StSwwtP > - checktls.com : https://ibb.co/f8KHj0t > - GMAIL show original: https://ibb.co/jRwcs1w > - DMARC: https://ibb.co/VBJ0SZ1 > > Kindly let me know what I might be missing. > > Any comments or thoughts would be appreciated. > > Best Regards, >
Re: Sending Unencrypted E-mails
The “Learn more” link from GMAIL leads to this page : https://support.google.com/mail/answer/6330403?visit_id=637757678589778136-970944847=tls=en=1#zippy=%2Cwhy-some-emails-might-not-be-encrypted On Wed, Dec 22, 2021 at 2:04 PM Bs Serge wrote: > Hi again, > > After configuring Reverse DNS PTR record, SPF, DKIM and DMARC, emails I > send are now out of spam and inside the inbox (of GMAIL, ...) > > But they are still marked as unencrypted as you can see here: > https://ibb.co/FsLF6Lr > > Even though I configured STARTTLS and generated an SSL certificate using > Letsencrypt (certbot) > > I have added screenshots of other checks as well : > > - mxtoolbox.com : https://ibb.co/StSwwtP > - checktls.com : https://ibb.co/f8KHj0t > - GMAIL show original: https://ibb.co/jRwcs1w > - DMARC: https://ibb.co/VBJ0SZ1 > > Kindly let me know what I might be missing. > > Any comments or thoughts would be appreciated. > > Best Regards, > > >
Re: Sending Unencrypted E-mails
Hi Benoit and David, You are right, Seems like I'm missing the Reverse DNS entry for my IP address as well as SPF and DKIM configuration for my domain Thank you very much I'll let you know how it goes Best Regards, On Sat, Dec 18, 2021 at 11:27 AM David Matthews wrote: > >https://dmatthews.org/java_email.html > > is out of date with James, but probably still ok DKIM wise > > also > > https://dmatthews.org/email_auth.html > > My confident guess is if you do "Show original" on the message in the > gmail spam box, it will complain about SPF and/or DKIM. These days that's > simply an essential extra tech hurdle if you want to run an email server. > > While you're at it, you may as well fix DMARC as well, although I seem no > merit in it an d nobody has explained to me why I'm wrong. When I last > looked gmail *would* deliver mail to inboxes without a DMARC pass, although > that would be noted in the "Show original" view. Maybe hotmail or some > other mega provider will insist on it though. > > Incidentally, only DKIM is a James issue and only partly so, the rest is > DNS > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > >
Re: Sending Unencrypted E-mails
Hi Benoit and David, You are right, Seems like I'm missing the Reverse DNS entry for my IP address as well as SPF and DKIM configuration for my domain Thank you very much I'll let you know how it goes Best Regards, On Sat, Dec 18, 2021 at 11:27 AM David Matthews wrote: > >https://dmatthews.org/java_email.html > > is out of date with James, but probably still ok DKIM wise > > also > > https://dmatthews.org/email_auth.html > > My confident guess is if you do "Show original" on the message in the > gmail spam box, it will complain about SPF and/or DKIM. These days that's > simply an essential extra tech hurdle if you want to run an email server. > > While you're at it, you may as well fix DMARC as well, although I seem no > merit in it an d nobody has explained to me why I'm wrong. When I last > looked gmail *would* deliver mail to inboxes without a DMARC pass, although > that would be noted in the "Show original" view. Maybe hotmail or some > other mega provider will insist on it though. > > Incidentally, only DKIM is a James issue and only partly so, the rest is > DNS > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > >
Re: Sending Unencrypted E-mails
>https://dmatthews.org/java_email.html is out of date with James, but probably still ok DKIM wise also https://dmatthews.org/email_auth.html My confident guess is if you do "Show original" on the message in the gmail spam box, it will complain about SPF and/or DKIM. These days that's simply an essential extra tech hurdle if you want to run an email server. While you're at it, you may as well fix DMARC as well, although I seem no merit in it an d nobody has explained to me why I'm wrong. When I last looked gmail *would* deliver mail to inboxes without a DMARC pass, although that would be noted in the "Show original" view. Maybe hotmail or some other mega provider will insist on it though. Incidentally, only DKIM is a James issue and only partly so, the rest is DNS -- David Matthews m...@dmatthews.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Sending Unencrypted E-mails
Hello. Incoming SMTP (receiving emails) is intrinsequely different from sending emails. Sending emails is govern by RemoteDelivery mailet within mailetcontainer.xml. To get RemoteDelivery trusted by third parties you can: - Enable optimistic STARTTLS upgrades - email relaying happens on port 25 wich is not encrypted by default. - Specify valid certificates for the javax SMTP lib: -D/javax/.net.ssl./trustStore=... - /Have a reasonnable reverse DNS being resolved for the IP of your outgoing mail server.../ - /Configure SPF [1] and DKIM [2] for your domain [1] https://james.apache.org/howTo/spf.html [2] https://james.apache.org/howTo/dkim.html Good luck, sending emails is a challenging topic! Best regards, Benoit // On 18/12/2021 04:17, Bs Serge wrote: > Hi all, > > I configured SSL in james server with my domain name and everything is > going well, I can send and receive emails with users of the domain name > from outside SMTP servers. I followed this guide[1] > > But the emails I send go directly into the spam folder (of GMAIL, ) > and are marked as unencrypted while I'm using STARTTLS and i'm passing all > TLS checks here[2] with 114 max score and the thunderbird client is not > giving any security warnings. > > Any idea why this might happen? > > Any comment or thoughts would be appreciated! > > [1] https://robertmunn.com/blog/configuring-ssl-in-apache-james/ > [2] https://www.checktls.com/TestReceiver > > Best Regards, >