Question
Emails go to spam with postfix and spf ... ?
- Posted on August 30, 2016
- EmailUbuntu
Asked by Anibal Ardid
hi ! I have my hostname example.com (with my real domain) configured I follow these instructions: https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04 https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
But if i send with “mail” or with my php app goes to spam folder.
I attach the “original content” of email received
Delivered-To: xxxxxx@gmail.com
Received: by 10.28.49.66 with SMTP id x63csp2168084wmx;
Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
X-Received: by 10.237.53.157 with SMTP id c29mr4253648qte.75.1472564777220;
Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
Return-Path: <news@example.com>
Received: from example.com ([104.236.32.192])
by mx.google.com with ESMTP id d68si27522641qkb.79.2016.08.30.06.46.17
for <xxxxx@gmail.com>;
Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
Received-SPF: neutral (google.com: 104.236.32.192 is neither permitted nor denied by best guess record for domain of news@example.com) client-ip=104.236.32.192;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 104.236.32.192 is neither permitted nor denied by best guess record for domain of news@example.com) smtp.mailfrom=news@example.com
Received: by example.com (Postfix, from userid 33)
id CACF6102F17; Tue, 30 Aug 2016 10:46:16 -0300 (ART)
To: xxxxx@gmail.com
Subject: test22
X-PHP-Originating-Script: 0:class.phpmailer.php
Date: Tue, 30 Aug 2016 13:46:16 +0000
From: "example.com" <news@example.com>
Message-ID: <a910e2aceaed556b5a4d5886e734fff8@example.com>
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_a910e2aceaed556b5a4d5886e734fff8"
Content-Transfer-Encoding: 8bit
This is a multi-part message in MIME format.
--b1_a910e2aceaed556b5a4d5886e734fff8
Content-Type: text/plain; charset=us-ascii
test22
--b1_a910e2aceaed556b5a4d5886e734fff8
Content-Type: text/html; charset=us-ascii
<p>test22</p>
--b1_a910e2aceaed556b5a4d5886e734fff8--
result of http://www.mail-tester.com/ http://imgur.com/a/pm8FY
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I managed to get my outgoing email server to send emails avoiding the spam folder
… create TLS cert files as per
https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/ and/or https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates
actually above instructions are extremely concise which is gr8 … to above I added my email subdomain
export DOMAINS="mail.example.com,example.here,www.example.here"
… its output will be these files
-rw-r–r-- 1 root root 1887 Sep 3 18:42 cert.pem -rw-r–r-- 1 root root 1647 Sep 3 18:42 chain.pem -rw-r–r-- 1 root root 3534 Sep 3 18:42 fullchain.pem -rw-r–r-- 1 root root 1704 Sep 3 18:42 privkey.pem
now just copy them and define these variables as
cp privkey.pem /etc/ssl/private/mail.example.com.privkey.pem
cp cert.pem /etc/ssl/certs/mail.example.com.cert.pem
cp chain.pem /etc/ssl/certs/mail.example.com.chain.pem
postconf 'smtpd_tls_key_file = /etc/ssl/private/mail.example.com.privkey.pem'
postconf 'smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.cert.pem'
postconf 'smtpd_tls_CAfile = /etc/ssl/certs/mail.example.com.chain.pem'
notice above vars will then appear in file
/etc/postfix/main.cf
bounce postfix and send a post … notice TLS will now be mentioned in the received email header
Received: from mail.example.com ([159.203.100.178])
by mx.google.com with ESMTPS id 4si10110105qta.2.2016.09.04.06.45.52
for kaptainkrunch@gmail.com
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 04 Sep 2016 06:45:52 -0700 (PDT)
frustratingly emails still landed in spam folder so I just said Not Spam to train my gmail inbox and since the red unlocked padlock icon was now gone to indicate TLS is active afterwards new emails correctly land in inbox not spam ;-)
for completeness here are relevant vars from /etc/postfix/main.cf
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.cert.pem
smtpd_tls_key_file = /etc/ssl/private/mail.example.com.privkey.pem
smtpd_tls_CAfile = /etc/ssl/certs/mail.example.com.chain.pem
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom
in my DNS to satisfy SPF I have a record Type TXT with value
@ "v=spf1 mx a -all"
and a MX record
10 mail.example.com.
here is a really slick DNS records validator http://intodns.com/ and https://toolbox.googleapps.com/apps/checkmx/
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Hello, all
You can make sure that your mailing list is fully opted-in and that you’re using SMTP authentication.
Also to test the mail score of your emails you can use a website like:
https://www.mail-tester.com/
and then send a valid test - an exact email with a valid - subject, message body, full signatures and attachments.
Regards, Alex
Delivered-To: aaaaa@gmail.com Received: by 10.237.54.100 with SMTP id e91csp146615qtb; Mon, 5 Sep 2016 08:10:11 -0700 (PDT) X-Received: by 10.200.37.52 with SMTP id 49mr1262108qtm.62.1473088211338; Mon, 05 Sep 2016 08:10:11 -0700 (PDT) Return-Path: news@xxxxxxxxx.com Received: from xxxxxxxxx.com (xxxxxxxxx.com. [45.55.224.107]) by mx.google.com with ESMTP id t91si17868642qtd.75.2016.09.05.08.10.11 for aaaaaaaa@gmail.com; Mon, 05 Sep 2016 08:10:11 -0700 (PDT) Received-SPF: pass (google.com: domain of news@xxxxxxxxx.com designates 45.55.224.107 as permitted sender) client-ip=45.55.224.107; Authentication-Results: mx.google.com; dkim=pass header.i=@xxxxxxxxx.com; spf=pass (google.com: domain of news@xxxxxxxxx.com designates 45.55.224.107 as permitted sender) smtp.mailfrom=news@xxxxxxxxx.com Received: by xxxxxxxxx.com (Postfix, from userid 33) id E8070FF080; Mon, 5 Sep 2016 12:10:10 -0300 (ART) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxxxxxx.com; s=mail; t=1473088210; bh=Cc8VL/itZEZoCV7ER6QPM7772x+O4bDXXtYsTn9TmRE=; h=To:Subject:Date:From:Reply-To:From; b=uRstYVFBdtzOJEnpQeq38OWHYmAVN9LnidKOmoKo0g2eLX6oHHPkJiFPH2QuKK6NF kmi60dpTfyMqJf3uOasajCwpqu8cn4Z3QPeH/epza2/XYBA9lU8fkg8P6SD3ooEwAU nGgMqRpnZYIEZ4kfyG8K5SOdpE/Q7TSPTxsOffEs= To: aaaaaaa@gmail.com Subject: va 3 X-PHP-Originating-Script: 0:class.phpmailer.php Date: Mon, 5 Sep 2016 15:10:10 +0000 From: xxxxxxxxx news@xxxxxxxxx.com Reply-To: “xxxxxxxxx.com” no-responder@gmail.com Message-ID: cada44e34b8286e878ee1f8858b956b9@xxxxxxxxx.com X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=“b1_cada44e34b8286e878ee1f8858b956b9” Content-Transfer-Encoding: 8bit
This is a multi-part message in MIME format.
–b1_cada44e34b8286e878ee1f8858b956b9 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit
test 3
I found this … With the email appears one open padlock, that said message is not cypher (mensaje no esta cifrado).