Emails go to spam with postfix and spf ... ?

August 30, 2016 1.9k views
Email Ubuntu

hi !
I have my hostname example.com (with my real domain) configured
I follow these instructions:
https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

But if i send with "mail" or with my php app goes to spam folder.

I attach the "original content" of email received


Delivered-To: xxxxxx@gmail.com
Received: by 10.28.49.66 with SMTP id x63csp2168084wmx;
        Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
X-Received: by 10.237.53.157 with SMTP id c29mr4253648qte.75.1472564777220;
        Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
Return-Path: <news@example.com>
Received: from example.com ([104.236.32.192])
        by mx.google.com with ESMTP id d68si27522641qkb.79.2016.08.30.06.46.17
        for <xxxxx@gmail.com>;
        Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
Received-SPF: neutral (google.com: 104.236.32.192 is neither permitted nor denied by best guess record for domain of news@example.com) client-ip=104.236.32.192;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 104.236.32.192 is neither permitted nor denied by best guess record for domain of news@example.com) smtp.mailfrom=news@example.com
Received: by example.com (Postfix, from userid 33)
    id CACF6102F17; Tue, 30 Aug 2016 10:46:16 -0300 (ART)
To: xxxxx@gmail.com
Subject: test22
X-PHP-Originating-Script: 0:class.phpmailer.php
Date: Tue, 30 Aug 2016 13:46:16 +0000
From: "example.com" <news@example.com>
Message-ID: <a910e2aceaed556b5a4d5886e734fff8@example.com>
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_a910e2aceaed556b5a4d5886e734fff8"
Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_a910e2aceaed556b5a4d5886e734fff8
Content-Type: text/plain; charset=us-ascii

test22


--b1_a910e2aceaed556b5a4d5886e734fff8
Content-Type: text/html; charset=us-ascii

<p>test22</p>



--b1_a910e2aceaed556b5a4d5886e734fff8--


result of http://www.mail-tester.com/
http://imgur.com/a/pm8FY

5 Answers

I managed to get my outgoing email server to send emails avoiding the spam folder

... create TLS cert files as per

https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/
and/or
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

actually above instructions are extremely concise which is gr8 ... to above I added my email subdomain

export DOMAINS="mail.example.com,example.here,www.example.here"

... its output will be these files

-rw-r--r-- 1 root root 1887 Sep 3 18:42 cert.pem
-rw-r--r-- 1 root root 1647 Sep 3 18:42 chain.pem
-rw-r--r-- 1 root root 3534 Sep 3 18:42 fullchain.pem
-rw-r--r-- 1 root root 1704 Sep 3 18:42 privkey.pem

now just copy them and define these variables as

cp privkey.pem  /etc/ssl/private/mail.example.com.privkey.pem
cp cert.pem       /etc/ssl/certs/mail.example.com.cert.pem
cp chain.pem    /etc/ssl/certs/mail.example.com.chain.pem

postconf 'smtpd_tls_key_file  = /etc/ssl/private/mail.example.com.privkey.pem'
postconf 'smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.cert.pem'
postconf 'smtpd_tls_CAfile    = /etc/ssl/certs/mail.example.com.chain.pem'

notice above vars will then appear in file

/etc/postfix/main.cf

bounce postfix and send a post ... notice TLS will now be mentioned in the received email header

Received: from mail.example.com ([159.203.100.178])
by mx.google.com with ESMTPS id 4si10110105qta.2.2016.09.04.06.45.52
for kaptainkrunch@gmail.com
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 04 Sep 2016 06:45:52 -0700 (PDT)

frustratingly emails still landed in spam folder so I just said Not Spam to train my gmail inbox and since the red unlocked padlock icon was now gone to indicate TLS is active afterwards new emails correctly land in inbox not spam ;-)

for completeness here are relevant vars from /etc/postfix/main.cf

smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.cert.pem
smtpd_tls_key_file = /etc/ssl/private/mail.example.com.privkey.pem
smtpd_tls_CAfile = /etc/ssl/certs/mail.example.com.chain.pem
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom

in my DNS to satisfy SPF I have a record Type TXT with value

@       "v=spf1 mx a -all"

and a MX record

10      mail.example.com.

here is a really slick DNS records validator http://intodns.com/ and https://toolbox.googleapps.com/apps/checkmx/

  • thanks i will try with this ...

    I didn't have these steps:
    cp privkey.pem /etc/ssl/private/mail.example.com.privkey.pem
    cp cert.pem /etc/ssl/certs/mail.example.com.cert.pem
    cp chain.pem /etc/ssl/certs/mail.example.com.chain.pem

Did you get this solved ? I am in same boat as you !

It's strange, it I send trough server it goes to inbox, but it I send trough phpmailer it goes to spam.

I found this ...
With the email appears one open padlock, that said message is not cypher (mensaje no esta cifrado).

Delivered-To: aaaaa@gmail.com
Received: by 10.237.54.100 with SMTP id e91csp146615qtb;
        Mon, 5 Sep 2016 08:10:11 -0700 (PDT)
X-Received: by 10.200.37.52 with SMTP id 49mr1262108qtm.62.1473088211338;
        Mon, 05 Sep 2016 08:10:11 -0700 (PDT)
Return-Path: <news@xxxxxxxxx.com>
Received: from xxxxxxxxx.com (xxxxxxxxx.com. [45.55.224.107])
        by mx.google.com with ESMTP id t91si17868642qtd.75.2016.09.05.08.10.11
        for <aaaaaaaa@gmail.com>;
        Mon, 05 Sep 2016 08:10:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of news@xxxxxxxxx.com designates 45.55.224.107 as permitted sender) client-ip=45.55.224.107;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@xxxxxxxxx.com;
       spf=pass (google.com: domain of news@xxxxxxxxx.com designates 45.55.224.107 as permitted sender) smtp.mailfrom=news@xxxxxxxxx.com
Received: by xxxxxxxxx.com (Postfix, from userid 33)
    id E8070FF080; Mon,  5 Sep 2016 12:10:10 -0300 (ART)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxxxxxx.com; s=mail;
    t=1473088210; bh=Cc8VL/itZEZoCV7ER6QPM7772x+O4bDXXtYsTn9TmRE=;
    h=To:Subject:Date:From:Reply-To:From;
    b=uRstYVFBdtzOJEnpQeq38OWHYmAVN9LnidKOmoKo0g2eLX6oHHPkJiFPH2QuKK6NF
     kmi60dpTfyMqJf3uOasajCwpqu8cn4Z3QPeH/epza2/XYBA9lU8fkg8P6SD3ooEwAU
     nGgMqRpnZYIEZ4kfyG8K5SOdpE/Q7TSPTxsOffEs=
To: aaaaaaa@gmail.com
Subject: va 3
X-PHP-Originating-Script: 0:class.phpmailer.php
Date: Mon, 5 Sep 2016 15:10:10 +0000
From: xxxxxxxxx <news@xxxxxxxxx.com>
Reply-To: "xxxxxxxxx.com" <no-responder@gmail.com>
Message-ID: <cada44e34b8286e878ee1f8858b956b9@xxxxxxxxx.com>
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_cada44e34b8286e878ee1f8858b956b9"
Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_cada44e34b8286e878ee1f8858b956b9
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

test 3
Have another answer? Share your knowledge.