Question

Emails go to spam with postfix and spf ... ?

hi ! I have my hostname example.com (with my real domain) configured I follow these instructions: https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04 https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

But if i send with “mail” or with my php app goes to spam folder.

I attach the “original content” of email received

                                                                                                                                                                                                                                                               
Delivered-To: xxxxxx@gmail.com
Received: by 10.28.49.66 with SMTP id x63csp2168084wmx;
        Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
X-Received: by 10.237.53.157 with SMTP id c29mr4253648qte.75.1472564777220;
        Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
Return-Path: <news@example.com>
Received: from example.com ([104.236.32.192])
        by mx.google.com with ESMTP id d68si27522641qkb.79.2016.08.30.06.46.17
        for <xxxxx@gmail.com>;
        Tue, 30 Aug 2016 06:46:17 -0700 (PDT)
Received-SPF: neutral (google.com: 104.236.32.192 is neither permitted nor denied by best guess record for domain of news@example.com) client-ip=104.236.32.192;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 104.236.32.192 is neither permitted nor denied by best guess record for domain of news@example.com) smtp.mailfrom=news@example.com
Received: by example.com (Postfix, from userid 33)
	id CACF6102F17; Tue, 30 Aug 2016 10:46:16 -0300 (ART)
To: xxxxx@gmail.com
Subject: test22
X-PHP-Originating-Script: 0:class.phpmailer.php
Date: Tue, 30 Aug 2016 13:46:16 +0000
From: "example.com" <news@example.com>
Message-ID: <a910e2aceaed556b5a4d5886e734fff8@example.com>
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_a910e2aceaed556b5a4d5886e734fff8"
Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_a910e2aceaed556b5a4d5886e734fff8
Content-Type: text/plain; charset=us-ascii

test22


--b1_a910e2aceaed556b5a4d5886e734fff8
Content-Type: text/html; charset=us-ascii

<p>test22</p>



--b1_a910e2aceaed556b5a4d5886e734fff8--


result of http://www.mail-tester.com/ http://imgur.com/a/pm8FY


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I managed to get my outgoing email server to send emails avoiding the spam folder

… create TLS cert files as per

https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/ and/or https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

actually above instructions are extremely concise which is gr8 … to above I added my email subdomain

export DOMAINS="mail.example.com,example.here,www.example.here"

… its output will be these files

-rw-r–r-- 1 root root 1887 Sep 3 18:42 cert.pem -rw-r–r-- 1 root root 1647 Sep 3 18:42 chain.pem -rw-r–r-- 1 root root 3534 Sep 3 18:42 fullchain.pem -rw-r–r-- 1 root root 1704 Sep 3 18:42 privkey.pem

now just copy them and define these variables as

cp privkey.pem  /etc/ssl/private/mail.example.com.privkey.pem
cp cert.pem       /etc/ssl/certs/mail.example.com.cert.pem
cp chain.pem    /etc/ssl/certs/mail.example.com.chain.pem

postconf 'smtpd_tls_key_file  = /etc/ssl/private/mail.example.com.privkey.pem'
postconf 'smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.cert.pem'
postconf 'smtpd_tls_CAfile    = /etc/ssl/certs/mail.example.com.chain.pem'

notice above vars will then appear in file

/etc/postfix/main.cf

bounce postfix and send a post … notice TLS will now be mentioned in the received email header

Received: from mail.example.com ([159.203.100.178])
by mx.google.com with ESMTPS id 4si10110105qta.2.2016.09.04.06.45.52
for kaptainkrunch@gmail.com
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 04 Sep 2016 06:45:52 -0700 (PDT)

frustratingly emails still landed in spam folder so I just said Not Spam to train my gmail inbox and since the red unlocked padlock icon was now gone to indicate TLS is active afterwards new emails correctly land in inbox not spam ;-)

for completeness here are relevant vars from /etc/postfix/main.cf

smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.cert.pem
smtpd_tls_key_file = /etc/ssl/private/mail.example.com.privkey.pem
smtpd_tls_CAfile = /etc/ssl/certs/mail.example.com.chain.pem
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom

in my DNS to satisfy SPF I have a record Type TXT with value

@       "v=spf1 mx a -all"

and a MX record

10      mail.example.com.

here is a really slick DNS records validator http://intodns.com/ and https://toolbox.googleapps.com/apps/checkmx/

alexdo
Site Moderator
Site Moderator badge
July 9, 2021

Hello, all

You can make sure that your mailing list is fully opted-in and that you’re using SMTP authentication.

Also to test the mail score of your emails you can use a website like:

https://www.mail-tester.com/

and then send a valid test - an exact email with a valid - subject, message body, full signatures and attachments.

Regards, Alex

Delivered-To: aaaaa@gmail.com Received: by 10.237.54.100 with SMTP id e91csp146615qtb; Mon, 5 Sep 2016 08:10:11 -0700 (PDT) X-Received: by 10.200.37.52 with SMTP id 49mr1262108qtm.62.1473088211338; Mon, 05 Sep 2016 08:10:11 -0700 (PDT) Return-Path: news@xxxxxxxxx.com Received: from xxxxxxxxx.com (xxxxxxxxx.com. [45.55.224.107]) by mx.google.com with ESMTP id t91si17868642qtd.75.2016.09.05.08.10.11 for aaaaaaaa@gmail.com; Mon, 05 Sep 2016 08:10:11 -0700 (PDT) Received-SPF: pass (google.com: domain of news@xxxxxxxxx.com designates 45.55.224.107 as permitted sender) client-ip=45.55.224.107; Authentication-Results: mx.google.com; dkim=pass header.i=@xxxxxxxxx.com; spf=pass (google.com: domain of news@xxxxxxxxx.com designates 45.55.224.107 as permitted sender) smtp.mailfrom=news@xxxxxxxxx.com Received: by xxxxxxxxx.com (Postfix, from userid 33) id E8070FF080; Mon, 5 Sep 2016 12:10:10 -0300 (ART) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxxxxxx.com; s=mail; t=1473088210; bh=Cc8VL/itZEZoCV7ER6QPM7772x+O4bDXXtYsTn9TmRE=; h=To:Subject:Date:From:Reply-To:From; b=uRstYVFBdtzOJEnpQeq38OWHYmAVN9LnidKOmoKo0g2eLX6oHHPkJiFPH2QuKK6NF kmi60dpTfyMqJf3uOasajCwpqu8cn4Z3QPeH/epza2/XYBA9lU8fkg8P6SD3ooEwAU nGgMqRpnZYIEZ4kfyG8K5SOdpE/Q7TSPTxsOffEs= To: aaaaaaa@gmail.com Subject: va 3 X-PHP-Originating-Script: 0:class.phpmailer.php Date: Mon, 5 Sep 2016 15:10:10 +0000 From: xxxxxxxxx news@xxxxxxxxx.com Reply-To: “xxxxxxxxx.comno-responder@gmail.com Message-ID: cada44e34b8286e878ee1f8858b956b9@xxxxxxxxx.com X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=“b1_cada44e34b8286e878ee1f8858b956b9” Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

–b1_cada44e34b8286e878ee1f8858b956b9 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit

test 3

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel