Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: JRBATM20192021 on May 17, 2023, 11:38:30 AM
-
Hello,
Just curious if there have been any further developments in being able to make Google (gmail) accept emails from an SME Server instead sending them right to the spam folder?
Google's suggestion of adjusting SPF and DKIM records in the DNS don't work like they say they are supposed too.
Thanks.
-
have you disabled the test mode and enforced the rejection on both spf and dkim?
-
Not 100% sure, all work I have done is in the DNS program none on the server does test mode need to be disabled in the Server?
-
you do not need to enable the inconing dkim filtering. you just need to enable the outgoing dkim signing and check that in your dns the dkim field has no t=y and dmarc field enforce dkim and spf rejection.
-
Okay I looked over the SPF and DKIM records and I redid them because I choose Soft fail not Hard fail.... However I tried it again with the Hard fail settings and it didn't work emails from SME Server still go to spam in Gmail.
Here are the settings I used Can you guys see any problems?
SPF
"v=spf1 mx a include:_spf.mydomain.com ip4:ipaddress -all"
DKIM
the Host I used was "s._domainkey.mydomain.com"
the Text I used was
v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEiywEQT9CEIDRkDBA01VkM5+9mXLwIDCfUeGafAghwtQ99RKlfhRvttShV2Ml5bJz2A8TWMGNUPEs/B+TgFaR/eU0fOCeKxrFuzzL5kuQAR4tZdEKq8VjuSxUVTFjmTxbN5hZ5i+vYxq4J5dJffhvatDXut6cjAZe2f9f226udQIDAQAB
-
Does your SPF validate correctly?
https://kitterman.com/spf/validate.html
Does your DKIM validate correctly?
https://mxtoolbox.com/dkim.aspx
-
Okay so looks like the DKIM record checks out there is no errors just check marks.... However it looks like the SPF record is not correct because I got this error below
Input accepted, querying now...
evaluating v=spf1 mx a include:_spf.domain.com ip4:ipaddress -all ...
Results - PermError SPF Permanent Error: No valid SPF record for included domain: _spf.domain.com: include:_spf.domain.com
I used a program from my domain provider to make a new SPF record so not sure what I did incorrect here....
-
v=spf1 mx a include:_spf.domain.com ip4:ipaddress -all
I can't tell if you realize it but this is all filler content.
"include:", if used, would be followed by another DNS entry whose TXT record was an SPF record for your domain.
"ip:" should be followed by an actual, fixed (non-dynamic) IP address.
"apache.org", for example, has this SPF record:
v=spf1 include:_spf.apache.org -all
The "include:" directive tells us to look up the entry indicated, which gives us this long list of IP addresses plus some more "include:" directives:
v=spf1 ip4:95.216.194.37 ip4:3.227.148.255 ip4:207.244.88.153 ip4:207.244.88.131 ip4:116.203.166.180 ip4:207.244.88.144 ip4:116.203.246.181 ip6:2a01:4f8:c2c:e8b::/64 ip6:2a01:4f9:c010:567c::1 include:spf.mandrillapp.com -all
-
I know I didn't really want to put my "sensitive info" down in the public forum. But I guess I can... But I want to try again first. I'll let you know if it worked or not....
-
Okay so trying to mimic the apache websites SPF record didn't work my DNS says it requires an IP address in the record to send mail so I need it but not sure what is wrong with it nothing will recognize it even it is drawn up from a SPF Wizard from my DNS company....
here is the spf record with all of the info.
v=spf1 mx a include:spf.kspk.com ip4:208.117.68.42 -all
-
Okay so trying to mimic the apache websites SPF record didn't work my DNS says it requires an IP address in the record to send mail so I need it but not sure what is wrong with it nothing will recognize it even it is drawn up from a SPF Wizard from my DNS company....
here is the spf record with all of the info.
v=spf1 mx a include:spf.kspk.com ip4:208.117.68.42 -all
if you dont have any third party domains sending mail on your behalf remove the "include:spf.kspk.com " This fails the lookup.
so this as spf record :
v=spf1 mx a ip4:208.117.68.42 -all
-
No 3rd parties thanks I will try that.
-
Okay that worked because now the SPF Record is recognized by the program you gave me to check it with
SPF record passed validation test with pySPF (Python SPF library)!
However emails from SME Server still go to spam in Gmail.... Is it something that google needs to wake up and accept or am I missing something? I think I did everything required for them but it still doesn't work..........
-
give it some time and wine.
aging is the same for reputation and good wines.
-
Okay will do its still not working though.... Any idea how long it would take for Gmail to recognize the changes?
-
Make sure that google's reason is still the SPF record.
There are lots of other things that Google will use to classify email as SPAM.
Possibly relevant in your case:
* IP Addresses from ranges of IPs assigned by your ISP to residential internet connections
* Mismatch between your server's DNS, HELO and PTR records
Way too much detail
IP Address Space
- If your IP address belongs to a range that has been identified by your ISP, or by any of several spam filters (spamhaus etc) or by Google as belonging to an IP Address space used mostly by residential users some of whom have dynamic IP addresses, your email may go to SPAM.
- The recourse in this case is to pay your ISP for an IP with a different reputation, or to relay your email through an outgoing service
--> If you start relaying email through a service you will need to adjust your SPF record
HELO
- whatever your server uses as its HELO string needs to return your server IP address in a DNS lookup
- Some services also insist that the name used for HELO return an "A" record, and not a "CNAME" record
- SME 'HELO' is set using qpsmtpd->HeloHost, defaulting to DomainName if qpsmtpd->HeloHost is not set:
{ $qpsmtpd{HeloHost} || $DomainName }
nslookup $(config getprop qpsmtpd HeloHost || config get DomainName) 4.2.2.2
PTR
- your IP address needs to have a PTR record
- The name returned for the PTR lookup for your IP needs to resolve to the same IP
- The PTR record for your IP is controlled by whoever owns the IP address -- almost certainly your ISP. Changing or setting a PTR record for your IP would require asking the ISP, who may or may not do what you ask.
# nslookup -type=txt apache.com
apache.com text = "v=spf1 +a +mx +ip4:67.227.199.17 ~all"
# nslookup -type=ptr 17.199.227.67.in-addr.arpa
17.199.227.67.in-addr.arpa name = host2.accelrf.com.
# nslookup host2.accelrf.com
Name: host2.accelrf.com
Address: 67.227.199.17
# curl ipinfo.io/67.227.199.17/org
AS32244 Liquid Web, L.L.C
# nslookup -type=soa 17.199.227.67.in-addr.arpa
# (nothing, so chop off the last octet
# nslookup -type=soa 199.227.67.in-addr.arpa
Non-authoritative answer:
199.227.67.in-addr.arpa
origin = ns.sourcedns.com
mail addr = admin.sourcedns.com
serial = 2023050301
refresh = 28800
retry = 7200
expire = 3600000
minimum = 14400
-
there are a lot of variable. including people taging it as spam, organization inside goigle adding score for incoming emails.
wait few days and reevaluate
-
Sounds good I will take a look at that stuff and reevaluate in a few days... Thanks!
-
give it some time and wine.
aging is the same for reputation and good wines.
:lol:
I can testify to that.