I am having issues with mail bouncing when sending from my own server to my own active yahoo account using JavaMail. The mails are passing SPF, DKIM and DMARC according to google mail that receives the same messages being bounced by yahoo. I can send messages from other accounts to my yahoo account without issue.
The messages send fine from my server to ZMail, GMail, Microsoft mail. Looking at the emails, the only thing that I have noticed is the message header for the Message-Id. My messages have the following header:
Message-ID: <923936395.17.1634776639078#[internally visible hostname]>
I am wondering if this header could be the problem and whether there is a way in JavaMail or in the Apache James to set the hostname or IP address that gets used in this message so that rather than using the "internally visible hostname", I can get the hostname that is externally visible. I have been searching the available documentation for Apache James and JavaMail but have not found any parameters to try in order to resolve this.
According to the Decompiled SRC of sun mail it should be possible by setting some properties for your session.
props.setProperty("mail.from", user);
props.setProperty("mail.host", host);
//props.setProperty("mail.user", user);
The Id will be updated by the save method (saveChanges()) and will trigger an new ID generation (updateHeaders() -> updateMessageID()). (Looked up in the decompiled MimeMessage.class)
Leading to the HostPart called in javax.mail.internet.InternetAddress.
The relevant method is _getLocalAddress.
Here you can see that the values get extracted from the Properties or will fallback to your local machine.
Used Fields:
user.name
mail.from
mail.user
mail.host
The user.name property can also be looked up from the system props.
Related
This question already has answers here:
Sending email in .NET through Gmail
(26 answers)
Closed 2 years ago.
I'm working on building a contact form for my new Web site and want to send mail through Google's SMTP relay server (smtp-relay.gmail.com) because I want to set up a "dummy", "no-reply" address from which to send the mail. Also, I tried sending it through the regular SMTP server (smtp.gmail.com) using my own actual Gmail credentials for that account and it got blocked as an insecure app. I'd rather not turn on the "Less secure app access" option (it's not really an option for me anyway because I use 2FA on this account), so this seems like the best way to get there - if I can get it working.
The domain's mail is hosted in G Suite and I've configured the SMTP relay service in the Google Admin Console for my domain as per the instructions in the support article, SMTP relay: Route outgoing non-Gmail messages through Google. I have the relay configured using both the public static IP address of my Web site, as well as the static IP address of the firewall behind which the Web server lies. I configured the relay to accept mail from my domain(s) to allow for the "dummy" address that doesn't actually have a mailbox, and set it to require SMTP Authentication and TLS encryption:
I've set up DNS records for MX, SPF, and DKIM with my domain registrar.
I've waited over 24-hours for the changes to take effect (as per the notification when making the changes in the Google Admin Console)
I've even set up an app password for my Web site to use for my domain e-mail address:
I'm using an ASP.NET (VB) Web site on IIS. My code for sending looks like this:
Dim NewContact As New System.Net.Mail.MailMessage()
With NewContactMessage
.From = New System.Net.Mail.MailAddress("no-reply#mydomain.com")
.To.Add("myaddress#mydomain.com")
.Subject= "TEST MESSAGE"
.IsBodyHtml= True
.BodyEncoding = System.Text.Encoding.UTF8
.Body = "This is a test."
.Priority = System.Net.Mail.MailPriority.Normal
End With
Dim Server As New System.Net.Mail.SmtpClient()
With Server
.Port= 587
.Host= "smtp-relay.gmail.com"
.EnableSsl= True
.Send(NewContactMessage)
End With
However, when I try to submit my contact form, I get an error, Mailbox unavailable. The server response was: 5.7.1 Invalid credentials for relay [X.X.X.X]. The IP address you've:
It looks like there should definitely be more to that actual error message, but it's apparently being truncated somewhere along the way.
I've tried feeding the credentials in the SmtpClient block:
With Server
.Credentials = New System.Net.NetworkCredential("myaddress#mydomain.com", "my_app_password")
.Port= 587
.Host= "smtp-relay.gmail.com"
.EnableSsl= True
.Send(NewContactMessage)
End With
In this case, I get a different error: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Authentication Required. Learn more at. (If I use the credentials with the "default" Gmail SMTP server (smtp.gmail.com), I get the same error.)
According to the Audit Logs, it appears that all of my configuration setting changes have completed. Everything appears to be correct for this to work, but what am I missing?
Just before posting this question, I found this Q&A - Send mail via google app with smtp relay - with the simple fix to my issue: Turn off the Require SMTP Authentication option in the SMTP relay service configuration settings.
Once I disabled that setting and tried again, everything is flowing normally. I suppose I should have figured that out on my own, but according to Google's support article for setting up the SMTP relay (emphasis mine in the first sentence):
In the Authentication section, check one or both boxes to set an authentication method:
Only accept mail from the specified IP addresses — The system only accepts mail sent from these IP addresses as coming from your domains.
Require SMTP Authentication — Enforces the use of SMTP authentication to identify the sending domain. Using this option requires your clients to connect via TLS.
The wording here seems a bit misleading and appears to indicate that you can have both of these options enabled without one "interfering" with the other. As I said, I probably should have figured this out on my own - especially since I'm trying to send from a "dummy" e-mail account - but I guess it just didn't occur to me.
I considered deleting this question, but I had done a fair amount of searching before writing this question up and somehow never ran across that particular post. I'm not sure how I could have missed it, but I'm leaving my question here in hopes that someone else has an easier time of finding this solution in the future.
For quite some time we have been getting the following error from yahoo:
mail.log:6452:Apr 22 19:21:06 aegir postfix/smtp[8997]: 87BCF4C93F: host mta7.am0.yahoodns.net[67.195.228.110] said: 421 4.7.0 [IPTS04] Messages from 188.93.125.68 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to end of DATA command)
If someone did get the similar, how did you solve this issue?
I've been trying to contact Yahoo but everytime I get automated response and ticket closure as I send it.
What other thing I can offer is DMARC report if its relevant:
https://mxtoolbox.com/DmarcReportAnalyzer.aspx?id=F-9a3a8364-6cba-41f9-b93f-cfc32155a3f6
Test for headers and every check seems to be working alright:
https://www.mail-tester.com/test-m5ytebosm
Google email is showing everything is pass:
gmail email
gmail header
For now I've tried changing OpenDKIM to relaxed/relaxed from relaxed/simple.
Removed p=quarantine and added p=none
Sorted out SPF record for official signing domain just in case, added another IP address where resourcecenter is found.
Will provide additional info if needed.
Here is the issue:
I have an email server with OpenDKIM and Postfix installed as here:
http://www.serveridol.com/2012/02/17/opendkim-configuring-dkim-keys-on-postfix/
My TXT DNS record is on the main domain (Server domain name)
Here: senderServer.com
It works great when I send an email from senderServer.com using my FROM address as: anything#senderServer.com
The problem is when I send an email using my FROM address as: anything#otherDomain.com
The DKIM signature is added but using otherDomain as the domain value tag:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=otherDomain.com; s=20131125; t=1385596727;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=Date:To:Subject:From;
b=ujfsdhfu9hf9sdfs9df9sfs9fhsd9hfsfnsvkjnsdlvljsv
so, the server that is receiving the messages is not finding the DNS record which is obviously clear since the d= tag value is otherDomain.com instead senderServer.com
I would like to find the way to retrieve the d= value from the server name instead retrieve it from the FROM header email address... or override it to be always d=senderServer.com
Domain *
KeyFile /etc/postfix/dkim.key
Selector mail
in /etc/opendkim.conf to use the same key for multiple domains ( documentation )
and added no_milters to /etc/postfix/master.cf
made this line:
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
look like:
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
This prevented opendkim signing messages twice.
I am getting 555 syntax error in mailfrom
SendData(tcpSocket, string.Format("MAIL From: {0}\r\n", MailFrom));
if (!CheckResponse(tcpSocket, 220))
{
tcpSocket.Close();
return false;
}
is it the problem in my local system because of localhost?
Please help me. I am using this code from below link.
http://www.codeproject.com/Articles/5189/End-to-end-Email-Address-Verification-for-Applicat
Please don't try to implement your own SMTP client, use the one that comes with .NET: System.Net.Mail.SmtpClient.
Many SMTP servers require TLS, for example, which your code does not account for.
Furthermore, for security reasons most mailservers will not reveal if an email address in an RCPT TO line is valid or not. If a system can positively reveal an address exists then it can be used by spam harvesters. Consequently using a dry-run of an SMTP client should only be used to validate an email address (because of the complicated rules regarding valid email addresses). The verification (a separate concept from validation) must be performed manually by requiring the user to respond to an email sent to that address, there is no other way to be sure.
I am sending account activation email from my .net app.
I set the from address to "xyz.support#gmail.com" and from name "xyz" where xyz is the name of the domain i.e. our website.
It was not a problem when we were using Google's SMTP server as I provided credentials to google during sending. But now I am using my own web server's SMTP to send the email.
When I view the activation email in gmail, I get this:
This message may not have been sent by: xyz.support#gmail.com Learn more Report phishing
Is there a way to get rid of this so that gmail and other client don't show this message?
Here is the code:
var smtpClient = new SmtpClient();
var message = new MailMessage();
smtpClient.Host = _config.SMTPServer;
message.From = new MailAddress("xyz.support#gmail.com", "xyz");
message.To.Add("newuser#gmail.com");
message.IsBodyHtml = true;
message.Subject = "Test subject";
message.Body = "Test Body";
smtpClient.Send(message);
Thanks
The domain of the FROM address has to match the domain of the SMTP server that is sending the email, otherwise your message is treated as as spam.
This explains why you avoid the "error" by sending via Google's SMTP server.
The suggestion by IrishChieftain to use SPF helped me, so here is a summary of the steps I did:
1.) First, I also received emails in my GMail inbox that I sent from my sever and that got the "This message may not have been sent by..." warning.
2.) Next, I looked at the source of the email inside GMail (clicke the arrow next to the message and select "Display original"). An excerpt from there was:
Received-SPF: fail (google.com: domain of me#mydomain.com does not
designate 211.113.37.19 as permitted sender) client-ip=211.113.37.19;
So Google directly told me what to do: Add some SPF records in the DNS of my domain "mydomain.com" to get rid of this warning.
3.) Therefore I logged into the control panel of my DNS provider and added two TXT records, something like this:
*.mydomain.com. 180 v=spf1 +a +mx ip4:211.113.37.19 -all
mydomain.com. 180 v=spf1 +a +mx ip4:211.113.37.19 -all
Please note that I entered each line in three separate fields:
One field for *.mydomain.com.
One field for 180 (the TTL, 3 minutes in my example)
One field for v=spf1 +a +mx ip4:211.113.37.19 -all
4.) After that, I waited some time and tried to resend. This succeeded. Google now shows in the original:
Received-SPF: pass (google.com: domain of Received-SPF: pass (google.com: domain of me#mydomain.com designates 211.113.37.19 as permitted sender) client-ip=211.113.37.19;
Please note that I choose the SPF version since the mail server is on a different machine as the web server, so I could not perform the other solution as Mulmot wrote.
There is also an SPF Wizard from Microsoft to correctly generate SPF records. Alternatively, here is yet another SPF generator.