How to make Webmin SpamAssassin less sensitive? - postfix-mta

It's odd that even emails from SPFBL Admin are marked as spam. Im using Webmin, with Postfix and SpamAssassin. Is my SpamAssassin too sensitive?

Since you do not know how to configure, I advise you to use zoho is a tool where you can create Your administrative email.
but in this case you will not be able to redirect for example to a Gmail box
  Be sure to send your feedback

Hello this is according to your criteria and yes your customers they will have to access Zoho. This can be a temporary measure until you set up your definitive one. But I like Zoho a lot. Even more so that it has other add-ons.
The good thing about it is that people can log in, through their Google account. So you put the Google address as a user of that email and automatically when it authenticates via the interface it connects exactly to the email

Related

Verification required for word press site

I have no experience with this and I'm in need of major help. I have a word press website that I am trying to connect a gmail account to. So that the contact form gets sent to a gmail address. I got it all set up and it is telling me I need verification. This is only being used for my word press website. Probably very few users, not a business. Can I get around the verification process or not?
You would need an OAuth Consent Screen for your Project.
You can refer to this blog post on how you can connect a Gmail account on your Wordpress site

How to use Cookies to prevent login credential sharing in Wordpress

First of all, I'd like to preface this post by stating that I know this is a terrible user experience...
I have a client who would like to prevent site visitors from sharing login credentials.
Because this is a corporate marketing site, social login is not an option.
The client claims that there is a site where upon registration, a cookie is dropped onto the user's device and the user is also given a unique password that will only work on that specific device.
Does anyone know how to make this work using Wordpress? (I'd like to avoid using third party plugins)
This sounds like the use of Single Sign On (SSO) or 2 factor Authenticaton (2FA) will be needed. The SSO Wikipidea page references a cookie based solution for TCP/IP networks https://en.wikipedia.org/wiki/Single_sign-on so perhaps that's how this came up from your client.
Once you identify what your options are with that, based on what your client is using for authentication, then set up may be a bit easier. I think a plugin would save you a lot of time, since this is a pretty elaborate task. This one may do the trick https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/
Regardless it's pretty challenging to prevent the sharing of credentials. SSO may be a deterrent if that gives access to something else that user doesn't want to share. 2FA doesn't prevent a user from sharing the pin thats generated too. Perhaps the only real way is to require an IP match on a device with bio-metric authenticaton.

Woocommerce + GSuite - Transactional emails best practices? Anyone?

I've lost my brain the last couple of days trying to find the best solution for handling my transactional woocommerce emails, so that customers and store managers (on G Suite at the same domain as my site) get notified of new orders, etc.
TL;DR: I have a Woocommerce and want the next e-mail behavior and I wonder what's the best way to achieve this:
Have woocommerce emails don't go to my customer spam folders and get
notified to store.manager#mydomain.com and myemail#mydomain.com
G-Suite email accounts.
Use the info#mydomain.com and "MyDomain" as the "from email and name" in WooCommerce. Whether the info#mydomain.com is an e-mail
alias of my G-Suite email or a server side e-mail I don't care. What
I don't want is to configure a new G-Suite email just to serve
transactional e-mails.
So I'll describe my original situation, problem and the solutions I've read about:
When I setup the Woocommerce e-mails in settings, using a #mydomain.com email account two things happened:
Customers would receive the e-mails on their spam folder.
Store managers did not receive any e-mails whatsoever.
We also have this context info that might be of help:
We are just starting as an e-commerce, so no big load of emails...
We use the cheapest G-Suite plan (with up to 5 accounts) with our domain in Google Domain, so I don't want to use one of those account just to handle the transactional e-mails.
So I found the alias option and setup different aliases to both send and receive e-mails. E.g: "info#mydomain.com".
I read the official Woocommerce email-FAQ, and a bunch of other links in the Wordpress Forums and Stack Overflow, I came to find this three courses of action:
Setup split delivery and let my transactional e-mail address run from C-Panel.
Use an SMTP Plugin and set it up to use the Gmail API.
Create a subdomain and set WooCommerce/PHPServer to send the emails and just use my G-Suite emails as recipients.
I've read tons, and find myself in a loop where I don't know what's the best, future proof option, but this is what I've tried for every option:
I desisted on the idea of split delivery as soon as I found the e-mail aliases option in GSuite.
I did activated it and it solved one of my two problems, customers were no longer getting my emails to spam, but the Gmail API won't let me change the "from address" nor even the "from name", unless I select the alias as the default e-mail address on Gmail, which is not something I want; and if the alias (set up as mailer) and recipient is the same, then GSuite won't show the email in the inbox, but in the sent folder (and marked as read). So If the store manager email (storemanagername#mydomain.com) has an alias used to send Woocommerce emails (info#mydomain.com) he won't be notified for new orders.
I configured a domain alias on my Google Admin settings as a subdomain (store.mydomain.com) (which generates a new email alias with that subdomain) then I created a subdomain on my hosting provider (pointed at nothing for the moment) and had my hosting setup the Google MX records for my subdomain. Without the SMTP Plugin it does nothing, regardless of which e-mail I put in the from and recipient fields on the WooCommerce settings. With the SMTP Plugin things kind of work, using the alias#subdomain.mydomain.com as the recipient, as emails do arrive to inbox (instead of the sent folder) but doubled the regular mail and a huge postmaster notice, about how the domain alias "subdomain.mydomain.com" doesn't exist.
As a related note: Google per default generates a test domain alias which is mydomain.com.test-google-a.com when I use the alias e-mail with this alias domain recipient in woocommerce and the regular G-Suite in the from field on Woocommerce things pretty much work, except that my customers still get the emails to their spam folders.
How would I setup mailgun or sendgrid to use info#mydomain.com as the sender e-mail address? Would that work better?
I'm not new to wordpress, but definitely I'm a noob at WooCommerce and email protocol, setup in general.
Do you think you might exceed the G Suite sending limits? That'd push you towards the SendGrid/Mailgun/etc. solution for outgoing info#mydomain.com mail, with G-Suite accepting the incoming mail however you'd like. Though if it's important to avoid "reply-to" type addresses, make sure to choose a provider/plan that supports running off your domain (SendGrid calls it "domain authentication", Mailgun calls it "domain verification", etc.).
That will likely also solve that initial problem you described in your point #2 (assuming it was due to mail being treated as local-to-the-web-server).
If you take that approach, make sure to triple-check your SPF/DKIM/DMARC setup. And depending on which provider you go with, some of their WordPress/WooCommerce integration plugins are...not great. I've been working on summarizing the providers and their plugins if it's of any help.
And I had a little trouble following who needs to get copies of what, but there's the woocommerce_email_headers filter if it would be helpful to BCC the store managers. You could even do it selectively.

How can I get rid of spam users

The company I work for have a small Plone blog. But we have a problem with spam accounts. We use captcha on the site and Plone sends a mail to the users that they must confirm before they can edit the user profile. Still about 600 spam users are created every day. In the Plone user profile they paste all kinds of commercial links.
We are located in Denmark and the blog is in danish, therefore I have made a script to delete all users with a non danish mail adress. But even though most of the real users have a danish mail account I probably still deletes some real users when running the script.
The spam users register from a vide range of ip-adresses, so blocking ip's is not an option.
Does anyone have ideas to what to do about this problem?
Disable Plone comments/public user creation and use a third party commenting service such as Disqus.
They somehow trick recaptcha (if you find out, please let me know :)
But how do they do the email validation? They don't have to. Plone join_form has a hidden field for password which is filled by this bot and Plone saves it as the real password (check the REQUEST object comming from this bot)
So the bot doesn't need to check email for password. That's how they get in and activate those accounts. So fix the hidden password field from join_form.
Then, remove all users that have links in their profile description (as a real user you don't do that, do you?). Also don't let the users to input HTML within their profile description.

Creating email accounts without the registrar-Theory

I own a small domain on GoDaddy and I currently use their email service and pay a monthly fee for it. But I was thinking on how would it work to one be the owner of the email account itself, and create email address without involving the registrar. I dont know if I'm explaining myself but my question is more or less how do the protocol works to be able to create/manage email accounts. i.e Obviously gmail, and every single other webmail provider creates the accounts programatically without involving any registrar. Hows does it works?
Thanks.
What you'll need to do is set up a 'MX record' for your domain. This tells other email servers where to send email for some given domain; then you also need an email server to actually receive this email. On a Linux system, this would be something like postfix or exim, or even sendmail (not really recommended these days though). Or you could use a third-party free hosting service, and point MX records to them - eg, google apps.

Resources