I am using the postfix mailserver and set that up for DKIM signing and changed the DNS record as TXT on my hoster. I followed these instructions exactly and checked them for 10 times:
https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf
But still when I test my mails it says
dkim=none (message not signed)
header.d=none
SPF and DMARC are marked as pass.
I get a score of 7.4/10 at mail-tester.com.
I restarted the server, postfix and opendkim. But nothing helped. Login via SSH postfix and opendkim are active.
I am now for 3 days on it but can not solve the issue. Do you guys have any idea what could be the problem? Could the HELO-Domain (Hostname of my server) be the problem? Because it is different to my Website domain.
Related
I have tried setting up SMTP in the dotenv file:
MAILER_URL=smtp://mydomain.nl:25?encryption=tls&username=noreply%mydomain.nl&password=***`
And I've sent an email using php bin/console swiftmailer:email:send. This gave me an error:
[app] Exception occurred while flushing email queue: Connection could not be established with host webmail.mydomain.nl [Connection timed out #110]`
So I assumed this is caused by the firewall. So then I tried to send an email via an online SMTP tester and the email got sent and all worked as expected.
However, this still does not work on my server. Even after turning off the firewall on my (Windows) VPS, the same error persists.
My setup is as follows:
I have a VPS (WINDOWS) with plesk where I host my domain and the mail server.
I also have a home server (CENTOS) where I host my subdomain with plesk.
What am I overlooking? What could be the cause of this issue?
Some host providers block 465 and 25 port. So only 587 is left to use. First, contact your host provider and ask if they are blocking SMTP ports. And if not please come back with more information and server config.
So apparently, please correct me if im wrong. This is what I think I did wrong:
I have a subdomain from my main plesk which I host on my home server. The project i'm working on is running from there.
The main domain with that plesk account is running on a VPS with the mailserver.
As it turns out (I think) my ISP from my home internet has restricted access to port 25. And thats why my home server cant access the mail server.
I tried to disable firewalls everywhere, even routed the ports in my router to my home server, nil fix. (please note that i tried to telnet to several SMTP servers not just my own) with all access rejected.
I tried it with another port (465) from my home server and it works now.
At the end using another port did the trick. I am however not sure that this is the issue. But this is just my guess.
Good Morning
I am having a bit of trouble getting SPF Pass on mail headers when emails are sent through Contact Form 7 on Wordpress.
Mail sent through Contact From 7 often goes to spam and when looking at the Mail Source Headers, I can see the site IP doesn't designate as a permitted sender.
ARC-Authentication-Results: i=1; mx.google.com;
spf=neutral (google.com: *serverIP* is neither permitted nor denied by
best guess record for domain of www-data#ubuntu) smtp.mailfrom=www-data#ubuntu;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=*domain*
Return-Path: <www-data#ubuntu>
Received: from ubuntu (*domain*. [*serverIP*])
by mx.google.com with ESMTP id 91-v6si4638670wre.46.2018.05.17.07.10.20;
Thu, 17 May 2018 07:10:20 -0700 (PDT)
Received-SPF: neutral (google.com: *serverIP* is neither permitted nor
denied by best guess record for domain of www-data#ubuntu) client-
ip=*ServerIP*;
Authentication-Results: mx.google.com;
spf=neutral (google.com: *ServerIP* is neither permitted nor denied by
best guess record for domain of www-data#ubuntu) smtp.mailfrom=www-
data#ubuntu;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=*Domain*
Received: by ubuntu (Postfix, from userid 33)
id 036C93F7D3; Thu, 17 May 2018 14:10:20 +0000 (UTC)
SPF records have all been set up in DNS settings and are correct when checked by Google's SPF testing tool
We are using Google Business Apps. Everything is fine with DKIM, DMARC and SPF so not sure why it saying SPF Neutral and DMARC fail...
Any assistance much appreciated.
This is the problem:
Return-Path: <www-data#ubuntu>
The return-path header is added by the receiving server (google), and is not something that you should set as a sender. The receiving server sets it from the SMTP MAIL FROM address, also known as an "envelope sender". This address is also where bounces should be sent, not the from or reply-to addresses specified within the message.
The problem here is that in the absence of an explicitly set envelope sender, PHP tries to guess one by looking up the current user and host name that are running the submitting process. This is why your envelope sender is www-data (the user name) # ubuntu (the host name of your server). ubuntu is not a resolvable host name, so google can't look up an SPF record to check it against, so it falls back to the default "neutral" SPF verdict, which is what you're seeing.
There are a few ways to deal with this. First of all you should set the hostname of your server so it knows what to call itself - PHP will see that info and use it to set the fallback address. If you run the hostname command, you'll probably get ubuntu, so fix that (both immediately and permanently) by running:
sudo hostname myhostname.example.com
echo "myhostname.example.com" | sudo tee /etc/hostname
substitute your real host and domain name of course.
Setting the user name is trickier, but is not actually necessary to get an SPF pass, because that only looks at the domain, so www-data#myhostname.example.com will work fine, though you may run into issues if you want to handle bounces correctly.
The most practical way of setting the envelope sender is to copy it from the message's "from" address or to set it explicitly, and this is something that should be done by your contact form PHP code. If Contact Form 7 can be persuaded to use PHPMailer, it will happen automatically. If it sends directly via the mail function, or one of WordPress' wrappers it may be trickier, and you'd have to investigate further.
Anyway, just fixing the host name should get you an SPF pass, which is the immediate problem.
I have configured postfix over SSL and dovecot over SSL and it work fine if I send local relay , and it delivers to mailboxes within my domain name MX record point mail server.
mysysopmnds.com MX 10 mail.mysysopminds.com
However if I send an email to another domain , it bounces... and one of the error in the log is , as below
Jan 10 19:34:56 mail postfix/smtp[5334]: 37FADC28BB: to=, relay=none, delay=34, delays=34/0/0.01/0, dsn=5.4.6, status=bounced (mail for murugeshdomain.com loops back to myself)
what are key configuration that I should check or take care of to send email to other domains or any domains
TIA
hariharan
The is a good chance your internet serivice provider (ISP) is blocking out port 25 for outgoing email. I can tell you, mine is. This is also when i got the bounce message.
You can confirm this problem by typing:
telnet aspmx.l.google.com 25
If it does not generate Connected to aspmx.l.google.com but a timeout after half a minute or so than your ISP is blocking your outgoing traffic on port 25.
If this is the case you can solve it by redirecting your outgoing mail through for example a google mail account. You could use this link as guide to set the up the redirection.
It looks like this domain (murugeshdomain.com) has no MX record. For sending mails to another domain just take look in that domain has MX record. To check whether that domain has MX record dig MX domainname(in the case of linux command)
I'm having trouble setting up SMTP to relay through a 3rd party server.
I'm new to Server 2008 so please bear with me.
I have found the SMTP server in IIS6 which is currently off, but is there one I need to use in IIS7? (IIS7 websites do have the SMTP icon so that 'role' must be installed).
I have used the IIS7 icon to set the remote name and credentials. Using a little test website to send an email to my hotmail account, it comes up saying
Mailbox unavailable. The server response was: 5.7.1 ... we do not relay
or occassionally it says
The remote name could not be resolved: 'The SMTP URL'
I can send using localhost but because that is effectivly spoofing the "from address" loads of them get bounced back!
Anyone got any ideas????
Don't worry, it turns out the people in control of the relay server gave us the wrong username and password, so it would never have worked!
Also, didn't need SMTP server in IIS6 either, so will remove it.
Good to hear you got it sorted. For posterity's sake, if you need to run a SMTP service in IIS7, you need to install the IIS6 "bits" which includes the IIS SMTP service.
One fun gotcha--service gets installed as a manual start for some reason, that was fun to troubleshoot at 3am after the 7th tequila shot.
I have an application that is using ActiveDirectoryMembershipProvider to grant access to users. The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller.
We've opened the LDAP port to the DC on the inside network - yet no matter what we try, we end up with an error that says "The specified domain or server could not be contacted."
Does anyone have any suggestions on how I can resolve this? We've tried everything we can think of and just aren't getting anywhere.
My connection string is:
<add name="ADConnectionString"
connectionString="LDAP://10.5.3.7:389/DC=MyTestDomain,DC=local"/>
And my provider is:
<add name="ActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConnectionString"
attributeMapUsername="SAMAccountName"
connectionProtection="None"
connectionUsername="LdapUser"
connectionPassword="LdapPassword" />
The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller.
Since you could query directly using an LDAP tool, that suggests that the firewall is open correctly. However, keep in mind that the ActiveDirectoryMembershipProvider is not using plain old LDAP, it's using Microsoft technologies. For example, if you set connectionProtection="Secure", ADMP will try using SSL and port 636, if that fails, it will use Microsoft's built-in IPSec signing (see this article for more details).
Anyway, this makes me wonder about a couple things:
Does the AD domain have an IPSec "required" policy which refuses connections from non-domain/non-configured computers? (Probably not, since you connected with plain LDAP, but it's worth investigating.)
Have you added the domain controller's NetBIOS name to your lmhosts file, and its DNS name to your hosts file? (Many protocols check that their target's reported name matches the name you tried to connect to.)
A lot of people have noted problems using ADMP between different domains, and the solution required that a one-way trust be created. Since it sounds like your client computer is not in a domain, you can't have that trust--unless either (a) it is a member of a different domain with a one-way trust or (b) it is a member of the same domain and thus client-server trust is implicit.
It seems like the solution is to open port 445.
Read this thread
We're not allowed to open so I guess I'm stuck.
You can use this two articles, may be solve your problem
www.ddj.com/windows/184406424
forums.asp.net/t/1408268.aspx
and check your firewalls
I had this error, and managed to fix it. There are multiple reasons that can lead to this, here is a to-do list to identify exect problem:
Create a micro application, with single method Membership.GetAllUsers(), execute on machine outside Active Directory (AD), with incorrect password in connection string, check if you get incorrect password exception. If you don't get it you can't connect to your AD server, check firewall, if you do get invalid password exception, goto next step.
If you can, try to execute same app, localy on AD server, first with incorrect password, than with correct, executing app locally provides more detailed exception what is wrong (for me this exception lead me to fixing problem). In my case it told me that Server service is not started, than that Workstation service is not started.
Some thoughts on the fact that it required Server and Workstation services to be working on server: afaik Server service is used for windows file sharing (netbios over TCP), and is using 445 port, so it mey be that this port must be opened in addition to LDAP port. My second observation was that event if 445 port opened (netstat -an) it still can be not working, winows will drop all packets to this port if Windows Client and File and Printer sharing checkboxes are not checked on network interface adapter which rcived this packets. Check "telnet External_IP 445". Thats all info i gathered while strugling with this problem.
Have you tested with an LDAP browsing tool, from the remote box to see if it can connect with the criteria being used here? I.e. Is it a connectivity problem or something else?
In case anyone stumbles on this and wants to smash their head on a wall... Recently tried doing all this for an AD server that my company had in a different domain than the current context. Was using the IP provided and getting failures as stated here. Even used a tool like Softerra LDAP Admin and it worked fine, however AccountManagement failed.
We had a publicly exposed URL hooked to that IP address (still only allowing certain IP's to make calls). Once I replaced the IP with the URL provided, it worked like a charm.
Hope this saves someone the hours of head smashing I just put myself through.