I've been banging my head at this for 2 days. I've installed a fresh copy of Virtualmin and I enabled DKIM as mentioned in the documentation. Everything went fine. I've added spf and dkim records in my dns as well which were generated by virtualmin
v=spf1 a mx a:rohtakvivah.com ip4:172.104.159.124 ip6:2a01:7e01::f03c:91ff:fed4:bdcc ?all
v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSINQFbPLkzZ5e0eMpBArxWMQRslJC7nmTBqNOsK+L97nj2C8He8T+PgQYObhf7p8H/O3IHAYVc7GXCgFjzuxx86ncWfxgO4X5L6FZwUC4awl0XcI4zqcUtO3+SlXzo5/6NVRY+Kt83c+4yUYYwymvsovZ+mBoS0/h64zyFTQg0QIDAQAB;
I've changed DKIM configuration's cononicalization from "simple" tp "relaxed/relaxed" in /etc/opendkim.conf I'm sending mails via usermail and they are ending up in gmail's spam because they are failing dkim. Here's the report:
Delivered-To: vipul@bwdmedia.net
Received: by 10.100.166.5 with SMTP id l5csp395785pje;
Fri, 18 Aug 2017 00:08:05 -0700 (PDT)
X-Received: by 10.223.198.9 with SMTP id n9mr4614607wrg.185.1503040085657;
Fri, 18 Aug 2017 00:08:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1503040085; cv=none;
d=google.com; s=arc-20160816;
b=Mly2S2Fl1SiJUTalp2HJPCaNIwaiYrHY7LARLeEM+I71znYdacNg8w/9oKVZbVgPra
3axnAIC56db6C2wBmgzFXhTexSQ7CCkGD6It2m3gnkqjTzzrXIcyiNKzQav8lpdkllNN
h4qZ0wFWEFr8v/Za/uif1NxL0N3lxReHeyPbuQodRmXunFrZEXXAzwLHHmYQu6Lue7o/
dIX1zF4v6zgvjOma3aw3LKon9cEJO5UHIONpqpFPOCCCwSYc8+tkx5+zcA8AJnBOGbC7
Uql+mFjnS6GVw0MPW2bMydWpDzVLsqhSmlTIR2EOJ0zt0+L5aB5OhLf+v43yvkR6Vx5z
YwRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:to:subject:from:dkim-signature
:arc-authentication-results;
bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
b=bu8aTh0lxBLmP2p4uGZpwITiGJS7ZgoLsvuRUC99wkKJad4dR8fmThCh641Y+rTBEJ
5/rg+1mig1y3GAMzgVH/Fd10+YvhKwT+g+g69Z4vxhz9FnPJG3AK0vsI7/Ce4rrvX15T
Eo2S6DgWW2hA37yYgBmxECAWJ8NLmXL2bCvRZ5Y/YE7V6GqEGxpXt3WXzKwYuC2aLMvH
q8SYhl0BYVhym4ttVOifrhcRv97q4wjSXDr2X/iTDE6b5FXwxVAcaF83x8nbV43xYlBA
oN6TerJB+agBS++YvEjUOYZKLaoFf6M8J3pHZJoxMlThctSnisBGsAoWBNQM/S02lNWK
Ybdg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=fail header.i=@rohtakvivah.com header.s=2017 header.b=SP0BiHsl;
spf=pass (google.com: domain of rohtakvivah@rohtakvivah.com designates 172.104.159.124 as permitted sender) smtp.mailfrom=rohtakvivah@rohtakvivah.com
Return-Path: <rohtakvivah@rohtakvivah.com>
Received: from ubun1-frank.rohtakvivah.com (rohtakvivah.com. [172.104.159.124])
by mx.google.com with ESMTPS id r14si3790302wrc.496.2017.08.18.00.08.05
for <vipul@bwdmedia.net>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 18 Aug 2017 00:08:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of rohtakvivah@rohtakvivah.com designates 172.104.159.124 as permitted sender) client-ip=172.104.159.124;
Authentication-Results: mx.google.com;
dkim=fail header.i=@rohtakvivah.com header.s=2017 header.b=SP0BiHsl;
spf=pass (google.com: domain of rohtakvivah@rohtakvivah.com designates 172.104.159.124 as permitted sender) smtp.mailfrom=rohtakvivah@rohtakvivah.com
Received: from ubun1-frank.rohtakvivah.com (localhost [127.0.0.1]) by ubun1-frank.rohtakvivah.com (Postfix) with SMTP id 039CC7AFE6 for <vipul@bwdmedia.net>; Fri, 18 Aug 2017 12:38:05 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rohtakvivah.com; s=2017; t=1503040085; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=; h=From:Subject:To:Date:From; b=SP0BiHsl1g07iOHwTKYPa3cpyXDhFeYYQ6SvNdEOnyMGX4tW78RiFwfnvx3ev0bMu
f2o+EdHWRRaJsdlsueBxIU5/v5jgsK31gk/BENgFiWhPvzDluPfEB/4yGJL9JSbFJf
Jp7SUDmWNSa3qkLjMGjHDsUlHz6rkdTZSCGQe5e8=
From: Rohtak Vivah <rohtakvivah@rohtakvivah.com>
Subject: test 16
To: vipul@bwdmedia.net
Message-Id: <1503040084.8019@rohtakvivah.com>
X-Mailer: Usermin 1.710
Date: Fri, 18 Aug 2017 12:38:04 +0530 (IST)
Content-Type: text/plain
When sending to a microsoft account, the message simply bounces off with error:
host mx1.hotmail.com[65.55.37.104] said: 550 SC-001
(COL004-MC3F56) Unfortunately, messages from 172.104.159.124 weren't sent.
Please contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL
FROM command)
I've checked every spf and dkim checker site and they all report both records as present and valid. I don' t know whats happening here. Can anyone help me out with this?
For the Hotmail issue, you have to jump through their hoops to get your IP unblocked. I don't remember exactly what the steps are, but it's kinda stupid and takes a day or two. You have to sign up for their abuse reporting system, and then request an unblocking through a different system.
GMail, on the other hand, is usually pretty good about not punishing you until you actually do wrong...so it probably is a misconfiguration somewhere. Google thinks the DKIM is invalid...so it's weird that DKIM testers are telling you it's OK.
I can't seem to lookup the DKIM record for your domain (I'm using the "default" selector, which I believe is always the default in Virtualmin, unless changed). What selector did you use?
--
Check out the forum guidelines!
Hey Joe, the selector is "2017". For the hotmail, which IP is being blocked, my internet access IP or the IP of my server? If its the server's IP, how is hotmail blacklisting it because its a brand new server I bought.
I noticed something: above the DKIM signature, there's a line
Received: from ubun1-frank.rohtakvivah.com (localhost [127.0.0.1]) by ubun1-frank.rohtakvivah.com (Postfix) with SMTP id 039CC7AFE6
Is it supposed to be coming from localhost. I think there should be my server IP there.
Your IP will have been used before, even if the server is new to you. This isn't unusual.
The localhost header in this case means you sent the message into your server and it received it locally. Possibly you used Usermin to send it, or some other method of generating the email on the server. You'll notice the next Received header further up shows your IP address, as it should.
Something you need to do is get your DNS and hostname aligned. That is, your forward and reverse DNS entries should match.
For example, if we do a forward lookup on ubun1-frank.rohtakvivah.com
me@myserver:~$ host ubun1-frank.rohtakvivah.com
ubun1-frank.rohtakvivah.com has address 172.104.159.124
But if we do a reverse lookup on 172.104.159.124
me@myserver:~$ host -t PTR 172.104.159.124
124.159.104.172.in-addr.arpa domain name pointer rohtakvivah.com.
It doesn't match the forward entry. This can hurt you when sending email, as your server will introduce itself as ubun1-frank.rohtakvivah.com, but when the receiving server checks if you're legit, it gets a different answer. This may lead to failures when sending email (apart from the hoops you have to jump through for microsoft).
The solution is easy. Ask your server host to change your PTR record to ubun1-frank.rohtakvivah.com.
That's not really necessary these days. It used to be a "spamminess" factor but isn't today for major mail providers, as long as DKIM and SPF are correct and no other problems come up, they just need for a PTR record to exist; it doesn't need to have the same name as your From: address.
So: There must be a PTR record (and it needs to point to a name that also resolves), but it doesn't need to match the From: domain.
--
Check out the forum guidelines!
Gentlemen. So I changed the PTR record to point my IP to sender hostname and now I'm getting a pass on DKIM from google. Thanks noisemarine :D
The only problem now is that the message is still in the spam. Will it help if I get a few "Not Spam" reports now?
PS - I also contacted microsoft and got the IP ban lifted. PPS - I am using Usermin for now.
Huh, that's interesting. I've been able to successfully send to both Google and Hotmail without trouble using PTR records that don't match. I suspect there's something else at play there (maybe the name the PTR resolved to didn't resolve back, which is definitely still a problem).
But, I'm glad you got it sorted out!
I don't have much advice on avoiding Google spam filters, but I would assume reputation would improve with time. Generally, I've been able to avoid Google spam filters with just DKIM and SPF (and never sending unsolicited mail), but every individual trains their own spam filters at GMail, in addition to the system-wide filters, so mail that makes it to one mail box may not make it to another.
--
Check out the forum guidelines!
Thanks Joe for your help