Emails Getting Flagged as Spam

Discussion in 'Server Operation' started by anteroriihimaki, Feb 19, 2018.

  1. anteroriihimaki

    anteroriihimaki New Member

    I have a problem with my Debian server running ISPConfig 3.
    I've installed the server a couple of years ago using the perfect server HOWTO: https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/

    I've checked many times and the server isn't an open relay. I'm also using DKIM, spf and registered each domain with Google Postmaster Tools. Still Gmail and Outlook flag many mails as spam. It seems my server has "bad reputation". But there are no newsletters sent from the server, just "regular" correspondence.

    There also seems to be some spam that comes to my personal inbox that is has a counterfeit address with my domain as a sender. Is there something I can do about that?
     
  2. minimaLMind

    minimaLMind New Member

    anteroriihimaki likes this.
  3. anteroriihimaki

    anteroriihimaki New Member

    Thanks for the links! It seems that my DKIM installation is broken... I've configured them with the ISPConfig and added the needed DNS records. I need to investigate that a bit deeper...

    Here's my /etc/postfix/main.cf with edited hostname

    PHP:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    myorigin = /etc/mailname

    smtpd_banner 
    $myhostname ESMTP $mail_name (Debian/GNU)
    biff no

    # appending .domain is the MUA's job.
    append_dot_mydomain no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file 
    = /etc/postfix/smtpd.key
    #smtpd_tls_cert_file=/etc/postfix/mailserver.cert
    #smtpd_tls_key_file=/etc/postfix/mailserver.key
    #smtpd_tls_CAfile = /etc/postfix/cacert.pem
    smtpd_use_tls yes
    smtpd_tls_session_cache_database 
    btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database 
    btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname server.mydomain.com
    alias_maps 
    hash:/etc/aliaseshash:/var/lib/mailman/data/aliases
    alias_database 
    hash:/etc/aliaseshash:/var/lib/mailman/data/aliases
    myorigin 
    = /etc/mailname
    mydestination 
    server.mydomain.comlocalhostlocalhost.localdomain
    relayhost 
    =
    mynetworks 127.0.0.0/[::1]/128
    mailbox_command 
    procmail -"$EXTENSION"
    mailbox_size_limit 0
    recipient_delimiter 
    = +
    inet_interfaces all
    html_directory 
    = /usr/share/doc/postfix/html
    virtual_alias_domains 
    =
    virtual_alias_maps hash:/var/lib/mailman/data/virtual-mailmanproxy:mysql:/etc/postfix/mysql-virtual_forwardings.cfproxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains 
    proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps 
    proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base 
    = /var/vmail
    virtual_uid_maps 
    mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps 
    mysql:/etc/postfix/mysql-virtual_gids.cf
    inet_protocols 
    all
    smtpd_sasl_auth_enable 
    yes
    broken_sasl_auth_clients 
    yes
    smtpd_sasl_authenticated_header 
    yes
    smtpd_recipient_restrictions 
    permit_mynetworkspermit_sasl_authenticatedreject_unauth_destinationcheck_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_tls_security_level 
    may
    transport_maps 
    hash:/var/lib/mailman/data/transport-mailmanproxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains 
    mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps 
    mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps 
    $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_sender_restrictions 
    check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworkspermit_sasl_authenticatedcheck_sender_access mysql:/etc/postfix/mysql-virtual_sender.cfcheck_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions 
    check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit 
    100
    maildrop_destination_concurrency_limit 
    1
    maildrop_destination_recipient_limit 
    1
    virtual_transport 
    dovecot
    header_checks 
    regexp:/etc/postfix/header_checks
    mime_header_checks 
    regexp:/etc/postfix/mime_header_checks
    nested_header_checks 
    regexp:/etc/postfix/nested_header_checks
    body_checks 
    regexp:/etc/postfix/body_checks
    owner_request_special 
    no
    smtp_tls_security_level 
    may
    dovecot_destination_recipient_limit 
    1
    smtpd_sasl_type 
    dovecot
    smtpd_sasl_path 
    = private/auth
    content_filter 
    amavis:[127.0.0.1]:10024
    receive_override_options 
    no_address_mappings
    smtpd_tls_mandatory_protocols 
    = !SSLv2, !SSLv3
    smtpd_tls_protocols 
    = !SSLv2,!SSLv3
    smtp_tls_protocols 
    = !SSLv2,!SSLv3

    milter_protocol 
    2
    milter_default_action 
    accept

    smtpd_milters 
    inet:localhost:12301
    non_smtpd_milters 
    inet:localhost:12301
    message_size_limit 
    0
    sender_bcc_maps 
    proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_restriction_classes 
    greylisting
    greylisting 
    check_policy_service inet:127.0.0.1:10023
    smtpd_sender_login_maps 
    proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    smtpd_helo_required 
    yes
    smtpd_helo_restrictions 
    permit_sasl_authenticatedpermit_mynetworkscheck_helo_access regexp:/etc/postfix/helo_accessreject_invalid_hostnamereject_non_fqdn_hostnamereject_invalid_helo_hostnamereject_unknown_helo_hostnamecheck_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_tls_exclude_ciphers 
    RC4aNULL
    smtp_tls_exclude_ciphers 
    RC4aNULL
    inet_protocols 
    all
     
  4. minimaLMind

    minimaLMind New Member

    DKIM and DMARC are best explained (from what I've found) here:
    https://blog.returnpath.com/how-to-explain-dkim-in-plain-english-2/
    https://blog.returnpath.com/how-to-explain-dmarc-in-plain-english/

    I'm having problems too getting through spam filters. I think because it sends from 'localhost' 127.0.0.1 -- (mynetworks = 127.0.0.0/8 [::1]/128)

    By no means am I an expert, but this is working so far, with only Symantec blocking me, I've requested them to investigate the IP address and take us off the blacklist.
    Here is my main.cf - -
    PHP:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner $myhostname ESMTP $mail_name (Debian/GNU)
    biff no

    # appending .domain is the MUA's job.
    append_dot_mydomain no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level 2

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file 
    = /etc/postfix/smtpd.key
    smtpd_use_tls 
    yes
    smtpd_tls_session_cache_database 
    btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database 
    btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    smtpd_relay_restrictions permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname 
    mydomain.com
    alias_maps 
    hash:/etc/aliaseshash:/var/lib/mailman/data/aliases
    alias_database 
    hash:/etc/aliaseshash:/var/lib/mailman/data/aliases
    myorigin 
    = /etc/mailname
    #mydestination = mydomain.com, localhost, localhost.localdomain
    mydestination =
    relayhost =
    mynetworks 127.0.0.0/[::1]/128
    mailbox_size_limit 
    0
    recipient_delimiter 
    = +
    inet_interfaces all
    inet_protocols 
    all
    html_directory 
    = /usr/share/doc/postfix/html
    virtual_alias_domains 
    =
    virtual_alias_maps hash:/var/lib/mailman/data/virtual-mailmanproxy:mysql:/etc/postfix/mysql-virtual_forwardings.cfproxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains 
    proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps 
    proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base 
    = /var/vmail
    virtual_uid_maps 
    mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps 
    mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps 
    proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable 
    yes
    broken_sasl_auth_clients 
    yes
    smtpd_sasl_authenticated_header 
    yes
    smtpd_restriction_classes 
    greylisting
    greylisting 
    check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions 
    permit_mynetworkspermit_sasl_authenticatedreject_unauth_destinationreject_rbl_client zen.spamhaus.orgcheck_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cfcheck_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    smtpd_tls_security_level 
    may
    transport_maps 
    hash:/var/lib/mailman/data/transport-mailmanproxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains 
    mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps 
    mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps 
    proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps 
    $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required 
    yes
    smtpd_helo_restrictions 
    permit_sasl_authenticatedpermit_mynetworkscheck_helo_access regexp:/etc/postfix/helo_accessreject_invalid_hostnamereject_non_fqdn_hostnamereject_invalid_helo_hostnamereject_unknown_helo_hostnamecheck_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_sender_restrictions 
    check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworkspermit_sasl_authenticatedcheck_sender_access mysql:/etc/postfix/mysql-virtual_sender.cfcheck_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions 
    check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit 
    100
    maildrop_destination_concurrency_limit 
    1
    maildrop_destination_recipient_limit 
    1
    virtual_transport 
    dovecot
    header_checks 
    regexp:/etc/postfix/header_checks
    mime_header_checks 
    regexp:/etc/postfix/mime_header_checks
    nested_header_checks 
    regexp:/etc/postfix/nested_header_checks
    body_checks 
    regexp:/etc/postfix/body_checks
    owner_request_special 
    no
    smtp_tls_security_level 
    may
    smtpd_tls_mandatory_protocols 
    = !SSLv2, !SSLv3
    smtpd_tls_protocols 
    = !SSLv2,!SSLv3
    smtp_tls_protocols 
    = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers 
    RC4aNULL
    smtp_tls_exclude_ciphers 
    RC4aNULL
    dovecot_destination_recipient_limit 
    1
    smtpd_sasl_type 
    dovecot
    smtpd_sasl_path 
    = private/auth
    content_filter 
    amavis:[127.0.0.1]:10024
    receive_override_options 
    no_address_mappings
    message_size_limit 
    0
    I'm going to be setting up a test email domain just to try things out, mail is really frustration to get working! Plus I have to pass 'Trustwave' PCI compliance on a different domain, thats a huge PIA!

    Hope this helps
     
  5. anteroriihimaki

    anteroriihimaki New Member

    I finally took time to take a look at this and added the dmarc records to my DNS server.

    I have enabled DKIM from ISPConfig and added the DKIM TXT record to my DNS server, but mail-tester.com test still gives me an error of not implementing DKIM...

    Even without DMARC I got a score of 8.5 so it's shouldnt be that bad?
     

Share This Page