Hi. Recently I noticed my emails were refused by Google. Damn Google and his rectrictions!! The message I recieved is: Your email has been blocked because DKIM authentication didn't pass 550-5.7.30 for this message. Gmail requires all email bulk senders to 550-5.7.30 authenticate their email with DKIM. 550-5.7.30 550-5.7.30 Authentication results: 550-5.7.30 DKIM = did not pass 550-5.7.30 To set up DKIM for your sending domains, visit 550-5.7.30... I've checked SFF, DKIM, DMARC... all is ok, but using certain tool (Red Sift) said: The Canonicalization for the body is set to "simple". This can lead to problems when verifying the email signature. We recommend setting it to "relaxed" for header and body. Then, how I set up this parameter?? I believe this must be set up on the DKIM record but I can't modify it at ispconfig (but yes where I've configured the domain DNS records. Note: I don't use ispconfig like DNS server). Thanks.
It doesn't matter what dns server you use, as long as the records are correct. I always test SPF, DKIM and DMARC using mail-tester.com If all dns records are ok then I will score 10/10 or very close to that (high 9) and I never had any problems with Google afterwards.
There is no need to alter that parameter, the tool you used for testing led you in a wrong direction. What Google complains about is that either DKIM or SPF is not set in DNS for this domain.
I've used mail-tester.com and I obtain 9.5 score. I've used Mxtoolbox and other tools to check SPF and DKIM and all is ok. This is frustating. I'm turning crazy. While Microsoft or Yahoo have contact support, Google doesn't.
You could try to add an SPF record for the server's hostname (not the email-sending domain) in addition to what you have already.
Sorry about my ignorance. What do you mean about SPF for the hostname? Where I've to add and what syntax is?? My only SPF record is configured where I've my DNS records, this is my hosting provider. The syntax is: Code: v=spf1 mx a ip4:xxx.xxx.xxx.xxx/32 ~all Thanks.
If ip4: contains the public ip your server is using to send mail from you should be ok. Though /32 is obsolete. It's only usefull for larger subnets, not single ip's. Your mx record resolves to the same hostname as your server is using to talk to other mailservers? Then mx and ip4: is double (but shouldn't matter in any way).
Yes, ip4: contains my server public ip and the mx record resolves the hostname of my server (I've configured MX10 pinting to mail.mydomain.com and mail.mydomain.com with A register pointig to the public ip)
Your server has a hostname. You can see the server hostname by running the command: hostname -f You must then create an SPF record for that hostname on the DNS server that is authoritative for this hostname. The syntax is the same as that of any other SPF record. The difference is that you create the SPF record for the server's hostname and not the email address's domain.
Then I'll have two SPF records like these: mydomain v=spf1 mx a ip4:xxx.xxx.xxx.xxx/32 ~all myhostname v=spf1 mx a ip4:xxx.xxx.xxx.xxx/32 ~all This is ok?
Care to explain? Things like domains, dns, spf etc is my almost daily work. I don't see the purpose of the 2nd spf record. It's only usefull when the sender is misterx@hostname
I can only say that Google likes it; it does not make much sense at first sight, but it has been proven beneficial. I have seen this on several systems in the past. I can only guess that Google might also verify all hostnames in the received headers against spf.
Google being Google Did some checking and all my mailserver's hostnames have spf records too. Forgot all about it It should read Code: myhostname v=spf1 a -all
I am afraid I don't know how to add an spf record to host.server.com. If I try to add it to the DNS zone for host.server.com using the ispconfig interface, the record ends up in the server.com zone. If I add it as a text record to the host.server.com zone, the record is not recognized as existing by outside tools or by the ispconfig tool when I attempt to add a dmarc record.
All you do is to add a SPF (TXT) record for host.server.com in the DNS zone server.com on the DNS server that is authoritative for the zone server.com. Do not add a new zone for host.server.com, if you have done that, delete it. Also, your ISPConfig server is not necessarily the right server to add the TXT record, you must do that on the DNS server that is the primary DNS server for the zone server.com.
