Just migrate to the new server...the outgoing emails are recognize as spam

Hi to everybody.
I've just migrate from an old mailserver to a new mailserver, based on ISPConfig...
Everything is working fine... but most of the outgoing emails are recognized (from hotmail, yahoo, etc...) as spam...

How can I solve it?
Thanks
Michele

 

Of course I've checked on som spam blacklist database and my domain looks like ok...

I'm quite disperate...

 

Hi

Have you setup spf or dkim on new server?

Regards

 

No to be honest I didn't...
Is it so important to determinate the problem?

thanks
Michele

 

Yes, it's important.

You said that you checked your domain was not included in any black-list...
What about your IP?

 

Please set up SPF records and check your PTR records.

 

Hi Falko,
thanks for your help.
I don't know exatly what are the thinks that you suggested me... but I'll google a bit...
If in the mean time somebody have a good howto to suggest me... it's more than welcome!


Anyway, do you think I need to setup also dkim as said before?

Thanks
Michele

 

Hi

First thing to do is to know which IP is postfix using to send email.
To set up spf, you need to add a TXT record to dns.
You will find instructions here
PTR or reverse dns, is also a dns record, but you might or not have control over it. It depends of the company that hosts your server.
Dkim works in a similar way, there is also a link in my first post where you can find instructionsF

 

Hi,
I'm in openspf.org website.
I've created the txt files.
Now ISPConfig is using BIND or tinydns (djbdns)???

If it's using BIND(I think so) the line will be:

Code:

 domain.com. IN TXT "v=spf1 mx ~all" 

I've to copy that lines into the TXT DNS and that's it?
What I've to put as 'hostname'?
I've to restart something?
Thanks
Michele

 

Hi

Ispconfig 3 uses mydns. You should add a TXT record with the text v=spf1....whatever without he quotes. In hostname yourdomain.com. (mind the dot in the end)
There is no need to restart anything.
If you want to check spf is correctly set up have a look here
You can also check dkim there if you decide to use it, but perhaps spf is enough for you. Good luck

Regards

 

Hi esmiz,
I've created the DNS TXT, and I can see it also from the database:

Code:

500 |          1 |           0 | riud          | riud           |                |         1 |   84 | domain.com.              | TXT  | v=spf1 mx ~all                    |   0 | 600 | Y      | 2010-02-19 17:52:42 | 2010021906 |

Anyway if I launch the command dig @localhost domain.com I've this output:

Code:

; <<>> DiG 9.5.1-P3 <<>> @localhost domain.com
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29611
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;domain.com.			IN	A

;; ANSWER SECTION:
domain.com.		600	IN	A	xxx.xxx.xxx.xxx

;; AUTHORITY SECTION:
domain.com.		600	IN	NS	server2.com.
domain.com.		600	IN	NS	server.com.

;; ADDITIONAL SECTION:
server2.com.	300	IN	A	xxx.xxx.xxx.xxx

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 19 20:31:11 2010
;; MSG SIZE  rcvd: 115

I tried also the test that you suggested me about spf, but that email is look like not working (Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=test.myiptest.com type=A: Host not found)

Anyway I'm not sure if the SPF that I've created is corrct or not, because the website to create it say:
~all Do the above lines describe all the hosts that send mail from domain.com?
If I say yes, I fail the test on mxtoolbox.com, if I say yes the test say: ? all Neutral Always matches. It goes at the end of your record.

Am I wrong in something?

Thanks
Michele

 

You can check your SPF record as follows:

Code:

dig @localhost txt domain.com

 

Hi Falko,
ok now the SPF is fine... infact now I can send emails to AOL... but yahoo still recognize my emails as spam...

 

Yes yahoo seems to be the hardest one to beat. Try to set up dkim aswell

 

Hi,
I'm looking this link that you suggested me before and where it say:

Code:

@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
192.168.0.0/16);

which IP should I put?
I don't know the range of the IP of the people that will send emails through this server...
Thanks

 

Hi Michele

Good question. I don't really know the answer, in our case we use static IP's.
I would try to delete or comment out the line with @mynetworks and put this two lines instead:

Code:

$interface_policy{'10024'} = 'DKIM_ALWAYS'; 
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, }; 

I'm not sure, this is the proper way to do it, but it seems to work for me. A nice way to check is to send an email to [email protected] It will send you back the result in a couple of minutes
Please tell us if it worked for you.

Regards

 

Please check if your reverse record is ok. Run

Code:

dig -x [I]your_ip[/I]

It should give you back a hostname. Then take this hostname and run

Code:

dig [I]hostname[/I]

If all works fine, this should give you back your IP address.

 

Hi Falko

Excuse me if I'm going to say something stupid.
I wonder if there is anything wrong using:

Code:

$interface_policy{'10024'} = 'DKIM_ALWAYS'; 
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, };

Instead of using:

Code:

@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
192.168.0.0/16);

I found it somewhere in internet, but they were talking about exim not postfix.
If there is nothing wrong with it, Looks like it should be the preferred way to setup dkim as it is more independent of your IP and covers every situation. isn 't it?

Regards

 

Hi Falko,
the reverse record is ok.
I guess I need to create a dkim...but as I said before I'm not sure what I've to put in @mynetworks once that I don't know the IP of the clients...

Hi esmiz, thanks for your reply.
I'm checking on internet your suggestion... hoping that also Falko will confirm it...

Another thing: setting up the SPT as this website said, I can read:

Code:

Paste this into your zone file:

domain.com. IN TXT "v=spf1 a mx ~all"

When a mail server sends a bounce message, it uses a null MAIL FROM: <>, and a HELO address that's supposed to be its own name. SPF will still operate, but in "degraded mode" by using the HELO domain name instead. Because this wizard can't tell which name your mail server uses in its HELO command, it lists all possible names, so there may be multiple lines shown below. If you know which hostname your mail server uses in its HELO command, you should pick out the appropriate entries and ignore the rest.

So this should also appear in DNS. You may or may not be in charge of the DNS for these entries; if you are, add them.

mail.domain.com. IN TXT "v=spf1 a -all"
server. IN TXT "v=spf1 a -all"

Having a look into the mail.log, I can see that, even if I have different domains in the server, the emails going out from domain1, domain2, domain3, etc, have an HELO like: mail.domain.com
I was expecting to have an HELO related with the domain of the sender... is it normal?

Thanks
Michele

 

Hi to everybody.
I wrote an email to yahoo and they suggested me to add the dkim also...
But I still have the problem of @mynetworks, where I've no idea which IP I've to put... or if, as esmiz said, put instead of @mynetwork this code:

Code:

$interface_policy{'10024'} = 'DKIM_ALWAYS'; 
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, };

May somebody confirm it or suggest the right configuration?

Thanks
Michele