Hello coders, I've got a strange problem today. I am using Postfix/Dovecot with ISPconfig on Ubuntu and since yesterday I am using SSL to encrypt my emails. I am not sure if it is because I am using SSL or if I am looking somewhere wrong but my emails are now getting into the spambox on hotmail. When I am sending something to gmail I got no problems..... I got one mailserver and multiple domains on it using the mailserver domain to send mail. All the domains got its own DKIM key and spf record to my main mailserver domain like following: Code: v=spf1 include:mydomain.net ~all I've runned some tests on mail-tester.com and I am getting 10/10 on there. I have also runned some tests on checktls.com/perl/TestReceiver.pl and everything is fine there except something with my SSL cert. I am getting the following error: Code: [002.188] Cert NOT VALIDATED: unable to get local issuer certificate [002.188] this may help: What Is An Intermediate Certificate [002.189] So email is encrypted but the domain is not verified The configurations I use for postfix are as following: main.conf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/ssl/mydomain.net/mail_mydomain_net.crt smtpd_tls_key_file = /etc/ssl/mydomain.net/mail.mydomain.net.key smtp_tls_trust_anchor_file = /etc/ssl/mydomain.net/COMODORSAAddTrustCA.crt smtpd_tls_CAfile = /etc/ssl/mydomain.net/COMODORSADomainValidationSecureServerCA.crt smtpd_use_tls = yes #smtpd_tls_auth_only = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache #Enabling SMTP for authenticated users, and handing off authentication to Dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_tls_security_level = may smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mydomain.net alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 broken_sasl_auth_clients = yes transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 master.conf link Could something be wrong with my SSL configuration or do I need to adjust something so Hotmail accepts my emails?
The SPF for mydomain.net matches the sending server? If mydomain.net has no SP-Record, the check fails with permerror. Additional to this: http://www.openspf.org/FAQ/Common_mistakes#include Can you check the mailheader on hotmail? Sometimes the mark mails as spam for some (unknown) reasons. Make sure, that your PTR-record match your setup (ipv4 and ipv6 - or disable ipv6 when sending to hotmail), your dkim-signing works and you can also try to publish a dmarc-record.
