Mail in spam since using SSL?

Discussion in 'General' started by CrypticDesigns, May 6, 2015.

  1. Hello coders,
    I've got a strange problem today. I am using Postfix/Dovecot with ISPconfig on Ubuntu and since yesterday I am using SSL to encrypt my emails.
    I am not sure if it is because I am using SSL or if I am looking somewhere wrong but my emails are now getting into the spambox on hotmail. When I am sending something to gmail I got no problems.....
    I got one mailserver and multiple domains on it using the mailserver domain to send mail. All the domains got its own DKIM key and spf record to my main mailserver domain like following:
    Code:
    v=spf1 include:mydomain.net ~all
    I've runned some tests on mail-tester.com and I am getting 10/10 on there. I have also runned some tests on checktls.com/perl/TestReceiver.pl and everything is fine there except something with my SSL cert. I am getting the following error:
    Code:
    [002.188]        Cert NOT VALIDATED: unable to get local issuer certificate
    [002.188]        this may help: What Is An Intermediate Certificate
    [002.189]        So email is encrypted but the domain is not verified
    The configurations I use for postfix are as following:
    main.conf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/mydomain.net/mail_mydomain_net.crt
    smtpd_tls_key_file = /etc/ssl/mydomain.net/mail.mydomain.net.key
    smtp_tls_trust_anchor_file = /etc/ssl/mydomain.net/COMODORSAAddTrustCA.crt
    smtpd_tls_CAfile = /etc/ssl/mydomain.net/COMODORSADomainValidationSecureServerCA.crt
    smtpd_use_tls = yes
    #smtpd_tls_auth_only = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    
    
    #Enabling SMTP for authenticated users, and handing off authentication to Dovecot
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_security_options = noanonymous
    
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_tls_security_level = may
    
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = mydomain.net
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    broken_sasl_auth_clients = yes
    
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    dovecot_destination_recipient_limit = 1
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    
    master.conf
    link

    Could something be wrong with my SSL configuration or do I need to adjust something so Hotmail accepts my emails?
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    The SPF for mydomain.net matches the sending server? If mydomain.net has no SP-Record, the check fails with permerror. Additional to this: http://www.openspf.org/FAQ/Common_mistakes#include

    Can you check the mailheader on hotmail? Sometimes the mark mails as spam for some (unknown) reasons.
    Make sure, that your PTR-record match your setup (ipv4 and ipv6 - or disable ipv6 when sending to hotmail), your dkim-signing works and you can also try to publish a dmarc-record.
     

Share This Page