Score:1

Server

Emails sent with postfix treated as spam, and sometimes not delivered at all

Joseph

8/27/23, 1:32 PM

I'm trying to set up sending emails with SMTP on my VPS running Ubuntu 18.04. I'm using postfix, nodemailer.

When I send from an [email protected], to a gmail account, it gets stuck in the gmail spam folder. I got a score of 6.8 on www.mail-tester.com, with these deductions:

-1.274 RDNS_NONE Delivered to internal network by a host with no rDNS This may indicate you do not have a rDNS configured for your hostname or the rDNS does not match your sending IP

-0.896 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) softfail

Your message is not signed with DKIM

I think my TXT record is correct:

"v=spf1 ip4:[removed-server-ip] include:_spf.mail.hostinger.com ~all"

/etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = [removed-domain-name].com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost.[removed-domain-name].com, [removed-domain-name].com, [removed-domain-name]$
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all

policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   check_policy_service unix:private/policyd-spf

nodemailer method:

  "use strict";
  const nodemailer = require("nodemailer");

  let transporter = nodemailer.createTransport({
    sendmail: true,
    newline: 'unix',
    path: '/usr/sbin/sendmail',
    secure: true,
  })

  let info = await transporter.sendMail({
    from: '"[removed-domain-name].com" <no-reply@[removed-domain-name].com>', // sender address
    to: req.body.to, // list of receivers
    subject: "Hello", // Subject line
    text: req.body.message, // plain text body
    html: req.body.message, // html body
  });

0 + 0

smtp

postfix

Gerald Schneider

8/27/23, 1:41 PM

Does this answer your question? [Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?](https://serverfault.com/questions/419407/fighting-spam-what-can-i-do-as-an-email-administrator-domain-owner-or-user)

Joseph

8/27/23, 2:05 PM

@GeraldSchneider, maybe, but honestly I'm a bit lost as to what to try next to fix the issues. I tried: https://serverfault.com/a/1064820 for the rDNS issue (didn't work), and I don't know what else I can do re. the SPF issue (as I thought I'd already sorted that with the TXT record). I'm reading through the answers there but nothing is immediately obvious to me that I should try, do you have any idea?

Score:1

Server

Hexdump

8/27/23, 2:31 PM

Configure your reverse DNS. Add a PTR entry linking your IP to your MX server name
Ensure that myhostname in main.cf is set to your MX server name. This is probably be the cause of your HELO mismatch.
You can set your SPF to "v=spf1 a mx include:_spf.mail.hostinger.com ~all" to automatically accept your MX as senders, but it should be ok with ip.
Register your domain to Google to improve deliverability : https://support.google.com/a/answer/9649569?hl=en
Definitely use DKIM :

opendkim

Install opendkim.

Configure

Edit /etc/opendkim.conf :

sv mode to sign and verify incoming emails (you may not need the verify mode)
ReportAddress [email protected]
KeyTable, SigningTable : files linking the keys to DNS entries
InternalHosts : a file containing a list of trusted hosts

Create the keys

mkdir /etc/opendkim/keys/example.com/
cd /etc/opendkim/keys/example.com/
opendkim-genkey -s mail -d example.com
chown opendkim:opendkim mail.*

Parameter -s is called selector, -d is the domain.

Edit /etc/opendkim/SigningTable and add a pair of domain/selector :

*@example.com mail._domainkey.example.com.

Edit /etc/opendkim/KeyTable and add a pair of selector/key :

mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private

Edit /etc/opendkim/TrustedHosts and insert

*.example.com
[your local network]

DNS

You need to add your public key into your DNS. You'll find the key in /etc/opendkim/keys/xxx.yy/mail.txt

Create a TXT field :

mail._domainkey.example.com 10800 TXT "v=DKIM1; k=rsa; p=very_long_key"

postfix

You have to make postfix aware about opendkim, to make him sign the keys.

Get the connect method for opendkim in its configuration. Should be something like inet:8891@localhost, and add it as a filter in main.cf :

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Finalize

Restart (eventually enable) opendkim and then postfix. Check the key in your DNS with opendkim-testkey -d example.com -s mail -vvv

Check with mail-tester.com. Check in /var/log/maillog that each sent email add a line DKIM-Signature field added

0 + 0

Joseph

8/28/23, 8:01 AM

Thanks @Hexdump, I followed your instructions, but at the last step, I get: ``opendkim-testkey -d [mydomain].com -s mail -vvv opendkim-testkey: using default configfile /etc/opendkim.conf opendkim-testkey: checking key 'mail._domainkey.[mydomain].com' opendkim-testkey: 'mail._domainkey.[mydomain].com' record not found``

Joseph

8/28/23, 12:59 PM

Thank you @Hexdump, I now have a perfect 10/10 on mail-tester

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Emails sent with postfix treated as spam, and sometimes not delivered at all

TH: อีเมลที่ส่งด้วย postfix จะถือว่าเป็นสแปม และบางครั้งก็ไม่ส่งเลย

RO: E-mailurile trimise cu postfix sunt tratate ca spam și uneori nu sunt livrate deloc

RU: Письма, отправленные с постфиксом, рассматриваются как спам, а иногда вообще не доставляются.

VI: Email được gửi với hậu tố được coi là thư rác và đôi khi không được gửi

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.