Configure mail to to not end in the bin

Discussion in 'Server Operation' started by michltm, Feb 17, 2016.

  1. michltm

    michltm New Member

    Hi,
    I am trying to send messages from my website which would not end directly in the bin of webmails. Now except from Gmail who nicely accepts mails from my website as "spams" , the other webmails dont even show them.
    I am very new to server configuration and might be a bit confused in my explanations but i'll try to be as clear as possible.
    My server runs under debian 7.9 and I am hosted by 1&1.
    To try to understand why my mail is not accepted by servers, I made a test with mail-tester.com.
    Here are the results of the test:

    -Your Reverse DNS does not correspond with your sending domain. (here 212.227.103.254 is not my IP but just an example)
    Your IP 212.227.103.254 is associated to domain.fr
    But your message seems to be sent by s18927986.domain.fr
    You should modify your hostname to domain.fr
    IP: 212.227.103.254
    HELO: s18927986.domain.fr
    rDNS: domain.fr

    (Here I have to add that I modified the DNS more than 72 hours ago)

    -You should add your SPF as a TXT record in your DNS

    - We have found an SPF on your server but it dident propagated yet.
    We found: v=spf1 a mx ip4:212.227.103.254 ~all
    domain.com: No applicable sender policy available

    So here are my configuration files:

    /etc/exim4/update-exim4.conf.conf
    Code:
    dc_eximconfig_configtype='internet'
    dc_other_hostnames='domain.fr'
    dc_local_interfaces='127.0.0.1 ; ::1'
    dc_readhost=''
    dc_relay_domains='domain.fr'
    dc_minimaldns='false'
    dc_relay_nets=''
    dc_smarthost=''
    CFILEMODE='644'
    dc_use_split_config='false'
    dc_hide_mailname=''
    dc_mailname_in_oh='true'
    /etc/hosts

    Code:
    127.0.0.1       localhost
    ::1             localhost ip6-localhost ip6-loopback
    fe00::0         ip6-localnet
    ff00::0         ip6-mcastprefix
    ff02::1         ip6-allnodes
    ff02::2         ip6-allrouters
    
    # Auto-generated hostname. Please do not remove this comment.
    212.227.103.254 domain.fr s18927986
    /etc/hosts

    Code:
    s18927986.domain.fr
    Here are the MX recorded on 1&1
    Code:
    MX s18927986.domain.fr
    MX mx00.1and1.fr
    MX mx01.1and1.fr
    And SPF and TXT
    Code:
    Name: domain.com Type: SPF Value: "v=spf1 a mx ip4:212.227.103.254 ~all"
    Name: mail._domainkey.domain.fr Type: TXT Value: "v=DKIM1; k=rsa; p=MI......"
    Would anyone see what is not right in all this?

    Thank your in advance for your help.
     
  2. ztk.me

    ztk.me Active Member

    HELO: s18927986.domain.fr
    rDNS: domain.fr

    you changed your rDNS to domain.fr but your HELO is using default 1&1 hostname - you need to change that on you server.
    I have no exim handy but what I found is you need to change
    $primary_hostname


    you also can check if setting /etc/hostname helps ( maybe restart exim ).

    Your SPF record looks ok, though ~all means it's not strictly enforced

    Statement Result Meaning
    +all pass Allow all mail
    -all fail Only allow mail that matches one of the parameters (IPv4, MX, etc) in the record
    ~all softfail Allow mail whether or not it matches the parameters in the record
    ?all neutral No policy statement

    https://wordtothewise.com/2014/06/authenticating-spf/

     
  3. michltm

    michltm New Member

    Thank you ztk.me.
    I have now modified the pirmary hostname in /etc/hosts and etc/hostname and have both my HELO and rDNS having the same name: domain.fr
    So thats a first thing working!

    But my mail-tester score dident go higher because:
    I still have issues with the SPF with a message saying that domain.fr does not authorize my server 212.227.103.254 to use
    www-data@ domain.fr
    I also still have the message that an SPF was found but has not propagated (but this SPF was set 5 days ago).
     
  4. ztk.me

    ztk.me Active Member

    Have you set the SPF record as type SPF in your zone? I know at least one provider I use offering "SPF" as option but it's not beeing read by many validating clients therefore I have to add it using TXT entry.
    Maybe also try changing your "~all" to "-all" since "~" means: don't really enforce my rules.
     
  5. michltm

    michltm New Member

    TXT entry and "-all" made it work.
    Thanks a lot!
     

Share This Page