Email verification tests
Is Not Spam? Newsletters spam test by mail-tester.com EMAIL VERIFICATION
Check your SPF and DKIM keys
here, and enter default
as DKIM Selector.
Validate SPF record: SPF Query Tool
Test DKIM, DomainKeys, SPF - Online
Email content checkers
Free JSON API to instantly check the spam score of your email messages Lyris
SPF records
Manually list:
dig wettbewerbe365.ch txt @ns1.first-ns.de
DomainKeys, DKIM signing
DomainKeys Identified Mail (DKIM) is the successor to DomainKeys.
How do I enable DomainKeys on my DV server?
Plesk stores zone files in /var/named/run-root/var
, so to check values
qjust type:
cat /var/named/run-root/var/wettbewerbe365.ch
Based on this recommendations we will set DNS records wherever they are hosted.
Reverse DNS
Reverse DNS did “not match SMTP Banner”.
http://mxtoolbox.com/domain/wettbewerbe365.ch/?source=findmonitors
- Added
server.etaktiker.com
record at DNS (@myhosttech.eu) to point to our server (5.9.95.48
). We want our ping to be exact. - Set Reverse DNS name on robot@hetzner to
server.etaktiker.com
as we want reverse ping to be exact.
Check result of reverse DNS that must be our servername.
host 5.9.95.48
Enable Plesk globally and per domain with GUI or from command line:
sudo /usr/local/psa/bin/domain_pref -u wettbewerbe365.ch -sign_outgoing_mail true
Info on how to generate DomainKeys
http://blog.matoski.com/articles/generate-domainkeys/
After you put it in the DNS zone
Code: /usr/local/psa/bin/domain_pref -u <domain_name> -sign_outgoing_mail false /usr/local/psa/bin/domain_pref -u <domain_name> -sign_outgoing_mail true And you can restart postfix, verifed that it works, looks like it won’t sign if you only do from the GUI, you have to do some manual work.
Best articles for Plesk:
Upgrade Plesk 11.5 to Plesk 12 on Debian Wheezy 7.6, fixing OpenDKIM and DK - Warehouse Setting up SPF + DK + DKIM with Postfix in Plesk 11.5 on Debian Wheezy - Warehouse
In Plesk
Very important fixing procedure for Plesk: Domain Keys are not signing email even when the setting is enabled server-wide
DKIM is not supported by Plesk, so I had to install it manually.
apt-get install opendkim opendkim-tools
mkdir -pv /etc/opendkim/keys
chown -Rv opendkim:opendkim /etc/opendkim
chmod go-rwx /etc/opendkim/*
And for every domain I have to do:
DOMAIN=wettbewerbe365.ch
mkdir -p /etc/opendkim/keys/$DOMAIN
cd /etc/opendkim/keys/$DOMAIN
opendkim-genkey -d $DOMAIN -s mail
chown -Rv opendkim:opendkim /etc/opendkim/keys/$DOMAIN
chmod -v u=rw,go-rwx *
Continue:
touch /etc/opendkim/KeyTable
touch /etc/opendkim/SigningTable
touch /etc/opendkim/TrustedHosts
echo /etc/opendkim/TrustedHosts
cat <<'EOF' > /etc/opendkim/TrustedHosts
127.0.0.1
localhost
5.9.95.48
EOF
echo "$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable
echo "*@$DOMAIN $DOMAIN" >> /etc/opendkim/SigningTable
echo "$DOMAIN" >> /etc/opendkim/TrustedHosts
echo "mail.$DOMAIN" >> /etc/opendkim/TrustedHosts
In DNS, put the line from /etc/opendkim/keys/$DOMAIN/mail.txt
in DNS
records.
Now we need to configure OpenDKIM by editing /etc/opendkim.conf
:
cat <<'EOF' >> /etc/opendkim.conf
# Enable Logging
Syslog yes
SyslogSuccess yes
LogWhy yes
# User mask
UMask 002
# Always oversign From (sign using actual From and a null From to prevent malicious signatures header fields (From and/or others) between the signer and the verifier)
OversignHeaders From
# Our KeyTable and SigningTable
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
# Trusted Hosts
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
# Hashing Algorithm
SignatureAlgorithm rsa-sha256
# Auto restart when the failure occurs. CAUTION: This may cause a tight fork loops
AutoRestart Yes
# Set the user and group to opendkim user
UserID opendkim:opendkim
# Specify the working socket
Socket inet:8891@localhost
EOF
We should restart the service:
service opendkim restart
We must tell Postfix to use OpenDKIM:
grep milters /etc/postfix/main.cf
Open /etc/postfix/main.cf
with your favorite editor, and add the
following to the end of the file:
cat <<'EOF' >> /etc/postfix/main.cf
# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = , inet:127.0.0.1:12768, inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
EOF
Still no DomainKey signing, but who cares as DKIM is working.