Email verification tests

Email verification tests

Is Not Spam? Newsletters spam test by mail-tester.com EMAIL VERIFICATION

Check your SPF and DKIM keys here, and enter default as DKIM Selector.

Validate SPF record: SPF Query Tool

Test DKIM, DomainKeys, SPF - Online

Email content checkers

Free JSON API to instantly check the spam score of your email messages Lyris

SPF records

Manually list:

dig wettbewerbe365.ch txt @ns1.first-ns.de
DomainKeys, DKIM signing

DomainKeys Identified Mail (DKIM) is the successor to DomainKeys.

How do I enable DomainKeys on my DV server?

Plesk stores zone files in /var/named/run-root/var, so to check values qjust type:

cat /var/named/run-root/var/wettbewerbe365.ch

Based on this recommendations we will set DNS records wherever they are hosted.

Reverse DNS

Reverse DNS did “not match SMTP Banner”.

http://mxtoolbox.com/domain/wettbewerbe365.ch/?source=findmonitors

  • Added server.etaktiker.com record at DNS (@myhosttech.eu) to point to our server (5.9.95.48). We want our ping to be exact.
  • Set Reverse DNS name on robot@hetzner to server.etaktiker.com as we want reverse ping to be exact.

Check result of reverse DNS that must be our servername.

host 5.9.95.48

Enable Plesk globally and per domain with GUI or from command line:

sudo /usr/local/psa/bin/domain_pref -u wettbewerbe365.ch -sign_outgoing_mail true

Info on how to generate DomainKeys

http://blog.matoski.com/articles/generate-domainkeys/

After you put it in the DNS zone

Code: /usr/local/psa/bin/domain_pref -u <domain_name> -sign_outgoing_mail false /usr/local/psa/bin/domain_pref -u <domain_name> -sign_outgoing_mail true And you can restart postfix, verifed that it works, looks like it won’t sign if you only do from the GUI, you have to do some manual work.

Best articles for Plesk:

Upgrade Plesk 11.5 to Plesk 12 on Debian Wheezy 7.6, fixing OpenDKIM and DK - Warehouse Setting up SPF + DK + DKIM with Postfix in Plesk 11.5 on Debian Wheezy - Warehouse

In Plesk

Very important fixing procedure for Plesk: Domain Keys are not signing email even when the setting is enabled server-wide

DKIM is not supported by Plesk, so I had to install it manually.

apt-get install opendkim opendkim-tools

mkdir -pv /etc/opendkim/keys
chown -Rv opendkim:opendkim /etc/opendkim
chmod go-rwx /etc/opendkim/*

And for every domain I have to do:

DOMAIN=wettbewerbe365.ch
mkdir -p /etc/opendkim/keys/$DOMAIN
cd /etc/opendkim/keys/$DOMAIN
opendkim-genkey -d $DOMAIN -s mail
chown -Rv opendkim:opendkim /etc/opendkim/keys/$DOMAIN
chmod -v u=rw,go-rwx *

Continue:

touch /etc/opendkim/KeyTable
touch /etc/opendkim/SigningTable
touch /etc/opendkim/TrustedHosts

echo /etc/opendkim/TrustedHosts
cat <<'EOF' > /etc/opendkim/TrustedHosts
127.0.0.1
localhost
5.9.95.48
EOF
echo "$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable
echo "*@$DOMAIN $DOMAIN" >> /etc/opendkim/SigningTable

echo "$DOMAIN" >> /etc/opendkim/TrustedHosts
echo "mail.$DOMAIN" >> /etc/opendkim/TrustedHosts

In DNS, put the line from /etc/opendkim/keys/$DOMAIN/mail.txt in DNS records.

Now we need to configure OpenDKIM by editing /etc/opendkim.conf:

cat <<'EOF' >> /etc/opendkim.conf

# Enable Logging
Syslog yes
SyslogSuccess yes
LogWhy yes

# User mask
UMask 002

# Always oversign From (sign using actual From and a null From to prevent malicious signatures header fields (From and/or others) between the signer and the verifier)
OversignHeaders From

# Our KeyTable and SigningTable
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable

# Trusted Hosts
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts

# Hashing Algorithm
SignatureAlgorithm rsa-sha256

# Auto restart when the failure occurs. CAUTION: This may cause a tight fork loops
AutoRestart Yes

# Set the user and group to opendkim user
UserID opendkim:opendkim

# Specify the working socket
Socket inet:8891@localhost

EOF

We should restart the service:

service opendkim restart

We must tell Postfix to use OpenDKIM:

grep milters /etc/postfix/main.cf

Open /etc/postfix/main.cf with your favorite editor, and add the following to the end of the file:

cat <<'EOF' >> /etc/postfix/main.cf

# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = , inet:127.0.0.1:12768, inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters

EOF

Still no DomainKey signing, but who cares as DKIM is working.

date 01. Jan 0001 | modified 29. Dec 2023
filename: Task - Sending emails SPAM free