Forums

Resolved
0 votes
Hey Guys, Any suggestions on how I can prevent email that’s being scheduled and sent through my web server from being marked as spam? I’ve been testing the script and while it sends to my gmail account, it shows up in the spam folder. I’ve got a LetsEncrypt certificate for the site, but it still shows up in the spam folder of my gmail. The domain is a legitimate domain through Google, but of course the site is on my COS PC at my business. You can visit the site without it showing up as being untrusted. Thanks for any insight you can give me.
Friday, February 07 2020, 02:28 PM
Share this post:
Responses (18)
  • Accepted Answer

    Friday, February 07 2020, 04:56 PM - #Permalink
    Resolved
    0 votes
    Have you set up an SPF record for your domain?
    Do you have a fixed or dynamic IP?
    If you do a reverse lookup on your IP, does it give nothing, a generic ISP created name or something you control?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 10 2020, 05:22 PM - #Permalink
    Resolved
    0 votes
    Some more in depth information: My domain is registered through Google Domains. It's for our church. I have setup a virtual site on my COS web server for the domain, since it's a different domain than the primary domain of my COS server. I have a CNAME record for it in my Clear Center account's DNS records, so my Google domain name is a subdomain on my COS server. I also have an A record for it in my Google Domains DNS records that points the domain to my COS server's IP address, which is a static IP through sbcglobal. I can access the website just fine. I don't use the SMTP server on my COS box since I'm not using it as a mail server. The virtual site is a Joomla website and it uses the PHP mailer in Joomla. I have Joomla extensions that send notices to registered users on the website. It sends mail just fine, but mail is marked as spam in Google. I can't have this or my users won't get the notifications I'm sending them.

    Based on your advice, I've setup an SPF record in my Google domain DNS settings and also in my Clear Center account. The Google domain DNS setting looks like:

    @ for the name, SPF for the type, 1h for the TTL, and "v=spf1 a ip4:mystaticipaddress ~all" for the data.

    The DNS record in my Clear Center account looks like: the church's domain for the subdomain, the primary domain of my COS box for the domain, and then "v=spf1 a ip4:99.32.54.26 ~all" for the data.

    I did a reverse lookup on my static IP (using mxtoolbox.com) and it shows my static ip.uvs.toldoh.sbcglobal.net. It's also not blacklisted. I do get an SMTP banner mismatch, I think because of this, when using mstoolbox.com to test the email server (i.e. my COS SMTP server). I would suspect most people have this issue since they're not their own ISP. Joomla is configured to use the PHP mailer rather than the SMTP server, so I don't know if this is an issue.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 10 2020, 09:18 PM - #Permalink
    Resolved
    0 votes
    Whichever domain - the bit after the @ in the e-mail address - is the one which which must have the SPF record pointing to the server which is sending the mail. It can often be done by having "a mx" in the SPF as this permits both the IP covered by the A record and MX record to send e-mails in the domain's name.

    Some mail providers such as GMX don't like generic PTR records like ip.uvs.toldoh.sbcglobal.net and will even refuse e-mails. Simarly they are strict and do not accept MX records pointing to CNAME records.

    If you can get hold of a copy of the e-mail after being spammed, have a look at the header. It may reveal more information.

    I have an odd one where a friend has his business URL in his signature. The website seems to be hosted with a provider which also has some dodgy customers. This leads his e-mails to be spammed by ClearOS!
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 10 2020, 10:56 PM - #Permalink
    Resolved
    0 votes
    Thanks for your insight, Nick. I added to the spf record to include: the primary domain of my COS box and even the virtual site's domain, since it is a valid domain. I'll give it 48 hours (Google recommendation) to see if it propagates and prevents the marking of spam in the email headers.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 16 2020, 06:41 PM - #Permalink
    Resolved
    0 votes
    So, I am not having any luck with this. I really need this to work. I'm at a loss and Google doesn't provide any tech support numbers or email addresses that I can see. There were SPF and TXT records in my Google Domain DNS Synthetic records, so I had to remove them from there and add them to the custom resource records. This way I could edit them and add to them, to include my clearos domain and static IP address in both the SPF record and the TXT record. I created a PTR record pointing to my ISP, e.g. uvs.toldoh.sbcglobal.net. I left Google's TXT record for their DKIM for my Google domain in the Synthetic Records.

    Does anyone know if installing OpenDKIM on my clearos server, creating a DKIM key for, I'm assuming postfix, will attach that to all outgoing mail (sent via PHP Mail from my Joomla virtual site on my clearos server)? Such that I would need to add a TXT in my Google Domain DNS Custom Records that would include the DKIM key from my clearos server?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 16 2020, 06:49 PM - #Permalink
    Resolved
    0 votes
    I don't follow your mail routing for the moment. Can you tell me the route a main takes from your church to the internet? What domain do they use? Have you got hold of an email which has been sent to Junk? If so, can you post the header?

    Generally DKIM is not needed. I know I've done a how to for it, but given the opportunity, I would not read it. Instead I'd use SpamAssassin to do the DKIM. There are plenty of instructions on the internet and I hope to give it a go and write it up. It saves installing anything.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 16 2020, 07:47 PM - #Permalink
    Resolved
    0 votes
    Hey Nick, One domain hosted through Clear Center, renncoautomation.us. This is my primary domain and website. Two domains hosted through Google Domains, livinggraceevangelical.church and lgechurch.email. The first is for a website for our church. The second is for email for our church. All DNS and email for the Google Domains is handled through Google settings. Livinggraceevangelical.church is a virtual website on my clearos. In my Joomla configuration in the backend, I have office@lgechurch.email configured as the reply to and from email addresses, so that people see that email address when the church's Joomla site sends out notices to people. I'm testing it all now, sending them to my work gmail. It's always marking them as SPAM in the header.

    Here's the header:

    Delivered-To: dalbring@renncoautomation.com
    Received: by 2002:a17:906:a417:0:0:0:0 with SMTP id l23csp4215081ejz;
    Sun, 16 Feb 2020 11:40:08 -0800 (PST)
    X-Google-Smtp-Source: APXvYqy1cKlqZmAX4A1Xqt9CBKN9aMkQfOiSFp5cdylTB7WX5ScIPZNSiu1vZdR78NgTS4KSDrxp
    X-Received: by 2002:a6b:731a:: with SMTP id e26mr9540101ioh.254.1581882008637;
    Sun, 16 Feb 2020 11:40:08 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1581882008; cv=none;
    d=google.com; s=arc-20160816;
    b=GowxWxdizuJHa7u+M042KGhXEYsadjEjaB1RA8zLpy4LKQm4QtYvGw+Bc9qQ7keHkE
    CQ4+TwtsH9WBhrG0hOThevsyjO/vt5nGYapwUOd7VnuzvZ4njnU60eCwJzzbNMr2qLEG
    9LUjvN4Ost/NvPblyiWJF9fhuly8YdTTkK6cfWd/VveU+tsusd7JhfyJv0f6+a8DoL+t
    FmLWEcC13x+akEcbw29387dvTqj5vCRa8G1iM8UE6NG1UloMOj3RyX8n/ZDFkHCcXcZQ
    ZG5+gMj+q3FXXnSE3BpubjxqpkXTaFDFUlXj5xPbdV3ebRflzLxLtH05B6F6587CtmIY
    vF5w==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=mime-version:message-id:from:to:date:subject:to;
    bh=xz3MVuqJHrH1wFefc00D5277UsDrg+LlUhhSHdYKe5U=;
    b=zevH4WFgcb+MnMv/4sOUCHMHBDrgeuFtXhea/hqER+XqGr5b4epfx5B6NNUImEsYWf
    f4cbSoTkWubzFbKaQNv1lqi3lh6G64DjAjbG3KUqnr9aQ7AG/YYqzbpiPyhkqk9fRg0R
    HfLOUi8vrIdEV/PmbXdebwE0/TKa6VsXMPBfSoS40X46E2jGhGOCLK0GyQST37dqT7ja
    nLapZfMwXUXOCZIyiiXeKXc+nFKmRShUdBKX5NfTWKSrrmE46gBanOACZRaUS8ueANxZ
    VJNP+mKZSmhKMg1CTPToVOAYsz1p0cPn+1Y7QZeQiB7BApp8E7UmlqxsGfQZ2Gw+WKBL
    Eh3g==
    ARC-Authentication-Results: i=1; mx.google.com;
    spf=pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) smtp.mailfrom=office@lgechurch.email
    Return-Path: <office@lgechurch.email>
    Received: from server.renncoautomation.us (99-32-54-26.uvs.toldoh.sbcglobal.net. [99.32.54.26])
    by mx.google.com with ESMTPS id u15si8597471iof.125.2020.02.16.11.40.08
    for <dalbring@renncoautomation.com>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Sun, 16 Feb 2020 11:40:08 -0800 (PST)
    Received-SPF: pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) client-ip=99.32.54.26;
    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) smtp.mailfrom=office@lgechurch.email
    Received: from localhost (localhost [127.0.0.1]) by server.renncoautomation.us (Postfix) with ESMTP id EDA1040163744 for <dalbring@renncoautomation.com>; Sun, 16 Feb 2020 14:40:04 -0500 (EST)
    X-Virus-Scanned: amavisd-new at renncoautomation.us
    X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
    Received: from server.renncoautomation.us ([127.0.0.1]) by localhost (server.renncoautomation.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zn9pExu5Tl8a for <dalbring@renncoautomation.com>; Sun, 16 Feb 2020 14:40:02 -0500 (EST)
    Received: from localhost (localhost [127.0.0.1]) by server.renncoautomation.us (Postfix) with ESMTP id A79BC40163742 for <dalbring@renncoautomation.com>; Sun, 16 Feb 2020 14:40:02 -0500 (EST)
    Received: by server.renncoautomation.us (Postfix, from userid 48) id 85B8B40034BC6; Sun, 16 Feb 2020 14:40:02 -0500 (EST)
    To:
    Subject: You've been scheduled for Children's Church on Sunday, March 29 9:45 am
    X-PHP-Originating-Script: 48:class.phpmailer.php
    Date: Sun, 16 Feb 2020 14:40:02 -0500
    To: undisclosed-recipients:;
    From: Living Grace Evangelical Church <office@lgechurch.email>
    Message-ID: <54d44b34ae6d6458589daea19954a175@livinggraceevangelical.church>
    MIME-Version: 1.0
    Content-Type: text/html; charset=utf-8
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 16 2020, 08:15 PM - #Permalink
    Resolved
    0 votes
    That all looks OK. SPF checks out and everything seems to be legitimate in the header so I can't see why it is being sent to spam unless other recipients have flagged this sort of mail as spam. You could try DKIM, but honestly, at the moment, I don't know. Also check Google's bulk senders guidelines.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 16 2020, 10:30 PM - #Permalink
    Resolved
    0 votes
    So, I followed this link to setup opendkim on my clearos server and generate a key. At one point it says to
    Test your DNS record and signing: dig -t any YYYYMM._domainkey.mydomain.com
    , to which I did. I get a response back saying,
    communications error to 127.0.0.1#53: end of file
    . I have no idea what that means. Everything else seemed to go OK, although I have to receive an email back after sending a test mail to check-auth@verifier.port25.com.

    Do I need to include the dkim key in my Google Domain DNS settings as a TXT file?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 08:50 AM - #Permalink
    Resolved
    0 votes
    In GoogleDNS you should have a subdomain set as YYYYMM._domainkey and the TXT record should contain:
    Now you need to update your DNS records. Open the file '/etc/opendkim/keys/mydomain.com/YYYYMM.txt'. In your DNS records, create a new TXT record with a subdomain as the first field in the file which you can just copy. In this case it is “YYYYMM._domainkey”. For TXT Data copy and paste everything between the first and last set of quotes, excluding the first and last quotes and removing the middle quotes and whitespace between them.
    You also need to adjust YYYYMM to whatever you chose.

    If you dig command is not working then you've got something wrong. If, from other posts ages ago, you have tweaked your dnsmasq so iy does not local queries onto the internet? You may have added:
    local=/mydomain.com/
    localise-queries
    To your dnsmasq configuration. If so, you will need an extra line:
    local=/_domainkey.mydomain.com/#
    This will allow the domainkey lookup to go out to the internet.

    Do you have a funny DNS set up? If I google your error it refers to other DNS utilities running. W hat is the output to:
    netstat -npl | grep :53


    BTW, can I say that your DKIM record is public knowledge to anyone receiving your e-mails so there is not too much point in munging it.

    [edit]
    The reply from check-auth@verifier.port25.com should be instantaneous, Greylisting permitting.
    [/edit]
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 01:48 PM - #Permalink
    Resolved
    0 votes
    Hey Nick,

    Result of the netstat command after I entered the line you recommended in my /etc/dnsmasq.conf file:
    tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2417/dnsmasq
    tcp6 0 0 :::53 :::* LISTEN 2417/dnsmasq
    udp 0 0 0.0.0.0:53 0.0.0.0:* 2417/dnsmasq
    udp6 0 0 :::53 :::* 2417/dnsmasq


    I entered the line at the end of the file. I first included the hashtag mark at the end of the line, like you depicted. There were no other lines that included 'local'. Even so, I still have the same error, popping up when using the dig -t command, but with an added error message:
    ;; communications error to 127.0.0.1#53: end of file
    ;; ERROR: ID mismatch: expected ID 46646, got 33152
    . I then included the port number 53 after the hashtag and got this error message:

    ;; Connection to 127.0.0.1#53(127.0.0.1) for YYYYMM._domainkey.renncoautomation.us failed: connection refused.
    . Then I removed the number 53 and the hashtag. Success!
    ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t any YYYYMM._domainkey.renncoautomation.us
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26373
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;YYYYMM._domainkey.renncoautomation.us. IN ANY

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Feb 17 08:26:20 EST 2020
    ;; MSG SIZE rcvd: 55
    . Still no response when sending the email check-auth@verifier.port25.com though.

    Any rate, any sent mail using office@lgechurch.email as the reply to and from email address winds up in my Google spam folder still. What a pain in the butt.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 03:09 PM - #Permalink
    Resolved
    0 votes
    If check-auth@verifier.port25.com is not responding then you still have a problem.

    Who is doing the signing? You or the church server? You may be able to sign on behalf of the church but I'm not sure. Otherwise you have to get the church set up to do the signing. You may find out that you are only signing your own e-mails unless you have set up signing keys for the church as well.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 03:37 PM - #Permalink
    Resolved
    0 votes
    Hey Nick, thanks for the reply.

    Well, I have a ClearOS server at work I use for a utility server only. This is domain renncoautomation.us. I run a bare bones website on it to share videos and allow file transfers. This is through a Joomla website in my webroot (i.e. /var/www/html). That seems to have always worked when sending and receiving emails, although the only emailing really is what is sent from the Joomla website I created. I have a Kopano server and SMTP server running on it, but again, I really don't do any emailing. I was using the Kopano webapp to send the test email to check-auth@verifier.port25.com.

    I then have a virtual website (in /var/www/virtual/livinggraceevangelical.church/html) where I have a Joomla website for our church. In the backend administrator configuration of this Joomla site, I have in the Joomla mail settings office@lgechurch.email as the 'from' and 'reply to' email addresses when Joomla sends out emails. The two domains used for the church are hosted through Google. The renncoautomation.us domain is hosted through Clear Center.

    I have been making some DNS settings in Clear Center, but most of them are in Google Domains for the two church domains. I have placed a TXT entry for the DKIM key in both hosts' DNS records. In Google I use YYYYMM._domainkey.renncoautomation.us and in Clear Center I use just YYYYMM_domainkey for the name entry. I would think, since the emails are being sent from the Joomla site on the virtual website (i.e. /var/www/virtual/livinggraceevangelical.church/html), through my renncautomation.us smtp server, that this would be doing the signing, especially since I just installed and configured OpenDKIM on my ClearOS server.

    This is all mostly Greek to me, so it's become a real stumbling block to making our church's website as effective as I want.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 04:24 PM - #Permalink
    Resolved
    0 votes
    For your church the DKIM record does not look right. It should be for subdomain YYYYMM_domainkey, and domain lgechurch.email. You will need a separate signing set up for lgechurch.email by using lgechurch.email in the DKIM set up document as well, so for generating the key, adding it to /etc/opendkim/KeyTable and /etc/opendkim/SigningTable.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 04:29 PM - #Permalink
    Resolved
    0 votes
    Looking at you and your church's DNS set up, You won't receive e-mails back as they will end up at Google as they are set up as your primary mail servers. There also appears to be an error with the one of the renncoautomation.us records which as a \032 on it. I **think** this is wrong.
    [root@server ~]# host lgechurch.email
    lgechurch.email has address 99.32.54.26
    lgechurch.email mail is handled by 1 aspmx.l.google.com.
    lgechurch.email mail is handled by 5 alt1.aspmx.l.google.com.
    lgechurch.email mail is handled by 5 alt2.aspmx.l.google.com.
    lgechurch.email mail is handled by 10 alt3.aspmx.l.google.com.
    lgechurch.email mail is handled by 10 alt4.aspmx.l.google.com.
    lgechurch.email mail is handled by 15 server.renncoautomation.us.
    lgechurch.email mail is handled by 15 renncoautomation.us.
    lgechurch.email mail is handled by 20 livinggraceevangelical.church.
    [root@server ~]# host renncoautomation.us
    renncoautomation.us has address 99.32.54.26
    renncoautomation.us mail is handled by 1 aspmx.l.google.com\032.
    renncoautomation.us mail is handled by 5 alt1.aspmx.l.google.com.
    renncoautomation.us mail is handled by 5 alt2.aspmx.l.google.com.
    renncoautomation.us mail is handled by 10 alt3.aspmx.l.google.com.
    renncoautomation.us mail is handled by 10 alt4.aspmx.l.google.com.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 06:12 PM - #Permalink
    Resolved
    0 votes
    Hey Nick, thanks for sticking with me. I added a dkim key for lgechurch.email like you said. That all went fine. The only thing I wasn't sure of was what domain to use in the Key Table for lgechurch.email, so it looks like:
    202003 lgechurch.email:202003:/etc/opendkim/keys/lgechurch.email/202003.private

    Should it be more like:
    202003 renncoautomation.us:202003:/etc/opendkim/keys/lgechurch.email/202003.private


    My original Key Table script entry for renncoautomation.us is:
    202002 renncoautomation.us:202002:/etc/opendkim/keys/renncoautomation.us/202002.private


    My Signing Table script entries for both looks like:
    *@renncoautomation.us	202002
    *@lgechurch.email 202003


    Then I have two dkim TXT entries in my Clear Center DNS records. One for 202002._domainkey.renncoautomation.us and the other for 202003._domainkey.renncoautomation.us, the latter since lgechurch.email is merely a virtual website on my ClearOS server, not my primary Clear Center domain of renncoautomation.us. Clear Center will only allow you to choose the domains hosted by them when configuring your DNS records. The data is the generated key in the 202002.txt and 202003.txt files respectively. I entered these same dkim TXT records in my Google Domain, using 202002._domainkey.renncoautomation.us and 202003._domainkey.renncoautomation.us respectively, for the names of the TXT records.

    Looking at you and your church's DNS set up, You won't receive e-mails back as they will end up at Google as they are set up as your primary mail servers.

    I had forgotten during all my experimenting that I had used Google's servers in my Clear Center MX records for renncoautomation.us. I removed those and added server.renncoautomation.us instead. Then I tested that by using Kopano to send an email to check-auth@verifier.port25.com. I received a reply promptly. Nothing stood out to me in the email body as being a problem.

    I then tried sending another email from the church Joomla site and it still got thrown in the spam folder in my gmail. I feel like I'm getting closer. I wish I could talk to Google on the phone or at the least, send their support team an email and get some specific guidance. I am hosting two domains for our church with them. Here's the header of the latest spammed email:

    Delivered-To: dalbring@renncoautomation.com
    Received: by 2002:a17:906:a417:0:0:0:0 with SMTP id l23csp5257177ejz;
    Mon, 17 Feb 2020 09:50:05 -0800 (PST)
    X-Google-Smtp-Source: APXvYqxXGlP4EI2x2aiTARHj4hYIhKtGcoNqB6j1KxaBUJpC2PAgKlXTAZdEY1PlCc8ZX4fbjmX2
    X-Received: by 2002:a92:d708:: with SMTP id m8mr15226534iln.244.1581961805404;
    Mon, 17 Feb 2020 09:50:05 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1581961805; cv=none;
    d=google.com; s=arc-20160816;
    b=Vtau9/4adoVRMMvosg2WzaiGelPZ9XnkM7mjD/DVV+DCbBf5gadTyNFsXOHnSR1xMJ
    SmNegUjbIWBtLqQ6sI25ED1hzYvbZPObWsRLdNFoXNtB9p5e/in6zYZh/gATqD6vu6x7
    pDBCgduvClzPgQDLHiGt64QGVElDs68PIwi2jnKo+tXyMt6HHAV0F6ZFjtUn3fKNCX9a
    HnjvVthwMsBfcAya3rAR71AGSYHieEOs5ghDfl+r464I8uaqY026WNvl9YGfteK6YT2h
    RrHVv2G5rJgcvANWvlQoW6zKDUaUb/qTpDRmoWQMV11jMmt+UKPfitouzkTiDdkvvsu/
    o/1A==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=mime-version:message-id:from:to:date:subject:to:dkim-signature;
    bh=xz3MVuqJHrH1wFefc00D5277UsDrg+LlUhhSHdYKe5U=;
    b=YP5vIesRUW3jgoX3m8h2NPoVTSRXKXG2HNTvwJBtkS/8KIE4Ny6xoJzMUqVoTtQhpX
    FYlPQmDvbUuVjpvm+fSRJkuIA5Tw37M5GyLIZveJQRgqNWEifP3ZK/TBtzfaW6QCTc+o
    IfWZJKS8XD8MQILA4xBWyKbS9cmAb4s6XwZpYlG52eC/feFX5aF/IQiXLOWMCqYbTNg6
    kD4I0rTp9t61nlg0njwBRYE3QDwntiZHKw16/z7MbmzizvP+DsS9CBc80Kq1VoO0N2V6
    oK3quhHlAcH+sViwz0TMROlhBhRJGFXL8ARev/3IhFHZh/uqkt3ua9+fVX0pr7T6Be6M
    An7A==
    ARC-Authentication-Results: i=1; mx.google.com;
    dkim=temperror (no key for signature) header.i=@lgechurch.email header.s=202003 header.b=r0WWNG8W;
    spf=pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) smtp.mailfrom=office@lgechurch.email
    Return-Path: <office@lgechurch.email>
    Received: from server.renncoautomation.us (99-32-54-26.uvs.toldoh.sbcglobal.net. [99.32.54.26])
    by mx.google.com with ESMTPS id 124si887889ilc.133.2020.02.17.09.50.04
    for <dalbring@renncoautomation.com>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Mon, 17 Feb 2020 09:50:05 -0800 (PST)
    Received-SPF: pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) client-ip=99.32.54.26;
    Authentication-Results: mx.google.com;
    dkim=temperror (no key for signature) header.i=@lgechurch.email header.s=202003 header.b=r0WWNG8W;
    spf=pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) smtp.mailfrom=office@lgechurch.email
    Received: from localhost (localhost [127.0.0.1]) by server.renncoautomation.us (Postfix) with ESMTP id E1C00400F7E49 for <dalbring@renncoautomation.com>; Mon, 17 Feb 2020 12:50:03 -0500 (EST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lgechurch.email; s=202003; t=1581961803; bh=xz3MVuqJHrH1wFefc00D5277UsDrg+LlUhhSHdYKe5U=; h=To:Subject:Date:To:From:From; b=r0WWNG8WcSbxmMQOMEMaK9wN9q1C3UOx+x6KPfWEL6+x06Mh79dZSb9b5vUOixdJI
    EbH1ebw8sW1DS5Xrf5XvJqPFgHzvo1s5cFxaMxWrlA8LyowtJ5elCjvPabTy0mreu1
    zudXWbOmO4kteekgwZ6qJMdmWk2XOc1kF1lTdN9PC9yIKsTyzTyyKwlgB9Q8aTVPY2
    pHHOZiRmZWv9d59ZUTLyh4SIyaMc5WohKOimnj+qaj8xKFaoAL+2YS9VQncf8TayAt
    oPG97Y32id6TQM6eymwgaLcv5RI+ZBjcWk7KzKOgcGQkzTpP5LuzV7zMF2kFSpwf7o
    bC/0m3uoUmrww==
    X-Virus-Scanned: amavisd-new at renncoautomation.us
    X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
    Received: from server.renncoautomation.us ([127.0.0.1]) by localhost (server.renncoautomation.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pyBzb8OMzIqL for <dalbring@renncoautomation.com>; Mon, 17 Feb 2020 12:50:02 -0500 (EST)
    Received: from localhost (localhost [127.0.0.1]) by server.renncoautomation.us (Postfix) with ESMTP id 922DC400F7E54 for <dalbring@renncoautomation.com>; Mon, 17 Feb 2020 12:50:02 -0500 (EST)
    Received: by server.renncoautomation.us (Postfix, from userid 48) id 630E9400F7E49; Mon, 17 Feb 2020 12:50:02 -0500 (EST)
    To:
    Subject: You've been scheduled for Children's Church on Sunday, March 29 9:45 am
    X-PHP-Originating-Script: 48:class.phpmailer.php
    Date: Mon, 17 Feb 2020 12:50:02 -0500
    To: undisclosed-recipients:;
    From: Living Grace Evangelical Church <office@lgechurch.email>
    Message-ID: <65e706fa05312c5d52ebab4c3094d9db@livinggraceevangelical.church>
    MIME-Version: 1.0
    Content-Type: text/html; charset=utf-8
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 17 2020, 07:23 PM - #Permalink
    Resolved
    0 votes
    Your DKIM has failed for the church. Look at the mail sent to you:
    ARC-Authentication-Results: i=1; mx.google.com;
    dkim=temperror (no key for signature) header.i=@lgechurch.email header.s=202003 header.b=r0WWNG8W;
    spf=pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) smtp.mailfrom=office@lgechurch.email
    <snip>
    Authentication-Results: mx.google.com;
    dkim=temperror (no key for signature) header.i=@lgechurch.email header.s=202003 header.b=r0WWNG8W;
    spf=pass (google.com: domain of office@lgechurch.email designates 99.32.54.26 as permitted sender) smtp.mailf
    You need to add lgechurch.email's DKIM record to their DNS and not yours.

    I think this line is OK:
    202003 lgechurch.email:202003:/etc/opendkim/keys/lgechurch.email/202003.private


    Odd about the duplicate e-mail To header!
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 19 2020, 05:29 PM - #Permalink
    Resolved
    0 votes
    Well, I'm giving up on the DKIM certificate stuff. I disabled the opendkim service. I read somewhere where Google likes to see 1024 bit DKIM keys, rather than 2048, so I tried creating new ones and implementing them, but when I tried to test the keys, opendkim was saying they couldn't be found. I then removed the new ones and used the original ones, but opendkim was still telling me those couldn't be found. I tried removing the original ones (that previously passed the tests) and recreating them, but the same thing. If I left it this way, it made it so mail wasn't sending. When I looked in my maillog, it flagged an issue with the dkim, so I just disabled it. The maillog was saying:
    dkim: candidate originators: From office@lgechurch.email
    Feb 16 05:35:25 server amavis[29370]: (29370-01) dkim: not signing, empty signing domain, From office@lgechurch.email


    I did get Google support to respond to a ticket. They're suggesting things I've already tried. One of them was to put MX records in my DNS settings that point to the G Suite mail servers. I had already done that in my Clear Center account, but after you made me aware of an issue with that (I wasn't receiving emails using Kopano), I removed those MX records. I don't know how using G Suite MX records would work anyway, since my COS box uses my ClearCenter domain of renncoautomation.us. It's not a Google domain.

    I might put the MX records back now, since I really don't use the incoming mail server on my COS box, but doing that in the past didn't keep 'sent mail' out of the gmail recipient's spam folder.
    The reply is currently minimized Show
Your Reply