Resolved Email goes in to spam (old story)

Discussion in 'Plesk 12.x for Linux' started by seqoi, Mar 16, 2017 at 5:36 AM.

  1. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Spent few days i am out of ideas. Not sure what am i doing wrong. All emails i sent goes into spam (gmail, yahoo, outlook)

    I am sending screenshot of my dns zone (domain is pointed to cloudns and works wonderfully everything works jsut this email thing)..

    I added keys in to my DNS zone at cloudns.net, added private key into etc/domainkeys/mydomain.com/default

    DKIM is pass. From what i understand i should just ignore Domaincheck being neutral as DKIM is what is most important right?

    When checking this is the result i am getting (my actual domain is replaced with "mydomainishere"):

    Code:
    Thank you for using the verifier,
    
    The Port25 Solutions, Inc. team
    
    ==========================================================
    Summary of Results
    ==========================================================
    SPF check:          pass
    DomainKeys check:   neutral
    DKIM check:         pass
    SpamAssassin check: ham
    
    ==========================================================
    Details:
    ==========================================================
    
    HELO hostname:  mydomainishere
    Source IP:      xxx.xxx.212.27
    mail-from:      info@mydomainishere
    
    ----------------------------------------------------------
    SPF check details:
    ----------------------------------------------------------
    Result:         pass
    ID(s) verified: smtp.mailfrom=info@mydomainishere
    DNS record(s):
        mydomainishere. SPF (no records)
        mydomainishere. 3600 IN TXT "v=spf1 +all"
    
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result:         neutral (message not signed)
    ID(s) verified: header.From=info@mydomainishere
    DNS record(s):
    
    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result:         pass (matches From: info@mydomainishere)
    ID(s) verified: header.d=mydomainishere
    Canonicalized Headers:
        from:info@mydomainishere'0D''0A'
        to:check-auth2@verifier.port25.com'0D''0A'
        subject:g'0D''0A'
        dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=mydomainishere;'20's=default;'20't=1489666532;'20'bh=Xtvwt7Cb0W352Oz91uI6OPSbAdpWr71PAW0aGQhUBh0=;'20'l=3;'20'h=From:To:Subject;'20'b=
    
    Canonicalized Body:
        g'0D''0A'
    Could it be because of missing SPF records?

    here is my zone screenshot maybe some key is invalid?

    zona2.jpg

    note i found this thread: https://www.unixhops.com/install-dkim-and-dmarc-on-plesk-12-5/ but on my server DKIM is pass so i am assuming i don't need to follow that tutorial..

     
  2. UFHH01

    UFHH01 Platinum Pleskian Plesk Guru

    33
    30%
    Messages:
    4,405
    Likes Received:
    885
    Trophy Points:
    732
    Location:
    Hamburg / Germany
    Hi seqoi,

    Did you consider to inspect the mail headers from your eMails, declared as spam?

    Consider as well to use the FORUM search, to inform yourself about decent SPF - entries. ;)
     
  3. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Thanks for advice i will look into mail headers. Any tip what to look for? How do i know why is email declared as spam?

    Do you agree that if DKIM is pass i should not worry about it then?

    Will look for decent SPF thanks.
     
  4. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Ok you provided me good catch. Google header actually show me DKIM FAIL with domain NULL...
     
  5. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Hi there! Some guidance needed. I still refused to follow tutorial i mentioned because i don't want to mess something. Tutorial is for plesk 12.5 and i have onyx 17. With that being said.

    Plesk Onyx 17, CentOS 7.3.

    Postfix, Dovecot

    Simple question - where exactly on server configuration do i add my DKIM RSA private key ??

    edit: i have three domains hosted on server. I am assuming each domain should host specific key in specific folder?
     
  6. UFHH01

    UFHH01 Platinum Pleskian Plesk Guru

    33
    30%
    Messages:
    4,405
    Likes Received:
    885
    Trophy Points:
    732
    Location:
    Hamburg / Germany
    Hi seqoi,

    this depends on your unique server and package installation. If you follow the above mentioned article, you will add a second DKIM - signing, while the Plesk implemented DKIM - signing feature is already included in Plesk Onyx ( and YES, it is "DKIM" on Plesk Onyx and not "DomainKeys" ).

    The needed DKIM - key from Plesk ( separator "default" ) is added in your DNS - settings for the specific domain ( => HOME > Subsciptions > YOUR-DOMAIN.COM > DNS Settings ) and stored in the psa - database.
     
  7. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    UFHH01 Before s start let me tell you i am honestly VERY grateful for you spending your valuable time with my rookie issues. Thank you for that.

    I did not wanted to waste anyone times so I read ton of articles and found similar but not the same things like this thread (https://talk.plesk.com/threads/dkim-domainkey-with-external-dns.339868/)

    My apology for me (again) not being clear right from start. I do not use Plesk DNS like OP from linked thread. I use cloudns.net for my DNS administration and in plesk i switched DNS off by following official plesk documentation. Everything works super smooth apart from DKIM.

    So do you think i should enable Plesk DNS for particular domain on my server (but i don't see a point).

    In this article https://docs.plesk.com/en-US/onyx/a...am-tools/dkim-spf-and-dmarc-protection.59433/ by reading plesk article and especially that in red color

    "Important: If you use an external DNS service, DKIM signing will work for outgoing messages, but the receiving mail server will not be able to validate these messages. As a workaround, you can switch off Plesk DNS server and add a corresponding DKIM-related DNS record on the external DNS service. In this case, the receiving server will be able to validate the messages."

    It does appear to me i can continue to use my external DNS service at cloudns.net. Like i said i set up everything properly and i see in test email that key is "passing" in email but i never was able to find a place where do i actually need to add my private RSA key.

    ? Any potential clue?

    As i understand it Plesk Onyx users do not need to install opendkim service and configure it as mentioned in this thread: https://www.unixhops.com/install-dkim-and-dmarc-on-plesk-12-5/

    I believe i am at point where i set up everything just correctly but no one ever mentioned where do i add RSA key on my server?
     
  8. UFHH01

    UFHH01 Platinum Pleskian Plesk Guru

    33
    30%
    Messages:
    4,405
    Likes Received:
    885
    Trophy Points:
    732
    Location:
    Hamburg / Germany
    Hi seqoi,

    I can't see any decent reason, why things should be complicated. Just turn ON again the local DNS service and use the provided DKIM - keys from specific DNS - settings of your domain(s). In order to profit from the DMARC - feature, you need it anyway turned ON. You are still able to use the external DNS - service, but you have the advantage to see all needed DNS - entries over the Plesk Control Panel and can copy them to your external DNS - service. ;)

    It is far more complicated, to get the DKIM - keys from your psa - database and install a SECOND DKIM - signing - hook and I can't see any advantage in it for you, to have a second instance on your server.
     
  9. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    No problem i just did and you are right. Having both i mean copying from one to another isn't anything difficult and there is DMARC like you said.

    This part of message i really couldn't understand. What second instance?

    Are you suggesting me that my RSA key is very complicated to add somewhere on my server? Why database and what database? I generated my keys here http://dkimcore.org/tools/ and public keys are added in right place. I just simply can't figure out where do i add my private rsa key at server level.

    When i am reading this tutorial https://www.unixhops.com/install-dkim-and-dmarc-on-plesk-12-5/ it is perfectly clear to me where and how he do things but like i said i don't have 12.5 and i am in fear if i use opendkim as guy in tutorial it might screw things and interfere with Plesk Onyx features - which is why i simply want to figure out where do i add rsa private key for signing ?...
     
  10. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Do i have to add private key in my NS zone as well?
     
  11. UFHH01

    UFHH01 Platinum Pleskian Plesk Guru

    33
    30%
    Messages:
    4,405
    Likes Received:
    885
    Trophy Points:
    732
    Location:
    Hamburg / Germany
    Hi seqoi,

    the first instance will be the standart ( Plesk ), while you manually add a second instance, manually installed on your server, manually integrated into postfix. ;)

    No, it is not complicated, but Plesk handles the "default" DKIM - signing in a different way, than your manual installed version. Plesk uses the hook over it's own service "psa-pc-remote", pass it over to it's "spf" - handler, passes the result back to "psa-pc-remote" which then pass it over to the "dd51-domainkeys" handler, which again returns it to the "psa-pc-remote" handler, to finally pass it over to postfix.

    ... because Plesk stores the informations in it's PSA - database.


    Total different point here and a total different installation. You have to insert the additional "mail" - DKIM - key at your external DNS - service and you need to integrate the manual installed milter into your postfix configuration. Pls. keep in mind that the separator "DEFAULT" is not equal with separator "MAIL". ;)
    But again... you don't really need this additional installation procedure at all and you don't need an additional DKIM - separator "mail" - you use Plesk Onyx and it's very well integrated, even with the option ti use DMARC as well.


    No.
     
  12. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Ok thanks. Without wasting anymore of your time can you maybe point me to a specific resource/link on about configuring and making dkim key (now when you know what i did) work. Because i think i did everything ok when it comes to DNS zone editing but i did not touched milter.

    Any link from your memory will be greatly appreciated and i am willing to learn and read through it.
     
  13. UFHH01

    UFHH01 Platinum Pleskian Plesk Guru

    33
    30%
    Messages:
    4,405
    Likes Received:
    885
    Trophy Points:
    732
    Location:
    Hamburg / Germany
    Best Answer
    Hi seqoi,

    a link which I could recommend is => https://matoski.com/article/spf-dk-dkim-plesk-debian/
    Even that this blog article was written for Plesk 11.5, the complete process is still valid - just ignore, that with Plesk Onyx, DomainKeys has been replaced with DKIM now and don't switch off the Plesk DNS server, so you might profit from DMARC - usage as well. Copy ALL your DNS - entries from Plesk to your preferred DNS - service and you will be fine and should not experience any issues.


    If you still experience issues/errors/problems, it is essential, that you provide the corresponding mail.log, the screenshots from your depending DNS - settings over Plesk, the screenshots from your desired external DNS - service for the corresponding domain(s) ( = better will be no anonymity of the domains, because people willing to help you can then investigate possible DNS - issues on their own! ) and last the configuration files from you manual opendkim installation.
     
    seqoi likes this.
  14. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Thank you. I am new to this forum i pressed "like" and "best answer" and if there is some thank you button (i don't see it) let me know.

    You helped me a lot. I wish you nice day.

    Kind regards
     
    UFHH01 likes this.
  15. seqoi

    seqoi New Pleskian

    3
    20%
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    32
    Location:
    Austria
    Hi there! I solved my problems with success. The reason why i am writing here is so other can find and solve their problems. Before i start i want to say again thank you UFHH01 for all your contributions!

    One important thing. This tutorial is much much less complicated then https://matoski.com/article/spf-dk-dkim-plesk-debian/ and if one is using Plesk Onyx whole process is actually VERY easy to do and i found answer within my own investigation. I think that problem here is that UFHH01 is VERY experienced Plesk user and his point of view maybe can be much more complicated and therefore not applicable for rookies like me. On top of that i was under impression that i can solve my problems way more easier then what he and other tutorials where suggesting, i believed i was on track and it turned to be true for this particular case.

    So no - you don't need to follow tutorials i mentioned, you do not need to install OpenDKIM or alter any milter inside Postfix (assuming you are using default Plesk configuration) - you can do all within Plesk graphical interface and you will need to edit one file via SSH.

    Note - i created my keys here: http://dkimcore.org/tools/

    So log in to your plesk and go Tools and Settings - Mail Server Settings and enable DKIM and make everything like on screenshot

    01.jpg

    Now go to your Plesk Websites and Domains and select your domain and there you press on Mail settings

    02.jpg


    from here you make sure you select "Use DKIM Spam protection...." as on screenshot

    03.jpg

    As soon as you apply this change (use DKIM spam protection....) new directory will be created in your etc/ folder on server. Directory is called "domainkeys" and inside of it there will be name of your domain. Go inside and there is a file in which you need to add your key (something i asked in my initial issues but UHFF01 did not understand what i am asking and i was not being completely clear about my issues. So yes THIS IS THE PLACE WHERE YOU ADD YOUR PRIVATE KEY weeeeee :)

    so there you have etc/domainkeys/yourdomainexample.com/default - default is file where you need to add your private RSA key. Simply copy paste your key here. That's it.

    Now we also need to add proper keys in our DNS zone. I am going to put screenshots of my Plesk DNS zone and my external DNS service. My domain IP and domain name is blurred and keys are blurred but the point of this is to understand where to add what. Why i have both ? Because that's what UHFF01 suggested and it's working for me :)

    VERY IMPORTANT - when generating keys at http://dkimcore.org/tools/ you can copy and paste your tinydns format key but MAKE SURE you remove TTL value at the end of the key 3600 otherwise it wont work. Example:

    v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAakaGKDJFJdshjfhfBGJDJGDGJKdjdtA6AW/Z6azPY9346465465675Pc2YwPeML++1nNXRmvqq+JHuYfn1464564567jLEp1MnG/FUpWugKRaM/M7Wgm+bkXpE6OMW0OLbr1rWW2OpAYDisxivQcxWyC4564565465h0oLOjBlQIDAQAB:3600::

    you need to remove ":3600:: so your keys will look like

    v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAakaGKDJFJdshjfhfBGJDJGDGJKdjdtA6AW/Z6azPY9346465465675Pc2YwPeML++1nNXRmvqq+JHuYfn1464564567jLEp1MnG/FUpWugKRaM/M7Wgm+bkXpE6OMW0OLbr1rWW2OpAYDisxivQcxWyC4564565465h0oLOjBlQIDAQAB

    Otherwise it won't work

    DNS screenshot

    dns-cloud.jpg


    DNS in Plesk


    dns-plesk.jpg

    And that's it - that's working for me. No outside tutorials, no new services installation just pure Plesk Onyx. All emails now arrive in gmail, yahoo etc. in inbox and Gmail header inspection is saying DKIM is correct and is a PASS with my domain name.

    I am VERY happy and every and each day i am more and more amazed with Plesk :)

    UHFF01 - if there is anything to add here feel free.

    I hope this will help someone solving same problem i just got solved.


     
Loading...