golang & postfix - email received header is localhost - email

While trying to setup postfix to allow a website to sent password reset emails I've noticed that when sending emails form the command line using
echo "body" | mail -s "subject" test#example.com
the emails arrive just fine and are not marked as spam. However, when sending from withing the sites server, the header is set as being received from localhost and thus is marked as spam.
Received: from example.com (localhost [127.0.0.1])
by example.com (Postfix) with ESMTPS id CE1299C435
for <my_email#gmail.com>; Tue, 2 Aug 2016 05:28:41 +0000 (UTC)
As a note, dkim, spf and dmarc test all list as passed, so they are not the problem.
I have also tried sending an email with the same content using the above echo method and had it arrive fine (although plaintext as I used it as above and didn't add the content type headers).
Initially this was sent using smtp.SendMail
err := smtp.SendMail(hostname + ":25", nil, sender, recipients, []byte(msgstr))
which provides no way to set sending host, so in an attempt to correct this I switched to using a manual dial, sending a HELO message, then starting tls (attempting to start tls before the HELO resulted in a panic saying the HELO had to be the first call)
c, err := smtp.Dial(host + ":25")
if err != nil {
log.Panic(err)
}
if err = c.Hello(host); err != nil {
log.Panic(err)
}
if err = c.StartTLS(config.TLS()); err != nil {
log.Panic(err)
}
This still sends the email successfully, but as before the received header still shows localhost as the origin, I feel I've misunderstood something as I believed that HELO served to identify where the call was coming from.
Your advice and help is appreciated, this is the first time I've tried to configure an MTA and use it like this, there has been a bit of a learning curve that I'm evidently not over yet.

As Juergen Gmeiner suggested in the comments, my problem ended up being caused by a poorly configured /etc/hosts file, such that it wasn't effecting other services.
The existing entry was:
127.0.0.1 localhost example.com
Changing this to:
127.0.0.1 example.com localhost
solved the problem while not breaking the existing services that needed localhost to evaluate properly.
This solution worked for my locally hosted server process, if the same problem occurs with a remote server, and equivalent like would need to be created with the ip and hostname of the remote. i.e.
<remote ip> <hostname>
note: while I tested that this last part by calling from my local development build to our production server and it worked, its not a 100% tested solution.
Thank you all for your help, and I hope that this mistake on my part helps anyone else who makes a similar error in the future.

Related

Why is EXIM not able to verify sender?

Puzzling problem sending emails from one server to another.
Sending from Server-01 pr#example.camp TO Server-02 eman#example.edu.au
Server 02 bounces with sender verify fail for <pr#example.camp>: Unrouteable address
On Server-02 running dig MX example.camp resolves fine with:
;; ANSWER SECTION:
mus.camp. 2869 IN MX 10 server01-aus.emanwebdesign.com.
mus.camp. 2869 IN MX 0 server01-aus.emanwebdesign.com.
;; AUTHORITY SECTION:
mus.camp. 2869 IN NS ns10.domaincontrol.com.
mus.camp. 2869 IN NS ns09.domaincontrol.com.
Also from Server-02 I can telnet into port 25 of mus.camp and verify the existence of the email address (pr#...).
Any clues as to why Exim's sender verify is failing?
Edit
exim -bvs pr#example.camp returns
pr#example.camp failed to verify: Unrouteable address
Worked out the problem was that the mus.camp domain was originally hosted on Server-02 but then moved to Server-01. Server-02 however was still trying to lookup the email address within itself instead of going to Server-01.
To solve the problem I deleted the mail and dns records from Server-02. (using VestaCP).

Connecting to Gmail SMTP via socket returns different responses per server

I am trying to understand why opening a socket to Gmail's server via SSL provides different responses for different servers. This is stopping me from connecting to Gmail for sending out emails.
Below is a very simple script:
<?php
$smtp_connect = fsockopen('ssl://smtp.googlemail.com', 465,
$errno,
$errstr,
300);
var_dump(fgets($smtp_connect, 512));
?>
On server 1 [no ssl cert installed], the output of the above code is: string(57) "220 smtp.googlemail.com ESMTP s89sm726209qkl.44 - gsmtp
"
On server 2 [ssl cert installed], the output of the above code is: string(71) "220-mycompany.pro.com ESMTP Exim 4.87 #1 Wed, 26 Oct 2016 07:42:49 -0400
"
Can anyone explain why this happens, and how can I make server 2 have the same behavior as server 1?
Update: I have also tried smtp.gmail.com, the output is same as using smtp.googlemail.com.
The line you get the the SMTP welcome message. It is perfectly normal that different servers give a different welcome message. It is even normal that the response to commands you send is different. This means that when communicating with an SMTP server you should not assume fixed strings as response but implement proper parsing of SMTP. See the SMTP standard (RFC 2821) for details about this protocol.

Postfix transport: deliver different domains via different relayhosts

Postfix version 2.11.0
What I'm trying to accomplish is to have mail destined for a particular domain to be relayed through SendGrid but all other outgoing mail to be sent from my local server directly. I have this configuration in /etc/postfix/transport:
example.com smtp:[smtp.sendgrid.net]:587
.example.com smtp:[smtp.sendgrid.net]:587
* :
My understanding from all the searches I've done and reading the Postfix docs is that this should work but if I send to any other domain, for example gmail.com it's still getting relayed through SendGrid.
An example from /var/log/mail.log:
Oct 26 16:15:46 myhost postfix/smtp[25783]: A75F0C04F9: to=<PRIVACY_MASKED#gmail.com>, relay=smtp.sendgrid.net[108.168.190.108]:587, delay=11, delays=11/0.02/0.22/0.03, dsn=2.0.0, status=sent (250 Ok: queued as iTwf5zmCQQSgz_I6sVpSSA)
Is there some other configuration I'm missing?
Ok, now I see the error of my ways. In sasl_passwd I had this:
smtp.sendgrid.net USERNAME:PASSWD
But in transport I had this:
example.com smtp:[smtp.sendgrid.com]:587
The difference is .net versus .com.
Changed it to .net and works!

How configure roundcube to work with imaps?

I recently installed Postfix, Dovecot to setup a mail server on my own VPS ( using this tutorial: Email with Postfix, Dovecot, Mysql)
Imaps server uses port 993 for Authentication, and Postfix uses port 25 to send mails.
In this tutorial, users stored in a Database ( so imaps use mysql to authenticate users).
i'm sure every thing works fine with imaps and postfix , because few days ago i installed Kmail client (on my linux) and receive mails from my server. sending mails also works fine, i sent a mail to Gmail and google received it without a problem (in my "Gmail inbox" not spam folder)
So to get to my Emails from a web mail client, i installed Roundcube on /var/www/mail directory.
I configured Roundcube many times. but each time it gives me this Error:
IMAP Error: Login failed for [me#mydomain] from X.x.X.x . Empty
startup greeting (localhost:993) in
/var/www/mm/program/lib/Roundcube/rcube_imap.php on line 184 (POST
/mm/?_task=login?_task=login&_action=login)
When i do log in from roundcube, imap server says ( in /var/log/mail.log ):
May 20 07:05:16 my-server dovecot: imap-login: Disconnected (no auth
attempts): rip=::1, lip=::1, TLS handshaking: Disconnected
Here is my roundcube config file :
$config['db_dsnw'] = 'mysql://roundcubeuser:myPassword#localhost/roundcubemail';
// ----------------------------------
// IMAP
// ----------------------------------
$config['debug_level'] = 13;
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'ssl://localhost';
What's the problem? i really have no idea what is happening !
Thank you.
I'm using postfix + dovecot + roundcube a few months now and it's working for me. In my configuration, postfix rejects plaintext sessions, so roundcube has to connect with ssl - and it's working.
This is from my main.inc.php. I don't remember editing anything here, it's just the initial config created during the installation.
Now that I'm looking at it, default_port doesn't make any sense, I think it's just ignored.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '#' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
$rcmail_config['default_host'] = array("ssl://localhost:993");
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
In case the other answer does not work, this is what worked for me. My config.inc.php now contains:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
NOTE: using tls://localhost did not work for me. I had to specify ssl:// as the URI scheme.
Via PhpMyAdmin, I also ran this SQL command (all my user accounts are on the same machine that runs RoundCube):
UPDATE `rc_users` SET `mail_host`='ssl://localhost'
I got the port number 993 from running sudo netstat -tulnp in order to determine the port on which Dovecot was listening.

Gmail rejects emails. Openspf.net fails the tests.

I've got a problem with Gmail.
It started after one of our trojan infected PCs sent spam for one day from our IP address.
We've fixed the problem, but we got into 3 black lists. We've fixed that, too. But still every time we send an email to Gmail the message is rejected:
So I've checked Google Bulk Sender's guide once again and found an error in our SPF record and fixed it. Google says everything should become fine after some time, but this doesn't happen. 3 weeks already passed but we still can't send emails to Gmail.
Our mail setup is a bit complex, but not too much. We have a domain name delo-company.com, it has it's own mail #delo-company.com (this one is fine, but the problems are with sub-domain name corp.delo-company.com).
Delo-company.com domain has several DNS records fro its subdomain:
corp A 82.209.198.147
corp MX 20 corp.delo-company.com
corp.delo-company.com TXT "v=spf1 ip4:82.209.198.147 ~all"
(I set ~all for testing purposes only, it was -all before that)
These records are for our corporate Exchange 2003 server at 82.209.198.147. Its LAN name is s2.corp.delo-company.com so its HELO/EHLO greetings are also s2.corp.delo-company.com.
To pass EHLO check we've also created some records in delo-company.com's DNS:
s2.corp A 82.209.198.147
s2.corp.delo-company.com TXT "v=spf1 ip4:82.209.198.147 ~all"
As I understand SPF verifications should be passed in this way:
Out server s2 connects to MX of the recepient (Rcp.MX): EHLO s2.corp.delo-company.com
Rcp.MX says Ok, and makes SPF check of HELO/EHLO. It does NSlookup for s2.corp.delo-company.com and gets the above DNS-records. TXT records says that s2.corp.delo-company.com should be only from IP 82.209.198.147. So it should be passed.
Then our s2 server says RCPT FROM: <supruniuk-p#corp.delo-company.com>
Rcp.MX` server checks it, too. The values are the same so they should also be positive.
Maybe there is also a rDNS check, but I'm not sure what is checked HELO or RCPT FROM.
Our PTR record for 82.209.198.147 is:
147.198.209.82.in-addr.arpa. 86400 IN PTR s2.corp.delo-company.com.
To me everything looks fine, but anyway all emails are rejected by Gmail.
So, I've checked MXtoolbox.com - it says everything is fine, I passed http://www.kitterman.com/spf/validate.html Python check, I did 25port.com email test. It's fine, too:
Return-Path: <supruniuk-p#corp.delo-company.com>
Received: from s2.corp.delo-company.com (82.209.198.147) by verifier.port25.com id ha45na11u9cs for <check-auth#verifier.port25.com>; Fri, 2 Mar 2012 13:03:21 -0500 (envelope-from <supruniuk-p#corp.delo-company.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=supruniuk-p#corp.delo-company.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=supruniuk-p#corp.delo-company.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=supruniuk-p#corp.delo-company.com
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CCF89E.BE02A069"
Subject: test
Date: Fri, 2 Mar 2012 21:03:15 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <4C9EB1DB67831A428B2E14052F4A418707E1FF#s2.corp.delo-company.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: Acz4jS34oznvbyFQR4S5rXsNQFvTdg==
From: =?koi8-r?B?89XQ0tXOwMsg8MHXxcw=?= <supruniuk-p#corp.delo-company.com>
To: <check-auth#verifier.port25.com>
I also checked with spf-test#openspf.net, but it FAILs all the time, no matter which SPF records I make:
<s2.corp.delo-company.com #5.7.1 smtp;550 5.7.1 <spf-test#openspf.net>: Recipient address rejected: SPF Tests: Mail-From Result="softfail": Mail From="supruniuk-p#corp.delo-company.com" HELO name="s2.corp.delo-company.com" HELO Result="softfail" Remote IP="82.209.198.147">
I've filled Gmail form twice, but nothing happens.
We do not send spam, only emails for our clients. 2 or 3 times we did mass emails (like New Year Greetings and sales promos) from corp.delo-company.com addresses, but they where all complying to Gmail Bulk Sender's Guide (I mean SPF, Open Relays, Precedence: Bulk and Unsubscribe tags). So, this should be not a problem.
Please, help me. What am I doing wrong?
I've been having serious problems with gmail rejecting legitimate mail. Somewhere I read a suggestion to delete URLs from your signature file. To my amazement, this worked. (My mail client is Eudora, which some of you may dimly remember.)
Hope it helps.
Gmail have now a postmaster tool you can check your domain/ip reputation, spam rate and in the "Authentication" area you can check DKIM/SPF/DMARC works correctly.
https://gmail.com/postmaster/
I recommend to use the CNAME record for authentication, if you are using the default TXT record also on SPF query this entry return.