Adding DKIM to Postfix

DKIM on Postfix:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

The configuration can be tested by sending an empty email to check-auth@verifier.port25.com and a reply will be received. If everything works correctly you should see DKIM check: pass under Summary of Results.

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
Alternatively, you can send a message to a Gmail address that you control, view the received email’s headers in your Gmail inbox, dkim=pass should be present in the Authentication-Results header field.

Authentication-Results: mx.google.com;
spf=pass (google.com: domain of contact@example.com designates — as permitted sender) smtp.mail=contact@example.com;
dkim=pass header.i=@example.com;

Email Administration for Postfix , Plesk and Qmail

Basics
rDNS (Reverse DNS)

The Reverse DNS for an IP should be set to the EHLO value that is sent in the outgoing mail header. This is generally the HostName of the computer.

This value should also match the outgoing IP address used to send the mail.

On a multi-IP server, if the sending IP does not match the EHLO domain, you may be sending from Postfix. Switching to Qmail may cause the sending IP to match the primary IP on the server, which should correct any mis-matched IP/EHLO issues.

Continue reading Email Administration for Postfix , Plesk and Qmail

DMARC

Amazonon DMARC (http://sesblog.amazon.com/post/Tx22ZELXSSZRYZR/What-is-DMARC-and-should-you-use-it).

This Google article is also helpful: https://support.google.com/a/answer/2466563?hl=en

If you scroll down to the ‘Example records’ section, you’ll see a number of examples on how to write the TXT record. Here’s an example of that record:

_dmarc.advancedmediawebs.com. 3600 IN TXT “v=DMARC1; p=quarantine; pct=5; rua=mailto:mark@domain.com”

Change IP route for Blacklist

Add the clean IP to the server.

Edit the firewall to NAT all connections FROM port 25 to use the new IP.

# iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source NEW.IPA.DDR.ESS
# service iptables save

Ensure that the IP is on eth1
or…

# iptables -t nat -A POSTROUTING -o eth1 -p tcp -j SNAP --dport 25 --to-source 123.45.6.7

SSL for Mail Server Plesk

Normally, checking mail may produce an SSL error for plesk mail services. All clients Outlook, Mac mail, thunderbird, show a a message for ssl certificate. How to fix it.

You would need to purchase a SSL certificate for your servers hostname and set it up so it gets used for the mail service on the server. if you try and use mail.domain.com, it’ll still give an error.

Ref: http://kb.sp.parallels.com/en/1062

Is SpamAssassin Working

Check the header of an email


X-Spam-Status: No, score=0.1
X-Spam-Score: 1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server.domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

You can also add Barracuda RBL to Exim in WHM

For cPanel /home/username/.spamassassin/user_prefs as described:

Other Resources:
http://www.toao.net/566-improving-spamassassin-accuracy-with-statistics

IMAP and POP Email Settings

For a plesk server

IMAP

Incomming server
Server: mail.domain.com
Connection security: none
Authentication: Password, transmitted insecurely
User Name: user@domain.com
Port: 143

Outgoing Server:
Server: mail.domain.com
Connection security: STARTTLS
Authentication: Encrypted password
User Name: user@domain.com
Incomming: Port 587

POP

Incomming server
Server: mail.domain.com
Connection security: STARTTLS
Authentication: Encrypted Password
User Name: user@domain.com
Port: 110

Outgoing Server:
Server: mail.domain.com
Connection security: STARTTLS
Authentication: Normal Password
User Name: user@domain.com
Incomming: Port 587

Clear Mail queue on Postfix or Plesk

How to clear the mailqueue.

Check the mailq:

# /usr/local/psa/admin/bin/mailqueuemng -s

View 5 of the items for a certain domain:

# /usr/local/psa/admin/bin/mailqueuemng -s | grep -C 5 user@domain.com
# /usr/local/psa/admin/bin/mailqueuemng -D"

or

# postsuper -d ALL

If you get a permission error on an older PLesk 9 instance

# /usr/sbin/postsuper -d ALL

To remove specific emails from a domain:

# postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /@domain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -

Or

# mailq | tail -n +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "USER@EXAMPLE.COM" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -

Setting up mail on iPhone/iPad/iOS

Source:

http://www.one.com/en/support/guide/mail/setting-up-mail-on-iphone-ipad-ios

http://support.apple.com/kb/HT4810

If you use a common email provider, your device will load your email settings automatically. If your device doesn’t load these settings and you don’t know them, contact your email provider and ask for this information:

My Email settings
My email address:
My email provider:

Incoming Mail Server Settings
Account type (POP or IMAP): IMAP
Incoming Mail Server: For Incoming Mail Server enter imap.domain.com as Host Name, domain.com being your domain
User Name: Enter your full email address as User Name e.g. name@example.com
Password: Your email password
Incoming server port number: 993
Incoming server supports SSL? (yes or no): On

Outgoing Mail Server Settings
Outgoing mail server: or Outgoing Mail Server enter smtp.domain.com as Host Name.
User name: Enter your full email address as User Name e.g. name@example.com
Password: Your email password
Outgoing server port: In Server Port you should use port 465
Outgoing server supports SSL? (yes or no): On

Spam Check list

Check the mail queue in a plesk server:

# /usr/local/psa/admin/bin/mailqueuemng -s

mail queue is full of spam type messages like this:

Subject: Mr.: 14623c9d 65% off for you!
Sale Sale Sale!! Vigara – 0.54$, Cilias – 1.09$, Levtira – 1.15$.. and more more more… ”

Steps to take:

1. Check the mail queue for suspicious emails that are spam and remove them. Monitor the mail queue to see who is sending email and the content and locate the email account for spam delivery.

To remove all mail from the queue, enter:

# postsuper -d ALL

2. Check the passwords for the email accounts with this command logged in ssh as root:

# /usr/local/psa/admin/bin/mail_auth_view
Change all weak passwords to more secure passwords. (There are many simple email passwords).

3. Check any wordpress and joomla web sites for updates. Make sure all plugins and core software is up to date.

4. Check any forms on websites and ensure that they have captcha enabled so that they cannot be submitted automatically.

Here are some links to assist in installing an email wrapper to see if the sever is sending spam via a script:

If Postfix – http://kb.parallels.com/en/114845

Once the server is verified spam free you can contact us and we can help with any de-listing submissions.

Please let us know if you have any other questions.