I installed Exim4 on the server, read over a hundred manuals, but the letters are still sent to spam - DKIM does not pass the test.
Ubuntu 16.04, Exim4. Creating keys: Create a folder dkim in which the keys will lie:
sudo mkdir /etc/exim4/dkim Let's go to the created dkim directory:
cd /etc/exim4/dkim Generate a secret key. Repeat this step for each domain name. sudo openssl genrsa -out domain.ru.key 1024 Generate a public key by extracting it from a secret key. Repeat this step for each domain name. (The openssl rsa -in domain.ru.key -pubout > domain.ru.pub did not work, it does not have enough rights even with the ship, it works when I assign the user to the folder I entered, so I used the command below)
sudo openssl rsa -in domain.ru.key -pubout The result will be displayed on the screen, copying the public key for each domain. Set permissions:
sudo chown -R Debian-exim:Debian-exim /etc/exim4/dkim/ sudo chmod 640 /etc/exim4/dkim/* Remember to repeat the process of creating secret and public keys for each of your domain names. Now open /etc/exim4/exim4.conf.template.
sudo nano /etc/exim4/exim4.conf.template Find a section: remote_smtp: Add above this line:
DKIM_DOMAIN = ${lc:${domain:$h_from:}} DKIM_FILE = /etc/exim4/dkim/${lc:${domain:$h_from:}}.key DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} DKIM_SELECTOR = mail DKIM_CANON = relaxed remote_smtp: dkim_domain = DKIM_DOMAIN dkim_selector = DKIM_SELECTOR dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = DKIM_CANON Restart Exim4:
sudo systemctl restart exim4.service We create TXT in DNS records of domains. You need to create a subdomain for DKIM with the mail: mail._domainkey.domain.ru selector. Next, create a TXT record:
v=DKIM1; k=rsa; p=MIGfMA0GCSq... For verification, I am sending an email from the server:
echo "This is a test." | mail -s Testing user@gmail.com Bottom line: all emails get spammed.
Additional command:
exim -bP transports | grep dkim dkim_canon = dkim_domain = ${lc:${domain:$h_from:}} dkim_private_key = ${if exists{/etc/exim4/dkim/${lc:${domain:$h_from:}}.key}{/et c/exim4/dkim/${lc:${domain:$h_from:}}.key}{0}} dkim_selector = mail dkim_sign_headers = dkim_strict = dkim_canon = dkim_domain = dkim_private_key = dkim_selector = dkim_sign_headers = dkim_strict = Gmail spam email:
Delivered-To: user@gmail.com Received: by 10.64.236.15 with SMTP id uq15csp164924iec; Wed, 30 Nov 2016 06:08:13 -0800 (PST) X-Received: by 10.25.211.3 with SMTP id k3mr12464379lfg.133.1480514893134; Wed, 30 Nov 2016 06:08:13 -0800 (PST) Return-Path: <flame@server.domain.com> Received: from server.domain.com (server.domain.com. [123.123.123.123]) by mx.google.com with ESMTPS id j79si31845777lfj.85.2016.11.30.06.08.12 for <user@gmail.com> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Nov 2016 06:08:12 -0800 (PST) Received-SPF: pass (google.com: domain of flame@server.domain.com designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123; Authentication-Results: mx.google.com; dkim=pass header.i=@server.domain.com; spf=pass (google.com: domain of flame@server.domain.com designates 123.123.123.123 as permitted sender) smtp.mailfrom=flame@server.domain.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=server.domain.com; s=mail; h=From:Message-Id:Subject:To:Date; bh=Hy61WwSEndqwKzArKPLZcQPACoRjmbmRdNbnqGWeg+Y=; b=ogOwmorVSs9ulo6v1jAlQ54yjV JNkdOuWkk016K8L3SH8Sr6GRwOSja85uKoNozkMD79H5gkljI5Or53LXXbcOmYfxl/CTcYgqHqN47 6HPJhGeGLGpFFKatrzxj/P9zxr0VrYVf4VYYQ94kZHwjtu4p3rBD/rjQvpiIBSENfEKY=; Received: from flame by server.domain.com with local (Exim 4.86_2) (envelope-from <flame@server.domain.com>) id 1cC5YS-0008TU-2s for user@gmail.com; Wed, 30 Nov 2016 17:08:12 +0300 Date: Wed, 30 Nov 2016 17:08:12 +0300 To: user@gmail.com Subject: Testing User-Agent: s-nail v14.8.6 Message-Id: <E1cC5YS-0008TU-2s@server.domain.com> From: flame@server.domain.com This is a test.P9zxr0VrYVf4VYYQ94kZHwjtu4p3rBD / rjQvpiIBSENfEKY =;Delivered-To: user@gmail.com Received: by 10.64.236.15 with SMTP id uq15csp164924iec; Wed, 30 Nov 2016 06:08:13 -0800 (PST) X-Received: by 10.25.211.3 with SMTP id k3mr12464379lfg.133.1480514893134; Wed, 30 Nov 2016 06:08:13 -0800 (PST) Return-Path: <flame@server.domain.com> Received: from server.domain.com (server.domain.com. [123.123.123.123]) by mx.google.com with ESMTPS id j79si31845777lfj.85.2016.11.30.06.08.12 for <user@gmail.com> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Nov 2016 06:08:12 -0800 (PST) Received-SPF: pass (google.com: domain of flame@server.domain.com designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123; Authentication-Results: mx.google.com; dkim=pass header.i=@server.domain.com; spf=pass (google.com: domain of flame@server.domain.com designates 123.123.123.123 as permitted sender) smtp.mailfrom=flame@server.domain.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=server.domain.com; s=mail; h=From:Message-Id:Subject:To:Date; bh=Hy61WwSEndqwKzArKPLZcQPACoRjmbmRdNbnqGWeg+Y=; b=ogOwmorVSs9ulo6v1jAlQ54yjV JNkdOuWkk016K8L3SH8Sr6GRwOSja85uKoNozkMD79H5gkljI5Or53LXXbcOmYfxl/CTcYgqHqN47 6HPJhGeGLGpFFKatrzxj/P9zxr0VrYVf4VYYQ94kZHwjtu4p3rBD/rjQvpiIBSENfEKY=; Received: from flame by server.domain.com with local (Exim 4.86_2) (envelope-from <flame@server.domain.com>) id 1cC5YS-0008TU-2s for user@gmail.com; Wed, 30 Nov 2016 17:08:12 +0300 Date: Wed, 30 Nov 2016 17:08:12 +0300 To: user@gmail.com Subject: Testing User-Agent: s-nail v14.8.6 Message-Id: <E1cC5YS-0008TU-2s@server.domain.com> From: flame@server.domain.com This is a test.
remote_smtp:(including itsremote_smtp:) are clearly redundant. but in general, of course, first of all, we must look at the headers of the incoming letter. - aleksandr barakin 2:17remote_smtpsections in the configuration file are definitely not needed. and the remaining lines, if you look into the current configuration, are simply unnecessary: all these assignments already exist (in theremote_smtpsection). - aleksandr barakin