I've been struggling for quite some time with a specific email server setup based on a cPanel. For some reason emails sent out from this specific server are being marked as spam and delivered to spam/junk folders of Gmail and Outlook. Can somebody with bigger experience please have a look at my current configurations and maybe point out any flaws in the setup or give a hint as to what to look for?
IP addresses at disposal: x.x.x.127/27
cPanel installed on: x.x.x.99
Domains added to WHM on x.x.x.99-105
In order not to disclose the domain names, I won't be able to provide exact domain names, sorry.
Emails are being marked as spam when sending from x.x.x.99-105 by either web interface and using email clients.
SPF, DKIM, MX, PTR entries are valid.
Domains and IP addresses is not within blacklist check that mxtoolbox.com website offers.
Mail-tester.com results: 8.1/10, main points off have gone from PYZOR_CHECK (-1.985). The message it provides is:
Similar message reported on Pyzor (http://pyzor.org)
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (http://public.pyzor.org/whitelist/)
Microsoft SNDS does not provide reasons for being marked as spam from what I can see.
Microsoft support does not provide information on how to proceed with issue fixing.
Google Postmaster does not provide reasons for being marked as spam from what I can see.
Google support does not reply on how to proceed with issue fixing.
Software versions:
/etc/redhat-release:CentOS Linux release 7.2.1511 (Core)
/usr/local/cpanel/version:11.58.0.28
/var/cpanel/envtype:standard
CPANEL=release
Server version: Apache/2.4.18 (Unix)
Server built: Jun 10 2016 08:13:27
Cpanel::Easy::Apache v3.32.14 rev9999
PHP 5.5.36 (cli) (built: Jun 10 2016 08:15:50)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
mysql Ver 14.14 Distrib 5.6.31, for Linux (x86_64) using EditLine wrapper
I've completely lost my mind, discovering this... Outlook.com support only sent us a link to the terms and conditions of their service. Google did not respond to a support query at all. I would be glad for any clue on where to search for a solution.
Probably MX records for those domains are not pointing to the main server IP.
This is a common reason for mail being blocked or being marked as spam for most servers.
Check your dns zones for the problematic domains.
If you find :
domain.com. IN MX domain.com.
change it to:
domain.com IN MX mail.domain.com.
AND change the record for mail(domain2.com) this way:
mail.domain.com IN A yourmainserverIPhere
Finally add your main server IP to your SPF records. Wait for a while before checking mail, because DNS changes need a time to be propagated.
Hope this helps.
Note :
Also go through the following link for detailed information
How to Keep your Email out of the Spam Folder
Related
We've got an older VB .NET (Visual Studio 2013 Community Edition) piece of code that currently communicates with a PLC over UDP for some very rudimentary data transfer.
We are needing tighter coupling between the PLC and the PC now (the PC must be able to set a bunch of parameters, and a Labview program may want to access the PLC directly), so our PLC vendor (B&R) said OPC UA was the way to go.
This seems similar to the question posed here:
OPC-UA client SDK for C#.NET application development
In an introductory seminar to OPC UA, we got compiled versions of the OPC UA client, and if I fire up a PLC simulator, the client can connect to the PLC simulator. Of course, it asks for a name and a password, but a pop-up does show up that says I try to connect, I get a pop-up window for the UA Sample Client that says "Certificate could not be validated: BadCertificateUntrusted"
OK, I don't have a certificate. You click through, and the client continues onwards, and shows a tree of all the elements that have been exposed to OPC UA by the PLC code. All is well.
Now, if I download the full code from the opcfoundation.org site, I can compile the code, but, when going through this same test sequence, after acknowledging that I don't have a valid certificate, another window pops up that says:
EXCEPTION (ServiceResultException)
BadCertificateHostNameInvalid
SERVICE RESULT (BadCertificateHostNameInvalid)
These are both OPC UA 1.02, BTW.
Does something have to be configured elsewhere? I noticed there are a few XML files (Opc.Ua.SampleClient.Config.xml, and Opc.Ua.SampleClient.Endpoints.xml), and I'm wondering if they have to modified to get rid of this stoppage.
I do recall reading that that something won't be OPC UA compliant if you automatically allow this to be OK (of course), so you can't just make this automagically happen, but that's OK with me.
The drawbacks to using the OPC UA code is that it is a bit deep (as noted by user Brino in the original StackOverflow post), and that it requires your own code to be released under GPL, so Unified-Automation looks pretty enticing, since we may not want to release our source code.
Any thoughts on this particular problem?
The warnings and exceptions you're seeing are not likely to do with your certificate, but with the certificate the server is returning.
The BadCertificateHostNameInvalid StatusCode means that either the server's hostname is not present as a SubjectAltName at all in the certificate, or that it doesn't match the hostname you actually used to connect to the server.
If possible, select SecurityPolicy "None" and see if things work the way you expect. Afterwards you can focus on getting the certificate situation sorted out. You may need to set an appropriate hostname in the server and then have it regenerate a certificate that uses the new hostname. You may also need to make sure your client machine can resolve whatever hostname the server is configured to use so that you can connect using that.
The drawbacks to using the OPC UA code is that it is a bit deep (as noted by user Brino in the original StackOverflow post), and that it requires your own code to be released under GPL, so Unified-Automation looks pretty enticing, since we may not want to release our source code.
This is only true if you're not a member of the OPC foundation. If you're a member you're free to use the code without distribution of your source. See the header files for more info, and consult with actual text of the "RCL" license from the foundation.
First of all let me describe my system.
I have a virtual server (Windows Server 2012 R2 with IIS 8.5) with two running systems.
One is for receiving Informations from Devices and the other one is for presenting and combining the users information with the device information.
The two systems are combined by a reference (via VS2012).
Problem:
If I have a look on my website for the system which gives me the user and device information in get an error, so I try to debug it on my own pc.
While debugging I want to access the service to display me all devices and it gives me:
System.ServiceModel.Security.MessageSecurityException
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
I also have a WCF-Tracelog which shows me:
WCF-Tracelog
I'm now facing that problem for days and I was browsing stackoverflow a lot. I guess that it should be a problem with my certificates. At the moment I got a SSL-certificate (received from my university). I also "registered" it to a specified port and added the right bindings in my IIS (IIS 8.5). I am very new to WCF,IIS,SOAP and certificates but I guess my problem is the understanding of the certificates.
Question:
Which certificates do I have to create for my "Server-Website/Client"-System and which do I have to create for my own "Client" and where do I have to copy them (at the moment I'm familiar with the MMC => Snap-In)? And where do I need to keep my SSL-certificate located?
I hope someone faced the same Problem and can help me to fix this soon. Sorry for my bad english and if you need more information let me know!
EDIT:
I fixed my certificate-problem but now i receive 403.4 (SSL is required)
my problem solved, i have enabled "IP Address and Domain Restriction" and i added an "allow" option to this section, thus another ip got that error
I am serving my Rails 3 app on Heroku, my mail through Google, and the domain through Enom. This is for www.challengage.com
This works 95% of the time, however, once in a while, when someone tries to reply to an email I send them, it fails with the below error message because my email, josh#challengage.com, somehow got replaced with josh#herokuapp.challengage.com when they recieved it. I think it has something to do with Mail Delivery Subsystems, but I'm not sure. It also only seems to happen when emailing University professionals.
Error Message:
From: Mail Delivery Subsystem [mailto:MAILER-DAEMON#smtp2.syr.edu]
Sent: Monday, July 15, 2013 2:08 PM
To: David DiMaggio
Subject: Undeliverable: FW: Challengage - Work Team Simulation product for interviewing evaluations
Delivery has failed to these recipients or groups:
paul#challengage.herokuapp.com
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
The following organization rejected your message: challengage.herokuapp.com.
Any ideas?
Thanks everyone.
This is almost certainly because you're using a CNAME for your email records.
Although most email servers will reflect the original domain when sending a message, others will replace it with the domain that's at the end of the CNAME.
This means that instead of sending to someone#challengage.com they send to someone#challengage.herokuapp.com instead.
The mail server sees the request to send to someone#challengage.herokuapp.com and decides that it doesn't look after challengage.herokuapp.com and so from it's perspective the message is rejected.
We used to see this issue with CloudMailin customers and started to recommend that they don't use CNAMES where email is involved and just make use of adding MX records direct to the Apex domain.
With Heroku this poses a problem though as you don't have a single IP that you can use to access their servers. We eventually ended up using Route 53 to host our domain, then adding an SSL endpoint (to get load balancer details) and then adding that load balancer to Route 53's Alias command so that it automatically always gave the correct results. Alternatively you can setup some sort of static IP based system on your apex domain to redirect.
I'm using Zend_mail with SMTP in a wrapper class like this:
//$_config has all required and valid attributes to send a mail successfully.
$tmpconfig = Array('auth' => 'login',
'username' => $this->_config->MAIL_LOGIN,
'password' => $this->_config->MAIL_PASSWORT);
$this->_transport = new Zend_Mail_Transport_Smtp($this->_config->MAIL_SMTP,$tmpconfig);
$this->_mail = new Zend_Mail();
$this->_mail->setFrom($this->_config->MAIL_ADDRESS, $this->_config->MAIL_SENDER_NAME);
...
//$_data has already all required and valid fields and values...
$this->_mail->setBodyText($this->_data['maildata']['BodyText'],'UTF-8','UTF-8');
$this->_mail->setSubject($this->_data['maildata']['Subject']);
$this->_mail->addTo($this->_data['maildata']['RecipientEmail'], $this->_data['maildata']['RecipientName']);
$this->_mail->send($this->_transport);
Scenario 1: I'm sending the Mail with a test account to a proprietary server to a test mailaddress from my testsystem. This mail will be received.
Scenario 2: I'm sending the Mail with another test account to another proprietary server to the same mailaddress, with two test systems. This mail is rejected as ratware. I've already talked to the server administrator, he said that the mail generation is incorrect. There is no valid EHLO greeting: "remote host used our name in HELO/EHLO greeting."
I don't really know if its a problem within the zend_mail class or the test systems.
1st Testsystem: PHP Version 5.3.2-1ubuntu4.14, Apache/2.2.14 (Ubuntu)
2nd Testsystem: PHP Version 5.3.1, Apache/2.2.14 (Unix) (Apache on Mac OS X)
I think your 2nd mail server is configured too strictly, or perhaps it's a problem with how you're configuring Zend_Mail. Zend_Mail works great for me, and I'm using it to send emails to multiple SMTP servers, including the ones at Gmail and also at a popular shared web hosting service.
If you're sending on port 25, I believe many mail servers are more likely to treat your message as Spam. Does your 2nd mail server support sending with alternate ports? Typical alternatives are 465 or 587. Also, have you tried sending via SSL or TLS? These might also help convince that server that your messages are legitimate.
http://www.informit.com/guides/content.aspx?g=dotnet&seqNum=759
>> read http://www.informit.com/guides/content.aspx?g=dotnet&s
eqNum=759
connecting to: www.informit.com
** User Error: HTTP forwarding error: Scheme https for URL htt
ps://memberservices.informit.com/checkLogin.ashx?partner=53&r=
http%3a%2f%...
** Near: read http://www.informit.com/guides/content.aspx?g=do
tnet&seqNum=759
>>
This doesn't happen with Firefox, is it possible to "simulate" firefox ?
The URL is being forwarded to an HTTPS page. Rebol/Core and Rebol/View do not support the HTTPS protocol.
An update. REBOL release 2.7.8 includes many goodies. Secure HTTP included. Forward to and from HTTPS. Many other previously premium utilities now included in the proprietary distribution.
As of December 12, 2012, the release date of open source REBOL/3, things have changed.
http://www.rebol.com/article/0519.html
[fanboy]
But even with REBOL/3 open, REBOL 2.7.8 is a very powerful, polished and productive development system. Free to use. Worthy of inclusion in all personal and office toolkits.
[/fanboy]