Zend Mail is declared as Ratware - zend-mail

I'm using Zend_mail with SMTP in a wrapper class like this:
//$_config has all required and valid attributes to send a mail successfully.
$tmpconfig = Array('auth' => 'login',
'username' => $this->_config->MAIL_LOGIN,
'password' => $this->_config->MAIL_PASSWORT);
$this->_transport = new Zend_Mail_Transport_Smtp($this->_config->MAIL_SMTP,$tmpconfig);
$this->_mail = new Zend_Mail();
$this->_mail->setFrom($this->_config->MAIL_ADDRESS, $this->_config->MAIL_SENDER_NAME);
...
//$_data has already all required and valid fields and values...
$this->_mail->setBodyText($this->_data['maildata']['BodyText'],'UTF-8','UTF-8');
$this->_mail->setSubject($this->_data['maildata']['Subject']);
$this->_mail->addTo($this->_data['maildata']['RecipientEmail'], $this->_data['maildata']['RecipientName']);
$this->_mail->send($this->_transport);
Scenario 1: I'm sending the Mail with a test account to a proprietary server to a test mailaddress from my testsystem. This mail will be received.
Scenario 2: I'm sending the Mail with another test account to another proprietary server to the same mailaddress, with two test systems. This mail is rejected as ratware. I've already talked to the server administrator, he said that the mail generation is incorrect. There is no valid EHLO greeting: "remote host used our name in HELO/EHLO greeting."
I don't really know if its a problem within the zend_mail class or the test systems.
1st Testsystem: PHP Version 5.3.2-1ubuntu4.14, Apache/2.2.14 (Ubuntu)
2nd Testsystem: PHP Version 5.3.1, Apache/2.2.14 (Unix) (Apache on Mac OS X)

I think your 2nd mail server is configured too strictly, or perhaps it's a problem with how you're configuring Zend_Mail. Zend_Mail works great for me, and I'm using it to send emails to multiple SMTP servers, including the ones at Gmail and also at a popular shared web hosting service.
If you're sending on port 25, I believe many mail servers are more likely to treat your message as Spam. Does your 2nd mail server support sending with alternate ports? Typical alternatives are 465 or 587. Also, have you tried sending via SSL or TLS? These might also help convince that server that your messages are legitimate.

Related

I think I'm missing something: Can't get Rails + Postfix / Sendmail with TLS to work [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 4 years ago.
Improve this question
I'm trying to set up a simple email sender for a Ruby on Rails app. I've installed Postfix and added an SFP record with my DNS server, so the emails do get through spam filters, but I'm wanting to use TLS encryption for the emails as well, and have not found a set-up that works.
Here are some things I've tried:
We have purchased a certificate from GoDaddy. When I tell postfix to use that certificate via:
Postfix configs
# /usr/share/postfix/main.cf
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/my-cert.pem
smtpd_tls_key_file=/etc/ssl/private/my-cert.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/
Rails Configs
# /config/environments/my_env.rb
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
address: 'localhost',
authentication: 'plain',
domain: 'my_domain.com',
enable_starttls_auto: true
}
The error response is hostname "localhost" does not match the server certificate
If I change the address in rails config to the domain of my server, it throws 454 4.7.1 <test_recipient#gmail.com>: Relay access denied.
The thing is, I don't see why SMTP is needed here. I'm sending the mail from the server locally, so no SMTP / authentication is needed. My hunch was that I could tell Rails to use :sendmail directly, but I haven't found a way to get sendmail to use TLS.
I feel like I'm missing something, I just want the message encrypted as it travels from sender to recipient. (I.e. avoid Gmails red unlocked lock) Is there another tool I need that I'm unaware of? (Not interested in third party mail servers like Mandrill, etc).
In your rails config you will have to point it to the real address. Rails is reading the certificate, seeing whatever tld you have in the certificate and comparing it to the address you gave it.
For instance, if you purchased the certificate, and say it's mail.mydomain.com, when rails connects to the postfix server, it checks the certificate. In your rails config, the address of localhost won't match the certificate signing of mail.mydomain.com, so it fails. There are 3 options
Change your rails Smtp config to go to the FQDN (mail.mydomain.com) in the certificate
Make rails ignore certificate issues like this and just accept the certificate blindly
Bypass TLS and only do an unsecure connection, therefor whatever the certificate presents as FQDN doesn't matter
Option 2 is riskier in the long run should the postfix server be compromised, but it's commonly used.
Your main point is to make sure the message transit is encrypted. Can rails use the local system to deliver the mail and drop the mail in the linux message bus? It would never use the network at that point and postfix would handle the encryption past that point.

IBM MQ: Establishing an SSL connection

We're struggling to get IBM MQ to work across SSL.
We've been provided with the certificate chain for the remote host and installed into the Windows Certificate Store (Local Machine). These all look valid.
We're using the following connection properties:
connectionProperties.Add(MQC.SSL_PEER_NAME_PROPERTY, "other-server.com");
connectionProperties.Add(MQC.SSL_CIPHER_SUITE_PROPERTY, "TLS_RSA_WITH_AES_256_CBC_SHA256"); connectionProperties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_AES_256_CBC_SHA256");
connectionProperties.Add(MQC.SSL_CERT_STORE_PROPERTY, "*SYSTEM");
connectionProperties.Add("CertificateLabel", "ibmwebspheremqmywindowsusernamewithoutdomain");
MQEnvironment.SSLCertRevocationCheck = true;
We've established that the "CertificateLabel" is the "Friendly name" in Windows parlance.
We've proven unencrypted communication and network-level configuration.
We're using 8.0.0.7 client.
These are the issues we've come across:
All secure communications fail with a 2538 error. (MQRC_HOST_NOT_AVAILABLE, https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.5.0/com.ibm.mq.tro.doc/q045380_.htm)
No success setting the Friendly Name to ibmwebspheremq and ibmwebspheremqmywindowsusername#domain and ibmwebspheremqmywindowsusernamewithoutdomain
General questions:
Are we correct in assuming that we can install generated certificates exclusively in the Windows Certificate Store?
Is the 2538 error even related to SSL communications? It feels like a network error, though there is that final point in the referenced error documentation.
Is there anywhere we can look for more informative error information? eg. relating to the SSL trust chain to see if there is an issue there?
The issue was the following line:
connectionProperties.Add(MQC.SSL_PEER_NAME_PROPERTY, "otherserver.com");
Turns out that:
It needs it in a canonical format, so DN=, etc.
You don't even need that line
Though we did learn a few things along the way:
The line:
connectionProperties.Add("CertificateLabel", "ibmwebspheremqmyusername");
Is the string ibmwebspheremq plus your Windows username (without your domain) and the label should be set on the Friendly name of your client machine's outgoing certificate NOT including the username.
The various folders inside your Windows certificate store are significant. The intermediate CAs should be correctly filed.

cPanel sent email resulting as SPAM in Google and Outlook

I've been struggling for quite some time with a specific email server setup based on a cPanel. For some reason emails sent out from this specific server are being marked as spam and delivered to spam/junk folders of Gmail and Outlook. Can somebody with bigger experience please have a look at my current configurations and maybe point out any flaws in the setup or give a hint as to what to look for?
IP addresses at disposal: x.x.x.127/27
cPanel installed on: x.x.x.99
Domains added to WHM on x.x.x.99-105
In order not to disclose the domain names, I won't be able to provide exact domain names, sorry.
Emails are being marked as spam when sending from x.x.x.99-105 by either web interface and using email clients.
SPF, DKIM, MX, PTR entries are valid.
Domains and IP addresses is not within blacklist check that mxtoolbox.com website offers.
Mail-tester.com results: 8.1/10, main points off have gone from PYZOR_CHECK (-1.985). The message it provides is:
Similar message reported on Pyzor (http://pyzor.org)
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (http://public.pyzor.org/whitelist/)
Microsoft SNDS does not provide reasons for being marked as spam from what I can see.
Microsoft support does not provide information on how to proceed with issue fixing.
Google Postmaster does not provide reasons for being marked as spam from what I can see.
Google support does not reply on how to proceed with issue fixing.
Software versions:
/etc/redhat-release:CentOS Linux release 7.2.1511 (Core)
/usr/local/cpanel/version:11.58.0.28
/var/cpanel/envtype:standard
CPANEL=release
Server version: Apache/2.4.18 (Unix)
Server built: Jun 10 2016 08:13:27
Cpanel::Easy::Apache v3.32.14 rev9999
PHP 5.5.36 (cli) (built: Jun 10 2016 08:15:50)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
mysql Ver 14.14 Distrib 5.6.31, for Linux (x86_64) using EditLine wrapper
I've completely lost my mind, discovering this... Outlook.com support only sent us a link to the terms and conditions of their service. Google did not respond to a support query at all. I would be glad for any clue on where to search for a solution.
Probably MX records for those domains are not pointing to the main server IP.
This is a common reason for mail being blocked or being marked as spam for most servers.
Check your dns zones for the problematic domains.
If you find :
domain.com. IN MX domain.com.
change it to:
domain.com IN MX mail.domain.com.
AND change the record for mail(domain2.com) this way:
mail.domain.com IN A yourmainserverIPhere
Finally add your main server IP to your SPF records. Wait for a while before checking mail, because DNS changes need a time to be propagated.
Hope this helps.
Note :
Also go through the following link for detailed information
How to Keep your Email out of the Spam Folder

Heroku Intercepting Some Gmail Incoming Messages

I am serving my Rails 3 app on Heroku, my mail through Google, and the domain through Enom. This is for www.challengage.com
This works 95% of the time, however, once in a while, when someone tries to reply to an email I send them, it fails with the below error message because my email, josh#challengage.com, somehow got replaced with josh#herokuapp.challengage.com when they recieved it. I think it has something to do with Mail Delivery Subsystems, but I'm not sure. It also only seems to happen when emailing University professionals.
Error Message:
From: Mail Delivery Subsystem [mailto:MAILER-DAEMON#smtp2.syr.edu]
Sent: Monday, July 15, 2013 2:08 PM
To: David DiMaggio
Subject: Undeliverable: FW: Challengage - Work Team Simulation product for interviewing evaluations
Delivery has failed to these recipients or groups:
paul#challengage.herokuapp.com
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
The following organization rejected your message: challengage.herokuapp.com.
Any ideas?
Thanks everyone.
This is almost certainly because you're using a CNAME for your email records.
Although most email servers will reflect the original domain when sending a message, others will replace it with the domain that's at the end of the CNAME.
This means that instead of sending to someone#challengage.com they send to someone#challengage.herokuapp.com instead.
The mail server sees the request to send to someone#challengage.herokuapp.com and decides that it doesn't look after challengage.herokuapp.com and so from it's perspective the message is rejected.
We used to see this issue with CloudMailin customers and started to recommend that they don't use CNAMES where email is involved and just make use of adding MX records direct to the Apex domain.
With Heroku this poses a problem though as you don't have a single IP that you can use to access their servers. We eventually ended up using Route 53 to host our domain, then adding an SSL endpoint (to get load balancer details) and then adding that load balancer to Route 53's Alias command so that it automatically always gave the correct results. Alternatively you can setup some sort of static IP based system on your apex domain to redirect.

MailMessage & MAIL/EXPN/VRFY/ETRN

I was told that my program was not issuing a MAIL/EXPN/VRFY/ETRN when sending an email by the web hosting company we are connecting to.
Anyone know what this means and how I do it?
I am sending an email with SmtpClient and I have no problems with other clients.
Here is what I was told:
Thanks for the additional info, here
is what I found...
Aug 4 11:16:48 smtp1 sendmail[2729]:
o74GGU5F002729:
xx-xx-xx-xx.static.xxx.mo.charter.com
[xx.xx.xx.xx] did not issue
MAIL/EXPN/VRFY/ETRN during connection
to TLSMTA
Notice the time and the IP address
which is your static from Charter. Now
here is a good connection.
Aug 4 11:18:22 smtp1 sendmail[2745]:
STARTTLS=server,
relay=xx.xx.xx.xx.static.xxx.mo.charter.com [xx.xx.xx.xx], version=TLSv1/SSLv3,
verify=NO, cipher=RC4-MD5,
bits=128/128 Aug 4 11:18:23 smtp1
sendmail[2745]: AUTH=server,
relay=xx.xx.xx.xx.static.stls.mo.charter.com
[xx.xx.xx.xx], authid=ronmid,
mech=LOGIN, bits=0
Since their email program did not
issue MAIL/EXPN/VRFY/ETRN during
connection, my server would not
continue the transaction.
Any suggestions?
Thanks!
You app didn't issue any of those 4 commands after connecting. This could be because the server didn't respond correctly and so your app was waiting for that response until it timed out. You can check this by trying to send an email with a simple telnet connection as described here. After you connect and send the EHLO or HELO command (depending on what the server wants) you should get a 250 response.
If you do get the 250 response with telnet but your app still doesn't work, then maybe it's something in your application that tries to send an incorrect command. Maybe you've setup your application to use SSL or credentials, and the SMTP server don't support that or something similar?