Google marks seemingly perfect emails as spam [closed] - apache

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
First post, have found many answers here, so hopes are high.
The problem: Google marks seemingly correctly formatted emails from my apache/postfix server as spam. Sample email as follows;
(I have replaced my domain with mydomain.com.au and the IP with a pretend IP)
Delivered-To: my.email#gmail.com
Received: by 10.150.216.21 with SMTP id o21cs22383ybg;
Fri, 26 Feb 2010 23:11:55 -0800 (PST)
Received: by 10.231.152.75 with SMTP id f11mr1470919ibw.50.1267254715619;
Fri, 26 Feb 2010 23:11:55 -0800 (PST)
Return-Path: <apache#mydomain.com.au>
Received: from mydomain.com.au (mydomain.com.au [80.107.158.80])
by mx.google.com with ESMTP id 29si1651619iwn.31.2010.02.26.23.11.54;
Fri, 26 Feb 2010 23:11:55 -0800 (PST)
Received-SPF: pass (google.com: domain of apache#mydomain.com.au designates 80.107.158.80 as permitted sender) client-ip=80.107.158.80;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of apache#mydomain.com.au designates 80.107.158.80 as permitted sender) smtp.mail=apache#mydomain.com.au
Received: by mydomain.com.au (Postfix, from userid 48)
id ACB735030340; Sat, 27 Feb 2010 18:11:53 +1100 (EST)
To: my.email#gmail.com
Subject: Quote for David Brent (00125512123)
From: quotes#mydomain.com.au
Reply-To: quotes#mydomain.com.au
X-Mailer: PHP/5.2.10
Message-Id: <20100227071153.ACB735030340#mydomain.com.au>
Date: Sat, 27 Feb 2010 18:11:53 +1100 (EST)
Name: David Brent
Mobile: 00125512123
Phone:
Email: my.email#gmail.com
Date: 2010-20-21
Time: 21:00
Location: Syd
Eventype: Musicians
Message: Yep, this should work!!!!
how did you hear about us: Newspaper
I have tried sending it to non-google emails, and they arrive fine.
I have tried posting to several different google accounts, all end up as spam.
Mydomain.com.au uses Google Apps as email provider.
I have added "v=spf1 a mx ~all" as TXT in my NS.
I used http://remote.12dt.com/ to check reverse DNS and the IP seems to be resolving back to the domain name just fine.
The headers seem fine, and the SPF look up seems to pass (?).. Any ideas?
Kind regards

It is not that simple. If all you had to do was provide SPF and an RFC-compliant message, every spammer in the world could get past such a filter.
This could be due to sender reputation, i.e. apache#mydomain.com.au may have sent spam messages before, or 80.107.158.80 may be previously unknown to Google. Google knows that a new sender suddenly popping up from a previously unknown IP is possibly a hacked server or part of a botnet.

Related

DKIM: fail (body hash did not verify) but DMARC: pass

I received an email (using Office365) which had the following:
spf=pass
dkim=fail (body hash did not verify)
dmarc=pass action=none
compauth=pass reason=100
Should DMARC not fail when DKIM fails or?
Part of mail header (redacted):
Authentication-Results: spf=pass (sender IP is 185.XXX.XXX.XXX)
smtp.mailfrom=xxxxx.com; yyyyy.com; dkim=fail (body hash did not verify)
header.d=xxxxx.com;yyyyy.com; dmarc=pass action=none
header.from=xxxxx.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of xxxxx.com designates
185.XXX.XXX.XXX as permitted sender) receiver=protection.outlook.com;
client-ip=185.XXX.XXX.XXX; helo=xxxxx.com;
Received: xxxxx.com (185.XXX.XXX.XXX) by
XXXXT057.mail.protection.outlook.com (10.152.5.104) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3370.16 via Frontend Transport; Tue, 15 Sep 2020 09:28:04 +0000
Received: from [10.244.53.49] (unknown [62.xxx.xxx.xxx])
(Authenticated sender: johndoe#xxxxx.com)
by xxxxx.com (Postfix) with ESMTPSA id 958xxxxxx
for <janedoe#yyyyy.com>; Tue, 15 Sep 2020 09:27:59 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 xxxxx.com 95811831E7
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxx.com;
s=default; t=1600162079;
bh=nuM3cWrinDLZjraJCy30WYG0ePetEpsDwkYbe7tHCOs=;
h=Date:Subject:From:To:From;
b=jJZ91ejcq4Tu3xV+PtcT1/pgwHbUXQRxFLbilFKFiYTnBi1Zn31vzAHbPe4o40HM0
gi+7F9TdBu47MhNwTFIvY94M+uSx1U4B9Ci9hTSDwEaDGazONyB8ER1fFmD7LPRMvV
oXdTEACywQrrYPPb15RkSUNg6m8+6AJjdMgDrRDU=
Short answer:
No, DMARC fails if and only if:
SPF or SPF Alignment has failed, and
DKIM or DKIM Alignment has failed
If only one of them fails and the other passes, DMARC will pass.
Some more details around DMARC failures and the protocol in general:
An important detail to keep in mind from the perspective of DMARC is that a failure for SPF or DKIM can mean 2 things:
The underlying SPF or DKIM authentication has failed, or
The underlying SPF or DKIM alignment has failed.
Authentication is probably clear since it is related to the underlying protocols themselves.
Alignment is an additional feature introduced by DMARC, which checks if the domains used for the SPF/DKIM authentication are in alignment with the domain portion of the RFC5322.From domain (which is the domain portion of the sender's email address, e.g. senderxyz#domain.com).
A successful SPF/DKIM alignment implies that the domains are either identical or that the SPF/DKIM domain is a subdomain of the RFC5321.From domain. This is called a strict or relaxed alignment respectively, and can be controlled via the aspf and adkim tags in your DMARC Record.

How can I configure CloudFront so it costs me a bit less?

I have a very static site, basically HTML and some Javascript on S3. I serve this through Cloudfront. My usage has gone up a bit plus one of my Javascript files is pretty large.
So what can I do to cut down the costs of serving those files? they need have very good uptime as it has thousands of active users all over the world.
This is the usage for yesterday:
Looking at other questions about this it seems like changing headers can help but I thought I already had caching enabled. This is what curl returns if I get one of those files:
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< content-type: text/html
< content-length: 2246
< date: Fri, 03 Apr 2020 20:28:47 GMT
< last-modified: Fri, 03 Apr 2020 15:21:11 GMT
< x-amz-version-id: some string
< etag: "83df2032241b5be7b4c337f0857095fc"
< server: AmazonS3
< x-cache: Miss from cloudfront
< via: 1.1 somestring.cloudfront.net (CloudFront)
< x-amz-cf-pop: some string
< x-amz-cf-id: some string
This is what the cache is configured as on CloudFront:
This is what S3 says when I use curl to query the file:
< HTTP/1.1 200 OK
< x-amz-id-2: some string
< x-amz-request-id: some string
< Date: Fri, 03 Apr 2020 20:27:22 GMT
< x-amz-replication-status: COMPLETED
< Last-Modified: Fri, 03 Apr 2020 15:21:11 GMT
< ETag: "83df2032241b5be7b4c337f0857095fc"
< x-amz-version-id: some string
< Accept-Ranges: bytes
< Content-Type: text/html
< Content-Length: 2246
< Server: AmazonS3
So what can I do? I don't often update the files and when I do I don't mind if it takes a day or two for the change to propagate.
Thanks.
If your goal is to reduce CloudFront costs, then it's worth reviewing how it is charged:
Regional Data Transfer Out to Internet (per GB): From $0.085 to $0.170 (depending upon location of your users)
Regional Data Transfer Out to Origin (per GB): From $0.020 to $0.160 (data going back to your application)
Request Pricing for All HTTP Methods (per 10,000): From $0.0075 to $0.0090
Compare that to Amazon S3:
GET Requests: $0.0004 per 1000
Data Transfer: $0.09 per GB (Also applies for traffic coming from Amazon EC2 instances)
Therefore, some options for you to save money are:
Choose a lower Price Class that restricts which regions send traffic "out". For example, Price Class 100 only sends traffic from USA and Europe, which has lower Data Transfer costs. This will reduce Data Transfer costs for other locations, but will give them a lower quality of service (higher latency).
Stop using CloudFront and serve content directly from S3 and EC2. This will save a bit on requests (about half the price), but Data Transfer would be a similar cost to Price Class 100.
Increase the caching duration for your objects. However, the report is showing 99.9%+ hit rates, so this won't help much.
Configure the objects to persist longer in user's browsers so less requests are made. However, this only works for "repeat traffic" and might not help much. It depends on app usage. (I'm not familiar with this part. It might not work in conjunction with CloudFront. Hopefully other readers can comment.)
Typically, mosts costs are related to the volume of traffic. If you app is popular, those Data Transfer costs will go up.
Take a look at your bills and try to determine which component is leading to most of the costs. Then, it's a trade-off between service to your customers and costs to you. Changing the Price Class might be the best option for now.

Pig script new record

I am working on following mail data in a file.. (data source:infochimps)
Message-ID: <33025919.1075857594206.JavaMail.evans#thyme>
Date: Wed, 13 Dec 2000 13:09:00 -0800 (PST)
From: john.arnold#enron.com
To: slafontaine#globalp.com
Subject: re:spreads
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-From: John Arnold
X-To: slafontaine#globalp.com # ENRON
X-cc:
X-bcc:
X-Folder: \John_Arnold_Dec2000\Notes Folders\'sent mail
X-Origin: Arnold-J
X-FileName: Jarnold.nsf
saw a lot of the bulls sell summer against length in front to mitigate
margins/absolute position limits/var. as these guys are taking off the
front, they are also buying back summer. el paso large buyer of next winter
today taking off spreads. certainly a reason why the spreads were so strong
on the way up and such a piece now. really the only one left with any risk
premium built in is h/j now. it was trading equivalent of 180 on access,
down 40+ from this morning. certainly if we are entering a period of bearish
................]
I am loading above data as:-
A = load '/root/test/enron_mail/maildir/*/*/*' using PigStorage(':') as (f1:chararray,f2:chararray);
but for the message body I am getting separate tuples as message body includes new lines..
how to consolidate last lines into one ?
I want below part in single tuple as:
saw a lot of the bulls sell summer against length in front to mitigate
margins/absolute position limits/var. as these guys are taking off the
front, they are also buying back summer. el paso large buyer of next winter
today taking off spreads. certainly a reason why the spreads were so strong
on the way up and such a piece now. really the only one left with any risk
premium built in is h/j now. it was trading equivalent of 180 on access,
down 40+ from this morning. certainly if we are entering a period of bearish

SPF = Hotmail : Pass / Gmail : Fail

I have a problem with my hmailserver and DNS configuration. I've done some research like always but couldn't find a solution.
My problem is, I'm sending mail from the same configuration with the same content. I'm just testing my SMTP with some random content.
Here are my headers
Hotmail (GOING TO SPAM) :
x-store-info:4r51+eLowCe79NzwdU2kRyU+pBy2R9QCP2v0IhDR+nDcjJhExUZYgyI5gvwWZJm3B9+zhp1b8g9rWgPTcyugiNy5RNAKdzcQ85c68teICR4NR4jawKrGyam4AxeWgzfI4kCCw0YhWHc=
Authentication-Results: hotmail.com; spf=pass (sender IP is 213.xxx.77.226) smtp.mailfrom=newsletter#bulten.mywebpage.com; dkim=pass header.d=bulten.mywebpage.com; x-hmca=pass header.id=newsletter#bulten.mywebpage.com
X-SID-PRA: newsletter#bulten.mywebpage.com
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: M98loaK0Lo27IVRxloyPISH/oVyrdG4nMrQ10tOoOAh+4yXzzinDYnrCEwQMhKw5Kbg20/W+pSaAgRNb6qx3ZAIS4jQ8o1SuT0gLmEqUYP5WkN/qCGlIwYTMVcAEJWElUKKFHOe6+xDjYXG7bZTx832DICnQ8i2eplRpU0YjHv0=
Received: from bulten.mywebpage.com ([213.xxx.77.226]) by BAY0-MC2-F20.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Sun, 12 May 2013 06:11:06 -0700
dkim-signature: v=1; a=rsa-sha1; d=bulten.mywebpage.com; s=1368316485.mywebpage;
c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=jFvLWT7EYZtAdGQ7lvPhguutUpw=;
b=ntkQpaORlFsM79gFqd8WLhfuGb+nKHWSc3Iuonq6CM7A+W1xO32p+6pOxnpgMqK6/GkVnNFbBrU44NAw5hpffvon/VKcRj1S4hBl9BrfryKKAMdjHw6UvH6MwT5KE/zTzzdm66EpLzfoK6ytwPar67KArvsE1JbcUgYm/RglRGU=
Received: from bulten.mywebpage.com ([213.xxx.77.226])
by bulten.mywebpage.com
; Sun, 12 May 2013 16:11:02 +0300
mywebpage
Gmail (GOING TO SPAM)
Delivered-To: webmaster#mywebpage.com Received: by 10.76.101.68 with SMTP id fe4csp131929oab;
Sun, 12 May 2013 06:12:01 -0700 (PDT) X-Received: by 10.14.221.67 with SMTP id q43mr20043754eep.1.1368364321268;
Sun, 12 May 2013 06:12:01 -0700 (PDT) Return-Path: <newsletter#bulten.mywebpage.com> Received: from bulten.mywebpage.com ([213.xxx.77.226])
by mx.google.com with SMTP id z48si11728661een.205.2013.05.12.06.12.00
for <webmaster#mywebpage.com>;
Sun, 12 May 2013 06:12:01 -0700 (PDT) Received-SPF: fail (google.com: domain of newsletter#bulten.mywebpage.com does not designate 213.xxx.77.226 as permitted sender) client-ip=213.xxx.77.226; Authentication-Results: mx.google.com;
spf=hardfail (google.com: domain of newsletter#bulten.mywebpage.com does not designate 213.xxx.77.226 as permitted sender) smtp.mail=newsletter#bulten.mywebpage.com;
dkim=neutral (no signature) header.i=#bulten.mywebpage.com dkim-signature: v=1; a=rsa-sha1; d=bulten.mywebpage.com; s=1368316485.mywebpage; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=jFvLWT7EYZtAdGQ7lvPhguutUpw=; b=NaPGwJqhXuvi4oXzwD5Ldr3I1ZqIhF8V6Q/SB7n5lbdklqNdW1IUXAJ5m0ndjOAz2xaBMhfte2PvL3aQdVRQDuLY2YDXBReznz20UCkAA6xUj0Lyvb0wrjhZgeOBIuOWrU0l+siM12fLVDAulPOKZ5s1R0RKAbJ+Leq3Lb8W76o= Received: from bulten.mywebpage.com ([213.xxx.77.226]) by bulten.mywebpage.com ; Sun, 12 May 2013 16:11:57 +0300
Can anyone help me in anyway? I'm about to lose it. It's my first SMTP server configuration and I know I'm missing something.
This is the key:
Received-SPF: fail (google.com: domain of newsletter#bulten.mywebpage.com does not designate 213.xxx.77.226 as permitted sender)
There should be text record in the DNS of bulten.mywebpage.com in spf format that points to the mail server sending out the mail, something like this:
v=spf1 mx mx:mailserverdomain.com

Rally: Reopened Defects Report

I am working on creating a report which contains "Defect ID, Defect Name, Creation Date and current state" of the reopened defects. This means all defects that had the state of reopened at some point during the defect cycle, the only way to find if the defect has ever been in reopened state is from the defects revision history.
There isn't any report in Rally that currently supports this. If anyone can help us on how to create one or give us an similar example that would be great.
If you hit the new Lookback API (unreleased when Kyle first answered, now in open preview), you can query directly for snapshots (revisions) where the State was ever set to a value "Reopened". Alternatively, you can look for any instance where OpenedDate changed by querying for "_PreviousValues.OpenedDate": {$exists: true}.
You can find information on the LBAPI here. There is support for querying it in the App SDK 2.0's SnapshotStore. Note that SDK 2.0p6 (releasing soon) has some improvements.
I would use the Defects by Closer App as a starting point. It performs a similar function by searching through the revision history for who closed a defect. You should be able to modify is slightly to search the revision text for "OPENED DATE changed" rather than "CLOSED DATE added":
for (j = 0; j < defect.RevisionHistory.Revisions.length; j++) {
var revision = defect.RevisionHistory.Revisions[j];
if (revision.Description.search("OPENED DATE changed") !== -1) {
//Found a reopened defect
}
}
For reference here is an example revision history entry from a reopened defect:
OPENED DATE changed from [Fri Jan 27 07:50:36 EST 2012] to [Fri Jan 27 07:51:00 EST 2012], STATE changed from [Closed] to [Open], CLOSED DATE removed [Fri Jan 27 07:50:50 EST 2012]
For more information on writing apps check out the App SDK documentation on Rally's Developer Portal.
NOTE: You can view the source code for Defects by Closer app here