I'm trying to set up sending emails with SMTP on my VPS running Ubuntu 18.04.
I'm using postfix, nodemailer.
When I send from an [email protected], to a gmail account, it gets stuck in the gmail spam folder. I got a score of 6.8 on www.mail-tester.com, with these deductions:
-1.274 RDNS_NONE Delivered to internal network by a host with no rDNS
This may indicate you do not have a rDNS configured for your hostname or the rDNS does not match your sending IP
-0.896 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
softfail
Your message is not signed with DKIM
I think my TXT record is correct:
"v=spf1 ip4:[removed-server-ip] include:_spf.mail.hostinger.com ~all"
/etc/postfix/main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = [removed-domain-name].com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost.[removed-domain-name].com, [removed-domain-name].com, [removed-domain-name]$
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service unix:private/policyd-spf
nodemailer method:
"use strict";
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({
sendmail: true,
newline: 'unix',
path: '/usr/sbin/sendmail',
secure: true,
})
let info = await transporter.sendMail({
from: '"[removed-domain-name].com" <no-reply@[removed-domain-name].com>', // sender address
to: req.body.to, // list of receivers
subject: "Hello", // Subject line
text: req.body.message, // plain text body
html: req.body.message, // html body
});
Best Answer
Configure your reverse DNS. Add a PTR entry linking your IP to your MX server name
Ensure that myhostname in main.cf is set to your MX server name. This is probably be the cause of your HELO mismatch.
You can set your SPF to "v=spf1 a mx include:_spf.mail.hostinger.com ~all" to automatically accept your MX as senders, but it should be ok with ip.
Register your domain to Google to improve deliverability : https://support.google.com/a/answer/9649569?hl=en
Definitely use DKIM :
opendkim
Install opendkim.
Configure
Edit /etc/opendkim.conf :
sv
mode to sign and verify incoming emails (you may not need the verify mode)Create the keys
Parameter
-s
is called selector,-d
is the domain.Edit /etc/opendkim/SigningTable and add a pair of domain/selector :
*@example.com mail._domainkey.example.com.
Edit /etc/opendkim/KeyTable and add a pair of selector/key :
mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
Edit /etc/opendkim/TrustedHosts and insert
DNS
You need to add your public key into your DNS. You'll find the key in /etc/opendkim/keys/xxx.yy/mail.txt
Create a TXT field :
mail._domainkey.example.com 10800 TXT "v=DKIM1; k=rsa; p=very_long_key"
postfix
You have to make postfix aware about opendkim, to make him sign the keys.
Get the connect method for opendkim in its configuration. Should be something like
inet:8891@localhost
, and add it as a filter in main.cf :Finalize
Restart (eventually enable) opendkim and then postfix. Check the key in your DNS with
opendkim-testkey -d example.com -s mail -vvv
Check with mail-tester.com. Check in /var/log/maillog that each sent email add a line
DKIM-Signature field added