From nobody Wed Jul 10 16:40:31 2024 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WK3WX3lQQz5QlyR for ; Wed, 10 Jul 2024 16:40:40 +0000 (UTC) (envelope-from tim@beachpatt.com) Received: from serendipity35.net (serendipity35.net [167.71.244.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "serendipity35.net", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WK3WW41HYz4dnP for ; Wed, 10 Jul 2024 16:40:39 +0000 (UTC) (envelope-from tim@beachpatt.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=beachpatt.com header.s=mail header.b=jTQBoZRn; dmarc=pass (policy=quarantine) header.from=beachpatt.com; spf=pass (mx1.freebsd.org: domain of tim@beachpatt.com designates 167.71.244.20 as permitted sender) smtp.mailfrom=tim@beachpatt.com Received: from beachpatt.com.com ([50.123.163.179]) by serendipity35.net (8.18.1/8.18.1) with ESMTPS id 46AGeWr3005353 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL) for ; Wed, 10 Jul 2024 12:40:33 -0400 (EDT) (envelope-from tim@beachpatt.com) X-Authentication-Warning: serendipity35.net: Host [50.123.163.179] claimed to be beachpatt.com.com Received: from [192.168.254.154] ([192.168.254.154]) (authenticated bits=0) by beachpatt.com.com (8.18.1/8.18.1) with ESMTPSA id 46AGeVgf019551 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Wed, 10 Jul 2024 12:40:32 -0400 (EDT) (envelope-from tim@beachpatt.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=beachpatt.com; s=mail; t=1720629632; bh=HUpl08Ca5eSNtZnW3R8cERWh+JYmEavZuF8913qQEdE=; h=Date:Subject:To:References:From:In-Reply-To; b=jTQBoZRn1YQyfJOzhFFLGfdB6kyYzTnahRRKw9oklqDmndtjExd9hrnTGYS54F/OK T0Hn1UTKSqrz5oSkkhmK1NWSzW2AWYjsKedPzt2Tjh3VUkCx5Vghdt9tflZBSPvkgx o+aXCfH1VZQOlKU7Yt71MBCSCRmJRruiDaDyMETU= Message-ID: <7cedb66b-5573-4a1a-a318-8aeb6d659786@beachpatt.com> Date: Wed, 10 Jul 2024 12:40:31 -0400 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports@freebsd.org Sender: owner-freebsd-ports@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Using dma for external incoming mail To: ports@freebsd.org References: <202407070814.4678Ebdm011129@nuc.oldach.net> <86y16a6x77.fsf@ltc.des.dev> <8caa7e52-d84e-4e9b-8a24-6deee13764f9@quip.cz> Content-Language: en-US From: TIM KELLERS In-Reply-To: <8caa7e52-d84e-4e9b-8a24-6deee13764f9@quip.cz> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[beachpatt.com,quarantine]; R_DKIM_ALLOW(-0.20)[beachpatt.com:s=mail]; R_SPF_ALLOW(-0.20)[+a:serendipity35.net]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:167.71.240.0/20, country:US]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[ports@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; HAS_XAW(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org]; DKIM_TRACE(0.00)[beachpatt.com:+] X-Rspamd-Queue-Id: 4WK3WW41HYz4dnP On 7/10/24 11:49 AM, Miroslav Lachman wrote: > On 10/07/2024 16:35, bob prohaska wrote: >> >> On Wed, Jul 10, 2024 at 12:02:20AM +0200, Dag-Erling Smørgrav wrote: >>> bob prohaska writes: >>>> It looks like all I need is SPF and TLS, [...] >>> >>> You also need DKIM. >>> >> Going by: https://support.google.com/a/answer/81126?hl=en >> >> If I'm reading right, that requirement applies only to >> senders of more than 5000 mails per day.  I'm sending >> one or two, at most. >> >> Do I misunderstand something >> >> Thanks for writing! > > I maintain a small mail server with about dozen of active domains. > Average traffic is under 50 outgoing messages per day but Gmail refused > messages until I set SPF and DKIM for each domain. If there was ever a > traffic of more than 5000 messages per day it was many years ago due to > hacked sender account sending spam. > So I think it is very easy to be blocked by Gmail. It is not about > domain, but by the IP of the server I think. > > YMMV > > Miroslav Lachman > > > > Miroslav is correct. I have 2 domains hosted by Digital Ocean and one falls into an address range that Gmail rejects and another that Gmail accepts. mxtoolbox.com will check and alert you if your sending domain has any blacklist flags attached to it. UCEPROTECTL3 and UCEPROTECTL2 are the most common and they come from using a non-compliant host. You also have to be careful about using a DHCP address. Gmail may flag email you send even if it is Smarthosted through a compliant static IP mailserver if it detects that the originating address is DHCP. Gmail likes to deliver mail from one of my servers to their Junk/Spam folder, another of my servers gets email delivered fine. I've been through a lot of trial and error making gmail happy. These current sendmail features I'm using (updated 2 days ago) seem to do the trick the best: # sendmail -d0.1 -bv root | grep SASL PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS TLS_EC Tim