DKIM u php mailu

142 zhlédnutíWebhosting
0

Dobrý den,

používáme php mail https://webmail.wedos.net/ . Spoustu emailu odeslaných z iris@luciechaya.cz nám u gmailu končí ve spamu. Můžete prosím prověřít, že maily odesílané zmíněným způsobem jsou správně podepsané DKIM?

Pro úplnost přikládám část protokolu testeru:

DKIM check details:
———————————————————-
Result:         none (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25’s PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

==============================================================
Explanation of the possible results (based on RFCs 7601, 7208)
==============================================================

DKIM Results
============

none:  The message was not signed.

pass:  The message was signed, the signature or signatures were
acceptable to the ADMD, and the signature(s) passed verification
tests.

fail:  The message was signed and the signature or signatures were
acceptable to the ADMD, but they failed the verification test(s).

policy:  The message was signed, but some aspect of the signature or
signatures was not acceptable to the ADMD.

neutral:  The message was signed, but the signature or signatures
contained syntax errors or were not otherwise able to be
processed.  This result is also used for other failures not
covered elsewhere in this list.

temperror:  The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a public key.  A later attempt may produce a final
result.

permerror:  The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent.  A
later attempt is unlikely to produce a final result.

SPF Results
===========

none:  Either (a) no syntactically valid DNS domain name was extracted from
the SMTP session that could be used as the one to be authorized, or
(b) no SPF records were retrieved from the DNS.

neutral:  The ADMD has explicitly stated that it is not asserting whether
the IP address is authorized.

pass:  An explicit statement that the client is authorized to inject mail
with the given identity.

fail:  An explicit statement that the client is not authorized to use the
domain in the given identity.

softfail:  A weak statement by the publishing ADMD that the host is probably
not authorized.  It has not published a stronger, more definitive policy
that results in a „fail“.

temperror:  The SPF verifier encountered a transient (generally DNS) error
while performing the check.  A later retry may succeed without further
DNS operator action.

permerror: The domain’s published records could not be correctly interpreted.
This signals an error condition that definitely requires DNS operator
intervention to be resolved.

„iprev“ Results
===============

pass:  The DNS evaluation succeeded, i.e., the „reverse“ and
„forward“ lookup results were returned and were in agreement.

fail:  The DNS evaluation failed.  In particular, the „reverse“ and
„forward“ lookups each produced results, but they were not in
agreement, or the „forward“ query completed but produced no
result, e.g., a DNS RCODE of 3, commonly known as NXDOMAIN, or an
RCODE of 0 (NOERROR) in a reply containing no answers, was
returned.

temperror:  The DNS evaluation could not be completed due to some
error that is likely transient in nature, such as a temporary DNS
error, e.g., a DNS RCODE of 2, commonly known as SERVFAIL, or
other error condition resulted.  A later attempt may produce a
final result.

permerror:  The DNS evaluation could not be completed because no PTR
data are published for the connecting IP address, e.g., a DNS
RCODE of 3, commonly known as NXDOMAIN, or an RCODE of 0 (NOERROR)
in a reply containing no answers, was returned.  This prevented
completion of the evaluation.  A later attempt is unlikely to
produce a final result.

Role: Zákazník
MV270050 Odpověděl na otázku 7. 8. 2022
0
TJ285257 31.45K - WEDOS Internet, a.s. 1 Komentář

Dobrý den,

DKIM podpis je u nás možný jen u e-mailů odeslaných přes funkci PHP mail(). O jakou přesně doménu se prosím jedná?

Role: Podpora
MZ61249 publikoval nový komentář 6. 8. 2022

Řekl bych, že půjde o luciechaya.cz (viz druhá věta tazatele). 🙂

0

Píši to na začátku mého dotazu. Je to doména luciechaya.cz

Role: Zákazník
MV270050 publikoval nový komentář 6. 8. 2022

Dobrý den,
doména DKIM nastavený má, avšak SPF záznam má pro jiného poskytovatele, tedy jej zkuste doplnit i o náš spf záznam viz https://kb.wedos.com/cs/webhosting/e-maily/e-maily-nastaveni-spf-zaznamu/ , nezapomeňte i na ipv6

0

Nastavil jsem SPF dle návodu. Ale je tam asi chyba. Mail chacker mi píše:

This message is an automatic response from Port25’s authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          none
„iprev“ check:      pass
DKIM check:         none

==========================================================
Details:
==========================================================

HELO hostname:  wes1-so2.wedos.net
Source IP:      46.28.106.46
mail-from:      iris@luciechaya.cz

———————————————————-
SPF check details:
———————————————————-
Result:         none (no v=spf1 record published)
ID(s) verified: smtp.mailfrom=iris@luciechaya.cz

DNS record(s):
luciechaya.cz. TXT (no records)

———————————————————-
„iprev“ check details:
———————————————————-
Result:         pass (matches wes1-so2-redir.wedos.net)
ID(s) verified: policy.iprev=46.28.106.46

DNS record(s):
46.106.28.46.in-addr.arpa. 300 IN PTR wes1-so2-redir.wedos.net.
wes1-so2-redir.wedos.net. 300 IN A 46.28.106.46

———————————————————-
DKIM check details:
———————————————————-
Result:         none (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25’s PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

==============================================================
Explanation of the possible results (based on RFCs 7601, 7208)
==============================================================

DKIM Results
============

none:  The message was not signed.

pass:  The message was signed, the signature or signatures were
acceptable to the ADMD, and the signature(s) passed verification
tests.

fail:  The message was signed and the signature or signatures were
acceptable to the ADMD, but they failed the verification test(s).

policy:  The message was signed, but some aspect of the signature or
signatures was not acceptable to the ADMD.

neutral:  The message was signed, but the signature or signatures
contained syntax errors or were not otherwise able to be
processed.  This result is also used for other failures not
covered elsewhere in this list.

temperror:  The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a public key.  A later attempt may produce a final
result.

permerror:  The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent.  A
later attempt is unlikely to produce a final result.

SPF Results
===========

none:  Either (a) no syntactically valid DNS domain name was extracted from
the SMTP session that could be used as the one to be authorized, or
(b) no SPF records were retrieved from the DNS.

neutral:  The ADMD has explicitly stated that it is not asserting whether
the IP address is authorized.

pass:  An explicit statement that the client is authorized to inject mail
with the given identity.

fail:  An explicit statement that the client is not authorized to use the
domain in the given identity.

softfail:  A weak statement by the publishing ADMD that the host is probably
not authorized.  It has not published a stronger, more definitive policy
that results in a „fail“.

temperror:  The SPF verifier encountered a transient (generally DNS) error
while performing the check.  A later retry may succeed without further
DNS operator action.

permerror: The domain’s published records could not be correctly interpreted.
This signals an error condition that definitely requires DNS operator
intervention to be resolved.

„iprev“ Results
===============

pass:  The DNS evaluation succeeded, i.e., the „reverse“ and
„forward“ lookup results were returned and were in agreement.

fail:  The DNS evaluation failed.  In particular, the „reverse“ and
„forward“ lookups each produced results, but they were not in
agreement, or the „forward“ query completed but produced no
result, e.g., a DNS RCODE of 3, commonly known as NXDOMAIN, or an
RCODE of 0 (NOERROR) in a reply containing no answers, was
returned.

temperror:  The DNS evaluation could not be completed due to some
error that is likely transient in nature, such as a temporary DNS
error, e.g., a DNS RCODE of 2, commonly known as SERVFAIL, or
other error condition resulted.  A later attempt may produce a
final result.

permerror:  The DNS evaluation could not be completed because no PTR
data are published for the connecting IP address, e.g., a DNS
RCODE of 3, commonly known as NXDOMAIN, or an RCODE of 0 (NOERROR)
in a reply containing no answers, was returned.  This prevented
completion of the evaluation.  A later attempt is unlikely to
produce a final result.

Role: Zákazník
TJ285257 Změnil status na publikováno 7. 8. 2022
0
TJ285257 31.45K - WEDOS Internet, a.s. 0 Comments

Dobrý den,

v SPF záznamu máte špatně iPv6 adresu, dále odstraňte a ze záznamu, protože A záznam nesměruje na náš webhosting.

V DNS vám koliduje A záznam, kdy A záznam vám směruje jinam a hvězdičkový A záznam také jinam.

DKIM podpis budete mít  jen na e-mailech odeslaných přes funkci PHP mail ().

Role: Podpora
TJ285257 Odpověděl na otázku 7. 8. 2022
0

Jakou iPv6 adresu mám tedy použít ? použil jsem tu, která je v návodu https://kb.wedos.com/cs/webhosting/e-maily/e-maily-nastaveni-spf-zaznamu/  . Stejně tak v tomto návodu je :

<code><strong>Název      TTL    Typ   Data</strong>
(prázdný)  300    TXT   v=spf1 mx a include:_spf.we.wedos.net -all

Mám tedy odstranit a zde u wedosu? Pak je tam ještě jedno a u smartemailingu.</code>
Role: Zákazník
TJ285257 Změnil status na publikováno 7. 8. 2022
0
TJ285257 31.45K - WEDOS Internet, a.s. 0 Comments

Dobrý den,

ta adresa v návodu je jen příklad, musíte uvést adresu vašeho webhostingu, pokud se e-maily posílají přes PHP.

Role: Podpora
TJ285257 Odpověděl na otázku 7. 8. 2022
0

Aha vy myslíte A zaznam. Nenaruší to odesílání emailu přes Smartemailing? Potřebuji odesílat jak přes wedos webmail i přes SM.

Role: Zákazník
TJ285257 Změnil status na publikováno 7. 8. 2022