search

GaryA / antlog

AntLog event management for AWS-style double-elimination competitions
Other
2 stars 1 forks source link

Outgoing email is signed using DKIM but public key is unavailable #83

Open GaryA opened 6 years ago

GaryA commented 6 years ago

Some mail servers refuse emails from Antlog because the public key is unavailable.

Try http://www.mail-tester.com to diagnose the problem. Possibly more to do with DNS than web iste settings?

GaryA commented 6 years ago

We check if the server you are sending from is authenticated -1 [SPF] garya.org.uk does not allow your server 185.119.172.153 to use antlog@garya.org.uk Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.

You do not have a SPF record, please add the following one to your domain garya.org.uk:

v=spf1 a mx ip4:185.119.172.153 ~all

The Name Server handling the domain name garya.org.uk is ns3.tsohost.co.uk.

Need guidance? View guides for each host.

Verification details:

dig +short TXT garya.org.uk :

dig +short SPF @ns3.tsohost.co.uk. garya.org.uk :

spfquery --scope mfrom --id antlog@garya.org.uk --ip 185.119.172.153 --helo-id host54.servers.prgn.misp.co.uk :

none
garya.org.uk: No applicable sender policy available
garya.org.uk: No applicable sender policy available
Received-SPF: none (garya.org.uk: No applicable sender policy available) receiver=ns303428.ip-94-23-206.eu; identity=mailfrom; envelope-from="antlog@garya.org.uk"; helo=host54.servers.prgn.misp.co.uk; client-ip=185.119.172.153

-1 [Sender ID] garya.org.uk does not allow your server 185.119.172.153 to use antlog@garya.org.uk Sender ID is like SPF, but it checks the FROM address, not the bounce address.

You do not have a SPF record, please add the following one to your domain garya.org.uk:

v=spf1 a mx ip4:185.119.172.153 ~all

The Name Server handling the domain name garya.org.uk is ns2.tsohost.co.uk.

Need guidance? View guides for each host.

Verification details:

dig +short TXT garya.org.uk :

dig +short TXT @ns2.tsohost.co.uk. garya.org.uk :

spfquery --scope mfrom --id antlog@garya.org.uk --ip 185.119.172.153 --helo-id host54.servers.prgn.misp.co.uk :

none
garya.org.uk: No applicable sender policy available
garya.org.uk: No applicable sender policy available
Received-SPF: none (garya.org.uk: No applicable sender policy available) receiver=ns303428.ip-94-23-206.eu; identity=mailfrom; envelope-from="antlog@garya.org.uk"; helo=host54.servers.prgn.misp.co.uk; client-ip=185.119.172.153

-3 Your DKIM signature is not valid DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

The DKIM signature of your message is:

v=1;
a=rsa-sha256;
q=dns/txt;
c=relaxed/relaxed;
d=garya.org.uk;
s=default;
h=Message-ID:Subject:To:From:Date:Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=6j9BnDbiH8PskqY1O0uiCRcKr/P1zvnvbt/XWmJ7GGI=;
b=U24zLJGD19uAXLJztcFrCnpWiESOO01Oouzr5nhIlDinNWP5rf7Hi054zy7q/xJaktU3G+t5uDf+Ec9nLDPEQ0ZqYxt6ltRZJUlMQx6LatNjxQ4fzLv2aJmjhxin5sNuSlyH6XYAqvpfmUD1tdjwc1t0scuCFBWIhZfIGh8da8L+JEgimopZr8VcbLmu2dgLjpKEU3cURW2mDXxdG33BmgaDNbMXRD0RypJCxrpIeuMkVPFpot9vvwKfRAxc0LuEsV1ulNU9FaYH/+vcrznDeIk+UovNEgCbgK47WmCSr2mXi05d91hgQRFOMS45RDrp8RUY9hyQOEXz0+xL9P8NSQ==;

We were not able to retrieve your public key. Please ensure that you inserted your DKIM TXT DNS record on your domain garya.org.uk using the selector default. If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated You do not have a DMARC record A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.

You do not have a DMARC record, please add a TXT record to your domain _dmarc.garya.org.uk with the following value:

v=DMARC1; p=none

Verification details:

mail-tester.com;    dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=garya.org.uk header.i=@garya.org.uk header.b=U24zLJGD;    dkim-atps=neutral
mail-tester.com; dmarc=none header.from=garya.org.uk
From Domain: garya.org.uk
DKIM Domain: garya.org.uk
GaryA commented 6 years ago

DKIM and SPF enabled, wait 12 hours for DNS changes to propagate before re-testing.