Author Topic: mail with php seen as spam  (Read 30877 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
mail with php seen as spam
« on: October 14, 2019, 08:27:55 PM »
Hello everybody

i have a server at home with cwp. www.domain.fr
two dns ns1.domain.fr on this server and ns2.domain.fr on a vps scaleway

i have add new user called progmail (it s me) with domain www.progmail.com.
on this site i use a script for send to user a mail with function mail();

the problem, on gmail the message is delivered but on spam folder. on free, this message doesn't be delivered

my maillog
Code: [Select]
Oct 12 17:09:44 ns1 postfix/pickup[22073]: 0590D4042BD0: uid=1005 from=<progmail>
Oct 12 17:09:44 ns1 postfix/cleanup[22800]: 0590D4042BD0: message-id=<20191012150944.0590D4042BD0@ns1.domaine.fr>
Oct 12 17:09:44 ns1 opendkim[6259]: 0590D4042BD0: DKIM-Signature field added (s=default, d=prog.fr)
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 0590D4042BD0: from=<prog@ns1.domaine.fr>, size=41333, nrcpt=1 (queue active)
Oct 12 17:09:44 ns1 postfix/pickup[22073]: 137B84042BD1: uid=1005 from=<prog>
Oct 12 17:09:44 ns1 postfix/cleanup[22800]: 137B84042BD1: message-id=<20191012150944.137B84042BD1@ns1.domaine.fr>
Oct 12 17:09:44 ns1 opendkim[6259]: 137B84042BD1: DKIM-Signature field added (s=default, d=prog.fr)
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 137B84042BD1: from=<progmail@ns1.domaine.fr>, size=21546, nrcpt=1 (queue active)
Oct 12 17:09:44 ns1 postfix/smtp[25289]: 0590D4042BD0: to=<mail1@free.fr>, relay=mx1.free.fr[212.27.48.6]:25, delay=0.34, delays=0.12/0.03/0.15/0.04, dsn=5.0.0, status=bounced (host mx1.free.fr[212.27.48.6] said: 550 spam detected (in reply to end of DATA command))
Oct 12 17:09:44 ns1 postfix/cleanup[22800]: 4EFF44042BD2: message-id=<20191012150944.4EFF44042BD2@ns1.domaine.fr>
Oct 12 17:09:44 ns1 postfix/bounce[25291]: 0590D4042BD0: sender non-delivery notification: 4EFF44042BD2
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 4EFF44042BD2: from=<>, size=43597, nrcpt=1 (queue active)
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 0590D4042BD0: removed
Oct 12 17:09:44 ns1 postfix/smtp[25290]: 137B84042BD1: to=<mail2@free.fr>, relay=mx1.free.fr[212.27.48.7]:25, delay=0.29, delays=0.08/0.02/0.15/0.04, dsn=5.0.0, status=bounced (host mx1.free.fr[212.27.48.7] said: 550 spam detected (in reply to end of DATA command))
Oct 12 17:09:44 ns1 postfix/local[25138]: 4EFF44042BD2: to=<progmail@ns1.domaine.fr>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 4EFF44042BD2: removed
Oct 12 17:09:44 ns1 postfix/cleanup[22800]: 54BFB4042BD0: message-id=<20191012150944.54BFB4042BD0@ns1.ecoll-hosting.fr>
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 54BFB4042BD0: from=<>, size=23828, nrcpt=1 (queue active)
Oct 12 17:09:44 ns1 postfix/bounce[25291]: 137B84042BD1: sender non-delivery notification: 54BFB4042BD0
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 137B84042BD1: removed
Oct 12 17:09:44 ns1 postfix/local[25138]: 54BFB4042BD0: to=<prog@ns1.domaine.fr>, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Oct 12 17:09:44 ns1 postfix/qmgr[30227]: 54BFB4042BD0: removed
Oct 12 17:09:49 ns1 clamd[25196]: Loaded 6486685 signatures.
Oct 12 17:09:50 ns1 postfix/smtpd[25296]: connect from unknown[46.38.144.202]
Oct 12 17:09:50 ns1 clamd[25196]: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.
Oct 12 17:09:50 ns1 clamd[25299]: Received 0 file descriptor(s) from systemd.
Oct 12 17:09:50 ns1 clamd[25299]: clamd daemon 0.101.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Oct 12 17:09:50 ns1 clamd[25299]: Running as user amavis (UID 989, GID 987)
Oct 12 17:09:50 ns1 clamd[25299]: Log file size limited to 1048576 bytes.
Oct 12 17:09:50 ns1 clamd[25299]: Reading databases from /var/lib/clamav
Oct 12 17:09:50 ns1 clamd[25299]: Not loading PUA signatures.
Oct 12 17:09:50 ns1 clamd[25299]: Bytecode: Security mode set to "TrustSigned".

the mail header
Code: [Select]
Delivered-To: manu@gmail.com
Received: by 2002:a25:d4d:0:0:0:0:0 with SMTP id 74csp5166619ybn;
        Mon, 14 Oct 2019 12:48:19 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwqHw5FDeqBlvaqBICxY/cjBRszASQ6EXoW1YvZtCSdjulNy9gWx8p7M4FR5aCHOakqplKc
X-Received: by 2002:a7b:cf0d:: with SMTP id l13mr15745596wmg.47.1571082498937;
        Mon, 14 Oct 2019 12:48:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571082498; cv=none;
        d=google.com; s=arc-20160816;
        b=x45vG6gGAvv3VhJwdvK87djg5W8a7d0PXP2KIZwnKJTFW+9wmZmN0JOhTkWGM1sKu4
         eIVwfZpjR8JSHsW5ktMzZP2xLc5UDidffp8n8duBymLgMdFFdv7XM1ByKDiuDlZV/Gei
         Vs5hcvv3er89E2jcb1bYgFCXmsirf9pZSkhWvGGDYd5Qb6cr87BPy0vpzwbYhjvIK0Fu
         uvtuIrKlBH80Rp3Mng0J8guF/qwIQgQd2Nl0RsUyV/FxOfDdxP6fmZkun5IX3s2xee1I
         O2oU3wL4Lzyp3lqBmXwhf8nTHMww6DhcQnGdJh4ZRrZrJqleTrB6tRsPbsZY8+ivoLPs
         2jsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=date:message-id:from:reply-to:mime-version:subject:to
         :dkim-signature;
        bh=Eaz82YrQxgJZwD8/ke133C+UdV17Acuzx47a68jsMM0=;
        b=Q0a4+pjRyaJhBPlKW0lYUwYHedFM47JmFe5eE4HXzXaGcm3WzbnJDXl/kvc8rK5DQL
         L0c3jHz6SagUOGYyLVUc/LVoebxoDcO63fA2AhXs22hIb00Jl6UqwXhnt7HZF67X76WY
         8TEjboxHcu5wE84RCCDpkQZ6H0aCD6rvnmEMtELizV2Sb4LznzXVrphyiFWfLVtv5/os
         6ZLI9VRCY2tw3Mf4wV+k56OCuP2ycBzBJjmnYeyjui31LjXZfKm/llPiayaV/4H7+Z/f
         18DuGyRhAtW3F3cxgdTF/DvTZVsgsCCYvg4PSZKExdLcGLp4MDuh7vdvVY5F6KZTSZPD
         AcFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@progmailer.fr header.s=default header.b=BFclW2GM;
       spf=neutral (google.com: 82.64.165.128 is neither permitted nor denied by best guess record for domain of progmail@ns1.domain.fr) smtp.mailfrom=progmail@ns1.domain.fr;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=progmail.com
Return-Path: <progmail@ns1.domain.fr>
Received: from ns1.domain.fr (82-64-165-128.subs.proxad.net. [82.64.165.128])
        by mx.google.com with ESMTPS id x18si19065719wrg.431.2019.10.14.12.48.18
        for <dsecoll@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 14 Oct 2019 12:48:18 -0700 (PDT)
Received-SPF: neutral (google.com: 82.64.165.128 is neither permitted nor denied by best guess record for domain of progmail@ns1.domain.fr) client-ip=82.64.165.128;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@progmailer.fr header.s=default header.b=BFclW2GM;
       spf=neutral (google.com: 82.64.165.128 is neither permitted nor denied by best guess record for domain of progmail@ns1.domain.fr) smtp.mailfrom=progmail@ns1.domain.fr;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=progmail.com
Received: by ns1.ecoll-hosting.fr (Postfix, from userid 1005) id 3879A4042BD0; Mon, 14 Oct 2019 21:48:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=progmail.fr; s=default; t=1571082498; bh=Q+GOwEpPTdcNxIqWMqn8rJGx88WeAV6+/bCyWdZcjJc=; h=To:Subject:Reply-To:From:Date; b=BFclW2GMV8OjuF3BW1E//4rJlWbdcABVNq8kxyAj0vxvgXtKQC/ewrhxm4y1oZ+9V
jnwc8I5EoQu2Dfwz6HcX+r7saOkMm0kAREoSlIHQnkbSoBHahCqx0869Qld38jwXHM
vKvDHSlgHJaL6Cr48CFACou4/Gr2lshlndBArVeY=
To: manu@gmail.com
Subject: Nous avons trouvé quelque chose pour vous ;)
X-PHP-Originating-Script: 1005:scan.php
MIME-Version: 1.0
Content-type: text/html; charset=UTF-8
Reply-To: manu@progmail.com
From: MaNu <manu@progmail.com>
Message-Id: <20191014194818.3879A4042BD0@ns1.domain.fr>
Date: Mon, 14 Oct 2019 21:48:18 +0200 (CEST)

my php script
Code: [Select]
$headers  = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=UTF-8'."\n";
$headers .= 'Reply-To: manu@progmail.com' . "\n";
$headers .= 'From: "MaNu"<manu@progmail.com>' . "\n";

$subject = "Le sujet\r\n";

$message = "code HTML";

mail("email@destinataire.fr", $subject, $message, $headers);

what I realize is that the email is sent under the email progmail@ns1.domain.fr instead of manu@progmail.com
as there are inconsistencies between email addresses then it is either refused or put in the spam folder.
To know that if I comment the reply-to and the from the header of the mail, I receive it correctly.

Someone could help me make this work


Offline
***
Re: mail with php seen as spam
« Reply #1 on: October 16, 2019, 03:30:17 AM »
A simple bet: a relevant line here would be:
Code: [Select]
Received-SPF: neutral (google.com: 82.64.165.128 is neither permitted nor denied by best guess record for domain of progmail@ns1.domain.fr) client-ip=82.64.165.128;

Note, you domain is not set with SPF record, and this could be being classified by google as a low reputation server, hence the spam tag, and spam folder destination.

Regards,
Netino

Offline
*
Re: mail with php seen as spam
« Reply #2 on: October 16, 2019, 06:43:12 PM »
what I can not understand is that if I remove these lines
Code: [Select]
$headers .= 'Reply-To: manu@progmail.com' . "\n";
$headers .= 'From: "MaNu"<manu@progmail.com>' . "\n";

the mail is no longer sent under the address manu@progmail.com but under progmail@ns1.domaine.fr and there the email is no longer considered as spam

Offline
*
Re: mail with php seen as spam
« Reply #3 on: October 18, 2019, 11:28:58 AM »
try to do mail test
http://mail-tester.com/

could be related to dkim/spf/dmarc
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: mail with php seen as spam
« Reply #4 on: October 18, 2019, 07:43:04 PM »
Gmail is strict in handling email, it wants mail sent from an registered domain.

If you setup a server at home, it will send email through your home router connected to your Internet Service Providers IP. That home ip address resolves to for example: dynamic.cable.fr
So no matter what you change on your server at home, the ip / mailhost you are sending from will always resolve to your home IP.
Gmail and other email services does see that there is a mismatch in origin/host - sender to receiver, so mail goes to spam folder.
Even if you could tweak the DNS of your home iSP, Gmail still might reject it, simply because it's a home-ip. They have all those rules in place, to keep us as much as possible spam-free. Without the reverse-dns, dkim etc everybody could run a mail server and a lot of people would not do run it in a safe way.. leaving their mailservers open for hackers etc.

If you want to run a server with mail etc, I would go out and get a cheap vps, register for a few euro a domain. Important here is that the hosting company allows you to set your own DNS and Nameservers.
This way you can run and experiment with a full fledge server hooked on to the web, with all goodies you can think of imagine doing with it :-)
For a VPS you could take a look at the GCP, (Google Cloud Platform) they allow you to try their service out for free. But you have to figure out everything yourself, by documentation or forums. The good thing is, in your free trial you can mess up, reboot, re-install pretty much as often as you want, till you have things working, since they won't bill you. Is the VPS / Server not working anymore? Delete it from your project page, create a new one and of you go again :)

One downside to GCP they have the standard port for email 25 blocked. Internal and External  You can setup a mailserver by using different ports, but keep that also in mind.