Discussion:
[nail-devel] configure mailx to avoid Gmail's spam classification
João M. S. Silva
2016-01-21 01:11:59 UTC
Permalink
Hi,

I'm using Heirloom mailx in a Ubuntu server that I setup with some effort.

I can send the e-mails, and they reach the destination, but seem to
always end up in the spam folder.

This is how I'm sending the e-mails:

echo "body" | mail -s "subject" -r ***@fidelio.pt <destination>

Do I need any special configuration?

Thanks.
--
João M. S. Silva
j***@sdf.org
2016-01-21 16:52:32 UTC
Permalink
Post by João M. S. Silva
I'm using Heirloom mailx in a Ubuntu server that I setup with some effort.
I can send the e-mails, and they reach the destination, but seem to
always end up in the spam folder.
Do I need any special configuration?
Sounds like a gmail issue. Maybe try replying from gmail or simply
whitelist the sent messages (within gmail web interface) to prevent future
miss-categorizing. On the heirloom-mailx end you could set the 'stealthmua'
option which "[i]nhibits the generation of the `Message-Id:' and
`User-Agent:' header fields" but that likely won't change how goog feels
about the sent messages and may even make things worse.

Incidentally, you can use heirloom-mailx with a gmail account. It mostly
works except for changing folders which I've found need the full
***@server/folder path (no "+FOLDER" type changes).

Have fun,
Jeff

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This email has a PGP signature attached; verify
using PGP public key at http://jgw.sdf.org/pgp/
João M. S. Silva
2016-01-22 16:46:48 UTC
Permalink
Post by j***@sdf.org
Sounds like a gmail issue. Maybe try replying from gmail or simply
whitelist the sent messages (within gmail web interface) to prevent future
miss-categorizing. On the heirloom-mailx end you could set the 'stealthmua'
option which "[i]nhibits the generation of the `Message-Id:' and
`User-Agent:' header fields" but that likely won't change how goog feels
about the sent messages and may even make things worse.
We clicked "not spam" many times but it doesn't work. Moreover, we need
this to reach recipients from the first time.

I'll try stealthmua.
Post by j***@sdf.org
Incidentally, you can use heirloom-mailx with a gmail account. It mostly
works except for changing folders which I've found need the full
In fact, I also send e-mail from this machine when a user makes an SVN
commit. This post-commit hook is using sendmail with my Gmail account
credentials. All of these e-mails also go to the spam folder of the
recipient.

Thanks,
João M. S. Silva
Martin Neitzel
2016-01-22 22:57:59 UTC
Permalink
Post by João M. S. Silva
In fact, I also send e-mail from this machine when a user makes an SVN
commit. This post-commit hook is using sendmail with my Gmail account
credentials. All of these e-mails also go to the spam folder of the
recipient.
Joao was so kind to send me a full header of an quarantined commit mail
in a private message. It became clear that Gmail addresses are SPF-
protected, making it inviable to use them on your own server.

Yes, the solution for Joao will be either switch to another sender
address or to establish an authorized outgoing smtp session to
gmail.

None of this is nail related, though. I'm in ongoing contact
with Joao to resolve this at the MTA level.

Martin
Steffen Nurpmeso
2016-01-23 12:09:07 UTC
Permalink
Martin Neitzel <***@gaertner.de> wrote:
|> In fact, I also send e-mail from this machine when a user makes an SVN
|> commit. This post-commit hook is using sendmail with my Gmail account
|> credentials. All of these e-mails also go to the spam folder of the
|> recipient.
|
|Joao was so kind to send me a full header of an quarantined commit mail
|in a private message. It became clear that Gmail addresses are SPF-
|protected, making it inviable to use them on your own server.
|
|Yes, the solution for Joao will be either switch to another sender
|address or to establish an authorized outgoing smtp session to
|gmail.
|
|None of this is nail related, though. I'm in ongoing contact
|with Joao to resolve this at the MTA level.

For sendmail it seems you have to set the use_ct_file option and
create / edit /etc/mail/trusted-users (or whatever you've set
confCT_FILE to). Or you set confTRUSTED_USERS.
I've not yet made it to the exim manual.

--steffen
João M. S. Silva
2016-01-25 19:11:01 UTC
Permalink
Post by Steffen Nurpmeso
For sendmail it seems you have to set the use_ct_file option and
create / edit /etc/mail/trusted-users (or whatever you've set
confCT_FILE to). Or you set confTRUSTED_USERS.
I've not yet made it to the exim manual.
Thanks. I think I'm gonna go with postfix instead. If I come back to
sendmail I'll check this configuration you suggest.

I was "able" to put my sendmail installation not working when I messed
with the configuration.

On the other hand, I configured postfix in another machine and it seems
easier.

I remember seeing a comic strip in which they made fun of how hard it
was to configure sendmail. It was like a homeless man with a board
saying "I configure sendmail for food" or something like that.

João M. S. Silva
Steffen Nurpmeso
2016-01-26 21:14:31 UTC
Permalink
"João M. S. Silva" <***@gmail.com> wrote:
|On 01/23/2016 12:09 PM, Steffen Nurpmeso wrote:
|> For sendmail it seems you have to set the use_ct_file option and
|> create / edit /etc/mail/trusted-users (or whatever you've set
|> confCT_FILE to). Or you set confTRUSTED_USERS.
|> I've not yet made it to the exim manual.
|
|Thanks. I think I'm gonna go with postfix instead. If I come back to
|sendmail I'll check this configuration you suggest.
|
|I was "able" to put my sendmail installation not working when I messed
|with the configuration.
|
|On the other hand, I configured postfix in another machine and it seems
|easier.
|
|I remember seeing a comic strip in which they made fun of how hard it
|was to configure sendmail. It was like a homeless man with a board
|saying "I configure sendmail for food" or something like that.

"You are grazy if you try it a second time" or something. My
problem was solely the documentation. But i've got something
working. The problems that remain i could handle with some nice
firewall rules. But especially iptables' conntrack / recent. And
such :o)
And it seems i'm heading towards exim, i like stuff with a good
manual (though FreeBSD ships something that might be complete in
/usr/share, some spoken context words i personally appreciate) --
the good thing is that there are options. If you are working with
a smart host DMA may be something for you, too. I have no idea
how it works regarding -f, though. :-)
Ciao!

--steffen

João M. S. Silva
2016-01-22 17:17:31 UTC
Permalink
I set:

$ grep stealthmua /etc/nail.rc
set stealthmua

and got:

Message-Id: <***@fidelio.dynamic-dns.net>

User-Agent is missing.

João M. S. Silva
Post by j***@sdf.org
Sounds like a gmail issue. Maybe try replying from gmail or simply
whitelist the sent messages (within gmail web interface) to prevent future
miss-categorizing. On the heirloom-mailx end you could set the 'stealthmua'
option which "[i]nhibits the generation of the `Message-Id:' and
`User-Agent:' header fields" but that likely won't change how goog feels
about the sent messages and may even make things worse.
Steffen Nurpmeso
2016-01-21 18:26:39 UTC
Permalink
Hello.

"João M. S. Silva" <***@gmail.com> wrote:
|I'm using Heirloom mailx in a Ubuntu server that I setup with some effort.
|
|I can send the e-mails, and they reach the destination, but seem to
|always end up in the spam folder.
|
|This is how I'm sending the e-mails:
|
| echo "body" | mail -s "subject" -r ***@fidelio.pt <destination>
|
|Do I need any special configuration?

-r is mapped to the -f flag (talking about the S-nail fork of
Heirloom mailx) of the MTA you use, and, e.g., sendmail says

-f should only be used by ``trusted'' users (normally root,
daemon, and network) or if the person you are trying to become
is the same as the person you are. Otherwise, an
X-Authentication-Warning header will be added to the message.

It is likely that a similar mechanism beats you.

--steffen
Steffen Nurpmeso
2016-01-21 18:38:25 UTC
Permalink
i wrote:
|"João M. S. Silva" <***@gmail.com> wrote:
||I'm using Heirloom mailx in a Ubuntu server that I setup with some effort.
||
||I can send the e-mails, and they reach the destination, but seem to
||always end up in the spam folder.
||
||This is how I'm sending the e-mails:
||
|| echo "body" | mail -s "subject" -r ***@fidelio.pt <destination>
||
||Do I need any special configuration?
|
|-r is mapped to the -f flag (talking about the S-nail fork of
|Heirloom mailx) of the MTA you use, and, e.g., sendmail says
|
| -f should only be used by ``trusted'' users (normally root,
| daemon, and network) or if the person you are trying to become
| is the same as the person you are. Otherwise, an
| X-Authentication-Warning header will be added to the message.
|
|It is likely that a similar mechanism beats you.

That is to say, i've never tried to circumvent such problems over
via MTA, but for direct SMTP (which nail/mailx supports) it is
usually possible to use a *from* setting different from the
identity of your account. The S-nail manual shows examples[1],
and the ArchLinux Wiki does, too[2]. Just like my previous
speaker said, over Gmail it should work.

[1] https://www.sdaoden.eu/code-nail.html#34
[2] https://wiki.archlinux.org/index.php/S-nail

--steffen
João M. S. Silva
2016-01-22 17:04:15 UTC
Permalink
Post by Steffen Nurpmeso
That is to say, i've never tried to circumvent such problems over
via MTA, but for direct SMTP (which nail/mailx supports) it is
usually possible to use a *from* setting different from the
identity of your account. The S-nail manual shows examples[1],
and the ArchLinux Wiki does, too[2]. Just like my previous
speaker said, over Gmail it should work.
[1] https://www.sdaoden.eu/code-nail.html#34
[2] https://wiki.archlinux.org/index.php/S-nail
--steffen
Yes... I can possibly use smtp.fidelio.pt, since we have the domain
registered. Would that change anything, since in that case
snaper###fidelio.pt will be legitimate?

I'm also trying to know if my ISP (Vodafone) provides SMTP service. But
using fidelio.pt would make more sense.

João M. S. Silva
Steffen Nurpmeso
2016-01-23 12:24:06 UTC
Permalink
"João M. S. Silva" <***@gmail.com> wrote:
|On 01/21/2016 06:38 PM, Steffen Nurpmeso wrote:
|> That is to say, i've never tried to circumvent such problems over
|> via MTA, but for direct SMTP (which nail/mailx supports) it is

So, for sendmail the message i've just send should give the
necessary options.

|> usually possible to use a *from* setting different from the
|> identity of your account. The S-nail manual shows examples[1],
|> and the ArchLinux Wiki does, too[2]. Just like my previous
|> speaker said, over Gmail it should work.
|>
|> [1] https://www.sdaoden.eu/code-nail.html#34
|> [2] https://wiki.archlinux.org/index.php/S-nail
|>
|> --steffen
|>
|
|Yes... I can possibly use smtp.fidelio.pt, since we have the domain
|registered. Would that change anything, since in that case
|snaper###fidelio.pt will be legitimate?
|
|I'm also trying to know if my ISP (Vodafone) provides SMTP service. But
|using fidelio.pt would make more sense.

I don't understand? I thought you want to go over Gmail?
I guess around these lines is Heirloom

account gmail {
set smtp-use-starttls
set smtp=smtp://smtp.gmail.com:587
set smtp-auth=login
set smtp-auth-user='''USER'''@gmail.com
set smtp-auth-password='''PASSWORD'''
set from="Your alias of choice abc"
}

and for S-nail you can use

set v15-compat
account gmail {
localopts yes
set from="Your Name <***@examp.ple>"
set smtp=USER:***@smtp.gmXil.com smtp-use-starttls
}

which worked once i've tried it last. Note that USER:PASS have to
be URL-encoded, do the following to convert:

$ s-nail
? urlencode USER
output
? urlencode PASS
ouput
? x

--steffen
João M. S. Silva
2016-01-25 19:16:42 UTC
Permalink
Post by Steffen Nurpmeso
I don't understand? I thought you want to go over Gmail?
I need to go beyond Gmail's spam checks, but not necessarily through
Gmail's SMTP servers.

It makes more sense to use the SMTP server from our registered domain. I
haven't thought of that before.

If we didn't have a registered domain I could also go through Vodafone's
SMTP. I've checked with them, and the clients are allowed to use it.

I've learned a lot with you guys, and now I have more tools to achieve
my goal. I'm doing some experiments. Now it all makes more sense in my head.
Post by Steffen Nurpmeso
I guess around these lines is Heirloom
account gmail {
set smtp-use-starttls
set smtp=smtp://smtp.gmail.com:587
set smtp-auth=login
set smtp-auth-password='''PASSWORD'''
set from="Your alias of choice abc"
}
and for S-nail you can use
set v15-compat
account gmail {
localopts yes
}
which worked once i've tried it last. Note that USER:PASS have to
$ s-nail
? urlencode USER
output
? urlencode PASS
ouput
? x
Thanks.

João M. S. Silva
João M. S. Silva
2016-01-22 16:54:44 UTC
Permalink
Post by Steffen Nurpmeso
-r is mapped to the -f flag (talking about the S-nail fork of
Heirloom mailx) of the MTA you use, and, e.g., sendmail says
-f should only be used by ``trusted'' users (normally root,
daemon, and network) or if the person you are trying to become
is the same as the person you are. Otherwise, an
X-Authentication-Warning header will be added to the message.
It is likely that a similar mechanism beats you.
Yes, I see this in the headers of the e-mails:

1. svn post-commit hook using sendmail and Gmail credentials:

X-Authentication-Warning: ###.dynamic-dns.net: www-data set sender
to joao.m.santos.silva###gmail.com using -f

2. mailx using sendmail:

X-Authentication-Warning: ###.dynamic-dns.net: fidelio set sender
to snaper###fidelio.pt using -r

(obfuscated by me)

João M. S. Silva
Loading...