This may be beyond the scope of some since I mentioned JNOS, but the basics should be the same. I have been running the n2nov.ampr.org JNOS system since the late 90s, but recently any emails that I send to GMAIL and some other services are being rejected. The same happens when any email is sent to me from those same commercial SMTP services. This is all boiling down to the modern SMTP security functions are not part of JNOS. It has been mentioned that I should use the Postfix on the CentOS server that it sits on as it is already servicing various accounts that I maintain for clients and amateur radio groups. If someone else is using this arrangement already, I would like to see how you are doing it and what the limitations are. I believe the Santa Clara group was going to implement something like this a few years ago. Thanks in advance.
-- de N2NOV n2nov@n2nov.ampr.org n2nov@n2nov.#rich.ny.usa.noam
Hi,
It is been several years ago since this was setup in Santa Clara County. Our configuration likely won't be an exact match for your situation. Our postfix config provides SMTP for JNOS and also for non-AMPRnet domains. There is also a lot of customization to deal with security in general and spam specifically.
Feel free to contact me off list at my call @arrl.net and I'll have a look to see if there is anything in our documentation that may be of use to you (and not needing too much whiteout for the confidential stuff). I wasn't involved in the original setup of these servers but I'm now on the team maintaining them.
Thanks Thomas KK6FPP
________________________________ From: 44Net 44net-bounces+leibold=hotmail.com@mailman.ampr.org on behalf of Charles - N2NOV via 44Net 44net@mailman.ampr.org Sent: Sunday, October 10, 2021 7:24 PM To: 44Net general discussion 44net@mailman.ampr.org Cc: n2nov@n2nov.ampr.org n2nov@n2nov.ampr.org Subject: [44net] Setting Up JNOS to Postfix Integration For DKIM/SPF Issues
This may be beyond the scope of some since I mentioned JNOS, but the basics should be the same. I have been running the n2nov.ampr.org JNOS system since the late 90s, but recently any emails that I send to GMAIL and some other services are being rejected. The same happens when any email is sent to me from those same commercial SMTP services. This is all boiling down to the modern SMTP security functions are not part of JNOS. It has been mentioned that I should use the Postfix on the CentOS server that it sits on as it is already servicing various accounts that I maintain for clients and amateur radio groups. If someone else is using this arrangement already, I would like to see how you are doing it and what the limitations are. I believe the Santa Clara group was going to implement something like this a few years ago. Thanks in advance.
-- de N2NOV n2nov@n2nov.ampr.org n2nov@n2nov.#rich.ny.usa.noam _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Please send me in private e-mail an example of the exact error message that you are getting from emails being rejected.
I am part of the Santa Clara County team maintaining the JNOS BBS systems here, and this aspect has been running mostly unchanged for several years now. We are publishing SPF and DKIM records for our ampr.org and "native" hostnames in DNS. I am not aware of any new or recent failure modes.
-andreas -- Andreas Ott K6OTT andreas@naund.org
On Sun, Oct 10, 2021 at 7:27 PM Charles - N2NOV via 44Net < 44net@mailman.ampr.org> wrote:
This may be beyond the scope of some since I mentioned JNOS, but the basics should be the same. I have been running the n2nov.ampr.org JNOS system since the late 90s, but recently any emails that I send to GMAIL and some other services are being rejected. The same happens when any email is sent to me from those same commercial SMTP services. This is all boiling down to the modern SMTP security functions are not part of JNOS. It has been mentioned that I should use the Postfix on the CentOS server that it sits on as it is already servicing various accounts that I maintain for clients and amateur radio groups. If someone else is using this arrangement already, I would like to see how you are doing it and what the limitations are. I believe the Santa Clara group was going to implement something like this a few years ago. Thanks in advance.
-- de N2NOV n2nov@n2nov.ampr.org n2nov@n2nov.#rich.ny.usa.noam
The problem with gmail and many other mail services is that they have an ever expanding list of requirements to accept mail. The most well known are: - your IP does need to have a matching reverse DNS record - you have to setup SPF, DKIM and preferably also DMARC - your IP (or IP range) must not have a "bad reputation" (whatever they define that to be) - your mail must not include certain types of attachments they do not like
And even with all these requirements fulfilled, I have observed many times that gmail accepts a message with a 250 (OK) reply but does still not deliver its to its recipient, especially when it is the first message from me to that recipient. (even when that recipient sent mail to me just before)
As a coordinator I often get mail from people using gmail asking for an allocation, I reply to that mail, and they never receive it. When I re-send exactly the same message, they do receive that. Probably those mails are "suspect spam" (maybe because they mention literal IP addresses) for gmail and they drop them assuming that when it is spam the sender never re-tries, and a human user will.
I am using a VPS to serve my mail, not really related to AMPRnet although it does have an AMPRnet address as well (for my own convenience when accessing it from my network), and it mostly works OK except for that quirk. I do fulfill those requirements listed above, and I do it using sendmail and opendkim (I am an old hat... used sendmail before all those other options became more mainstream). Postfix, exim4 etc should be able to do the same thing. Configure them as a relay to be used by other software (and protected against open relaying), and so that it adds the DKIM signature for your own mail.
Rob
On 10/11/21 4:24 AM, Charles - N2NOV via 44Net wrote:
This may be beyond the scope of some since I mentioned JNOS, but the basics should be the same. I have been running the n2nov.ampr.org JNOS system since the late 90s, but recently any emails that I send to GMAIL and some other services are being rejected.
-
Andreas Ott -
n2nov@n2nov.ampr.org -
Rob PE1CHL -
Thomas Leibold