Monthly Archives: January 2015

How To Setup EXIM with DKIM and SPF on Multiple WordPress Domains Hosted on a Single Ubuntu 14.04 Server

My goal is to host multiple Wordpress blogs on a single Ubuntu server. This will be for outbound email only. Setting up SMTP for each of my blogs by selecting from a plethora of plugins isn’t a sound solution. With sendmail/postfix and default PHP mail() settings, it isn’t difficult to send mail. However, the problem is that seemingly valid email often times gets marked as spam (e.g., Password Reset). Case in point:
wordpress_email_labelled_as_spam

Gmail’s spam filter is incredibly sophisticated and a bit more stringent than others. Reason being, the sender address can be easily spoofed. However, the originating server can not be forged so easily. Even then, there are further checks to make sure the email isn’t spam.

Capture

From my experience, there a few factors which determine whether an email is going to be marked as spam by Gmail.

  • You need to have a Sender Policy Framework (SPF) and a DomainKeys Identified Email (DKIM) records in your DNS.
    • You could run: dig [domain name] txt to find out any domain’s TXT DNS records.
    • The SPF record determines which servers are allowed to send email.
    • The DKIM record is used to validate the actual email itself. This ensures the message wasn’t tampered with even if it did come from a valid mail server.
    • If both are valid you’ll see something like this (You can see this under “Show Original” from the message pull-down menu):
  1. The “From” email address and name. From what I’ve seen, only valid sender email addresses were able to avoid being marked as spam. So if you setup admin@geekbacon.com but that email address doesn’t actually exist, it will be marked as spam. Same goes for “no-reply” addresses, etc.
    Wordpress Email Options
  2. The content itself. Even emails without subjects could be marked as valid but a suspicious “Subject” could cause the spam filter to trigger. From my experience, the content of the email has a greater weight in determining whether the email is spam or not. Play around with the email templates, fix formatting errors, broken links, etc.

Setting up a SPF DNS Record

This one is straight forward. Create a TXT record “v=spf1 ip:[IP ADDRESS] ~all”

Here is an example from DigitalOcean:

Capture

How To Setup EXIM4 with DKIM

DKIM is included in Exim 4.7+. I’m installing Exim version 4.82 on Ubuntu 14.04.1 LTS, Trusty Tahr.

You need to create a DKIM record: “v=DKIM1; k=rsa; p=[Your public key]”

Here’s another example from DigitalOcean:

Capture

You’ll replace the “p=” section with your own public key without any line breaks.

Now create a new file /etc/exim4/dkim_vhosts. Here you would list out all the virtual hosts and allowed sender addresses in your domains. For example:

Now edit /etc/exim4/conf.d/transport/30_exim4_config_remote_smtp. The entire file should look something like this:

Now restart exim4 (and Apache if you wish):

Now just send a test email from WordPress and it shouldn’t be marked as spam anymore! Lastly, I want to stress that the sender email should be valid, that includes “no-reply” addresses.

Apache 2.4.7 Start Error: apr_sockaddr_info_get() failed on Ubuntu 14.04

This error is usually harmless. Sometimes you don’t require a complex /etc/hosts file that includes all your virtual hosts.

When running:

You might get this error:

A quick solution to this problem:

What Is the Meaning of 127.0.1.1 in the /etc/hosts File for Debian/Ubuntu Servers?

This is related to this bug report: Debian bug #316099

The system hostname should always be resolvable even when the network is down. Basically, some applications still try to resolve a host via 127.0.1.1 so in order to accommodate, it is kept by default on current debian-type distributions.

The general rule of thumb is: If you don’t have a permanent IP address for your host, use 127.0.1.1.

Another approach is discussed here.

How to Add Comodo’s CA Certificate Files on Apache 2

Along with your domain’s SSL certificate, Comodo gives you a few seemingly random files. The SSLCACertificateFile directive is used for client authentication. It’s basically a single file with PEM-encoded CA certificates concatenated together. They are concatenated by order of preference:

cat COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt > mydomain.cer

This particular example was on an Ubuntu 14.04.1 LTS server with Apache 2.4.7.
apache_ssl_configuration

Installing TrueCrypt7.1a for OSX Yosemite

Open the .dmg

You’ll find the .mpkg. Right*click and “Show Package Contents

Open Contents Dir

Open Packages Dir

Install each of the 4 packages in this order:
1. OSXFUSECore.pkg,
2. OSXFUSEMacFUSE.pkg,
3. MacFUSE.pkg,
4. TrueCrypt.pkg

Taken from the source listed below.  They also have other ways of accomplishing the same thing, but I found the way listed above to be the easiest and least technical

Source: https://lazymind.me/2014/10/install-truecrypt-on-mac-osx-yosemite-10-10/