My first question on here...
I have a VPS which I have a few small websites on and also run my email services, every now and then I see messages in my mail queue that I did not send.
Firstly my setup:
Ubuntu 12.04
Latest Plesk Panel
qMail SMTP Server
Courier-imap
Using the Plesk panel I have set up qmail to not act as an open relay, and must use SMTP authentication to send to remote accounts, also short mailbox names are not allowed only the full account names.
Today I received bounced messages, upon checking my mail queue I have found again emails in there with multiple recipients that I have not sent.
These are not being sent by a script on my server as I would see different header information with uid 33 being specified, instead I see invoked from network in the mail header, an example below...
Received: (qmail 17710 invoked from network); 2 Feb 2016 11:34:10 +0000
Received: from unknown (HELO mx1.variationdesign.co.uk) (182.190.250.238)
by lvps212-67-205-193.vps.webfusion.co.uk with ESMTPA;
2 Feb 2016 11:34:09 +0000
From: Merel de Bruin - Van de Beek <seth#variationdesign.co.uk>
Content-Type: multipart/alternative;
boundary=Apple-Mail-29D34A60-FB4E-38B5-1BBF-7DDE23285FD2
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Subject: Re(4): Surprise
Message-Id: <91925fdeae7d$78ac5f73$dfad0a17$#variationdesign.co.uk>
Date: Mon, 2 Feb 2016 12:33:59 +0000
To: "sanderdejong" <sanderdejong#hotmail.com>,
"Sanne van Roon" <sannevanroon#hotmail.com>,
"Sarah Dormaar" <sarahdormaar#hotmail.com>,
"Sarah Tempelaar" <bordeaux84#hotmail.com>, "saskia middel" <s.middel#jvo.nl>,
"Saskia Roovers" <matrixspijkertje#hotmail.com>,
"sinta sinta ss" <sinta_sinta_ss#hotmail.com>,
"Sinta de Wildt" <sinta_de_wildt#hotmail.com>,
"skizonespijkertje" <skizonespijkertje#hotmail.com>,
"spijkertje matrix" <spijkertje_matrix#hotmail.com>,
"sroovers007" <sroovers007#hotmail.com>, "sroovers75" <sroovers75#hotmail.com>,
"stali n" <stali_n#hotmail.com>, "stingarts" <stingarts#hotmail.com>,
"suus rem" <suus_rem#post.com>, "svdbersselaar" <svdbersselaar#hotmail.com>,
"teresa villalobos" <teresavs#hotmail.com>, "teresavs" <teresavs#home.nl>,
"Thomas Bollen" <T.P.F.Bollen#students.uu.nl>
X-Mailer: iPad Mail (13A452)
X-PPP-Message-ID: <20160202113410.17689.25881#lvps212-67-205-193.vps.webfusion.co.uk>
X-PPP-Vhost: variationdesign.co.uk
The IP: 182.190.250.238 is nothing to do with me, I also never use mx1.variationdesign.co.uk.
Every time I want to send an email, I have to send my username and password to be able to send through this server.
My question is, how on earth is this person/people able to physically send emails through my VPS without authenticating?
I see in the logs around the same time "smtp_auth' for username seth#variationdesign.co.uk, which is odd because that is actually just an alias and not an email account, the account itself uses my full name and a couple of numbers at the end, I did this to try and stop spammers from guessing the correct username.
My server is definitely sending these emails out and I can't figure out how they are doing it, what ma I missing here?
I appreciate any help you can give me on this matter.
Kind regards
Seth
qMail SMTP Server comes with a default configuration to be a open relay, make sure you disable that and only authenticaed users can send emails. And stop your server before you get into a blacklist for spam.
https://qmail.jms1.net/relay.shtml
Related
after i change my hostname in plesk " there was a IP adress but now i cant change hostname to ip" i can't send email to gmail. on outlook works propperly and plus on info#mydomain.com i cant send to info#myclientdomain.com email but on gmail i can't pls help me i'm getting this error
This is the mail system at host server1.mydomain.ge.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<astronaut.georgia#gmail.com>: host
gmail-smtp-in.l.google.com[2a00:1450:400c:c08::1a] said: 550-5.7.1
[2a01:4f8:c2c:fe73::1] Our system has detected that this message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=IPv6AuthError for more information 550
5.7.1 . k2si2790691wrg.299 - gsmtp (in reply to end of DATA command)
Reporting-MTA: dns; mydomain.com
X-Postfix-Queue-ID: 03B9E6257E
X-Postfix-Sender: rfc822; info#mydomain.com
Arrival-Date: Thu, 5 Nov 2020 20:26:02 +0100 (CET)
Final-Recipient: rfc822; astronaut.georgia#gmail.com
Original-Recipient: rfc822;astronaut.georgia#gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [2a01:4f8:c2c:fe73::1] Our system has detected
that this message does 550-5.7.1 not meet IPv6 sending guidelines regarding
PTR records and 550-5.7.1 authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=IPv6AuthError for more information 550
5.7.1 . k2si2790691wrg.299 - gsmtp
გამგზავნი info#mydomain.com
ვის astronaut.georgia#gmail.com
თარიღი დღეს 23:26
qqq
Try to apply the solution from this KB article - https://support.plesk.com/hc/en-us/articles/213936285-Unable-to-send-an-email-to-Gmail-from-a-Plesk-server-Our-system-has-detected-that-this-message-does-not-meet-IPv6-sending-guidelines-regarding-PTR-records
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm setting up an e-mail server and had a hard time trying to modify the headers, and getting it to e-mail hotmail.
Here are the complete headers from mail-tester.com:
Received: by mail-tester.com (Postfix, from userid 500)
id EBF72A56C8; Tue, 20 Mar 2018 22:12:50 +0100 (CET)
Authentication-Results: mail-tester.com;
dkim=pass (1024-bit key; unprotected) header.d=example.com header.i=#example.com header.b=CktBFAHr;
dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-tester.com
X-Spam-Level:
X-Spam-Status: No/-0.1/5.0
X-Spam-Test-Scores: DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,
SPF_PASS=-0.001,T_RP_MATCHES_RCVD=-0.01
X-Spam-Last-External-IP: XXX.XX.X.XXX
X-Spam-Last-External-HELO: mail.example.com
X-Spam-Last-External-rDNS: mail.example.com
X-Spam-Date-of-Scan: Tue, 20 Mar 2018 22:12:50 +0100
X-Spam-Report:
* -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
* domain
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
* domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=XXX.XX.X.XXX; helo=mail.example.com; envelope-from=diana#example.com; receiver=someid#mail-tester.com
DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com 8D270A56BF
Authentication-Results: mail-tester.com; dmarc=pass header.from=example.com
Authentication-Results: mail-tester.com;
dkim=pass (1024-bit key; unprotected) header.d=example.com header.i=#example.com header.b=CktBFAHr;
dkim-atps=neutral
Received: from mail.example.com (mail.example.com [XXX.XX.X.XXX])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail-tester.com (Postfix) with ESMTPS id 8D270A56BF
for <someid#mail-tester.com>; Tue, 20 Mar 2018 22:12:49 +0100 (CET)
Authentication-Results: mail.example.com (amavisd-new);
dkim=pass (1024-bit key) reason="pass (just generated, assumed good)"
header.d=example.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
example.com; h=date:date:message-id:from:from:subject
:subject:to:mime-version:content-type:content-type; s=dkim; t=
1521580077; x=1522444078; bh=TlT4DDWYdTBodPmtN0k/UUjJKsfuwGfVa+p
3RfS7B2o=; b=CktBFAHrWBH8zJY5d/A5VxiAYybD2hX5O+u6tJ6I7itc+QAeFyo
9a1cQjFvhw6PyftRVM/eAwAd6ns4pejY5fubMSFl29SUosqV1nXVmxr8xzV0RBTP
/L0o6gpSWAgYGzV++qw5QIRlwA0VCqNGD/wrUoZybijvp9QHgwYx6FPg=
X-Virus-Scanned: Debian amavisd-new at
Content-Type: multipart/mixed; boundary="===============7137656464834900843=="
MIME-Version: 1.0
To: someid#mail-tester.com
Subject: The e-mail subject
From: Princess Diana <diana#example.com>
Message-Id: <20180320210757.24D3E50C0FC9#mail.example.com>
Date: Tue, 20 Mar 2018 17:07:57 -0400 (EDT)
--===============7137656464834900843==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Just a small test....
--===============7137656464834900843==--
Now, everything is setup and OK, the DKIM, SPF, and DMARC.
I'm trying to remove X-Spam-Last-External-IP: XXX.XX.X.XXX header that forwards client IP, and to somehow modify Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=XXX.XX.X.XXX; helo=mail.example.com; envelope-from=diana#example.com; receiver=someid#mail-tester.com which also forwards client IP to every e-mail sent.
I've had no success in removing the first header or modifying the second one.
Also, the e-mail never get into an Hotmail mailbox, not even from RoundCube, and mail.log file shows a successful queued for delivery message. What am I doing wrong?
When connecting over SMTP most servers will add a Received: header with the relevant details. This is an important part of the email reputation ecosystem since it means sending IPs must be accountable for their sending activity.
If you make use of an email relay that may shift the address shown one step down the chain, or you can choose to use an API-driven email service where there's no direct SMTP connection between your application and the mail service. In those cases the IP shown is almost always the mail service you're using and not your own system, giving you a layer of separation and security.
I have installed Gitlab 8.15 and Exim 4.84 on CentOS 7
Whenever Gitlab sends a message, it should come from 'gitlab#mydomain.nl' which is correctly set in config/gitlab.yml.
If I look in the log, I see the following:
2016-12-21 21:50:02 cwd=/ 6 args: /usr/sbin/sendmail -i -f gitlab#mydomain.nl -- mypersonal#gmail.com
2016-12-21 21:50:02 1cJnpq-0001ZR-NG <= git#vps.mydomain.nl U=git P=local S=3859 id=585aeafaad130_175126f0b9c43854#vps.mydomain.nl.mail T="Reset password instructions" from <git#vps.mydomain.nl> for mypersonal#gmail.com
Note that between those 2 lines, the from address changed from gitlab#mydomain.nl to git#vps.mydomain.nl which is based on user#FQDN.
My external SMTP server then does a DKIM and SPF lookup on vps.mydomain.nl, instead of mydomain.nl, which fails and the mail is rejected.
I am not sure where this change happens and how I should fix this. Is this something on Gitlab side or something on Exim side?
The relevant parts from my exim configuration:
begin routers
mysmtphost_email:
driver = manualroute
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
transport = mysmtphost_relay
route_list = * vps.mysmtphost.email::587
no_more
(...)
begin transports
mysmtphost_relay:
driver = smtp
port = 587
hosts_require_auth = <; $host_address
hosts_require_tls = <; $host_address
Just found out the user git was not part of the trusted_users directive in the exim.conf file. I changed it to include the user as follows:
trusted_users = mail:apache:passenger:git
I came to this conclusion since mails sent by other Rails applications running as user passenger were being sent correctly as specified by the from address. Then I noticed passenger being part of this directive and git not.
From the Exim documentation:
Trusted users are always permitted to use the -f option or a leading
“From ” line to specify the envelope sender of a message that is
passed to Exim through the local interface (see the -bm and -f options
below). See the untrusted_set_sender option for a way of permitting
non-trusted users to set envelope senders.
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html#SECTtrustedadmin
Processes running as root or the Exim user are always trusted. Other
trusted users are defined by the trusted_users or trusted_groups
options. In the absence of -f, or if the caller is not trusted, the
sender of a local message is set to the caller’s login name at the
default qualify domain.
I implement an Exchange web mail client using EWS with nodejs. When I tested it by sending an email from my PC to Local Exchange server, everything was fine. All test emails were sent successfully.
But when I deployed the project on Server (VPS on Digial Ocean) and connect to Exchange Online which is part of Office365 subscription (Free Trial). The problem occurs, all emails sent from my server were considered as spam, and cannot be sent to reciepients.
I also change hosting from Digital Ocean to AWS, the result is the same.
Any help would be appreciated
Thanks in advance,
This is Diagnostic information
Authentication-Results: #########.com; dkim=none (message not signed)
header.d=none;########.com; dmarc=none action=none
header.from=exzyoffice.onmicrosoft.com;
Received: from SG2PR01MB0361.apcprd01.prod.exchangelabs.com (10.161.11.156) by
SG2PR01MB0362.apcprd01.prod.exchangelabs.com (10.161.11.16) with Microsoft
SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Tue, 4 Oct
2016 16:58:07 +0000
Received: from SG2PR01MB0361.apcprd01.prod.exchangelabs.com ([10.161.11.156])
by SG2PR01MB0361.apcprd01.prod.exchangelabs.com ([10.161.11.156]) with mapi
id 15.01.0649.022; Tue, 4 Oct 2016 16:58:07 +0000
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: ###### ######## <#################.onmicrosoft.com>
To: "chanyut##########.com" <chanyut#########.com>, "chanyutx10######.com"
<chanyutx10###########.com>
Subject: Check-in PIN for Test PIN Email - Meeting System
Thread-Topic: Check-in PIN for Test PIN Email - Meeting System
Thread-Index: AQHSHmB6uwXOpaeopUqgpi/eM7C6wA==
Date: Tue, 4 Oct 2016 16:58:06 +0000
Message-ID: <SG2PR01MB03614F6A8834FDB61C01DEF2FDC50#SG2PR01MB0361.apcprd01.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <SG2PR01MB03614F6A8834FDB61C01DEF2FDC50#SG2PR01MB0361.apcprd01.prod.exchangelabs.com>
MIME-Version: 1.0
X-Originating-IP: [188.166.177.7]
Return-Path: chanthat#exzyoffice.onmicrosoft.com
X-MS-Office365-Filtering-Correlation-Id: 567de66e-0dff-4626-9fa1-08d3ec779d39
X-Microsoft-Exchange-Diagnostics:
1;SG2PR01MB0362;2:zy4eJMXvSbYZweZat1h/FneV4A2yOxpO8vpRdwEwCLWm8QipVnNdHzsBf+KyaetEsivdt7hl30XR0eCUs5T7EL7aar+e5fDuacG0fUm/7j7SH93besRmhZRaLZIup+pZYqzXKS6xnbd+kPd4Nf6gyMcfj0DL8ALLqSmf5b6aI7nuwiOIuO+z9Hw7XAD9vGMIZNSA64aw3BTeAxnxqqY1pw==;3:5BABxsk+E39PYBKVh9pWEKhIMBMLNKyOseakzwXuwPpHSiVt3bS8Ov+hYnw6Qs3Y0GMVQY0wlnaMopAEVphplwf5oy+oT5cLDIXzvg+q1GoAaeCu3TFALwH98FrKZr787qYEFnRV9pV0zqyocM+XBw==;25:ctGAmAQ1cu+BduByl6+MPAKb8/xsxaUIMq7FPDVqzTZDtsDLYREoYwbNlL10iTwrv0ON01j2DfmyRNvh6e6gL2Xcb/qjVqavMTzITJAVuBJlIHNiCgfpnW4mVNkb1dO4vJEZV6CI0KSk3RQH9Dh6/u56/zjv5ESEuuv9EQxcKYC8Mf0TJR+NHAr540/1+7h0yLDm2495YG46kfuJft6Y74HaYFiNVl/L3r31kA84l82qQez2sGGcgHo6kJv3w3QmB5garjK7j0HfceHEogOuofDJwz0Y47YfMaJg1/kyQhDGytMmQxrdJ2aRt8VcbjcKnF7Nfl3KbU/CkU33kZ9Vp3Fa9hustkf7lOD/bL1PsMSH2kOXmolb5ks1kvmF1hZ+pTsNzd0Zz9mNuErtxp7lK5hMfNL+NeLnAjnRZfvqX6/JK4ZRr7IlPw/YSvmMMxPM
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SG2PR01MB0362;
X-Microsoft-Exchange-Diagnostics:
1;SG2PR01MB0362;31:GR+rFHTjFRwfnJTe4nsRPGyP0mSyV+kDu/elZc5VaNeIXHm90HhmKo5Bzt08Yg9rKmPGkbTp2OVLPv8WIMt0ssqobSrA4ZGc44yBtlqefEAI18SF76/RrOxzmXDwUX82fkrubNc2e6IVrlDWQ0HO5cc1AYbatOZEwAfe3OzBg9rhw+u3ef8oBU5E++bzAqdqL0n/o+TrnEhy18ZJrL14yIhXEYsy159STM7O4Szj4pxh02al5tcE0CrpzdET9Wxo;4:0g+YEprdQNgkE9AkEVGWN/VFqIpOq92oDR1yeXN1yQeuGkHuWB6I9KIZSMLZHsjKildUXRPySE/Wv/r61w8hqbz0goIrlvYrEg+tCTDjM/0IsdxhXnGcsmgLIXAu4PRoTlkejJlaNqwtHqT217nzBDlCVu7E/4LwAPUpSk6+wQZhjAUfG/v3t3PNCHpL7hEsaK/KkqyKuJ+TbybDB5D+/JmqfQpzvxsP7pIOntHQmwbakW6g/I474q6I6x34yzVHOsA8tP/70Y6NbpA3P6hAOIh8ioFswLPAKbc/rO3q4pcAyARvVyXmNh6NeVntO1SaFUxqCn9OZSVWN3/pK3rVLDCHDkHisckt4VSGcN54vQcYR79Cod5jgMSjA2aMTtY8wPYf1ZxbU67WgCk9XJ8dpIceUZzF7cxZs78fr5kY7q9IMaYciZB7zR4v2Ds0pdmP36iITdLNHXdxOaqt3gY2g3oktTguQ87whqzg6+RJrO8=
X-Microsoft-Antispam-PRVS:
<SG2PR01MB036291996D70C36ABCD297ECFDC50#SG2PR01MB0362.apcprd01.prod.exchangelabs.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test:
BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6002118)(6000006)(6043046)(6042046);SRVR:SG2PR01MB0362;
X-Forefront-PRVS: 00851CA28B
X-Microsoft-Exchange-Diagnostics:
1;SG2PR01MB0362;23:SGkU+hCO1Me9ul5A85nokDETPc2fvnqIJBuMSsUaizPW5SU30hQ/9h8FERIrUfQlyhOSjKXtfJtRPa7dctubpraPm8t+7i1Tu9MmC3xqJss5m9gdTncr4lcByV677Os8wLvADH/SnogL/EucwxkzNm2M2WVwLpE2sOw9ochCbZuAMN2CQT+XKJnuSefgwHo8tfCdYWSEVRE3gleOfPWMTtYERp11xjY4NRCqU9WTcPLq6OMA+LIwdc8D0wpEPF++UgSfYeQ5Rd+SKnXW/++ZWw==;6:YwRMvgBmAN1rsxVOfmcL8JnjlX63xYoEQRiiRNoehWPk1+mB8M2XiRWLtmuHBVuOmi0CUeuQXuFWGEIS+Z1q8u0ARqjLoVkjHjTsZUMeiliHUg4bNAZfZdZNL2JRsp6zrdY+xNotdkzKO1+QN+yUV5USrfMLPo3eX8p/XAsvCB2MUikXyUyv9Lwpp71jzDsLExLz+AkKi2JKAxquPePw3OyzITh/BEpnxnRBVVAAKwOLg0cdxtcHNFiztVLcHSdqs6ygXQftAh+CbSqWlKLwkXitOLDdwbXVo2RYvT3DDC+8CYyoab8sRGihjxfbFw3M
My emails are delivered to spam folder at gmail and yahoo mail.
PTR, DKIM (1024 bit), SPF are okay. I don't know whether DMARC and ADSP or Domain Key are needed to be configured or else?
In addition, I have checked Bulk Senders Guidelines "support.google.com/ ----> mail/answer/81126" but I think I am in compliance with it, except the Format section of the webpage. I wonder is my email header is ISO-8859-1 compliant as is requested by gmail or my messages are formatted according to RFC 5322 as it is required!?
However, I have checked my email by various tools including:
1- www.brandonchecketts.com/emailtest.php
2- mail-tester.com (my email score: 10/10)
3- toolbox.googleapps.com ----> /apps/messageheader/analyzeheader
and all of them are ok and I can't get it right why my emails are categorised as spam?
By the way, I am not a bulk sender, my ip is clean (not in any of blacklists) and I have just started to configure my new VPS host.
I am confused a bit as it is obvious, Please guide me.
Note: (I have changed email addresses and real IPs in the message header)
Here is the header:
Delivered-To: user#gmail.com
Received: by 10.194.95.197 with SMTP id dm5csp291965wjb;
Fri, 30 Jan 2015 06:02:17 -0800 (PST)
X-Received: by 10.180.206.147 with SMTP id lo19mr5212607wic.32.1422626536876;
Fri, 30 Jan 2015 06:02:16 -0800 (PST)
Return-Path: <user#myemail.com>
Received: from myemail.com (myemail.com. [97.195.90.210])
by mx.google.com with ESMTPS id s3si20803914wjx.75.2015.01.30.06.02.16
for <user#gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 30 Jan 2015 06:02:16 -0800 (PST)
Received-SPF: pass (google.com: domain of user#myemail.com designates 97.195.90.210 as permitted sender) client-ip=97.195.90.210;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of user#myemail.com designates 97.195.90.210 as permitted sender) smtp.mail=user#myemail.com;
dkim=pass header.i=#myemail.com
Received: from webmail.myemail.com (localhost.localdomain [127.0.0.1])
by myemail.com (Postfix) with ESMTPA id 0D4A122FAEF
for <user#gmail.com>; Fri, 30 Jan 2015 15:02:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=myemail.com;
s=default; t=1422626535;
bh=mg3gRDZT3ck+E3FdH2X4LLdsZ/+WeZuit/DVefJiJWc=;
h=Date:From:To:Subject;
b=NhJPZML/OvA/2LJbvqKxnV7AO3TeGPdDqwBI+iOceZk2bz2flsCun3AqJ4RPY8pqM
is+dlQWTFCmQ2T2He7cKU/nC28FmPY4cqwJgt6oSIW0bIWkh81JdzBZXoIDiBGGlkx
mkrpvKQ4vdFh2R7iIRmUJMJtAGWr7MGoS/J7sdi0=
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 30 Jan 2015 17:32:14 +0330
From: user#myemail.com
To: user#gmail.com
Subject: Hello
Message-ID: <7582a20431ca444b255e5e835e6ee87d#myemail.com>
X-Sender: user#myemail.com
User-Agent: Roundcube Webmail/1.0.0
Regards
Since you've said that you've modified the header records, it's hard to determine a few things. However, the sending mail server seems to be webmail.domain.com --- Are the DNS records set to point to mail.domain.com or webmail.domain.com or both?
Since you've done the rest of the configuration: just enter a dmarc DNS record, it might increase your server's reputation. Speaking of reputation, if your email server only handles a few emails a day from a couple of users - then your reputation as a 'spammy' server can be greatly affected by a just a few unopened or manually spam marked messages. Also, I believe there's a time lag between when you setup a mail server and when it's reputation gets out of the 'default to spam' folder.