I’ve had Let’s Encrypt going for a while now and it’s going very well (securing my sites, ownCloud, and mail server). However the mail I send often ends up in spam. While I accept I can’t stop that happening completely (I’m using a .tk domain), gmail gives me the following error:
I thought I must have mis-configured postfix, but when I checked the header from gmail, it suggests it’s because my certificate clashes with my server’s name.
I have a SAN certificate for darksteve.tk, mail.darksteve.tk, and cloud.darksteve.tk, but the message arrives with the source being my server, ravage.darksteve.tk. Do I need to add “ravage” to my certificate? Will that verify my domain in the eyes of google and others? Or am I misunderstanding what’s happening here?
(The “sylvester” in the header is the Win10 desktop machine I sent the mail from, using Thunderbird.)
The domain ravage.darksteve.tk is not currently accessible from the net, that’s just the name I use internally, but I can add the domain to my cert if necessary as well as add it to the freenom DNS.
The encryption seems to be just fine (the header indicates TLS 1.2 is working). This is the TLS section of my postfix config:
# Receiving Mail smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache smtp_tls_security_level = may smtp_tls_loglevel = 1 tls_random_source = dev:/dev/urandom # Sending Mail smtpd_tls_loglevel = 1 smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/darksteve.tk/fullchain.pem smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/darksteve.tk/privkey.pem smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
I’m getting 100 percent confidence when I use checktls.com. Any thoughts or ideas how to get gmail/yahoo/etc to “verify” or trust me would be muchly appreciated!