Advertisement:

Author Topic: gmail authenticity alert, please look in to this  (Read 3317 times)

Offline jraju

  • Semi-Newbie
  • *
  • Posts: 12
gmail authenticity alert, please look in to this
« on: December 20, 2017, 07:35:30 AM »
Hi, Whenever i receive email from this forum, i get gmail alert about the authenticity of the gmail by the web owner.The jpg is enclosed for ready reference. When i go to the gmail about this, they give suggestion to tell that to the website admin. Hence this post.

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,459
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: gmail authenticity alert, please look in to this
« Reply #1 on: December 20, 2017, 02:16:45 PM »
It requires simplemachines.org server to enable TLS on the outbound email connections
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: gmail authenticity alert, please look in to this
« Reply #2 on: December 20, 2017, 02:28:05 PM »
Might also require SPF and DKIM at this point?
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,459
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: gmail authenticity alert, please look in to this
« Reply #3 on: December 20, 2017, 02:31:05 PM »
I would do SPF for sure...
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #4 on: December 23, 2017, 12:41:14 PM »
The site is probably running a dedicated server and hasn't added a SSL/TLS certificate to postfix/dovecot. I had a heck of a time getting my emails to be graciously accepted by Gmail before I added this.

There's a site you should know about where you can certificates for free: Let's Encrypt. You can get SSL/TLS certs there that many hosting providers are SELLING! There are plenty of tutorials around the web and the certs are FREE. Their mission is to go 100% SSL on the Internet but the certs work just fine on your postfix/dovecot installation.

I can't post links: letsencrypt.org

By the way you want to set up your renewal process on a cron job.

Wow, it's like we can already get ALL the software we need to run our servers, and now we can get free certs too! :)

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: gmail authenticity alert, please look in to this
« Reply #5 on: December 23, 2017, 01:55:36 PM »
This site already has a certificate - as verified by the fact it's successfully using HTTPS with a certificate via COMODO and thus Let's Encrypt is not so relevant.

Except that certs on the web are not the same as certs used for emails, it's a completely different thing.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #6 on: December 23, 2017, 06:39:37 PM »
This site already has a certificate - as verified by the fact it's successfully using HTTPS with a certificate via COMODO and thus Let's Encrypt is not so relevant.

Except that certs on the web are not the same as certs used for emails, it's a completely different thing.
Actually no it's not. My SSL/TLS cert works fine.

And anyway who has  $350/year for a comersh cert? Not me.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: gmail authenticity alert, please look in to this
« Reply #7 on: December 23, 2017, 06:50:41 PM »
No-one is arguing whether your certificate works or not. Having a certificate doesn't automatically fix the problem.

This site HAS a certificate. That isn't the problem! Going to use Let's Encrypt or not won't magically fix the issue here, if anything switching to the free cert would actually make it worse than using a paid cert, but the presence or absence of the cert is not the cause here.

The problem stems from the fact that this site has multiple physical servers whose configuration is somewhat more complicated and things like SPF and DKIM (which are missing for long, complex technical reasons) haven't been set up precisely because of multiple servers.

Plus the fact that for other reasons, emails may go out with http links rather than https links even though the site has a certificate. But sure, the problem is the absence of a free certificate.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #8 on: December 24, 2017, 12:14:25 AM »
 Please forgive me for laughing Arantor.  I think you just told me the site is too complicated for you guys to handle. LOL

Don’t worry. My sites are too complicated for me to handle but that doesn’t stop me, LOL!

 Where is the fun of having everything so simple that it’s easy!  ;)

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,374
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: gmail authenticity alert, please look in to this
« Reply #9 on: December 24, 2017, 02:08:19 AM »
Please forgive me for laughing Arantor.  I think you just told me the site is too complicated for you guys to handle. LOL
I seem to recall, this has actually proven to be true at times before, but that is not the reasoning really :P 
Seriously, this is a monster for a site, and there are many things that need to be taken into consideration, even with the smallest of changes.
I do not envy the part of the site and server teams here.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: gmail authenticity alert, please look in to this
« Reply #10 on: December 24, 2017, 04:44:48 AM »
No, I think I just told you that the site architecture is massively more complex than you think, and that solving all the problems relies on stuff from upstream packages.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #11 on: December 24, 2017, 10:11:01 AM »
Please forgive me for laughing Arantor.  I think you just told me the site is too complicated for you guys to handle. LOL
I seem to recall, this has actually proven to be true at times before, but that is not the reasoning really :P 
Seriously, this is a monster for a site, and there are many things that need to be taken into consideration, even with the smallest of changes.
I do not envy the part of the site and server teams here.

Oh I realize what a huge site SMF is, particularly when compared to typical forum sites. I'm sure you have dual servers and function specific servers and redundant backups and more things than I can imagine.

Compare that to my poor little dedicated server where it isn't even complicated to host multiple websites because at some level all websites are the same. I have it simple compared to you.

I hope nobody took my comments as any form of criticism. Just the opposite, I'm awed. I'd ask for a block diagram but I doubt that I would understand it. Want a block diagram of my server arrangement? Draw a square. Draw a line sticking out to a cloud. There ya go, my server in a nut shell! :) Suzy has it easy compared to your server crew! :)

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #12 on: December 24, 2017, 10:14:35 AM »
No, I think I just told you that the site architecture is massively more complex than you think, and that solving all the problems relies on stuff from upstream packages.

No, that's not what I intended. What I intended is that I think the site is massively complex, obviously complex, and that I don't want to worry my little mind about it as long as you make it work.

You have my respect for designing such an awesome system and then making it all work. Of course there will be a few problems like an http for an https etc. Nothing that big could have absolutely no flaws at all.

And yet it works. You have an awesome site! I hope mine never gets this awesome, LOL! :)

Offline SleePy

  • Site Team Lead
  • SMF Master
  • *
  • Posts: 30,139
  • Gender: Male
  • Thats his happy face.
    • jdarwood007 on GitHub
    • @jdarwood on Twitter
    • SleePy Code - My personal site
Re: gmail authenticity alert, please look in to this
« Reply #13 on: December 24, 2017, 11:37:45 AM »
The site is probably running a dedicated server and hasn't added a SSL/TLS certificate to postfix/dovecot. I had a heck of a time getting my emails to be graciously accepted by Gmail before I added this.
Lack of a SSL certificate should not cause mail issues.  You are looking for another problem.  It can raise the scores used by Google to not have DKIM/SPF, but not by much.  Since much of the world still isn't using these technologies or using it wrong (SPF is commonly implanted incorrectly), most mail systems do not dock much points against it by default.

There's a site you should know about where you can certificates for free: Let's Encrypt. You can get SSL/TLS certs there that many hosting providers are SELLING! There are plenty of tutorials around the web and the certs are FREE. Their mission is to go 100% SSL on the Internet but the certs work just fine on your postfix/dovecot installation.

You most likely don't know this, but I've been running LE certs since the open beta.  Way before they even had cert bot to do automatic renewals.  I still have my old cron scripts that did the renewal process on each cert I had at the time, rather than a simple single command to renew all certificates that they do today.  They didn't even support nginx at the time, but I got around that (since they support standalone).

So yes, LE certs could be used, but we don't for other reasons.

Oh I realize what a huge site SMF is, particularly when compared to typical forum sites. I'm sure you have dual servers and function specific servers and redundant backups and more things than I can imagine.
Your lack of knowledge of our infrastructure shows here with your assumptions on what we run.  Its a bit more complex than that.  We are simplifying parts.  As you can imagine this site has been running for years and through a couple admins.  Things like Chef or Puppet didn't even exist back then!

You have my respect for designing such an awesome system and then making it all work. Of course there will be a few problems like an http for an https etc. Nothing that big could have absolutely no flaws at all.
You have our thanks.  We do our best, but as volunteers we can only put in so much time.  Working on projects affecting our server infrastructure happens at a slower pace since this does not pay my bills.

Problems with SSL certs on our mail system will be resolved someday in the future.  We are working on the groundwork/planning for those changes of how we foresee the future of our site.
Jeremy D — Site Team / SMF Developer
Support the SMF Support team!
Profiles:
GitHub

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #14 on: December 24, 2017, 03:14:21 PM »
Sleepy, my postfix/dovecot didn't make it through to Gmail vetting until I added the certs. Of course SSL is for HTTPS, not emails. Now I can send to Gmail addys just fine. But not before I added the certs.

Well of course I didn't know you were running Let's Encrypt, but don't call me DoPey! LOL! ;) (Love your cat avatar!) I run my certbot on a cron. I'm not sure how nginx would affect it except how you implement your certs, but I run nginx and mine works fine. I must have done something right.

I wasn't suggesting you run LE certs. I run them because I can't afford paid ones. Oh, and next month there's going to be a big announcement. Not a secret if I know it, something about multiple on one cert. I think it has to do with subdomains.

And I don't have a lack of knowledge of your infrastructure, I have a total lack of any info whatsoever, just happy dudes like you take care of it. :)

And thank you for doing what you do. I recall in another post somebody was whining about SMF, I told them that you are all unpaid volunteers, and that said complainer should be more polite. :)

Offline SleePy

  • Site Team Lead
  • SMF Master
  • *
  • Posts: 30,139
  • Gender: Male
  • Thats his happy face.
    • jdarwood007 on GitHub
    • @jdarwood on Twitter
    • SleePy Code - My personal site
Re: gmail authenticity alert, please look in to this
« Reply #15 on: December 24, 2017, 09:06:13 PM »
I wasn't suggesting you run LE certs. I run them because I can't afford paid ones. Oh, and next month there's going to be a big announcement. Not a secret if I know it, something about multiple on one cert. I think it has to do with subdomains.

Wildcard certificate announcement will bring LE doing wildcard certificates in addition to the SAN certs they already do.  You will need to do DNS records to issue those though.  I may take it for a spin using my script that builds dkim records for my server and test it.
Jeremy D — Site Team / SMF Developer
Support the SMF Support team!
Profiles:
GitHub

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #16 on: December 24, 2017, 09:31:46 PM »
Sleepy, I hope I will have you around to explain it. I'm just a dumb blonde (brunette actually, like my avatar) but I want my server to work well. I am much anticipating Let's Encrypt's announcement expected soon!

Can you like, friend people here? :)

Offline Steve

  • Freak
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 4,394
  • Gender: Male
  • I have not yet begun to procrastinate.
Re: gmail authenticity alert, please look in to this
« Reply #17 on: December 25, 2017, 09:55:10 AM »
There is a buddies/ignore list in your profile. That's the closest right now. :)
Online Manual

Please do not PM me for support.

Offline Just Another Member

  • Newbie
  • *
  • Posts: 0
Re: gmail authenticity alert, please look in to this
« Reply #18 on: December 26, 2017, 10:31:37 AM »
Well Steve and Sleepy you have both been very nice to me and I appreciate that! :)

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,463
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: gmail authenticity alert, please look in to this
« Reply #19 on: January 10, 2018, 11:16:59 PM »
Thanks. Was a misconfiguration in DNS indeed, this should be sorted.
« Last Edit: January 10, 2018, 11:27:22 PM by CoreISP »
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.