Hey Nick,

Result of the netstat command after I entered the line you recommended in my /etc/dnsmasq.conf file:


I entered the line at the end of the file. I first included the hashtag mark at the end of the line, like you depicted. There were no other lines that included 'local'. Even so, I still have the same error, popping up when using the dig -t command, but with an added error message:
. I then included the port number 53 after the hashtag and got this error message:
. Then I removed the number 53 and the hashtag. Success!
. Still no response when sending the email check-auth@verifier.port25.com though.

Any rate, any sent mail using office@lgechurch.email as the reply to and from email address winds up in my Google spam folder still. What a pain in the butt.

Sounds like you're trying to do what I've done ...

In my case, 2 physical servers (COS7), one running a VM as a mail server. One of the servers is running as a file server and Nextcloud server, the other as the DHCP/DNS/VirtualBox host, along with a ProxyPass server. The gateway is a cable router with static ip, built-in dhcp server turned off - and acting as the gateway to the internet .. and the IMAP/SMTP/ICAL sent direct to the VM mailserver (bridged network address). HTTP/HTTPS accesses are sent to the ProxyPass for distribution. These include webmail/iPhone accesses (as they appear go via port 80).

The ProxyPass webserver is setup with LetsEncrypt certificates (using default settings).
Mailserver LetsEncrypt certificate .. IMAP/SMTP have their own certificates .. these are provided using the webroot configuration rather than the default .. mainly because the port 80 access goes via the ProxPass server and so the webserver side of the mailserver is not directly visible from outside .. but as the LetsEncrypt accesses can be made via the ProxyPass, it works.

In GoogleDNS you should have a subdomain set as YYYYMM._domainkey and the TXT record should contain:

Now you need to update your DNS records. Open the file '/etc/opendkim/keys/mydomain.com/YYYYMM.txt'. In your DNS records, create a new TXT record with a subdomain as the first field in the file which you can just copy. In this case it is “YYYYMM._domainkey”. For TXT Data copy and paste everything between the first and last set of quotes, excluding the first and last quotes and removing the middle quotes and whitespace between them.

You also need to adjust YYYYMM to whatever you chose.

If you dig command is not working then you've got something wrong. If, from other posts ages ago, you have tweaked your dnsmasq so iy does not local queries onto the internet? You may have added:To your dnsmasq configuration. If so, you will need an extra line:
This will allow the domainkey lookup to go out to the internet.

Do you have a funny DNS set up? If I google your error it refers to other DNS utilities running. W hat is the output to:

BTW, can I say that your DKIM record is public knowledge to anyone receiving your e-mails so there is not too much point in munging it.

So, I followed this link to setup opendkim on my clearos server and generate a key. At one point it says to

Test your DNS record and signing: dig -t any YYYYMM._domainkey.mydomain.com

, to which I did. I get a response back saying,

communications error to 127.0.0.1#53: end of file

. I have no idea what that means. Everything else seemed to go OK, although I have to receive an email back after sending a test mail to check-auth@verifier.port25.com.

Do I need to include the dkim key in my Google Domain DNS settings as a TXT file?

ClearOS (alonf with a lot of firewalls) is not brilliant at redirecting traffic from the LAN to its WAN interface and back in. Whatever is used as the DNS resolver on your LAN should resolve mail.mydomain.com to a LAN IP.

That all looks OK. SPF checks out and everything seems to be legitimate in the header so I can't see why it is being sent to spam unless other recipients have flagged this sort of mail as spam. You could try DKIM, but honestly, at the moment, I don't know. Also check Google's bulk senders guidelines.

Hey Nick, One domain hosted through Clear Center, renncoautomation.us. This is my primary domain and website. Two domains hosted through Google Domains, livinggraceevangelical.church and lgechurch.email. The first is for a website for our church. The second is for email for our church. All DNS and email for the Google Domains is handled through Google settings. Livinggraceevangelical.church is a virtual website on my clearos. In my Joomla configuration in the backend, I have office@lgechurch.email configured as the reply to and from email addresses, so that people see that email address when the church's Joomla site sends out notices to people. I'm testing it all now, sending them to my work gmail. It's always marking them as SPAM in the header.

Here's the header:

I don't follow your mail routing for the moment. Can you tell me the route a main takes from your church to the internet? What domain do they use? Have you got hold of an email which has been nent to Junk? If so, can you post the header?

Generally DKIM is not needed. I know I've done a how to for it, but given the opportunity, I would not read it. Instead I'd use SpamAssassin to do the DKIM. There are plenty of instructions on the internet and I hope to give it a go and write it up. It saves installing anything.