I've got multiple websites running on the same server, and I'm about to setup DKIM signatures for all of them. I followed this excellent guide and could successfully send signed emails from PHP on the first try.
The problem is that now all the outgoing emails are signed with the same domain, while I'd like them to be signed by respective domain instead. I can choose which emails to sign via the signing table, but it seems like I can't choose to sign all outgoing emails from domain X with signature Y.
Is this possible, and in that case - how do I do?
Thank you in advance.
OS: Debian
Web server: Nginx + PHP-FPM
Mail server: Postfix
DKIM: OpenDKIM
Related
Everything has been working good untill today, when we had an issue with our SSL certificate when it expired and we changed it for another.
Since that happened, we can properly send emails but not receive them, unless they are emails from our own domain.
The installed SSL is not a Wildcard SSL.
We have not added the subdomain "mail.domain.com" on the Plesk domains list.
We assigned the non Wildcard SSL to work also on email on the Plesk domain settings.
We have no information regarding the non-receiving emails on the Plesk logs.
If i go to the following SMTP tester: https://www.wormly.com/test-smtp-server and send an email checking that it has to be an SMTP email, then that email is received correctly even if it comes from a different domain.
By the other side, if i do not check the SMTP email checkbox, the email is never received
Our DNS records are the following:
domain.com. TXT v=spf1 +a +mx -all
smtp.domain.com. A SERVER.IP
pop.domain.com. A SERVER.IP
pop3.domain.com. A SERVER.IP
imap.domain.com. A SERVER.IP
domain.com. MX(1) mail.domain.com
What can be going wrong?
It has been apparently been fixed after changing the MX record from "mail.domain.com" to "domain.com".
These DNS records have been working for a year since our last update, and the only thing that has changed is the SSL certificate. Im not really sure how this has been affected, maybe the previous SSL certificate was a Wildcard one, while this wasnt, and that made the email not receive properly.
Not really sure about this theory though, but it seems to work.
I use Mailgun for the outgoing emails of my customers and Cloudflare to manage DNS.
The problem is that my customers want to send emails using GMail as well, but I don't want them to know which service I am using.
Therefore, In case in the future I change the service, I don't want to contact all customers asking to change the parameters again.
Here is what I use:
So I decided to use DNS for this: I created for each domain a new CNAME (smtp.mydomain.com) which points to smtp.eu.mailgun.org:
Everything worked fine for few months by now, but from yesterday emails sent from GMail bounce back with this error: "TLS Negotiation failed, the certificate doesn't match the host".
I tried using other ports also, but still the same result.
If in GMail I use smtp.eu.mailgun.org instead of smtp.mydomain.com everything works fine again, so I guess the problem is in the DNS/Cloudflare configuration...
This is the report of the DNS Check of smtp.mydomain.com that I get from MXToolbox:
Any idea on how to fix this?
Thank you!
SOLUTION:
As of April 2020, Google started enforcing TLS when sending email.
In the Gmail settings under Accounts and Imports, Edit your Send mail as Email settings.
Change your outgoing servername (SMTP Server) to smtp.hostprovider.com (mine was smtp.dreamhost.com). If you are using your website name, (mail.example.com), this will continue to fail.
I also updated the port number from 587 to Port 465
Hope this helps.
I don't know if I am asking this in the right place.
I have an SSL cert for my website, and I am trying to setup a mail server (same domain) using the same cert.
I am using Postfix and Dovecot. When I try logging in from Evolution mail client, I get an error "Peer failed to perform TLS handshake". When I try an online service to verify I get "Recipient address rejected: User unknown in local recipient table."
I guess my actual question is, can I actually use the same SSL cert for my website and my email server?
What do I do to debug next?
You can use a certificate you have for the web server also for your mail server as long as it matches the hostname you use to access your mail server. Of course the certificate need to properly setup at the mail server, i.e. include the necessary intermediate certificates similar to how it is (hopefully) setup on the web server.
I am using Postfix and Dovecot.
This means you need to take care of multiple configurations, both for SMTP in Postfix and IMAP/POP3 (whatever you use) in Dovecot. And in all cases the certificates subject/SAN must match the hostname you use to connect to the server.
When I try logging in from Evolution mail client, I get an error "Peer failed to perform TLS handshake".
There are not enough information about this setup to find out what exactly is causing the TLS error. It is not even clear if the error is caused when retrieving mail (IMAP/POP3, i.e. Dovecot) or while sending (Postfix).
When I try an online service to verify I get "Recipient address rejected: User unknown in local recipient table."
This has nothing to do with TLS at all. The test server simply tried to use a recipient which your mail server (Postfix) will not accept.
What do I do to debug next?
The next steps would probably be to check if the certificate matches the names you use in the first place and to look into log files for error messages or warnings. Following steps depend on what the result of these steps is.
When messing around with different mail hosting options I noticed a very aggravating pattern with my Android phone. Neither the built-in mail app nor the gmail app supported email auto-configuration.
When using most mail services such as Namecheap, Zoho, Rackspace, etc. this became a real issue. I would enter my email address and password then instead of it just working like magic, it would invariably fail as it attempted to set the mail server to mail.example.com instead of mail.privateemail.com or smtp.zoho.com
I can configure a CNAME entry for my domain to redirect to these servers and successfully connect to mail.example.com.... up until I try to enable secure e-mail (STARTTLS or TLS wrapper). When I do this the domain name on the certificate does not match up to the domain name I am using to access and the whole thing fails.
Of course setting up my own mail server could be an option, but it could take months or years for my IP address to build up enough reputation to not get auto-blocked by major providers like Gmail or Yahoo. This whole past month DreamHost has been unable to send emails to any address owned by AT&T, which has been nightmarish to get resolved. Not wanting an issue like that, I would like to go with a big name for e-mail hosting.
While looking into Amazon SES to see if it would be easy to set up, I noticed this page on secure tunnels to AWS SES
I'm not super familiar with mail servers and I honestly have no idea what I'm reading on this page. Like I can follow the steps to install and configure this program and run it, but it doesn't accurately say what the purpose is of doing this. Am I right in believing that this might solve my SSL issue and allow me to send mail to mail.example.com without any issues? If so, is there any additional setup that I will require which is not adequately explained by this article?
I'll start out with my configuration:
example.com mailserver - Google Apps.
example.com - has regular mailings based on queries, sent out daily and weekly. Build in Zend framework, with extJS.
subdomain.example.com - to process the bulk mailings.
Background: I enjoy using google apps features (CRM, calendar, mail, etc), but due to my mail volume I can't send all of my outbound alerts through Google Apps. To work around this, I set up a subdomain on my server and am running my email off of that account.
Problem: I have mail that is generated from example.com, and sent to me#example.com. My server refuses to send this mail and it lands in the root email account. All other emails are delivered without an issue (yahoo, hotmail, yoursite.com, gmail, ...)
I've worked on this all day and can't seem to come up with a solution (aside from sending emails to an outside account).
Has anyone experienced this before? How can it be fixed?
Got it. I had to log into WHM and select that my mail not deliver mail locally.
Main >> DNS Functions >> Edit MX Entry
REMOTE MAIL EXCHANGER: This server will NOT serve as a mail exchanger for containerauction.com's mail.: This configuration has been manually selected.