Spamassasin gives the following flag on my emails:
*
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
"This test checks to see if there is a reverse DNS entry
for the last untrusted relay. Note that this may be done by
interpreting information in the relevant Received header - if reverse
DNS checks are not performed by the first trusted relay, or if they
are not recorded in the Received header, this test will be triggered
(regardless of the actual rDNS status)."
*
The only ip I can see on my emails are 94.143.11.2 -> which you can reverse dns to trophymanager.com. Google and hotmail have no problems with this - but Spamassassin gives it a flag - what am I missing here?
not sure about spamassassin, but many mail filters / MTAs (postfix for example) only accept the rDNS entry if it's Forward-confirmed. In your case, the forward confirmation does not work:
dig -x 94.143.11.2 +short
man01.trophymanager.com.
but man01.trophymanager.com does not have an A record.
Create an DNS record :
man01.trophymanager.com A 94.143.11.2
and Spamassassin probably won't complain anymore.
If your hosting account comes with an IP address, you might be able to change this within the dashboard of your hosting account, or open a ticket with your host if you're not sure.
That solved my "SMTP Reverse DNS Mismatch" error on https://mxtoolbox.com
However, mxtoolbox.com still complains "Reverse DNS is not a valid Hostname" the explanation from them is:
Your Reverse DNS Record (PTR) is not a valid host name. According to
email sending best practices, a PTR Record should be a valid host
name. If the PTR Record is not a valid hostname, there is a likelihood
that you will experience email delivery issues with anti-spam
services.
I looked up my registrar -- Namecheap says:
A PTR (pointer) record maps an IP address to the domain name. It’s
often called a "reverse DNS entry" because it converts an IP address
to a name.
PTR records are mostly used as a security and anti-spam measure, to
verify that a mail server address is allowed to send an email to a
particular hostname. The reverse DNS entry checks if a server name is
indeed associated with an IP address from where the connection was
initiated.
In order to set up a reverse DNS entry that will connect an IP address
to your domain (e.g., 127.0.0.1 should be mapped to yourdomain.com),
you will need to contact your IP address provider to create a PTR
record for the IP address.
It's possible I just need to wait a day, because when I updated the reverse DNS with my host there was a message saying "please wait 6-12 hours." If I remember, I'll come back and write an update.
The OP asks about this issue, but the other answers don't address that:
-0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
This is caused by reverse lookups of 127.0.0.1 returning localhost, commonly caused by redirecting mail in-and-out-of localhost for spam/virus filtering (like through amavis). It will create headers like this with rDNS showing incorrectly for as localhost for 127.0.0.1:
Received: from smtp.example.com (**localhost** [127.0.0.1])
by smtp.example.com (Postfix) with ESMTPA id A5F13FEF
for <example#example.com>; Wed, 26 May 2021 17:07:02 -0700 (PDT)
Note that I added *'s around **localhost** above to highlight the issue. By updating /etc/hosts file and placing your hostname before the word localhost it will be be placed correctly in your logs:
So you want this:
~]$ cat /etc/hosts
127.0.0.1 smtp.example.com localhost localhost.localdomain
::1 smtp.example.com localhost localhost.localdomain
not this:
~]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain smtp.example.com
::1 localhost localhost.localdomain smtp.example.com
and definitely not this:
~]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
... or you can configure rDNS for 127.0.0.1 but that seems silly...just what hostname should a centralized rDNS server with? Indeed, it can't ;)
Related
I'm building an SMTP server and I'm struggling with an issue regarding hosts connecting to my SMTP server.
For instance, one client is connecting to my SMTP server with the given hostname: EUR02-AM5-obe.outbound.protection.outlook.com.
Unfortunately, the server's IP doesn't match that hostname (52.101.131.25).
Based on the SMTP rules, I should refuse this email, but when I do a reverse IP lookup for 52.101.131.25, I get mail-bgr052101131025.outbound.protection.outlook.com, which also comes from Outlook.com!
So, even if the hostname doesn't match the IP, the IP is originating from a valid source in that case (outbound.protection.outlook.com).
And Outlook is not the only one doing so, here's the case with Zoho:
HELO sender21-mail.zoho.eu coming from the IP 185.20.209.254.
But when you do a reverse lookup, you don't find sender21-mail.zoho.eu, but ... sender.zoho.eu
How can I do to ensure that both hostnames come from the same valid source, that's just the IP that is badly configured?
With content distribution networks & load balancing, the EHLO name and IP/reverse DNS often don't match. You could check the IP's validity against SPF records (not every domain has SPF records, but it is quite common). Taking zoho.eu as an example, the SPF record for the domain is
v=spf1 include:spf.zoho.eu -all
Which is essentially a ref out to the record spf.zoho.eu
v=spf1 ip4:185.20.209.0/24 ip4:31.186.226.0/24 ip4:87.252.213.0/24 ip4:84.207.209.0/24 ~all
185.20.209.254 falls within ip4:185.20.209.0/24 and is thus a reasonable source for messages from zoho.eu.
How to validate the source IP against SPF records depends on the SMTP server being used. There are milters for Sendmail and policy servers for Postfix that validate SPF.
I have an unmanaged VPS that runs CentOS 7 Minimal. I have installed Exim for sending emails. My main server IP is IPv4 and I have an additional IPv6 address.
Exim uses the IPv6 address to send emails. I want to overwrite this and use the IPv4 main server address. I added the interface line to the exim.conf:
remote_smtp:
driver = smtp
interface = x.x.x.x
And then restarted Exim but no matter what, it uses the IPv6 one. I thought that Exim is ignoring the config file but that's not the case as if I enter wrong IP format for interface and try sendmail, I get wrong IP format while sending email.
I tried adding disable_ipv6 = true to the end of exim.conf but when I saved and restarted Exim, I got the following error when running Sendmail: "Option disable_ipv6 unknown"
Thanks
I had this problem too, moved the disable_ipv6 to the begining of the config file and it was solved
root#hostname/etc/exim4 # service exim4 restart
root#hostname/etc/exim4 # exim -bP disable_ipv6
disable_ipv6
When i send emails to hotmail main inboxes it ends up in spam/junk folder with the following in the header:
Authentication-Results : hotmail.com; spf=temperror (sender IP is X.X.X.X)
smtp.mailfrom=marieke#X.X; dkim=temperror header.d=X.com; x-hmca=none
However, both the Dkim and Spf are good since at least one week, and it shows "pass" when an email is sent to gmail. By the past, the domain was hosted on a different server with a different spf and dkim record in the DNS.
Is it possible that microsoft servers don't do a DNS lookup or perhaps a DNS lookup from time to time?
There are several reasons why it happens:
First of all, the microsoft DNS lookup takes some time due to the TTL of DNS records, perhaps several weeks.
Then, my mistake was to set up two A records for my smtp server hostname rather than one. Consequently due to round robin, the Forward Confirmed Reverse DNS Lookup failed from time to time as the wrong IP address was returned from time to time. Consequently if you have a smtp mail server, you should only have one A record (and one AAAA record), meaning one IP address for it.
IPv4:
One server hostname = Only ONE IP address (A record)
One IPv4 address = Only ONE server hostname (Reverse DNS)
IPv6:
One server hostname = Only ONE IP address (AAAA record)
One IPv6 address = Only ONE server hostname (Reverse DNS)
Hello fellow Stackoverflow users, I have this issue while setting up an email server and website to this email server in two different machines (I've been using Digitalocean's name servers).
example.com REDIRECTS to 107...*
mail.example.com REDIRECTS to example.com
I don't think I'm able to simply change mail.example.com to another IP because then the e-mails wouldn't be like "fellow#example.com"
Any clue about what I should do since they have a rigid abuse system and they would think I'd be abusing if I carefulessly changed those kind of stuff.
Thank you for your time!
If I understood correctly you have 2 different servers ? Which one is webserver and another one for mail ?
If so you should add 3 different records:
A record to webserver:
domain.com. IN A 1.1.1.1
www IN A 1.1.1.1 (www.domain.com)
A record for mail server:
mail IN A 2.2.2.2 - this will create mail.domain.com pont to 2.2.2.2 ip
And then set MX record for that domain:
domain.com. IN MX 10 mail.domain.com - 10 is priority
--
Website will be working from server ip 1.1.1.1, mail will work from 2.2.2.2
I moved my WHM/cPanel installation to a new server. After changing the nameserver IP's and then after a little while the domains to started pointing to the new server.
However the hostname doesn't resolve to an IP address.
/scripts/ipcheck --verbose
IMPORTANT: Do not ignore this email.
Your hostname (xxx.example.com) could not be resolved to an
IP address. This means that /etc/hosts is not set up correctly,
and/or there is no dns entry for xxx.example.com. Please be
sure that the contents of /etc/hosts are configured correctly, and
also that there is a correct 'A' entry for the domain in the zone
file.
Some or all of these problems can be caused by /etc/resolv.conf
being setup incorrectly. Please check that file if you believe
everything else is correct.
You may be able to automatically correct this problem by using the
'Add an A entry for your hostname' option under 'Dns Functions' in
your Web Host Manager.
I ran:
nano /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
XXX.XXX.XXX.XXX xxx.example.com xxx
I also check:
nano /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Also:
nano /etc/nameserverips
XXX.XXX.XXX.XXX=ns1.example.com
XXX.XXX.XXX.XXX=ns2.example.com
I checked the "Add an A Entry for your hostname" in WHM:
Hostname | Server Main IP
xxx.example.com | XXX.XXX.XXX.XXX
I checked and rebuilt dnsconfig
/scripts/rebuildingdnsconfig
I am really not sure what else to check, i have rebooted the server. The domains pointing to the name servers work fine. THe problem i am having is i route all cpanel access and SSL configs for the emails through https://xxx.example.com because this has the SSL cert. I have compared the settings to the older server and they are the same except the IP address.
Centos 6.4
WHM 11.40.0 Build 19
XXX.XXX.XXX = Server IPs
xxx.example.com = hostname
Any help would be appreciated.
Solved this:
Go to WHM, "add an entry for your hostname" and just submit again.
Even though it was correct submitting it again worked. This fix came from cPanel support.
I know its an old post, but here are a few checkpoints in addition to above if someone might need help in future with similar issue:
1> Check the content of
/etc/wwwacct.conf
2> Investigate your hostname & NS for proper results
dig ns1.example.com
dig hostname.exmple.com
host ns1.example.com
host (HOST IP)
nslookup hostname.exmple.com
3) Make sure you have registered your hostname.example.com and ns1.example.com at your domain registrar and they are pointing to right IP.
4) Ensure that no firewall is blocking port UDP:53 and others essential ports.