I've recently setup my Ubuntu web server with exim4 so my PHP website applications can send email such as "thank you" and "confirmation" notices.
I've got it setup and working such that I can send email to gmail, Yahoo! and my work address. However, my work email gets caught up in our spam filter. I'm new to setting up mail servers so I'm not sure what I might need to look for in making this mail server more trusted, while keeping is secure.
Here are some details:
Server is NATed behind a firewall.
Firewall has port 25 open for outgoing SMTP traffic (from server to anywhere).
Server is virtual hosting a couple different of our websites
The server is running the following exim4 config:
dc_eximconfig_configtype='internet'
dc_other_hostnames='web-serv.example1.com;example2.com'
dc_local_interfacees='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='' dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
Questions:
Do I need to open port 25 to incoming SMTP mail (anywhere to server)? I wonder if other mail servers need to talk to my mail server to verify itself, in a sort of handshake attempt.
I have not created any MX records primarily because the server has different websites on it the mail server should send mail for all the websites. Do I need to pick/create a domain address and create MX records for it?
One thing of note is that the mail headers look like this:
Return-Path: <www-data#example2.com>
Received: from web-serv.example1.com ([Firewall public IP Address])
Received-SPF: neutral (google.com: [Firewall public IP Address] is neither permitted nor denied by best guess record for domain of www-data#example2.com)
"web-serv" is the host name of the server, such that you get this if you type it into the command line:
$ hostname
web-serv
and "www-data" is the account name for the Apache2 server that Ubuntu gave it as default.
Any other general advice would be appreciated. It's all new to me.
Cheers!
One item of note, since I posted this question time time ago (almost 10 months) is that I found out the biggest issue I had was with setting up the DNS for reverse DNS on our hosting providers side of things.
In other words, our hosting provider (the people who give us our IP address and manage our hardware) had to enter a record to match my server(s) hostname to whatever IP address it used.
There's a specific name for this. I believe it's a "PTR" record but the name escapes me at the moment, but you basically tell them "my server hostname is ..." and they do a quick update to the DNS for reverse DNS purposes.
When I asked this question, we had a different hosting provider who didn't really help explain this to me, and after switching providers, I got to talk to someone who was happy to help me understand that side of the equation.
And as I understand it, this is setup by the people who assign you the IP addresses. But there's probably more to it than that.
Once I got that setup properly, email had no problem getting through the spam filters and Gmail/Yahoo showed SPF as "passed". It was showing neutral before.
Our company email was set to drop any email that would not resolve reverse DNS, which is why I could not even receive the email or find it in the spam filter. Of course, that situation would be dependent on the company and what email policy and software they're using to manage spam. Some might just drop all email that does not reverse DNS and some might dump it in to spam filters instead.
Hope that might help some people with similar issues.
Cheers!
Related
I've a full server with mail and web behind a dynamic IP access.
This is all configured to update the ip in case it changes and works well with everything except mail.
Although I've implemented SPF DKIM and DMARK, since the address are listed in PBL, many servers refuse the connection.
I'm trying to solve this issue setting up a relay machine for my domains in a small VPS with Fixed IP and Reverse DNS to avoid PBL's.
I've found a link from a guy that implemented a similar solution, but he changes the sendmail.cf file, that is not supposed to be touched.
This link:
https://www.akadia.com/services/sendmail_relay.html
How can I do this in the sendmail.mc file for compilation with m4?
My idea is to set the mx records pointing to this vps acting as relay, and also configure my postfix mailserver to forward mail to the relay, which I think I've found were to do this in webmin.
Hope someone can shed some light in my head.
Thanks in advance.
You can specify default relay for outgoing email in sendmail.mc file using SMART_HOST.
define(`SMART_HOST', `name.of.smart.host')dnl
Useful tip: You may put smart host name in square brackets to avoid lookup for DNS MX records.
define(`SMART_HOST', `[name.of.smart.host]')dnl
WARNING
sendmail uses *.cf files as configuration. *.mc fIle must be "compiled" into *.cf file.
Hello everyone in the community.
I have a headache that you can't imagine with this topic and I need your help.
I have a VPS server contracted at OVH, where I have access to the WHM and the Cpanel.
I currently have two hosted domains, I have created for each one their account in Cpanel, so each domain has its own configurations: Ftp, Mail etc...
The problem is that the mail that comes out of any of these domains are going directly into SPAM. I've read a lot on the internet, there's talk about configuring the PTR, configuring a reverse IP and so on.
The thing is that I am confused because I have two different domains, with all their different characteristics and the OVH server is one with one IP and already has its reverse IP.
So when I check the CPANEL of each account in the Email Deliverability option it tells me that there is a problem with the PTR.
The truth is that I have no idea how to change this for each domain, each domain appears in the DNS zone of the WHM and I can edit or add what I need but I see that everything is fine.
I don't know what to change or how to change it. I hope you can guide me. Thank you
Your cPanel/WHM server ip address has to have a valid PTR record which should matche your server's hostname. If the PTR doesn't match the hostname then that's a reason your emails go to SPAM. You should also check your server ip address to see if it's listed in any blacklist. You can check that on mxtoolbox.com for example. You also need to have valid DKIM, SPF and DMARC dns records for your domains.
I have an account with an internet provider, the majority of my company is based on the mail server they provide which is a bog standard UX style server from what I can tell. They offer the ability to edit the DNS records in the admin login, and you can edit the MX records.
What I want to do is introduce a subset of email accounts that are managed by a second mail server, this being an MS Exchange server. So what I want, I think, is to configure the Authoritative server as the 1and1 server, and configure the Exchange server as a non-Authoritative server and have the Authoritative server forward all non local addresses, or specified addresses, on to the Exchange server. Thus all addresses would look the same old_mx#ab.com and exchange#ab.com, but they would be resolved by different mail servers, working in tandem. My assumption had been you could specify a destination for unresolved e-mail addresses before they are declared void and bounced.
I spoke to a support engineer at 1and1 who said it was possible but they needed the exchange server address. Seemed reasonable, MS seem to think it's possible and provided an address. I just phoned the ISP back with the Exchange server details as provided by MS... and the next engineer says it isn't possible.
Can we confirm this is possible firstly, and how would I go about configuring it?
Not much help has been forthcoming on this question, but I do have some leads on answers myself. It would seem that there is no DNS record solution to the problem, not one commonly supported anyway. The DNS can only really be used for primary and secondary MX definition.
The only way to set this form of triaged MX server seems to rely on the MS Exchange server being defined as the first link in a chain of mail servers. i.e. The DNS referenced server. Once this is done the MS Exchange server can be configured as a non-Authoritative reference, within the server. Once that is done the MS Exchange is then provided with the subsequent servers to reference. On receipt of an e-mail that the MSE server doesn't recognise it will then forward the mail to another server that might be another non-authoritative MSE or an authoritative server of any description. The end server would then be responsible for returning any error messages back to the sender.
If anyone finds a better solution that doesn't involve redefining the master mail MX records I would be very interested, as I don't really want the MSE setup as the primary MX record.
We have a VPS with CentOS combined with DirectAdmin which we use for a Magento shop. This runs fine, except for sending email.
Problem:
It appears that some specific domains won't receive our emails and we get a bounce. If we use any other email sending systems, the mails arrive without problems.
The bounce mail contains the following error:
SMTP error from remote mail server after HELO Company-Shops:
host mx-cluster-b2.one.com [IP ADRESS]: 504 5.5.2 :
Helo command rejected: need fully-qualified hostname
After googling and trying things for a week now, I am a bit lost. I tried checking postfix in CentOS, but this is not installed and I'm not quite sure if this is needed.
Possible issue?
I believe the hostfile in CentOS is setup incorrectly:
127.0.0.1 localhost localhost.localdomain localhost4 ... etc
OUR IP Company-Shops
'Company-Shops' should probably be a domain name, am I right? The same as the rDNS. But I'm afraid if I change this it will kill my site and whatnot. I'm not sure if this entry correlates with the 'company-Shops' helo label in the bounce error.
Some extra info:
- We use the webmail Roundcube from DirectAdmin
- At the moment we run one shop, but this might grow a bit (multiple sites on 1 IP)
- We don't use subdomains
- We've set up a reverse DNS, with the domain
Is there anyone with similiar experiences or with a bit more knowledge about this subject? I appreciate any advice we can get, as we are stuck..
Many thanks.
Yes, that's right: your mail server should identify itself using a fully-qualified domain name when it connects to send mail via SMTP. You don't say what mail server you're running, but since you're using DA, it's probably Exim. If so, you want to edit /etc/exim.conf and set primary_hostname to the FQDN of your server.
This would also be a good time to double-check that reverse DNS is set up properly for your IP address. Many hosts will also reject email from servers on IPs without a valid rDNS record.
I'm not familiar with Magento, but I can't see any way that changing the Exim configuration in this way could impact that program.
I install a brand new VM in Azure (debian). The thing is that the email i send isnt accepted by the remote mailservers. In my gmail the mail is received in my spambox and at my own webhoster the mail isnt even visible at all.
Ofcourse this can have several reasons and has todo with spam recognizion etc. The thing is that i see some errors in my mail headers what, i think, is causing the problems.
Received-SPF: temperror (google.com: error in processing during lookup of root#hstop40-w01.hstop40-web.a4.internal.cloudapp.net: DNS timeout) client-ip=137.117.203.77;
I have a cloud instance called hstop40-web and my server is called hstop40-w01.
I am kinda lost on what todo next. Hope that someone can help me fix this
Thnx
You need to ensure, at the most basic level, that reverse name resolution works for your SMTP host (i.e. 137.117.203.77 must resolve to the Fully Qualified Domain Name (FQDN) you use in your SMTP headers). If this isn't true you'll most likely get mail rejected from most public SMTP hosts (gmail included).
Beyond this challenge (which you can control by setting up DNS correctly) you might still get rejected mail because a lot of blacklists will inlcude IP address ranges from Azure and AWS (this is why both offer mail services - SendGrid on Azure and Simple Email Service (SES) on AWS).