Additional IP adress vs SPF

[inomi13]

I have one IP address which has status server and another IP address which is assigned to resellers accounts. Domain in reseller accounts has all records A assign to shared IP adress and it's correct but I can't understand why record TXT includes IP adress of server.

I have made test and I have configured e-mail box via imap and I have set connections hosts as mail.examle.com but message headers has showed information that e-mail come from IP server not IP with assign to reseller acount, why?

When resellers acounts will spam, another mail servers will block my IP adress of server but not IP reseller adress.

 

[Richard G]

that e-mail come from IP server not IP with assign to reseller acount, why?

Because that is the default. DA always uses the server ip to send mail.

If you want seperate things, you have to configure things.
Check this doc, this will help you.

Version 1.47.0 | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

And maybe check this post to for additional commands if things still not work. Check post #6 and #8.

J

Thread 'Send mail from user's dedicated IP'

Aug 3, 2020

Hey,

A user informed me that their mails were getting blocked by Yahoo and I did a test on mail-tester.com and it appears it was being sent by the shared server IP. User has a dedicated IP and the DNS records has MX set to mail.domain.com which has A record to the dedicated IP.

How do I force DA to send via the dedicated IP?

I've set add_domain_to_domainips=1 in directadmin.conf and restarted directadmin but still have no files in /etc/virtual/domainips or /etc/virtual/helo_data

Version 1.47.0 | Directadmin Docs

DirectAdmin Knowledge Base

www.directadmin.com

Thanks

• justjosh
• Replies: 10
• Forum: E-Mail

 

[inomi13]

thanks for your eplanation but i have one more question. When I set value add_domain_to_domainips=1 and rest parameters can I be able to fast back to last state. I ask because I work on production server and all services ahould work all time. If my IP of server has record PTR which is assined to hostname server so what name should has additional IP in record PTR in my provider?

 

[Richard G]

so what name should has additional IP in record PTR in my provider?

Just telnet to that ip via port 25 and see how the mailserver answers. Most likely it will be mail.domain.com and in that case, set the PTR for that ip to mail.domain.com.

 

[inomi13]

1. Tell m, maybe my thinking wrong. My provider has set record PTR for IP server to Hostname and global it is working. Additional IP addres which I shared beetwen resellers, my provider has to assign record PTR? Provider can't be able to assign that IP record, PTR with name mail.example.com because this IP will use many domains
2. I assigned additional IP 1.2.3.4 do user account. Domain example.com has record TXT with SPF which include ip server, is it correct?
   
   
   

 

[Ohm J]

PTR records can be any sub/domain.
Just ensure when query record from IP to PTR or PTR to IP must matching each other.

Example:
PTR "1.2.3.4" must return "sub.doamin"
"sub.domain" must pointer to "1.2.3.4

 

[Richard G]

Domain example.com has record TXT with SPF which include ip server, is it correct?

Yes I think so, because most likely non-smtp (so php scripts) will still be sending via the hostname, unless you disable that.
In that case A MX should be enough, but I always enter the used ip (so in this case domain ip) in the SPF record. Probably not needed but I always to that.

 

[inomi13]

@Richard G Below I describe what I did and ewerything is working but I don't know thta file in /etc/virtual/helo_data is empty.

da config-set add_domain_to_domainips 1
systemctl restart directadmin
echo "action=rewrite&value=domainips" >> /usr/local/directadmin/data/task.queue
echo "action=rewrite&value=domainips&domain=domain.com" >> /usr/local/directadmin/data/task.queue

@Ohm J So if PTR records can be any sub/domain. Can assign additional IP to the same name whta has IP server I mean Hostname?

 

[Ohm J]

Yes, one subdomain can have multiple IP, but I'm not recommend to do this.
Just separate it as ... "server01, server02, server03 .... " something like this.

 

[Richard G]

but I don't know thta file in /etc/virtual/helo_data is empty.

I don't know either.
You're an admin right? Use the file explorer and check or if that isn't possible as admin, login as root via SSH.

 

[inomi13]

Yes, I am admin and I checked file /etc/virtual/helo_data and it is empty. Maybe it is cause that provider set PTR record for only server IP adress but not set PTR record for additional IP yet ?

Second option what I thinking is Directadmin docs what I have found. Maybe helo_data is require when add_domain_to_domainips = 2
https://docs.directadmin.com/direct...dmin-conf-values.html#add-domain-to-domainips

 

[Richard G]

Well... I would restart Directadmin and then issue this command again:
echo "action=rewrite&value=helo_data" >> /usr/local/directadmin/data/task.queue
it can take one or two minutes until the task.queue is finished running and then the ip's should be in that file.

If not, try this:
echo "action=rewrite&value=domainips&domain=domain.com" >> /usr/local/directadmin/data/task.queue

If they are still not in there, then follow the doc on how to put them in manually.

 

[inomi13]

Could you explain me how works receive mail server when I send message from domain examle.com and rekord PTR is different? Receive server makes second step and check rekord A according name from rekord PTR, when rekord is the same recieve server return ok?

 

[Richard G]

when rekord is the same recieve server return ok?

Almost. Receiving server checks the DNS TXT record, because an SPF record is a TXT record.

when I send message from domain examle.com and rekord PTR is different?

Explain different?
It can be different if you mean for example.
Hostname is 192.168.0.1 and is named server.somedomain.org
Your domain is named example.com and in your SPF it says 192.168.0.1 with ipv4 and you have A and MX in there (which is done default by DA).

In that case yes the PTR is pointing to server.domain.org, but the server has the same ip so in this way it can be different. IP's must match.
Because when sending mail, the server will not say "hello example.com" when connecting but will say "hello server.somedomain.org" when connecting, so this way all is correct.
After that it says "I send mail from example.com" and then SPF is checked if example.com is allowed to send mail from ip 192.168.0.1. This is a very short explanation about how this works.

 

[inomi13]

So let me tell you what I did. In Cloudflare of another domain in DNS I set the A record with the IP address that I received from my provider. The provider assigned this name to their PTR record

I set the new IP address to the new domain and sending works but it goes to spam despite DKIM being set, several servers do not want to accept emails.

In the DNS zone of this domain in the Mx record I have entered the A record and the IP address of the server.

 

[Richard G]

Sorry, to be able to help you I need the real domain name and the servers hostname you are using, if required you can send it by pm.
But I'm very busy at the moment and dinner time in a few minutes so it can take a little bit before I answer.