E-Mails, DNS via DA - AlmaLinux10

C

Cordarex

New member
Joined
Sep 11, 2025
Messages
2
Hello everyone,
Is it really due to a broken email ecosystem, or am I doing something wrong? I have a dedicated VPS with Hetzner and have been trying to get the mail system working for quite some time now.

Surely it must be possible to send emails? For some reason, I'm already on spam lists, although they're not the heavyweight ones. I'm wondering whether it makes sense to run DA at all if I still need a relay and have to build up a reputation over a long period of time before I can send a few emails.

I tried running a master & slave with BIND for the NS records. Unfortunately, my domain registrar didn't accept that, so now I'm using Hetzner's DNS. I've tried everything, switched to a central mail.domain.xx so that all mailboxes run on a uniform structure.

I really wonder how anyone can manage >100 pages with all this crap(i dont mean DA!)?

Now here's my question for you – am I doing something wrong and should I have DA set it up for me directly via the installation service, or is it just the way it is and the DNS stuff doesn't necessarily have to work easily via DA? Emails? Oh well, I can send one to a Gmail account in six months' time.

Best regards & thanks!
 
Well... unfortunately we do not maintain a crystal ball so we have no clue on to what is going on, it's guesswork.
To begin with, did Hetzner open port 25 for you? As for new customers on vps systems they have port 25 closed.

Probably it was open at some time, because the ip is on some blacklists.

Did you do something wrong? Maybe, no way telling without additional information and lack of crystal ball. ;)

Did you change the default DA hostname, did you keep yourself to the RFC requirements for mailing, a correct FQDN hostname is used, MX records are correct, the PTR record(s) is/are correct?
All things which can make outgoing mail go bad.

Normally with DA one can email just as well as with any other panel. If things don't work than in 90% it's a closed port 25 and 10% config issue.
 
Hetzner block ports 25 and 465 by default if you are a new customer. You need to have paid your first months bill and open a support ticket for them to open the ports on the server. I've been with them a good while now and don't get many issues, but even when I order a new bare metal server, I occasionally get fraud checked and have to request the ports be opened.

FAQ - Hetzner Docs

docs.hetzner.com docs.hetzner.com

They are really reasonable if you have a proper use case for it so drop them a ticket.

To be totally sure it's a port issue, you can check with netcat and you will get a succeeded message if you can get out on that port

Bash: 
root@v1 ~ # nc -zv smtp.gmail.com 587
Connection to smtp.gmail.com (2a00:1450:400c:c1b::6d) 587 port [tcp/submission] succeeded!
root@v1 ~ # nc -zv smtp.gmail.com 465
Connection to smtp.gmail.com (2a00:1450:400c:c1b::6d) 465 port [tcp/submissions] succeeded!
root@v1 ~ # nc -zv smtp.gmail.com 25
Connection to smtp.gmail.com (2a00:1450:400c:c1b::6d) 25 port [tcp/smtp] succeeded!
root@v1 ~ #

You can always use port 587 with SMTP and START TLS in the meantime if you're able to relay the mail 😁👌
 
Last edited:
You two have really saved me a lot of time. Thank you very much!

It was port 25 exactly!

Now that I've probably manipulated a lot, I'm tempted to just reinstall DA completely.

I set IPv4 and IPv6 reverse IP and they were accepted. I also implemented all other aspects.

The DNS setting in DA is currently of no use to me, as I run the NS entries from my domain registrar via Hetzner. This means that I would have to create every new domain in Hetzner as well and manually enter all DNS records. I would very much appreciate a note in the help section, but unfortunately I can't find anything on this subject.

DA / Admin:
panel.domain.com
User1:
domain.com

Global NS:
ns1.panel.domain.com
ns2.panel.domain.com

Mail:
Mail.domain.com -> Identical for every user, uniform MX record leads from domain2.com of user2 to mail.domain.com

Or am I missing something here?

Unfortunately, my registrar for domain.com does not accept the ns1 and ns2 records.
 
Can't see any issues if you're using Hetzner for their DNS. If you wanted to take advantage of DA for the DNS, it's really good. You'd need to create some glue records for your domain to effectively point to itself. Each NS would have your servers IPs glued to them and DA would create the DNS records for it. I run my own nameservers (have three separate DA servers solely for that purpose)

mail.domain.com is pretty standard for MX records. Again, you'd have to create them with Hetzner, along with an A record for your server hostname. I'd recommend you do that before you install DA as the TLS cert for the control panel will create itself instantly.

1 advantage of using the DNS with DA is free wildcard SSL certificates with Letsencrypt. If your DNS is handled elsewhere you're limited to set certs with domain name and subdomains as you create them.

I would also recommend setting the env variables DA_NS1, DA_NS2, DA_HOSTNAME and DA_EMAIL before you run the install script. If you don't, you run the risk DA creating it's own login, and panel login and you'd have to go and change the hostname in DA manually. Also if you run install script without the licence key, you can take advantage of the web installer which is new and spicy.

There's always good help and advice in here if you get stuck.
 
Cordarex said:
The DNS setting in DA is currently of no use to me,
Click to expand...
It's of no use, but best is to keep as is or set it to your own domain name locally, because DA uses this DNS locally to find it's domains.

However I would suggest to set a correct FQDN hostname (click) to begin with if you want to mail from this system too.
A correct hostname is for example server.domain.com and then you can also create ns1.domain.com and ns2.domain.com for your admin domain to keep things easy and eventually easy to adjust for later.

As for MX records, yes mail, pop and smtp are done by default.
By default every domain has it's own mx record. do domain.com has mail.domain.com and example.org has mail.example.org which is normal.

If you do not run your own nameservers but external ones (like Hetzner or any other external DNS), then indeed you have to copy the records you want to use from DA to that external DNS which an can also be another registrars DNS, unless you want to register all your domains with Hetzner.
Be aware that also goes for SPF and DKIM and for example DMARC records if you want to use those too and the same for ipv6 records.
 
I can recomend using the DNS (Got one primary + 2 secondary with directslave).
Glue records for my primair server domain, and ns at my ips pointing to da.

works like a charm
 
It's always better to use own nameservers, but not everybody has the money to pay for a vps and run DS on it. Although for example with some vps providers it's maybe 5-7 euro/month extra and that is including an ipv4 and ipv6 address.
 
You must log in or register to reply here.
Back
Top