Multi Domain Setup - which IP to use for sending mails

A

AxlF

Verified User
Joined
Dec 14, 2007
Messages
92
Hey,

can someone help me understand this?

I have a DA Box with multiple Domains. What IP will be used to send mails?

The main IP of the hostname is for example AAAA.
Another domain has the IP BBBB

If the user form the domain sends a mail, do it connect exim through BBBB or AAAA? I think it uses the DNS Settings - in my case the MX of the domain is BBBB.

But is that O.K.? Or should I set AAAA for the MX of the domain?


Another problem which i thinks is connected to the first: the domains user has problems with his email address as his emails are regularly marked as spam by his recipients.
Or the e-Mail is bounced back with messages like this:

Code: 
Recipient address rejected: Mail appeared to be SPAM or forged. Ask your
Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed
from DNSBLs; please relay via your ISP

I double checked blacklists, and his domain (and the main hostname) is not listed on DNSBLs.

Perhaps someone could clarify things for me :)

Best wishes,
AxlF
 
Hey,

if i understand you correct, then with 4.3.x the users owned IP is used for sending out emails. Then I need to set the MX entry to the users IP.
For shared IP's the server IP is used and should be stated as MX record.

I switched to 4.3.x now and those files are missing:
/etc/virtual/domainips
/etc/virtual/helo_data

What do I need to set these up correctly? I think the won't be used at the moment, because I haven't set the directadmin.conf value.


Is there a guide to proper setup the mail server using all the new features for 4.3.x?
 
1. Add into /usr/local/directadmin/conf/directadmin.conf setting:

Code: 
add_domain_to_domainips=1

and restart Directadmin.

Make sure it is 1 when checking this way:

Code: 
# /usr/local/directadmin/directadmin c | grep add_domain_to_domainips
add_domain_to_domainips=1

2. Add all domains and pointers to the domainips file:
Code: 
echo "action=rewrite&value=domainips" >> /usr/local/directadmin/data/task.queue


same as above, but will start from an empty domainips file, handy if everything is out of sync, start over:
Code: 
echo "action=rewrite&value=domainips&empty=yes" >> /usr/local/directadmin/data/task.queue

http://directadmin.com/features.php?id=1692
 
AxlF said:
I need to set the MX entry to the users IP.
Click to expand...
Not necessarily. The MX record is for receiving emails, and has nothing to do with sending emails. While it's true that on our shared hosting servers the IP# is usually the same there's no reason why it must be, and in fact if separate servers are used for sending and receiving (as by many large senders and mail hosting companies) the IP#s must be separate.

Frankly, I'd rather never use the dedicated IP# for sending email. Because that way if a spammer somehow gets access to multiple domains with multiple IP#s some blocklists might see a pattern which would cause them to block your entire subnet, when otherwise they'd just block the server's main IP#.

Personally I'd like to always be able to use the Server's main IP# as the mail-sending IP#,. and have both DNS and rDNS point the IP# to the hostname.

Jeff
 
Hi Jeff,

One trick would be to disable DA's control of it, eg:
Code: 
[COLOR=#333333]add_domain_to_domainips=1[/COLOR]
and then just manage the /etc/virtual/domainips file yourself.
You can set any domain to use any IP.

FYI, for 1.47.1, I've changed DA to allow a wildcard fallback, eg:
http://www.directadmin.com/features.php?id=1711
but it's not in SB yet... (just need the addition of * after lsearch)

You can manually add the:
*: 1.2.3.4
to the domainips now, then just set the lsearch* in the exim.conf, when it's loaded in.

John
 
trouble with the guide and dkim

Running:
DirectAdmin 1.47.0
Exim 4.76

I'm trying to follow the guide http://directadmin.com/features.php?id=1692 but I do not get If I need to add the stuff in exim.conf?

I have manually setup dkim a long time ago (cannot remember how, hehe) and now when I do the whole guide (except lan stuff) I get this error in my exim log:

Code: 
2015-01-24 08:35:32 1YEvFk-0000Zt-3H ** [email protected] F=<[email protected]> R=lookuphost T=remote_smtp: SMTP error from remote mail server after initial connection: host mx00.gmx.com [74.208.5.4]: 554-gmx.net (mxgmxus001) Nemesis ESMTP Service not available\n554-No SMTP service\n554 invalid DNS PTR resource record, IP=[I]ip.of.my.domain(this was the real ip)[/I]
2015-01-24 08:35:32 1YEvFk-0000Zx-VB <= <> R=1YEvFk-0000Zt-3H U=mail P=local S=2116 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2015-01-24 08:35:32 1YEvFk-0000Zt-3H Completed

Any good pointers? :D

Cheers!
 
discovaeder said:
554 invalid DNS PTR resource record

Any good pointers? :D
Click to expand...
Hello,

No there are not any good "pointers", because that's the problem :) (sorry, had to go with the joke)
The error says that your sending IP is missing the dns "pointer" (PTR).
The reverse IP lookup of any sending IP should (usually) resolve to the hostname of the box.

Related:
http://help.directadmin.com/item.php?id=21

John
 
The RFCs say the sender IP# and the rDNS of that don't necessarily need to match, only that the rDNS needs to be valid.

However, many MTAs (mail servers) are more strict, and do require a perfect match.

If you're going to use one IP# for sending email, then you need rDNS for that IP#.

Best practices these days would be for the hostname of the server to point to that IP#, and for the rDNS of that IP# should point to that hostname.

My understanding is that DirectAdmin's most recent SpamBlocker exim.conf file, if/when configured by CustomBuild 2, will automatically use the IP# assigned to the specific domain of the sender in the event of dedicated IP# eing used for a domain. If that's true (please correct me if I'm wrong) then the rDNS of that IP# should point to the sending domain name (without the www or any other prefix).

Not necessarily to comply with RFCs, but so that strict MTAs will not add points to the email spam score.

Jeff
 
You must log in or register to reply here.
Back
Top