System emails and DKIM, SPF, etc

[boredtechie]

My system emails (e.g. admin account) never arrive. Mail tester suggests they need SPF & DKIM which I agree with.

I know how to do that for regular emails (e.g. [email protected]) but I don't know how to do it for the system emails ([email protected]). Is it possible to do that in DA GUI, or do I have to edit zone info via SSH? DNS is not my strong suit, so I prefer to let DA handle all that. Am I missing something?

 

[boredtechie]

Hmm....I guess the emails are sending from admin@localhost in Roundcube instead of [email protected].

 

[Richard G]

Never never never edit zone info via SSH if your not absolutely sure what you're doing, but I would suggest never to do it then anyway as everything can be set via Directadmin.

I guess the emails are sending from admin@localhost

Probably you didn't setup your hostname correctly or maybe you are using ip.address-da.direct as hostname.

You should consider setting up a proper hostname for your account then things should work. It will automatically add SPF and DKIM records. DKIM if also present for your main domain.

Here's a bit of a manual I wrote so you will have a decent FQDN hostname as required. Change "core" to a name you want, preferable not somthing which is often reserved like mail or imap. The name "server" would be a good beginning.

Sll for hostname still getting old hostname

Hi guys, i'm trying to install ssl for my server hostname, but the server refuse to recognize core.mydomain.com as hostname instead the letsencript show me as hostname the one that is setup when DA is installed server-xx-xx-xx-xx.da.direct. What i'm doing wrong? I already checked my hosts file...

forum.directadmin.com

 

[boredtechie]

My hostname was set correctly. However, I do not have a DNS zone. I tried adding one and got:

Error writing db file for MYIPADDRESSISREDACTED.in-addr.arpa:
Script output: /usr/local/directadmin/scripts/custom/dns_write_post.sh
/usr/local/directadmin/scripts/custom/dns_write_post.sh: 1: -e: not found

 

[Richard G]

Script output: /usr/local/directadmin/scripts/custom/dns_write_post.sh

I've seen that error before.
Did you put that dns_write_post.sh in there? Because it's a custom script. Didn't a collegue admin of yours put it there once before or something like that? Maybe it was somebody else I remember this from.

Anyway, if you did not put that script in there, then delete it.

If you need it, then there is some -e option not working, post the content of that script here so we can fix it for you.

 

[boredtechie]

No. This is a brand new fresh install of both Ubuntu and DirectAdmin. It came like that.

 

[Richard G]

Very odd that custom scripts are posted in a fresh install. Anyway, just remove the script and you should be fine.
If the script is still there, can you post the content? I'm just curious what's in there again.

 

[boredtechie]

Ok, I lied. I have a second identical server on a different VPS and they're connected with multi server. It was the old server that had the script. I'm guessing it's from the DAFlare plugin.

The script just said "-e #!/bin/bash"

Honestly, I just feel like this is way harder than it should be. Giving up on system emails for now. lol

 

[Richard G]

and they're connected with multi server

That only exchanges DNS db files and /etc/named.conf entry's, not custom scripts.

It's really not hard. The content of that script doesn't do anything. Normally a script begins with #!/bin/bash and then the script content starts.
So if you delete this script, it should be no problem at all for you to add the hostname.

You started very well, just the script prevented the creation. Don't give up that easily. It's really not hard, just a few things to do.
Or try again tomorrow.

 

[boredtechie]

I deleted that script. I created DNS zones in global DNS but got lazy and didn't fully fill them out. Came back 6 hours later and the DNS zones are populated and correct. the usual www/ftp/mail/etc are in there. I don't know if CustomBuild ran and rebuilt them?

No idea how that script got there, but I suspect it screwed up CustomBuild somehow.

 

[boredtechie]

Aaaaand it works but mail delivery failed. It seems an IP address (not mine) from ColoCrossing got on a naughty list, and one of the blacklists banned the entire IP range! The sysadmin at SDF.org was complaining about the death of self hosted SMTP. I guess he was right?

Nothing I can really do if someone else on the range has a bad IP?

If major email providers are just banning entire IP ranges that host VPS, that pretty much makes self hosted email untenable at this point, no?

 

[Richard G]

I guess he was right?

No that's nonsense because that would mean all hosting company's would get out of business.

One just had to choose a good datacenter which doesn't get blacklisted that quickly with complete ranges.
Often on request single ip's can be whitelisted, but then you really can't be lazy in monitoring.

You can ask the datacenter (owner of the range) to take measures or ask where the range is blocked to whitelist your single ip.

Problem is that it's mostly VPS system which send spam so they are blocked quickly. Spamhaus.org now even started to set ip's and/or hostnames which never send mail before on a kind of suspicious list which already can block their mail. Really unfair.

 

[boredtechie]

It's not terribly difficult to remove your IP from blacklists - or at least it wasn't 10 years ago. I don't think it's terribly unfair to have to do a little work to clear a new IP. But blocking adjacent IPs is downright dirty.

 

[Richard G]

or at least it wasn't 10 years ago.

There you go... Things changed in those 10 years. As said, Spamhaus now even puts new ip's or domains never sending mails before sometimes in some list, very odd.
We have a server on a list and we didn't even get an answer as to why and we never send spam and monitor strictly, it was just a domain block on a new domain which we didn't even use before.
Also with Microsoft it can be easy but can also be terribly difficult, depening on certain circumstances.
For example if you get an ip which has spammed multiple times in the past with different users of that ip, it can be much harder to get delisted, if ever.

Blocking adjacent IP's is luckily not happening a whole lot, but it's happening more and rules got more strict. We didn't even need DKIM 10 years ago and most systems didn't care if you worked without prober rDNS or even SPF... try now without.