uwalcs Posted June 20, 2019 Posted June 20, 2019 Hi all,So I mainly wanted to use my domain for email and after setting everything up I'm dissapointed to learn that ricky's ip is on a few blacklists for phishing/spam. Tradgedy of the commons I guess. The other issue seens to be that using my own domain as the mail server SMTP a lot of mail servers reject incoming mail from me because there isn't a valid PTR entry matching the domain on the DNS. So, If I buy(rent) an IP for my domain, can I use that to fix both these issues?
Flaze Posted June 20, 2019 Posted June 20, 2019 It would fix the first issue but I'm not sure about the latter.
wolstech Posted June 20, 2019 Posted June 20, 2019 Yes it would fix this issue. If you buy a dedicated IP, please be sure to specify that you would like email to originate from it and that you need reverse DNS set up for it. There are extra steps needed if email needs to originate from it, and Krydos has to manually create the reverse DNS records for you too.
pete20r2 Posted June 21, 2019 Posted June 21, 2019 As an extension to my previous question (old account, should be deleted now), why doesn't ricky.heliohost.org have a PTR record?Also, I've checked exactly why my mail was being rejected and it looks like the IP is reported on SORBS. I think I can get away with no rDNS with most mail servers since SPF DKIM and DMARC are all working.Do admins here make an effort to de-list helio IPs or is it a Sisyphean activity, is de-listing something I can do myself?
pete20r2 Posted June 21, 2019 Posted June 21, 2019 Ok, I went ahead and did it. Paypal trans: 4PS255026J284072DAccount: baskoDomain: baskovich.com I'd appreciate the dns setup including the PTR since that's why I'm doing this. Thanks
wolstech Posted June 21, 2019 Posted June 21, 2019 Let's get Krydos to set this up you. As for Ricky missing a PTR record, I have no idea what that's missing.
Krydos Posted June 23, 2019 Posted June 23, 2019 Dedicated IP granted, and reverse DNS has been set up. # dig +noall +answer -x 64.62.214.6 6.214.62.64.in-addr.arpa. 86400 IN CNAME 6.subnet0.214.62.64.in-addr.arpa. 6.subnet0.214.62.64.in-addr.arpa. 14400 IN PTR baskovich.com. Thanks for the donation. We really appreciate it. Let us know if you need help with anything else.
pete20r2 Posted June 24, 2019 Posted June 24, 2019 Hi, thanks for that. Website works fine but emails seem to have deliverability issues. Mxtoolbox reports authentication errors with dmarc, although the dkim and spf records are correct. Is this the issue of emails still being delivered from ricky? I'm having a bit of trouble diagnosing where the actual issue is. Gmail accepts incoming mail but I think that might be becuase I trained it on my last attempt.
Krydos Posted June 24, 2019 Posted June 24, 2019 Send an email to https://www.mail-tester.com/ and post the url to the report. We can go through the list and get your emails to 10/10. Techincally DMARC records aren't required. They are simply instructions to the email servers on what to do with emails that fail DKIM or SPF or both. For instance, if someone was setting up a phishing scam by trying to spoof your emails you could have your DMARC take all of those emails that would obviously fail SPF and DKIM and send them to an email address that you could use for abuse reports. The DMARC value or lack thereof shouldn't affect whether email services consider your mail spam.
uwalcs Posted June 24, 2019 Author Posted June 24, 2019 [removed, sorry, keep being logged in on phone]
pete20r2 Posted June 24, 2019 Posted June 24, 2019 Hi Krydos,Here is the mail-tester link:https://www.mail-tester.com/test-2vwb5I've tried a few different settings, I've added ricky's ip as well as my own to the spf but I think the mail is still originating from the wrong IP. Thanks again
Krydos Posted June 24, 2019 Posted June 24, 2019 The main problem seems to be that Ricky's exim wasn't configured properly to send emails from your dedicated IP. That should be fixed now. The rest of your points you lost because you didn't send a real message. Emails like "test5" will get flagged as spam. Try again now that emails should be originating from your dedicated ip, and be sure to send something that looks like a real email that you would actually send to someone.
pete20r2 Posted June 24, 2019 Posted June 24, 2019 (edited) OK, nearly there.https://www.mail-tester.com/test-lo1sg10/10 with some notes on List-Unsubscribe header, which I'll ignore since I'm not doing any mass emailing.I've got my IP removed from dnsbl.spfbl.net blacklist.The only relevant issues I can see reported on https://dnschecker.org/domain-health-checker.php for baskovich.com are: No TLS support.Reverse DNS does not match SMTP Banner.SOA Serial Number Format is Invalid. Is there anything I can do about these? Also, would I be right in assuming that the email header (in incoming and outgoing) should no longer make mention of ricky.heliohost.org? Thanks for the help so far. Edited June 24, 2019 by pete20r2
Krydos Posted June 25, 2019 Posted June 25, 2019 According to https://forums.cpanel.net/threads/a-package-with-dedicated-ip-and-ssl-tls-settings.630563/ SMTP TLS should work on your dedicated IP domain if you have a valid SSL certificate installed on your domain, which you do. I wonder if it would work with autossl which is the cpanel issued free SSL certificate instead of setting up your own Let's Encrypt certificate. The other advantage to using autossl is it will automatically renew the certificate for you when it gets close to expiring so you don't have to remember to install a new Let's Encrypt one.
Recommended Posts