infantex Posted July 22, 2021 Posted July 22, 2021 Hi, everybody. First, I don't know whether this problem is related to the move, especially since the mail from my domain is managed by Google Workspaces, but it just started after the move yesterday. Today I was blocked by a client I has been corresponding with for years. This is the return message I received: It translates to: The message has been blocked. Your message to dguerrero@elnuevomundo.com has been blocked. For more information see the following technical data: This is the response from the remote server: 550 permanent failure... I sent an email to M@ilGenius to check for problems (first email spam test I found googling) and the problem seems to be the SPF records: Here's the detail: I use my personal Gmail account to send (and read) my infantex.com.mx's mail (via smtp.gmail.com). Nothing has changed there. I mean, the only change from yesterday is that the infantex.com.mx domain was previously hosted on Tommy and as of yesterday night I moved it to my HelioHost VPS. I use Hestia control panel, I didn't select "enable email" when creating the domain and I set the corresponding MX records in the DNS zone to point to the relevant Google servers (ASPMX.L.GOOGLE.COM, and such). Any ideas? Would it help to diagnose the problem if Iposted the raw email content?
Unknown025 Posted July 22, 2021 Posted July 22, 2021 SPF is a text record for your domain that verifies the IP address the email was sent from is allowed to send emails from your domain. Since you're using Google Workspaces, perhaps this explanation might help: Google Help. Essentially, you'll need to create a TXT record like this one: v=spf1 mx a ip4:<your email server's IP> ~all. As for DKIM, that one's a bit more complicated. Unless HestiaCP allows you to create a DKIM key, you'll need to create one yourself, and add it as to your domain's text records accordingly.
infantex Posted July 23, 2021 Author Posted July 23, 2021 Thanks for your answer. There was an SPF record in Hestia, paired to the VPS's IP, I changed it to "v=spf1 include:_spf.google.com ~all" as per Google's instructions (instructions didn't include the quote marks, the existing record had them, I left them there 😬). I'll let the change propagate for a while and test again later. Five days later and the SPF record still hasn't propagated! Am I doing something wrong? I'm still getting my email blocked. I used the SPF record checker of the DMARC Analyzer site (https://www.dmarcanalyzer.com/es/spf-3/checker/) and I got the old record (originally created by Hestia SPF record): v=spf1 a mx ip4:65.19.141.197 -all Is this normal after five days of having changed it? I tried the following: C:\Users\JorgeZaldivar>nslookup Servidor predeterminado: 2806-1020-ffff-0004-0000-0000-0000-000e.ipv6.infinitum.net.mx Address: 2806:1020:ffff:4::e > server 65.19.141.197 Servidor predeterminado: [65.19.141.197] Address: 65.19.141.197 > set q=TXT > infantex.com.mx Servidor: [65.19.141.197] Address: 65.19.141.197 infantex.com.mx text = "v=spf1 a mx ip4:65.19.141.197 -all" > So, to my surprise, even my VPS is returning the old SPF record, so it's not a propagation thing. I don't know. The correct SPF record is there. What am I doing wrong? I will delete that record (I edited it from Hestia's original) and add it again. I don't know what else to do. Any ideas? I deleted the SPF record and entered it again. Still, no luck. I deleted the record. Used nslookup and got the (deleted) old record. I added the new record. nslookup still returned the old record... even if I was using my own VPS as nameserver. Shouldn't, in that case, the change be reflected immediately? At some point, as per @wolstech suggestion, I modified the NS record that pointed to ns1.heliohost.us and pointed it to ns1.infantex.com.mx, and deleted the NS record that pointed to ns2.heliohost.us. Later, on my own accord, after noticing that the DNS zone listed ns1.heliohost.us as SOA, I modified it, as well, to point to ns1.infantex.com.mx. I don't know if that could be a problem. I just reverted the SOA to ns1.heliohost.us but I'm acting blindly here. EDIT: I tried last week to move the DNS managment to Cloudflare (new to it) to see if that could solve the problem (and also so I wouldn't need to fiddle with this after returning to Tommy) but I couldn't add the domain to Cloudflare, I got an error: "Failed to lookup registrar and hosting information of infantex.com.mx at this time. Please contact Cloudflare Support or try again later." I just tried again and got the same result. Last Thursday, after failing to add the domain to Clodflare, I checked DNS propagation with WhatsMyDNS.net (https://www.whatsmydns.net/#A/infantex.com.mx) and, while some servers listed my VPS's IP, most listed ns1.heliohost.us. Today, all list the VPS's IP (65.19.141.197).
infantex Posted July 29, 2021 Author Posted July 29, 2021 What I ended up doing was using Cloudflare for DNS. I had to temporally revert the DNS at my Registrar's to ns1 and ns2.heliohost.org, so that I could add it to Cloudflare. I set the SPF (actually a TXT record properly formatted for SPF: v=spf1 include:_spf.google.com ~all). Around 15 minutes after that, it began to propagate, as per WhatsMyDNS.net results (when I did the same in Hestia it NEVER propagated). A couple of hours later, I tested with dmarcanalyzer.com's SPF record check tool and got a passing result. As I final test, I programmed an email to be sent tomorrow during working hours to the same customer that blocked me in the first place. Hopefully, it won't be blocked this time. I don't know why the SPF record didn't propagate from my VPS.
wolstech Posted July 31, 2021 Posted July 31, 2021 Sounds like the DNS server on Hestia isn't working properly for some reason. I don't know enough about Hestia to troubleshoot that unfortunately CF will work fine as a substitute though as long as you make your DNS changes there.
OnEnemy Posted August 1, 2021 Posted August 1, 2021 10 hours ago, wolstech said: Sounds like the DNS server on Hestia isn't working properly for some reason. I don't know enough about Hestia to troubleshoot that unfortunately CF will work fine as a substitute though as long as you make your DNS changes there. This is, unfortunately, the situation I am in ad well. I was forced to use Cloudns for my free domain and Cloudflare for my paid one. No idea why, but from what I can gather, the Hestia team didn't mess with the DNS config from vesta when they built it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now