HelioHost Posted January 21, 2023 Posted January 21, 2023 Username: keo, Server: Johnny, Main domain: keo.helioho.stHi, I'm at a loss setting up the DKIM records for my Johnny host email account keo@keo.heliolo.st. I selected the Mail Settings Enable DKIM protection and see the configure DNS instructions with I think the public key but I'm not sure what to do next. I'm not using any other server for mail and I don't have a DNS account to log into as far as I know. It looks like I need to create at TXT file on DNS control panel but I don't have a DNS server account. Please point me in the right direction. Thank you!! -- Frank MacLeon
wolstech Posted January 21, 2023 Posted January 21, 2023 You can't set this up yourself on our free subdomains (or any other domain that's using our DNS). Krydos has to do it for you.
Krydos Posted January 22, 2023 Posted January 22, 2023 SPF, DKIM, and DMARC have been set up for the domain keo.helioho.st.
HelioHost Posted January 24, 2023 Author Posted January 24, 2023 Hi, Thank you for setting up the DKIM but I'm receiving the following SPF error message. Is this something that you need to fix? [SPF] keo.helioho.st does not allow your server 65.19.141.67 to use keo@keo.helioho.st Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. On 1/21/23 19:27, HelioHost Support wrote: > SPF, DKIM, and DMARC have been set up for the domain?keo.helioho.st. > > You may view the status of your ticket by visiting: > > https://helionet.org/index/index.php?showtopic=54821 > > Thank you, > Heliohost support > https://heliohost.org/ > https://helionet.org/ > -- Frank MacLeon
wolstech Posted January 24, 2023 Posted January 24, 2023 Looks like it has a typo in it (the ipv6: should be ip6: ), and I usually add +a +mx statements as well, but they shouldn't be needed since the IP is expressly listed. Krydos can check this again when he has a moment. keo.helioho.st text = "v=spf1 ip4:65.19.141.67 ipv6:2001:470:1:1ee::2009 ~all"
Krydos Posted January 24, 2023 Posted January 24, 2023 3 hours ago, wolstech said: Looks like it has a typo in it (the ipv6: should be ip6: ) Ooops, yeah I messed that up. It's been fixed. 3 hours ago, wolstech said: I usually add +a +mx statements as well When I talked to Google support they said to remove all the + symbols, and not to use a and mx at all. They also claim that the DKIM that Plesk tells you to use is invalid because it doesn't include "k=rsa;" but the RFC says that the k flag is optional, and if omitted the default is rsa Quote k= Key type (plain-text; OPTIONAL, default is "rsa"). Signers and Verifiers MUST support the "rsa" key type. The "rsa" key type indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey (see [RFC3447], Sections 3.1 and A.1.1) is being used in the "p=" tag. (Note: the "p=" tag further encodes the value using the base64 algorithm.) Unrecognized key types MUST be ignored. Source: https://www.rfc-editor.org/rfc/rfc6376 Since Google is the pickiest about emails we kind of have to conform to their rules since 63% of our users registered with a gmail.com address. It's kind of annoying that a private corporation has so much power that they can arbitrarily rewrite the rules for the internet without even documenting it anywhere. We have dedicated committees to set internet standards to prevent this sort of thing from happening, but Google thinks they are above the rules.
Recommended Posts