550-Verification failed for 550 Sender

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu 20.04.6
Virtualmin version Virtualmin 7.9.0

Hi All,

Despite the great support on this forum on the previous issue (that was resolved) I hqave send several days to get my head around this second (and hopefully last) problem that I can’t seem to get fixed, despite numerous advices, forums and searches.

The situation is as following:

Server A is running on Direct Admin and has several hosting packages running and domains attached to it. One of which is hostservice.nl.

Server B is on a different network and runs virtualmin. IP 178.251.27.27. Server A has the A record of a subdomain pointed to this virtualmin server.
afbeelding

On this server I started virtualserver with domain decentraalinternet.nl
This is now working fine.

However, e-mail remains a problem. I created an address robert@decentraalinternet.nl but it keeps on being reject by the remote servers due to reverse DNS not working I assume.

afbeelding
afbeelding1012×627 31.2 KB

When I try to check this, this is the result:

afbeelding
afbeelding1323×926 34.9 KB

I feel I have to do something with this (sub)domain host1.hostservice.nl, create a ptr record maybe on the virtualmin server or so…but this is unknown territory for me.

Can y ou help me?

2

I think the issue is you no MX records for this server plus spf and dmarc.
To exchange mail servers you need Mail Exchange Record so that can find that server.

3

maybe read this thread

so from this just set up a ptr record at your hosting provider, if the allow that, or get them to setup a ptr record for you

4

I forgot to mentioned the ISP allows me to setup reverse DNS. So I set it to:

afbeelding
afbeelding1347×1191 37.2 KB

Not sure if that’s correct though. So I may still have to create another virtual server for host1.hostservice.nl and setup MX records? Or do I misunderstand

5

PTR is not the issue

image
image1282×287 8.73 KB

6

No you just need to add extra records in the dns
like a A record for mail.host1.hostservice.nl pointing to 178.251.27.27 and then a MX record for host1.hostservice.nl pointing to the mail.host1.hostservice.nl

currently if I do a mx lookup I get no result.

image
image1121×332 11.2 KB

7

Great, I’ll give that a try. But just to be sure, these settings are on server A where the domain hostservice.nl is running on, or B, the virtualmin server?

8

I guess, in the section of your first screenshot of the original post. Add the records there.
In other words where ever the DNS records are that your registrar is pointing to for decentraalinternet.nl

Then use mxtoolbox to comfirm settings.

9

Getting closer it seems.

afbeelding
afbeelding730×592 29.6 KB

10

Yep better.
Create a spf for host1, like your current one but use the IP 178.251.27.27, remove ip6 or use the ip6 of the VM server.

image
image1090×340 11.9 KB

Virtualmin does suggest records
image

11

I created one first at Server A where the domain hostservice.nl is running.

image

Still, the result:

image
image1003×260 29.5 KB

That nameserver is the correct one for that server. Does it take time to propagate?

Just to be sure I added virtual server host1.hostservice.nl to virtualmin, it came up with the same spf entry:

image
image1074×331 78.1 KB

Ipv6 should be correct

12

You should disable DNS if your using a external DNS, Suggested will then show.

image

With the spf you need to add a dot at the end of host1.hostservice.nl like you have for hostservice.nl
else it will resolve as host1.hostservice.nl.hostservice.nl

image
image933×250 8.75 KB

13

What a rookie mistake to forget the . (dot). Sorry. Fixed it and spf seems to resolve now.
That suggested DNS setting is a sweet option!

However the 550 error remains…

14

Maybe create a dmarc record.
This may help

15

Succes. But somehow;

image
image720×429 47.6 KB

16

As you can see I am using an e-mail address from domain decentraalinternet.nl that is setup on the virtualmin server. When I perform a mailtest to MX toolbox I’m getting some unexpected results of which I’m not sure how serious all of them are, but one things that bothers me that it still refers to the IP address of the router. The page is too large to display here, but hereś some info:

image

image
image1819×605 64.3 KB

And this is the received header:

Blockquote
From robert@decentraalinternet.nl Fri Feb 23 21:20:16 2024
Return-Path:
X-Original-To: ping@tools.mxtoolbox.com
Delivered-To: tools@tools.mxtoolbox.com
Received: from host1.hostservice.nl (unknown [178.251.27.1])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by tools.mxtoolbox.com (Postfix) with ESMTPS id BFF4AB5F22
for ; Fri, 23 Feb 2024 21:20:16 +0000 (UTC)
Received: by host1.hostservice.nl (Postfix, from userid 0)
id 87D03C0531; Fri, 23 Feb 2024 21:20:15 +0000 (UTC)
From: robert@decentraalinternet.nl
Subject: Mailtest
To: ping@tools.mxtoolbox.com
Message-Id: 1708723215.933094@decentraalinternet.nl
X-Originating-IP: 178.251.27.1
X-Mailer: Webmin 2.105
Date: Fri, 23 Feb 2024 21:20:15 +0000 (UTC)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=“bound1708723215”

This is a multi-part message in MIME format.

–bound1708723215
Content-Type: multipart/alternative; boundary=“altsbound1708723215”
Content-Transfer-Encoding: 7bit

–altsbound1708723215
Content-Type: text/plain; charset=
Content-Transfer-Encoding: 7bit

Testing all settings

–altsbound1708723215
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

Testing all settings

–altsbound1708723215–

–bound1708723215–

17

Its a different domain, you will need to create a new virtual server for that. If your sending a email with address robert@decentraalinternet.nl out on host1.hostservice.nl then its not a matching domain and that the 550 - Verification error as the domains don’t match.

You need to get to this
image

you must be getting close as I see, one duplicate entry

image
image1136×558 21 KB

You really need to get dmarc records on all the domain as gmail. yahoo will bounce without it, doesn’t matter if spf and dkim are correct.

18

DMARC is only needed for Google and Yahoo if you are a bulk sender – Google defines that as 5000 messages per day – Yahoo only uses the term Bulk Sender.

If you are under 5k/day, you need EITHER spf or dkim, with dmarc being optional

if you are over 5k/day, you need all three :grinning:

19

Right, I seen warning about it, never read the detail. Still best to have a dmarc, it protects your domain name being used to spam from a bad server.
I actually thought I saw one of my domains getting refused due to no dmarc. Will have to test.
Yep, I’m wrong, just tested on a domain I don’t use for mail (no dmarc, spf or DKIM) and sent and it failed.
Just added SPF and it worked. Gmail headers
image

20

I’m a little confused. That decentraalinternet.nl domain is an already created virtual server on virtualmin. This is what it created itself:

afbeelding
afbeelding1427×552 69.2 KB

So you’re telling me it needs an additional record? If so, it raises two questions;1) why didn’t virtualmin created that himself if it’s that important and 2) if its a manual job, how am I ever going to get this automised when customers start to use WHMCS to order hosting on this virtualmin server? It needs to be bullet proof.

One other things I noticed; when I use robert@decentraalinternet.nl to e-mail to a hotmail address, it arrives but ends up in spam. I guess the receiving mailserver of the hostservice.nl domain I was using is more strict.

So just to be sure, I need to create that dmarc entry for every virtualserver that’s going to be created?