ok so i disabled the dns of that server…now it shows the thing you showed before
where do i get a record again? to paste into vultr txt?
basically yes, but only the needed ones. like the DKIM and SPF, pretty sure it doesn’t have dmarc record, just copy my screenshot (SP=reject though, I also changed P=reject) Note what I said about the format for DKIM in vultr.
Once in test with mxtools
uhm ‘yes’ to what question>? im totaly lost…im about to backstep into putting things back cause i cant work out the reasoning to make this work for me…im so close apparently to having this…i guess ill have to poke at tryen to figure out where i lost the trail and peace it back to how i can process this without breaking it any more then it is…my fault …i m just slow an I appreciate all you have done…i wont tie you to this any more…=)
Oh, hell! You’re using clamscan! You cannot do that.
You have to use clamdscan or no AV scanning at all. There is no scenario where is reasonable to use clamscan for email. It is about 1GB in size, and takes a couple minutes of 100% CPU usage to start up on a modest server. That’s for every email. That’s not one time (as it would be with clamdscan).
1 Like
no not turn on DNS if you using vultr, its useless
1 Like
ok…ill leave it off…going to go check see if the mail boxes still work…
yep mail is pulling still…websites still up…cool, ill leave it off…
ok, I think we on the wrong name servers, this your domain?
uhm thats not mine…
that was pulled from an example online someplace , sorry. in regards to the screen capture your referring to
can you PM me the name?
the name to what?
check your PM
can you believe that spike and traffic comes off of one email account being spoofed? woe.
(pic from vultr Bandwidth mon)
CPU: 85.6 % /usr/bin/perl -T -w /bin/spamassassin --siteconfigpath /etc/webmin/virtual-serve …
started dealing with the problem on the 19th
kinda lol
close to a fix
DNSSEC has nothing to do with mail.
DKIM and SPF are in Virtualmin. DKIM is documented:
https://www.virtualmin.com/documentation/email/dkim/
And, SPF is basically automatic. It’s just one TXT record in each zone that sends mail. Though you may wish to make it more strict than the default.
Besides, I thought you weren’t hosting your DNS locally (I thought I saw you saw something about using your host or registrar DNS)? Why are you editing DNS on the Virtualmin system at all? You shouldn’t even have DNS feature enabled on a system that isn’t actually hosting DNS.
If you aren’t hosting DNS locally, when you disable DNS feature, Virtualmin will offer a page of suggested DNS records, and SPF will be one of those records. DKIM, too, if you have DKIM setup.
If you are hosting DNS locally, I would assume you already have SPF records, but you can check.
“SPF record enabled” is what you’re looking for.
But, again, if Virtualmin isn’t managing your DNS, you can’t expect anything it does with DNS to do anything. It has no control over your DNS, if you haven’t delegated authority for the zone to the Virtualmin server! (But, it’ll suggest records for you to add to your DNS servers, if you tell Virtualmin it is not in charge of DNS by disabling that feature for the domain.)
1 Like
Understood Joe, thanks very much for taking the time to explain that…I can try and sort this out better, I have aplus and they point the domains to vultr and then i have the virtualmin to do websites and manage emails through virtualmin, I have licence paid and subscribed, just have to figure out what im doing wrong , so Im thinking now that its safe to disable the dns check bock per domain, and let vultr do the connections…yea i have to go through the documentation link you provided. and get my head to wrap around what DNS is and how it apply s to these emails spoofing and stressing the server load…thanks for clarification. sorting out how to implement it =)
There’s not much to figure out if you let the tools do the work.
Virtualmin will manage SPF and DKIM, and it will show you what records you need to create. The DNS component of these is quite simple. One, SPF, is a record that says, “The following IP address(es) are allowed to send mail for my domain”. The other is a record that says, “I will sign email with the private part of this public key.” and receiving email servers will use the public key to verify that someone with the correct private key sent the mail. This is very effective at preventing spoofing of your domain, if you configure them appropriately.
Again, the DNS part is super simple. Virtualmin will do one of two things to make it easy for you:
- If you are hosting your DNS on the Virtualmin server, it will create the necessary records.
- If you are not hosting your DNS, Virtualmin will suggest what records you need to create on whatever servers are hosting the DNS.
If you have DNS enabled but aren’t using it, neither of these features works. Virtualmin thinks it is doing the work for you, so it doesn’t suggest you do anything. So, configure Virtualmin to suit your situation.
If you want Virtualmin (and a secondary that is setup according to our documentation, as you should have two) to act as your DNS server, you need to delegate authority for the zone using “glue records”. Some registrars just call them “name server records” but that’s a little ambiguous.
Oh woe, yes …i get what your saying, thank you.
So if the DNS is about domain name server host…like Aplus, they are the name servers…and or is this i vultr who is hosting the virtualmin? if vultr is where i need to add something like the suggested, I get with them to help me figure out how i am able to add these suggested keys and in what format for them…or is this on the side of Aplus? I did check the boxes as in the documentation in the link you provided for SPF enabling to yes…looks good so far…mail is still working, thanks.
Im glad the Virtualmin is doing allot of the heavy lifting as to make the keys and validations right out of the box like this…happy for that allot .