Hi there.
I have created a test email account in VirtualMin for one of my servers.
I can send mail to it (and view it in Read Users Mail), and I can also send mail from it.
But I can’t configure it correctly in Outlook.
I think its the mail server… what should this be?
Any help would be much appreciated.
Thanks,
Craig
Howdy,
What happens when trying to connect with Outlook? Do you get an error of some kind?
And do you see any errors in the email logs, located in either /var/log/mail.log, or /var/log/maillog?
-Eric
I don’t believe it.
I just tried it again to get the error message from Outlook, and its only gone and connected correctly!
I feel a bit silly now!
Whilst I’m here though, is there anything else I should do regarding email to make sure it works properly?
I read somewhere about Reverse DNS? Is this important?
Also, what should I do to ensure that the server isn’t blacklisted or classed as spam?
Many thanks!
Craig
You must have rDNS, SPF and DKIM or Gmail will be the 1st one to mark all your emails as spam. To avoid blacklisting sort the records i mentioned earlier and if you will send marketing/promo emails each one of them must have visible unsubscribe option or link. Last but not least dont forget to have double opt-in or just this is enough to blacklist you.
Hi there,
Thanks very much for the reply! rDNS and SPF were already sorted I think (well they passed the check at allaboutspam).
Regarding DKIM, I have installed this through VirtualMin and enabled it for the domain in question (I had to turn on Bind DNS and then enable DNS against this domain name).
I have signed outgoing emails, in the additional domains to sign for, the hostname was listed, so I’ve also added the proper domain name in here - not sure if I should have.
However, it still appears to fail on the allaboutspam test. In the DKIM section for this reason:
Email contains invalid DKIM/Domain Keys Signature. Published Domain Keys policy does not specify whether to accept/reject such emails. Signing your Outbound emails and clearly specifying a policy to accept signed emails will minimize chances of your Email being considered as SPAM.
The other warnings on this report are BATV, it says this is not used by the mail server, and the RBL (real time black list) shows the email server is listed on one of them (b.baracuda.org).
What should I do for the DKIM issue? And do i need to worry about BATV and RBL?
If this helps, this is in the original message that I tried to a gmail account (went into spam).
dkim=temperror (no key for signature) header.i=@kevknightwindows.co.uk;
Yahoo shows this in the header:
Authentication-Results: mta1095.mail.ir2.yahoo.com from=kevknightwindows.co.uk; domainkeys=neutral (no sig); from=kevknightwindows.co.uk; dkim=permerror (no key)
There is also a DKIM-Signature: bit with lots of info in there, would it help posting this?
The only thing I have done to the virtual server regarding DNS, is to turn on the DNS Enabled setting. Do I then need to add a DNS entry myself against the domain name for where it is registered? Or does BIND DNS take care of this?
Many thanks again for the help so far!
Craig
Easiest solution is to host DNS on your server and sort your DNS records locally. This will reduce the chance to get any errors. For the blacklist i know for Barracuda and Sorbs (you are listed with both of them + few more) you must contact them to solve the problem. Keep in mind to do this AFTER you sort all your problems if not you will be listed back in no time. Especially Sorbs who is pretty aggressive what they show by blacklisting almost entire Gmail IP range. If this happens then you could have problem delisting again as some of them can reject your application.
But checking your domain i saw another problem, your nameservers are allowing recursive queries. This is really bad as can be used in amplification of DDoS attacks at which point your server provider or ISP will immediately suspend (and probably delete) your service/account, no question asked.
Thanks for your reply again.
How do I go about hosting the DNS on the server and then sorting them locally? I haven’t done this before so sorry for having to ask.
Regarding the nameserver issue, what can I do to solve this?
The nameservers have been left as they were (from where the domain is registered…)
By the way, how could you tell this was an issue? I just did a quick check and it said it wasn’t at risk.
How do I go about hosting the DNS on the server and then sorting them locally?
With your domain registrar sort your nameservers as ns1.yourdomain.com -> yourserver ip and ns2.yourdomain.com -> your server ip (ip can be same as ns1 or different). Then check under Vmin - System - Features and see if “BIND DNS domain” is enabled, if is not then enable. Then make a backup! of your website (db and files) and then delete that virtual server. Recreate new virtual server with same domain and Vmin will sort your DNS. Dont forget to enable SPF and DKIM for this virtual server. This is maybe not the best solution but is one of the quickest.
Regarding the nameserver issue, what can I do to solve this?
If you recreate your virtual server as i mentioned earlier it should be ok.
By the way, how could you tell this was an issue?
Something changed from last time and recursive queries are ok but now you have a lot more issues. http://www.intodns.com/kevknightwindows.co.uk
It is safe to ignore “Different subnets” and “Different autonomous systems” but the rest must be repaired.
Thanks again for the reply.
Here is what I did before your reply, and why the DNS results were different second time you looked.
1/ Against the domain name with the registrar, I altered the nameservers to ns1.kevknightwindows.co.uk. and ns2.kevknightwindows.co.uk.
2/ Against the DNS Record for the Virtual Server (within VirtualMin itself), I added an A Record for each nameserver above, and pointed to the IP Address of the server.
BIND DNS is running, and is/should be being used by this domain.
The bit in that DNS report Missing NS records at parent servers and Missing NS records at local servers is confusing me. green6119.server-cp.com is the hostname of the whole webmin/virtualmin installation.
Have I missed something in what I did? Or am I going along the right lines? Whatever I did do has meant gmail is showing dkim as pass in the header. So thats good I think, but as you pointed out, there are a few more issues that I need to sort… and I would really appreciate your help further with this if you wouldn’t mind?
Ok, so after a lot of playing around and trial and error, I’ve managed to more or less remove all of the issues from the intoDNS site.
The only thing I’ve got is SOA warning. green6119 is the host name of the whole server. Below is the warning in SOA.
SOA MNAME entry WARNING: SOA MNAME (green6119.server-cp.com) is not listed as a primary nameserver at your parent nameserver!
What can I do to sort this?
Thank you so much, I think I have done it.
I’ve checked intodns and it looks correct to me.
Are you in agreement that I have done it all, and the emails should send correctly and not be marked as spam etc.?
If there is anything else I could do to generally improve things, I’d love to hear them…
This is just one example i’m using but ofc the values can vary and it will be ok if you stay inside the limits:
@ IN SOA ns1.yourdomain.com. hostmaster.yourdomain.com. (
2016060503
10800
3600
1209600
3600 )
Are you in agreement that I have done it all, and the emails should send correctly and not be marked as spam etc.?
No as i dont know your situation but looks like it could be ok. Best to visit “https://www.unlocktheinbox.com/resources/emailauthentication/”, send the email and wait few minutes to get the report back to you.
Thanks very much. I’ll give that link a try.
My final question (I hope).
Now that I set the nameserver, can I use this for other domains, or do I create a new nameserver per domain?
If other domains will go in the same Vmin like your first domain you can use same nameservers. Actually i would suggest that so in the future if you change IP or move to another server you will have less modifications to carry on.
Ah I see.
And what about if it was on another server with another vmin?
You cant have same nameserver with diferent IP whatever you want to achieve.