Hello friends please I can’t send emails to gmail I don’t know why here is the configuration of my dns
emultec.ma. IN TXT “v=spf1 a mx ip4:84.247.135.199 a:emultec.ma include:contact@emultec.ma -all”
_dmarc.emultec.ma. IN TXT “v=DMARC1; p=reject; rua=mailto:contact@amanet.pro; ruf=mailto: contact@emultec.ma;”
and I always have this message
This is the mail system at host amanet.pro.
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
alaaeddine.benabid@gmail.com: host gmail-smtp-in.l.google.com[142.250.27.27]
said: 550-5.7.26 The MAIL FROM domain [emultec.ma] has an SPF record with a
hard fail 550-5.7.26 policy (-all) but it fails to pass SPF checks with the
ip: 550-5.7.26 [84.247.135.199]. To best protect our users from spam and
phishing, 550-5.7.26 the message has been blocked. For instructions on
setting up 550-5.7.26 authentication, go to 550 5.7.26 Email sender guidelines - Google Workspace Admin Help
4fb4d7f45d1cf-5a30bf10c9esi180125a12.226 - gsmtp (in reply to end of DATA
command)
Virtualmin will suggest an SPF TXT record for you in the Suggested Records page. But, since you have some other SPF thing already, you need to include both (I guess…do you know why you have include:spf.antispamcloud.com here? Is that a service you use or your customer uses?).
Anyway, if you wan to send mail from your server, your server needs to be listed in the SPF record in addition to whatever other stuff you have going on. Assuming you really do need to send mail via spf.antispamcloud.com, too, you might want something like:
v=spf1 a mx a:www.emultec.ma include:spf.antispamcloud.com -all
Yours obviously cannot work, as I’ve already explained. But, this one probably would (I’m guessing your A record and MX record are correct).
Mr Joe I have already done what you told me I entered a site that regenerates the SPF and I overwrote the first one with the new one and I still have the same problem
Even with your configuration that you gave me I have the same result Google does not accept the but and the same for the other domains which are on the same server
It might help to gain a little insight into SPF records. There are a number of tools out there. Now you are using a ‘black box’. You don’t understand what the records are. This might, hopefully, help if you see how they are built up from your input.
Note, this one has an entry for 3rd party senders:
Because you no longer have port 25; you’ve been blocked, presumably for sending junk. Based on the errors you sent me via PM, you’re now being blocked on port 25 (maybe by Google, maybe by your hosting provider). You have several problems you have to solve before you can send mail. SPF is one of them. If SPF is right, as it appears to be (unless you’ve broken it again after the last one you posted a picture of), you can move on to the next of several problems.
Maybe you want to verify DKIM is working. Maybe you want to spend time figuring out which of your users or apps is sending a shitload of spam.
Mr Joe you really are an extraordinary man to have always intervened to show me the problem but know that I am here among you to ask for a solution I do not know the nature of your problem and I respect it whatever it may be I am in a bad place because sometimes when I was among the users of other hosting systems their support gives me solutions with a message of the nature or the reason why I had this anomaly but with you precisely you it is completely different it is where you offer me a solution you show me where the problem dear sir I am not an expert and I am not here to know the problem because I already know that I have it but on the other hand I want a solution so that you understand the nature of all my problems it is the IP attacks and the access that I do not know how to have it but someone always takes control of my server and my domain and sends emails from then my server like that I get banned by several antispam and the domain no longer accepts emails that leave my server dear sir how to protect my server in short
You don’t know the problem, though, and you won’t follow my advice to find the problem. I cannot give you a solution to an unknown problem.
You haven’t bothered to even try to find out how abusive mail is being sent. Is it being sent through Postfix? You don’t know because you won’t look at the logs and the mail queue (you keep sending me the logs, but without being able to look at what mail is being sent by whom, I can’t tell you if it’s legitimate or not…also, I’m not your sysadmin…I try to help, but you need to be willing to poke around and see what is happening on your system). Or, is it being sent through an exploited web application? We also don’t know because you won’t read any logs. Or, it could be an exploited user account and they’re running a locally installed script to send spam. Or, it could be a rooted server and you can’t trust anything, not even the logs or any of the system commands (this is unlikely, if it’s an up to date system and you use strong passwords).
If you want me to help you need to take advice for finding out what the problem is.
Look at the Postfix mail queue. Since you can’t send any mail, you probably have a lot of mail in the queue. Are they legitimate? Are they spam?
If you see spam in the queue, you can see who it’s from. You can then drill down into the mail log or journal for the postfix unit to find out more details about how that message ended up in the queue. If it’s a domain owner user (instead of a user within a domain) you can probably assume it’s from an exploited web application dropping it into the queue locally, and you’ll then know which domain is hosting an exploited web app.
If you do not see spam in the queue, it means they’re sending without Postfix. You then need to check the access logs for a site that’s getting a lot of requests to a script that you don’t recognize. Maybe it’ll show up in the error log. I’ve also told you how to check for outgoing packets on port 25, and how to find out what process and user is making the connection.
You need to spend some time reading logs. Not sending them to me; you need to understand what you’re reading so you can take the next step of figuring out if what you’re seeing is abuse, and which user or application is involved.
Mr Joe j ai bien compris mon problem j ai une idee est ce que tu peux me montre comment je securise mon serveur ou bien le postfix que personne ne peux le etuliser sauf les adresse criee sur les domain instale sur le serveur j ai unstale un nouveau serveur comme ca je vais securise de le depart qui ce que tu pense de ca
New server is a good idea. Do a full installation of Virtualmin, not a minimal install.
If you use Virtualmin defaults (and not change anything that you dont understand) you will have a secure server
If you enable fail2ban (with its default settings) it will keep your server safe from brute force attacks
Postfix is secure by default. Do not change anything in Postfix by following random guides on the web. Leave Postfix be. It will work fine as it is.
If you apply mail rate limits (not per minute or per hour, but per day - say 100 per day) the virtual server which sends spam will be blocked and the virtual server which does not will be able to operate normally.
All the above will secure your Virtualmin server. You also need to secure the desktop that you use.
If a hacker has remote access to your desktop PC and you store your root passwords there, the hacker can get to your Virtualmin server. You need to figure out how to secure your desktop. From the history of issues you have had, I would not trust the sanctity of your desktop.
Only if they’re using Postfix to send mail. If they’re abusing a web application to send using their own MTA implementation, it will not go through Postfix, and any limiting you do in Postfix will do nothing.
OP isn’t willing to take a few minutes to figure out how their system is being abused, so there is no simple answer for how to fix it.
That’s correct, Alaaeddine my friend, if any of your virtual servers have a web application that the hackers are abusing then they will be able to send out spam even if you apply all the measures that I have outlined in my message.
Those are good measures to apply on a new server. But if you or your users then install web apps which are not secure, it will cause problems.
Joe and the community have tried to work with you to address this but you have opened multiple threads and for multiple different issues (the most recent one about SSL) and this has caused the suggestions of the community in the older threads to not receive your attention.
yes Mr Joe always there for May der but alas he wants to help me with his handling he forgets or he ignores that I am not an expert and I am not an English speaker that means I find obstacles because he is beyond me of the two that I just said if he wants to help me he asks me for captures on specific things not probabilities that I don’t know what he is talking about anyway thank you to all of you I give up thank you goodbye
Employ someone who is more versed in server management than you are to fix your problems. If you have a language barrier with the good advice that has been passed, that is a problem, maybe if you employ someone to fix your problems they may understand the advice that has been written in many threads
If I had the means for that I would have stayed with cpanel.
why I am here in your opinion mr the hero please next time if you see one of the posts and you can help me I would be very happy and grateful if this is not the case keep your openion for yourself and thank you another time Mr hero @jimr1
Message for people who don’t understand what me and others like me are beginners
here exactly looking for people who are volunteers who are not paid here it is a forum for people who help others if someone wants to be paid they will look on google or on any freelancer platform to pay them. unless you have another idea about the role of a forum you have to go to hell
It could be, but I believe it’s more likely the web application in that domain. If you backup and restore a domain that is compromised, it brings along the compromise.
This would be the nicest situation, actually, but we’re all still guessing because I can’t convince Alaaeddine to look at anything to figure out what’s happening. It would only take a few minutes, but for some reason there is no desire to understand what’s happening.
