Howdy,
just updated and migrated my VPS to Rocky 9.1
This was planned so I could move forward from CentOS 7.x
FYI, went smooth(mostly) and I am happy with the new OS for Vmin.
However, I also wanted to update my mail server to use DKIM and IPV6 so my email could be more flexible and accepted by the big tech mail providers.
So my concern and why I am looking for others input is as follows:
A). 5 domains, on 1 ipv4 and ipv6 address
B). Can DKIM deal with shared IP
C). The RDNS goes to mail.primary.net only
D). I DO NOT host my own Name Servers
Mail servers can be fussy and fragile which is why I am hestitating and would like others thoughts.
Appreciate any help,
Joe
I use primarydomain.tld for RDNS. I have never used mail.primarydomain.tld so I don’t know if it will work or not.
It is not essential for you to host your own name servers (i.e. use Virtualmi’s nameserver) and if you manually copy over the DNS settings for a virtual server from Virtualmin’s DNS to the third party DNS service that you are using, you will be fine.
Howdy,
thanks calport and joe.
Calport, my mail servers work fine. Let me clarify my concerns.
My Vmin VPS gets the warning from my mail clients(Seamonkey and T-bird) that my mail.virtualdomain1.tld does not match the RDNS which is mail.mydomain.tld it points out that there is a mismatch in domain names. This is the reason I have been hesitant on DKIM, thinking it may complicate this client-mail situation worse.
In Vmin the configuration for DKIM it has a box “Extra domains to sign for”.
The “Extra domains etc” is populated with the FQDN(node2.mydomain.tld) and the hostname(node2) but none of the virtual domains are listed(virtualdomain1.tld, virtualdomain2.tld, etc.). Vmin generally is very good with suggesting proper default info(in my experiences).
Joe, yes that is clear and proper with my RDNS
Also, my apolgies if my concerns are not clear.
Thanks Again,
Joe
You’re misinterpreting the error. I don’t know what error you’re seeing, but a PTR record is not required to match any domain name you’re hosting mail for. It can’t. PTR record can only ever be one unique IP with one unique name (er, you could have multiples but you should not have multiple PTRs).
If you want to post the exact error, we can probably help you figure out what’s actually going wrong. It is not PTR record, unless your PTR record doesn’t resolve back to the same IP. That’s the only requirement for a PTR. It needs to resolve the same in both directions. It does not need to match any given domain. Your server can send and receive mail on behalf of a gazillion names, it can only have one PTR.
I’m still not clear what problem you’re encountering with DKIM.
As far as I know, if you paste the public key created on the server hosting the mail into the DKIM entry on the authoritative DNS, it should work. It’s just math. The recipient servers don’t know nor care where the key was created as long as the pair match.
Hi,
my bad for poor error handling Joe! Its the SSL not matching the name of the machine that the email clients complain about. That is from my single IP not from my Vmin config. My concern is the DKIM verification would be odd like the SSL dilema is.
Calport thank you, I have not encountered any problems, yet. This is why I am trying to grok DKIM and virtual domains.
Yes, understood. So the DKIM doesnt care about PTR or RDNS? Just the .txt
“PAIR” is the question. If i put all 5 of my domains in the “Extra domains to sign for” box, thats it??
Will the DKIM do verification that SSL will not because of the single IP?
I will down the server tonight and clone the drive so I can actually make the DKIM .txt and see what evolves.
Again I apolgise if this is unclear. I am trying hard to not bork my server.
Thanks to both of you for the time,
Joe
Well… Yes and no. DKIM is a matter of the keys pairing. But your mail isn’t likely to go far unless rDNS and SPF also check out.
The SSL (actually, TLS most of the time nowadays) is a whole 'nuther issue. Most mail servers require it just to connect. You need to get that fixed before you even bother with the finer points. But yes, the key pair can cover multiple domains.
Having rDNS “check out” just means that a PTR exists for the IP, and the name in that PTR resolves back to the IP. I want to be very clear about that because people always think the PTR needs to somehow match the domain(s) they’re sending mail for. It absolutely does not, and it cannot in a virtual hosting system because you’re hosting many domains, and you should only have one PTR per IP address.
Hello,
I dont think I asked about PTR? As I commented in OP my PTR/RDNS is fine. 1 IP, with my primary domain reversing back to it. Going to try and close this thread as its already derailed.
Thanks to All for Replys
Joe
No big deal, you’re not alone. It really is among the most asked questions.
Mark whichever comment you think best answered your original question as the “Solution” and the topic will auto-close in a few days. (Click the “…” at the bottom beside “Reply” to see the extra options including Solution).
Howdy,
I want to Close this thread but before doing so, I would like to share my experiences.
Virtualmin does make DKIM and DMARC extremely easy if…you are hosting your own nameservers. The small issue I ran into was the TXT records that Vmin created were not “normal” for my VPS host and their nameservers(Linode). The TXT record that Linode expected should not have double quotes and newlines(slashes and spaces) contained within. Linodes DNS Manager did not throw any error which tells me they dont sanitize or sanity check the TXT info. However after finding a DKIM records test that identified the issue and cleaning the TXT record, everything works as expected.
Also since @Joe and I were having a side discussion about PTR I felt it should also be commented on. It was a mispeak from my description in the OP. The mismatch is caused from having an SSL cert on a single IP for the mail server but having 5 domains hosted from it. The fix or proper way to handle this is to point mail clients to the host that actually has the SSL cert.
Well dunno if it helps but I finally found a good solution to clear up a lot of my mail issues I figured I’d share it with you at current if you don’t go too nuts with emails it is a free service zoho.com was the way to go for me it saved me a bunch of headaches especially having no port 25 anymore as my ISP closed a loophole I was using sending my mail through their mail server via relay. Now all my mail is handled on zoho free of charge and it matches my domain name. One less thing to mess with I still get all my local mail for the server telling me things that happen on the server but mail to and from external sources are through Zoho not my first choice but I will say after using it a bit now I have grown fond of it. And no this isn’t an advertisement nor do I know the person all I know is they provide a good free service if you want domain mail for free. Enjoy!