virtualmin email with 3rd party DNS.

I would like to know a little about what I need to do to setup mail on a domain through virtualmin if domain DNS is hosted elsewhere, say cloudflare.

So, I have a VPS with virtualmin installed (IP 123.123.123.123). I also have a domain example.com that had name servers set to cloudflare, so I can manage DNS records on cloudflare (note, I can add/edit/remove any DNS records for this domain).

Can someone explain to me the correct way to setup mail accounts for example.com, say admin@example.com. also, what if I wanted mail accounts on a sub domain as well, like admin@sub.example.com, what is the process?

Thanks in advance. :slight_smile:

Howdy,

It’s no problem to do that – just make sure that the “DNS Domain” feature is disabled in Edit Virtual Server -> Enabled Features. That needs to be disabled if DNS is hosted elsewhere.

After that, you can setup email accounts in Edit Users -> Add a user to this server.

-Eric

PS: my server IP 123.123.123.123 is not blacklisted either (according to mxtoolbox.com).

Hey andreychek,

Sorry i sort of need a bit more clarification of what other things i need to do on my DNS host to do this.

For the conversation:
Mail/Virtualmin Server (one in trying to setup mail on) Host name: server1.mydomain.com
Server IP: 123.123.123.123

So, is it correct for me to do this:
On cloudflare/DNS Host, create following DNS records and no other DNS records at all (im trying to create admin@example.com and admin@sub.example.com):
MX: @ -> server1.mydomain.com
MX: sub -> server1.mydomain.com

Then i login to virtualmin on server1.mydomain.com, and create a new Virtual Server for sub.example.com, under Enable Features i tick ONLY <Setup virus filtering?, Accept mail for domain?, Setup spam filtering?>. Then i click edit mail aliases, and add an alias for admin@sub.example.com, and set it to forward to myemail@gmail.com.

Now i use another mail provider/address (Yandex for example) and send an email to admin@sub.example.com and i get the following “Undelivered Mail Returned to Sender” msg from my virtualmin host domain : MAILER-DAEMON@server1.mydomain.com

This is the mail system at host server1.mydomain.com.

I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

               The mail system

myemail@gmail.com (expanded from admin@sub.example.com): host
gmail-smtp-in.l.google.com[2607:f8b0:4002:c07::1b] said: 550-5.7.1
[MY_SERVER_IPV6_ADDRESS 12] Our system has detected that
550-5.7.1 this message is likely unsolicited mail. To reduce the amount of
spam 550-5.7.1 sent to Gmail, this message has been blocked. Please visit
550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131
for 550 5.7.1 more information. q26si17009103yhg.97 - gsmtp (in reply to
end of DATA command)

Delivery status:

Reporting-MTA: dns; server1.mydomain.com
X-Postfix-Queue-ID: 7A1CD880CA1
X-Postfix-Sender: rfc822; myyandexemail@yandex.com
Arrival-Date: Tue, 22 Jul 2014 00:08:48 -0400 (EDT)

Final-Recipient: rfc822; myemail@gmail.com
Original-Recipient: rfc822;admin@sub.example.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [MY_SERVER_IPV6_ADDRESS 12] Our
system has detected that 550-5.7.1 this message is likely unsolicited mail.
To reduce the amount of spam 550-5.7.1 sent to Gmail, this message has been
blocked. Please visit 550-5.7.1
http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550
5.7.1 more information. q26si17009103yhg.97 - gsmtp

Ideas?

Is this due to needing to setup some SPF records maybe? IF so, how do i set that up (what should it say?)?

PSS:
I also realised that the very first msg i attempted to send from myyandexemail@yandex.com to admin@sub.example.com (that gets forwarded to myemail@gmail.com) responded with the following error:

(expanded from ): host gmail-smtp-in.l.google.com[2607:f8b0:4002:c07::1a] said: 550-5.7.1 [MY_SERVER_IPV6_ADDRESS] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. m45si41775777yhm.149 - gsmtp (in reply to end of DATA command)

I havent gotten this error since (the error/response im getting now is the one i dumped earlier), but maybe this is what is causing the issue? I tried disabling all the IPV6 addresses on my VPS Host control panel and reatsrted the system, however the response i get is the one quoted at https://www.virtualmin.com/node/33625#comment-134891, and it still shows the IPV6 address from my server. If i were to make it use an IPV4, do i need to do any more setting changes on Virtualmin/webmin? If so, please let me know what i need to do? If this shouldnt be an issue, ignore this msg and suggest me other ideas of ways to narrow down :slight_smile:

Thanks in advance.

Howdy,

Just to verify – it’s just the DNS that’s hosted at a third party provider, you will be hosting your email on your Virtualmin server though?

-Eric

I’m wondering why DNS for domain has to be disabled. Doesn’t that have to be working for DKIM functionality? What will happen if DNS for domain is left on when DNS is hosted elsewhere?

Further to the above, I’ve done some testing. If DNS for Domain is disabled in Enabled Features, email signing does not occurr, even when DNS is served from a third party (I use DynECT). Re-enabling DNS for domain, the emails are DKIM signed again.

I’m also wondering why no one responds to any of my posts. Do I have to be a paid Virtualmin user to participate in these forums?

Howdy,

What will happen if DNS for domain is left on when DNS is hosted elsewhere?

The trouble there is that if Virtualmin thinks it needs to manage DNS records, it will add in what it thinks your IP addresses are to the DNS on your Virtualmin server. And those won’t necessarily match what’s at your third party provider.

So any DNS lookups performed from your Virtualmin server will use the locally created IP addresses, and not your third party provider.

That can be okay, so long as you keep it all in sync, but that can be quite a hassle :slight_smile:

Regarding DKIM signing – is it that the messages aren’t signed when DNS is disabled, or that the signatures aren’t being validated? As you’d need to copy the DKIM keys that are being generated into your third party DNS providers records.

Though I’m not sure how all that would work, it’s possible Virtualmin doesn’t attempt DKIM signing if the DNS feature isn’t enabled.

And regarding folks responding to your posts – everyone is welcome to post here. If someone doesn’t respond, it likely means no one knows the answer :slight_smile:

-Eric