Hi guys, I have many weeks trying to solve this problems with DNS and emails. Really I read hundred of tutorials and step by step instructions and copypaste lot of stuff that I don't understand, but I would want to hire somebody that knows what he does and get it to work all well. May be you can advise me how to proceed. Below I pasted links with the results of the DNS tests for IPv4 and IPv6. Also SMTP. I think the errors still there but I don't know where to start to fix them all. My hostname is Code: ns1.etruel.com And the domain is Code: etruel.com DNS Tests IPv4 https://network-tools.webwiz.net/dns-report.htm?domain=etruel.com&mail=true IPv6 https://network-tools.webwiz.net/dns-report.htm?domain=etruel.com&mail=true&IPv6=true SMTP test https://mxtoolbox.com/SuperTool.aspx?action=smtp:ns1.etruel.com&run=toolpage# I have debian 8 with postfix. I can also attach a rejected email to see some errors pointed by gmail thanks
hey did your DSN test as a test to your domain at www.dnsstuff.com. Ok there are some problems listet, nothing grave. I come to this later. What problem do you realy have, according the test all should work fine. Can you give us are more detailed information on your system, i.e. ISPConfig version, is your server directly connected to the internet or behind a firewall / DSL router etc. The problems are 1. only one mailserver, thats absolut ok, many domains have this, there ist al least no redundancy but on a stable system wich no to less downtime that's acceptable. If your system is down you can not receive mails, but if you get up your system in less than one to two days mail are normaly bufferd at the send and resend if your system ist up again. 2. your primary and secondary nameserver are on the same subnet even they seam to be on the same system. Thats absolutly not recommended, bust still ok if it is just you are the only on who depends on that namesever. Again if your system running your nameserver fails, nobody will reach any of your service, mail web etc. as there will be no name resolution possible. If your system hosts the postfix beside bind, it not a problem too, as if name service will work, mail would not be delivered anyway. On the other side I do not think with ISCPconfig you could set ab primary an secondary nameservers on the same system 3. your nameserver shows its version, solution see https://www.cyberciti.biz/faq/hide-bind9-dns-sever-version/ 4. SOA field has a expire time outside RFC rcomendation, not a big problem, but you should change it. Even there are some expiration time recomendatios in the net which are not inside RFC recomentations. Any case that not a real problem 5. your missing postmaster and abuse accounts, that is violating RCF too, but it is not a big problem, some other do nit have them to prevent SPAM to these accounts. I found out with a good SPM filter thats not a problem at all. In any case you can redirect them to your account, so you have not to look at these accounts separte. You wrote you di cut and paste a lot of stuff you did not understand. that's no good, you should alway understand what you doing, Google helps a lot. On the other side if you did setup you system a recommed followin https://www.howtoforge.com/tutorial/debian-8-jessie-minimal-server/ and https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/ you don't have to touch any config file other notet in the tutorials. Rainer
In case you need help by remote login, then you might want to contact Florian from ISPConfig support here: http://www.ispconfig.org/get-support/?type=ispconfig
Hi, thank you all for the answers! May be I'm wrong, but I think my tests results posted above, are more clear by showing what is wrong than dnsstuff. Anyway I have no time to learn this for a production website. There are too many variables and different ways, I need this working asap. As seems only gmail are rejecting the emails from some domains of the IP. SMTP are not working just for a domain and IPv6 has missed many configurations. I'll try to contact @florian030 there. thankyou again
The main problem you have not accepting mails by some mailservers ist SMTP Valid Hostname Reverse DNS is not a valid Hostname That means you have to have an reverspointer resolving the name of your mailserver. So go to your provider or the organisation which maintains your IP address(es) and ask them to alter the in.addr.arpa record that it points to the FQN of your mail server. All other failures are minor but should be fix. I described the reasons above
btw. you should update you knowledge about IP, DNS, and SMTP, isteadt of boring the payed support here.
@muekno: Even if it might be boring what he is asking for, etruel is a paying subscriber, so what's wrong expecting him to get the best answers to his questions in this rather than in the public forums? I'm just asking because maybe I also should post my questions in the public forums...what exactly has to go in here? Sounds a bit like, you already have to be a professional and then pay for what you should already know?
@schmidtedv as you see I answered his questions in a long way, explained his problems and how to solve it. Thats one thing. Maintaining server on the internet ist still a think where you should know what your doing and a responsible thing. I my be wrong but etrol seams to have no knowledge at all about the things he does, nor he can interprate the errors in the test tools. If he would try google, he would get solutions en masse, if he could understand them. But he seams not to be willing to learn. If he had as he wrote "months" of time he should have took that time to build up a litte bit of knowledge instead of copy and paste unnecessary tons of code in config files. Setting up ISPConfig as recommended you do not need to copy one line of config files and the system is running well. OK he pay, he got good anwsers, so it is to him to fix his problems. he wrote "Really I read hundred of tutorials and step by step instructions and copypaste lot of stuff that I don't understand" that means for don't touch things I do not know anything about and I do not understand. He wrote too he would hire somebody, that good, but I do not understand, that he could not find local support. In any way I tried to lead him on the right way.
@muekno: Sorry, I didn't want to criticize your help! I was just thinking, in this case maybe it would have been possible just to explain him that there - specially in a forum conversation - is no more or better information that might help him out. Boring just sounded a bit derogatory to me.
thanks to all, guys. @muekno I have weeks trying to learn about this with google and ISPConfig (step by step tutorials is just right what I mean when I said copypaste lot of stuff...). I learned a lot but in this case, when I fix something another thing it's broken. That is really boring and frustrating. But this is not a test site, I need this working ASAP then I just asked for a professional that can login and fix it for me. It's all. Thanks for your help.
@etruel as I tried to explain to you, your main problem i the missing correct reverse pointer to your mail server. There must be a in.addr.arpa point to the name your mail server sends. Go to /etc/postfix/main.cf look for a line "myhostname = ...." that name i.e. mail.etruel.com ist the name postfix sends to the receiving mailserver with i's own IP. For SPAM protection the receiving mailserver does a reversepointer lookup https://en.wikipedia.org/wiki/Reverse_DNS_lookup and compares it to the name from myhostname. If it matches it is ok, if not the mail is rejected. The reverse lookup for your IP address resolves "90.210.240.66.in-addr.arpa. PTR IN 43200 41ms etruel.com." but should resolve in mail.etruel.com. Thats nothing can be solved with remote login, that must be changed from your IP Provider on your request, they will and must do it. A newer check of your domain shows you have some thing fixed in the meantime, you should still fix Acceptance of postmaster and abuse, just create accounts with that name best with a redirect the to you mailbox. You should correct the soa expiration time in ISPConfig, you should suppress BIND Version in /etc/bind/named.conf.options furter details see https://www.cyberciti.biz/faq/hide-bind9-dns-sever-version/ , only one MX record ist OK. I see thats all on the same public IP address so I hope you have a well designed firewall. A scan of your IP shows Nmap scan report for etruel.com (66.240.210.90) Host is up (0.18s latency). Not shown: 93 filtered ports PORT STATE SERVICE 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 443/tcp open https 995/tcp open pop3s 3306/tcp open mysql at least the open 3306/mysql ist critical. If you need to access mysql from remote, you should install a VPN for that. Also you shoud think about 80,110 better to use 443 995 instead. What I am missing is IMAP, which st much better than pop3. I hope you will be able to fix that yourself, without remote login. Rainer
A small hint, if mail.etruel.com is myhostname in main.cf: This also would have to be the same as what's written in /etc/mailname ! Actually, it doesn't have to be your Reverse-DNS, but Reverse-DNS should be a FQDN (server.etruel.com would be fine) that is also used in your /etc/hosts file and your /etc/hostname would have to be just "server" in this case. Finally "myhostname" should be/have at least a real MX-Record and a real A-Record and your Reverse-DNS has to be/have a real A-Record, too! Am I right so far, Rainer?
@schmidtedv in princip yes, my preferred testtool www.dnsstuff.com the domain check say ist is all ok except the points i mentioned above. The myhostname in main.cf may be the FQDNS server name, but must not. In enviorements with one IP like above it ist most the same, in multiple ip envoirement often not, so your server may be server.maydomain.tld listening on one ip and myhostname may be mail.mydomain.tld an my listen to another ip or even the same. In any case there must be a reverse pointer to the ip the postfix is sending coresponding to myhostname. But we should not more confuse etruel. As I found out his mailserver responds with mail.etruel.com the reversepointer for 66.240.210.90 should resolve to mail.etruel.com while at my last check it resolves to etruel.com. The minimun DNS entray he should have NS record for ns1 NS record for ns2 A record for ns1 A record for ns2 A record for mail MX record for mail optional but very meaningfull A record for servername @etruel What should fix to is move the ns2 anywhere else, normaly providers will install a secondary nameserver. Rainer
