Control Web Panel
WebPanel => DNS => Topic started by: ljb on December 11, 2023, 10:14:09 AM
-
I recently discovered that rDNS is required to match hostname or FQDN specified within CWP config. If not set the same, CWP declines operate normally and strips your accounts page links of the Domain and forces the IP instead with a result in SSL fail when trying to visit user panels or webmail boxes. I have no desire for rDNS to match the hostname.
Is there a workaround to curb the requirement?
LJB
-
I'm just going to put this here, but if rDNS does not match your hostname, 60-70% of your mail from that server will fail.
-
i would say, for 95% of the people the rDNS is NOT the same as your hostname, because rDNS is something you will get from your ISP and nothing to set on your own.
E.G if you check google, the MX is called
smtp.google.com
But the rDNS or PTR Record is:
mail-ve1eur010036.inbound.protection.outlook.com
This is not the same ;)
also mine is not the same, all i need to do for CWP to make it work is to manually change the name in the postfix main.cf
and change the following line manually to my rDNS name because CWP default wants to set it the same as the hostname
myhostname = RDNSNAME
-
On my mail servers, I check for valid FQDN. Also checking to make sure rDNS matches a forward DNS on the server. But NOT checking to make sure rDNS = hostname. I think that would be an unduly restrictive requirement. My servers are named sequentially srv1.hostname.net, srv2.hostname.net and each has that rDNS in place from the data center/network provider. Forward DNS for my hostname.net domain agrees with the rDNS, so mail goes through just fine.
-
If the mail server is setup correctly, then it will verify the FQDN, rDNS, along with the SPF & DKIM.
Depending on the receiving mail server, it could be sent to null or spam if any or all of the above fail.
rDNS in CWP checks for either rDNS or a PTR record.
Companies like Google, M$ will have both of those setup for each of their servers, since they have plenty of IP space available to them.
A good site to check your server config is at: https://www.mail-tester.com/
-
i would say, for 95% of the people the rDNS is NOT the same as your hostname, because rDNS is something you will get from your ISP and nothing to set on your own.
E.G if you check google, the MX is called
smtp.google.com
But the rDNS or PTR Record is:
mail-ve1eur010036.inbound.protection.outlook.com
This is not the same ;)
also mine is not the same, all i need to do for CWP to make it work is to manually change the name in the postfix main.cf
and change the following line manually to my rDNS name because CWP default wants to set it the same as the hostname
myhostname = RDNSNAME
I don't know about you. But EVERY VPS/Server I have ever rented, I simply emailed support and asked for them to set my PTR record to my hostname. I have never had them tell me no.
-
I'm just going to put this here, but if rDNS does not match your hostname, 60-70% of your mail from that server will fail.
I understand the importance of the hostname to outbound mail server identity matching reverse DNS as it is an authentication method for some recipient mail servers. However, what I don't understand is that CWP is not automatically assuming the identity of the reverse DNS lookup and let the mail server admin decide what the FQDN should be for admin URL.
The question remains, how do I set the FQDN with SSL for the admin panel while still keeping the outbound mail identity vs reverse DNS happy?
-
i would say, for 95% of the people the rDNS is NOT the same as your hostname, because rDNS is something you will get from your ISP and nothing to set on your own.
E.G if you check google, the MX is called
smtp.google.com
But the rDNS or PTR Record is:
mail-ve1eur010036.inbound.protection.outlook.com
This is not the same ;)
also mine is not the same, all i need to do for CWP to make it work is to manually change the name in the postfix main.cf
and change the following line manually to my rDNS name because CWP default wants to set it the same as the hostname
myhostname = RDNSNAME
Credits to Painkiller for providing the answer I was looking for, quoted herein.
For anyone who stumbles upon this in their search for reverse DNS issues, I have my domain configuration as follows:
1. Hostname: srv4.domain.com (set with CWP Hostname settings)
2. Admin panel URL: srv4.domain.com:2087 (SSL issuance works; User panel links are populated with the hostname on condition of point 3. and 4. being set.
3. rDNS (reverse DNS): IP resolves to ns1.domain.com (set at your hosting / or IP provider)
4. Edit "/etc/postfix/main.cf" - #network settings - replace the following entries with
myhostname = ns1.domain.com (should match your reverse DNS entry)
mydestination = $myhostname = ns1.domain.com (should match your reverse DNS entry)
-
Don't forget to issue a SSL cert for ns1 so that your mail server can communicate via tls
-
Thanks for pointing it out. Enlighten me how
-
use acme.sh to generate a cert for ns1.
then change the configurations in /etc/postfix/main.cf
smtpd_tls_key_file
smtpd_tls_cert_file
to point to your ns1 certificate