Author Topic: rDNS is required to match the hostname of CWP  (Read 1991 times)

0 Members and 2 Guests are viewing this topic.

Offline
*
rDNS is required to match the hostname of CWP
« on: December 11, 2023, 10:14:09 AM »
I recently discovered that rDNS is required to match hostname or FQDN specified within CWP config. If not set the same, CWP declines operate normally and strips your accounts page links of the Domain and forces the IP instead with a result in SSL fail when trying to visit user panels or webmail boxes. I have no desire for rDNS to match the hostname.

Is there a workaround to curb the requirement?

LJB

Offline
****
Re: rDNS is required to match the hostname of CWP
« Reply #1 on: December 11, 2023, 04:47:52 PM »
I'm just going to put this here, but if rDNS does not match your hostname, 60-70% of your mail from that server will fail.
Google Hangouts:  rcschaff82@gmail.com

Offline
**
Re: rDNS is required to match the hostname of CWP
« Reply #2 on: December 12, 2023, 07:10:53 PM »
i would say, for 95% of the people the rDNS is NOT the same as your hostname, because rDNS is something you will get from your ISP and nothing to set on your own.

E.G if you check google, the MX is called
smtp.google.com

But the rDNS or PTR Record is:
mail-ve1eur010036.inbound.protection.outlook.com

This is not the same ;)

also mine is not the same, all i need to do for CWP to make it work is to manually change the name in the postfix main.cf
and change the following line manually to my rDNS name because CWP default wants to set it the same as the hostname


myhostname = RDNSNAME

Offline
*****
Re: rDNS is required to match the hostname of CWP
« Reply #3 on: December 12, 2023, 10:23:43 PM »
On my mail servers, I check for valid FQDN. Also checking to make sure rDNS matches a forward DNS on the server. But NOT checking to make sure rDNS = hostname. I think that would be an unduly restrictive requirement. My servers are named sequentially srv1.hostname.net, srv2.hostname.net and each has that rDNS in place from the data center/network provider. Forward DNS for my hostname.net domain agrees with the rDNS, so mail goes through just fine.

Offline
*****
Re: rDNS is required to match the hostname of CWP
« Reply #4 on: December 12, 2023, 11:48:11 PM »
If the mail server is setup correctly, then it will verify the FQDN, rDNS, along with the SPF & DKIM.

Depending on the receiving mail server, it could be sent to null or spam if any or all of the above fail.

rDNS in CWP checks for either rDNS or a PTR record.

Companies like Google, M$ will have both of those setup for each of their servers, since they have plenty of IP space available to them.

A good site to check your server config is at: https://www.mail-tester.com/

Offline
****
Re: rDNS is required to match the hostname of CWP
« Reply #5 on: December 13, 2023, 04:43:20 AM »
i would say, for 95% of the people the rDNS is NOT the same as your hostname, because rDNS is something you will get from your ISP and nothing to set on your own.

E.G if you check google, the MX is called
smtp.google.com

But the rDNS or PTR Record is:
mail-ve1eur010036.inbound.protection.outlook.com

This is not the same ;)

also mine is not the same, all i need to do for CWP to make it work is to manually change the name in the postfix main.cf
and change the following line manually to my rDNS name because CWP default wants to set it the same as the hostname


myhostname = RDNSNAME

I don't know about you.  But EVERY VPS/Server I have ever rented, I simply emailed support and asked for them to set my PTR record to my hostname.  I have never had them tell me no.
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: rDNS is required to match the hostname of CWP
« Reply #6 on: December 13, 2023, 06:51:52 AM »
I'm just going to put this here, but if rDNS does not match your hostname, 60-70% of your mail from that server will fail.

I understand the importance of the hostname to outbound mail server identity matching reverse DNS as it is an authentication method for some recipient mail servers. However, what I don't understand is that CWP is not automatically assuming the identity of the reverse DNS lookup and let the mail server admin decide what the FQDN should be for admin URL.

The question remains, how do I set the FQDN with SSL for the admin panel while still keeping the outbound mail identity vs reverse DNS happy?

Offline
*
Re: rDNS is required to match the hostname of CWP
« Reply #7 on: December 16, 2023, 01:10:38 PM »
i would say, for 95% of the people the rDNS is NOT the same as your hostname, because rDNS is something you will get from your ISP and nothing to set on your own.

E.G if you check google, the MX is called
smtp.google.com

But the rDNS or PTR Record is:
mail-ve1eur010036.inbound.protection.outlook.com

This is not the same ;)

also mine is not the same, all i need to do for CWP to make it work is to manually change the name in the postfix main.cf
and change the following line manually to my rDNS name because CWP default wants to set it the same as the hostname


myhostname = RDNSNAME

Credits to Painkiller for providing the answer I was looking for, quoted herein.

For anyone who stumbles upon this in their search for reverse DNS issues, I have my domain configuration as follows:

1.  Hostname: srv4.domain.com (set with CWP Hostname settings)

2.  Admin panel URL: srv4.domain.com:2087 (SSL issuance works; User panel links are populated with the hostname on condition of point 3. and 4. being set.

3.  rDNS (reverse DNS): IP resolves to ns1.domain.com (set at your hosting / or IP provider)

4.  Edit "/etc/postfix/main.cf" - #network settings - replace the following entries with

    myhostname = ns1.domain.com (should match your reverse DNS entry)

    mydestination = $myhostname = ns1.domain.com (should match your reverse DNS entry)
« Last Edit: December 16, 2023, 01:12:22 PM by ljb »

Offline
****
Re: rDNS is required to match the hostname of CWP
« Reply #8 on: December 16, 2023, 01:21:53 PM »
Don't forget to issue a SSL cert for ns1 so that your mail server can communicate via tls
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: rDNS is required to match the hostname of CWP
« Reply #9 on: December 18, 2023, 12:39:01 PM »
Thanks for pointing it out. Enlighten me how

Offline
****
Re: rDNS is required to match the hostname of CWP
« Reply #10 on: December 18, 2023, 09:43:39 PM »
use acme.sh to generate a cert for ns1.

then change the configurations in /etc/postfix/main.cf
smtpd_tls_key_file
smtpd_tls_cert_file

to point to your ns1 certificate
Google Hangouts:  rcschaff82@gmail.com