Control Web Panel
WebPanel => E-Mail => Topic started by: DragoCom on December 21, 2023, 04:01:22 AM
-
Something needs fixed in CWP that will allow spf/dkim to work with other domains. It will NOT work with my .cf and .tk domains I have.
<xxxxxx@gmail.com>: host gmail-smtp-in.l.google.com[142.250.102.27] said:
550-5.7.26 This mail has been blocked because the sender is
unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with
either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [upward.cf] with ip:
[xxx.xx.xxx.xxx] = did not pass 550-5.7.26 550-5.7.26 For instructions on
setting up authentication, go to 550 5.7.26
https://support.google.com/mail/answer/81126#authentication
w27-20020a170906131b00b00a1dbd55636dsi190086ejb.801 - gsmtp (in reply to
end of DATA command)
-
SPF and DKIM are part of CWP, but you have to configure it.
-
admin/index.php?module=dkim
/admin/index.php?module=spf
/admin/index.php?module=postfix_manager
Check the box to enable for all new accounts.
-
admin/index.php?module=dkim
/admin/index.php?module=spf
/admin/index.php?module=postfix_manager
Check the box to enable for all new accounts.
Yes I know this and is done already but every email I send from my server to gmail get bounced with that message. So there is n9othing in spf/dkim config to change this. Been through the settings a hundred times now. :(
-
Post one of your domains that's having trouble.
-
I grabbed upward.cf from the original post.
Results from dig TXT upward.cf resulted in NO text records
https://easydmarc.com/tools/dkim-lookup?domain=upward.cf
Shows NO dkim records.
After doing some other investigation, you are not using your CWP for your DNS nameservers. Therefor you would need to copy the SPF and DKIM records over to your nameservers in order for anything to work. If you want everything to work automatically, you would need to use your CWP as your primary nameserver and setup a secondary that receives updates from your CWP.
-
I grabbed upward.cf from the original post.
Results from dig TXT upward.cf resulted in NO text records
https://easydmarc.com/tools/dkim-lookup?domain=upward.cf
Shows NO dkim records.
After doing some other investigation, you are not using your CWP for your DNS nameservers. Therefor you would need to copy the SPF and DKIM records over to your nameservers in order for anything to work. If you want everything to work automatically, you would need to use your CWP as your primary nameserver and setup a secondary that receives updates from your CWP.
I can add records such a A, TXT and etc using Freenom's DNS Manager but I am clueless what I would need to add since I use their dns/nameservers.
-
Your best bet would be to setup private nameservers Freenom unfortunately doesn't have any help articles on how to do it, and I have never used them. But if you go to the domain, and select nameservers, there should be an option for "Private Nameservers" where you can put both ns1.mydomain.com and ns2.mydomain.com with your servers IP. Then set any domain you host to ns1.mydomain, ns2.mydomain.com as their nameservers as well.
-
If a video I just watched, you can register ns1 and ns2 for your domain name by clicking on Management Tools -> Register Glue records
add ns1 -> Your server IP
add ns2 -> Your Server IP
Next go to your domain. Change the nameserver to ns1.yourdomain.com and ns2.yourdomain.com
Finally. In CWP Root. Goto DNS Functions -> Edit Nameserver IPS
Change those to NS1 and NS2 of the domain you just did in freenom, and don't forget to change the IP's to your servers IP As well.
Once your main domain resolves, you can safely change the nameservers of every other domain hosted on your server
-
Just a side note Mate. You might want to transfer your domain away from Freenom before you lose it. They were sued by META in March, and won't be able to renew it when that time comes.
-
Your best bet would be to setup private nameservers Freenom unfortunately doesn't have any help articles on how to do it, and I have never used them. But if you go to the domain, and select nameservers, there should be an option for "Private Nameservers" where you can put both ns1.mydomain.com and ns2.mydomain.com with your servers IP. Then set any domain you host to ns1.mydomain, ns2.mydomain.com as their nameservers as well.
I had my servers nameservers set for a long time and then all of a sudden my sites would not come up anymore unless I used freenom's nameservers.
-
Just a side note Mate. You might want to transfer your domain away from Freenom before you lose it. They were sued by META in March, and won't be able to renew it when that time comes.
Freenom owns the domains, they are free domains offered by freenom's service. The .cf, .tk, .gl are free domain names. You can't transfer them anywhere because they own them.
-
On that note, I certainly wouldn't use a free domain I don't own for a production server. Go register a .com to be your main domain and setup nameservers with a reputable company where you OWN your domain name.
-
.tk domains are great for free test sites, but are useless for setting up servers.
Once you have a regular domain name, registered your DNS names, and given your server a sub-domain name, you can point the free domain to that and setup sites.
-
If a video I just watched, you can register ns1 and ns2 for your domain name by clicking on Management Tools -> Register Glue records
add ns1 -> Your server IP
add ns2 -> Your Server IP
Next go to your domain. Change the nameserver to ns1.yourdomain.com and ns2.yourdomain.com
Finally. In CWP Root. Goto DNS Functions -> Edit Nameserver IPS
Change those to NS1 and NS2 of the domain you just did in freenom, and don't forget to change the IP's to your servers IP As well.
Once your main domain resolves, you can safely change the nameservers of every other domain hosted on your server
Hi, may i ask you a thing about using the own dns servers?
I am actually not using my own dns servers and add all records to my domain hoster, it is working well for me but the reason i did it that way is because i thought if i wanna use my own dns servers, i need to open port 53 in/out and this could be a risk because everyone could use my DNS servers.
Am i wrong with this thoughts or would i really need to open port 53?
Thanks
-
Bind can be configured several way. The way it is configured for CWP is to be an Authoritive server, which means it will only respond to request for domains it holds, when requested from the outside world. I would not be concerned about opening UDP 53 for this purpose.
-
If a video I just watched, you can register ns1 and ns2 for your domain name by clicking on Management Tools -> Register Glue records
add ns1 -> Your server IP
add ns2 -> Your Server IP
Next go to your domain. Change the nameserver to ns1.yourdomain.com and ns2.yourdomain.com
Finally. In CWP Root. Goto DNS Functions -> Edit Nameserver IPS
Change those to NS1 and NS2 of the domain you just did in freenom, and don't forget to change the IP's to your servers IP As well.
Once your main domain resolves, you can safely change the nameservers of every other domain hosted on your server
This domain is not the servers primary domain so I cannot change the server nameservers to these. I have tons of domain names and only a few are freenom domains for small sites, not primary for the server. I have registered the ns1 and ns2 for this domain and will try it in a bit when it propagates.
EDIT: Tried it and restarted dns and got the following error from cwp:
WARNING!
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
I changed the nameservers for upward.cf in the dns file and saved it and restarted dns, apache and nginx.
-
post the log from
journalctl -xe -u named
-
[root@dragon ~]# journalctl -xe -u named
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: resolver priming query complete
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
Dec 21 23:06:16 dragon.gplgoods.xyz named[11138]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Dec 21 23:08:54 dragon.gplgoods.xyz named[11138]: client @0x7f0c100a8b20 127.0.0.1#54090 (.): query (cache) './NS/IN' denied
Dec 21 23:08:54 dragon.gplgoods.xyz named[11138]: client @0x7f0c100b7150 127.0.0.1#45076 (.): query (cache) './NS/IN' denied
Dec 21 23:10:01 dragon.gplgoods.xyz named[11138]: client @0x7f0c100e2d70 192.0.91.177#50948 (www.xxxxxxxxxx.tk): query (cache) 'www.xxxxxxxxxx.tk/A/IN' denied
Dec 21 23:10:01 dragon.gplgoods.xyz named[11138]: client @0x7f0c100e2d70 172.71.165.217#55567 (www.xxxxxxxxxx.tk): query (cache) 'www.xxxxxxxxxx.tk/A/IN' denied
Dec 21 23:18:54 dragon.gplgoods.xyz named[11138]: client @0x7f0c100a8b20 127.0.0.1#38034 (.): query (cache) './NS/IN' denied
Dec 21 23:18:54 dragon.gplgoods.xyz named[11138]: client @0x7f0c100b7150 127.0.0.1#45402 (.): query (cache) './NS/IN' denied
Dec 21 23:19:39 dragon.gplgoods.xyz named[11138]: client @0x7f0c100e2d70 172.253.6.4#39259 (maiL.TMFPrOD.tk): query (cache) 'maiL.TMFPrOD.tk/AAAA/IN' denied
Dec 21 23:19:39 dragon.gplgoods.xyz named[11138]: client @0x7f0c100c5e30 172.253.237.5#34821 (MAil.TMFpROd.tK): query (cache) 'MAil.TMFpROd.tK/A/IN' denied
Dec 21 23:19:39 dragon.gplgoods.xyz named[11138]: client @0x7f0c100c5e30 172.253.4.4#48524 (MaIL.tMfprOD.tK): query (cache) 'MaIL.tMfprOD.tK/A/IN' denied
Dec 21 23:19:39 dragon.gplgoods.xyz named[11138]: client @0x7f0c100c5e30 74.125.179.131#53062 (MAiL.tMfpRoD.Tk): query (cache) 'MAiL.tMfpRoD.Tk/AAAA/IN' denied
Dec 21 23:19:40 dragon.gplgoods.xyz named[11138]: client @0x7f0c100c5e30 172.253.237.2#36231 (mAiL.TmFPRoD.Tk): query (cache) 'mAiL.TmFPRoD.Tk/A/IN' denied
Dec 21 23:19:40 dragon.gplgoods.xyz named[11138]: client @0x7f0c100c5e30 172.253.4.2#43887 (mAil.tmfProD.tk): query (cache) 'mAil.tmfProD.tk/AAAA/IN' denied
Dec 21 23:19:40 dragon.gplgoods.xyz named[11138]: client @0x7f0c100e2d70 172.253.5.5#62471 (MaIL.Tmfprod.Tk): query (cache) 'MaIL.Tmfprod.Tk/AAAA/IN' denied
Dec 21 23:19:40 dragon.gplgoods.xyz named[11138]: client @0x7f0c100e2d70 172.253.237.3#60447 (MaiL.tmfpRoD.Tk): query (cache) 'MaiL.tmfpRoD.Tk/A/IN' denied
I xxxx'd out a customers domain from the log.
-
does " systemctl status named " show that it is running?
-
does " systemctl status named " show that it is running?
[root@dragon ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-12-21 23:58:10 EST; 26min ago
Process: 14036 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 14051 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 14048 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 14053 (named)
CGroup: /system.slice/named.service
└─14053 /usr/sbin/named -u named -c /etc/named.conf
Dec 22 00:23:56 dragon.gplgoods.xyz named[14053]: client @0x7efefc041dd0 127.0.0.1#54376 (.): query (cache) './NS/IN' denied
Dec 22 00:23:56 dragon.gplgoods.xyz named[14053]: client @0x7efeec002720 127.0.0.1#48174 (.): query (cache) './NS/IN' denied
[root@dragon ~]#
-
If it's running, then everything is good. You must have fixed the reason it failed.
-
admin/index.php?module=dkim
/admin/index.php?module=spf
/admin/index.php?module=postfix_manager
Check the box to enable for all new accounts.
Yes I know this and is done already but every email I send from my server to gmail get bounced with that message. So there is n9othing in spf/dkim config to change this. Been through the settings a hundred times now. :(
If you are using the DNS management where your domains are registered, configuring dkim spf will have no effect unless you modifiy dns record there.
-
If it's running, then everything is good. You must have fixed the reason it failed.
My wowonder script states that the password is incorrect and I have changed it in cwp user email accounts as well as in cwp root to the same password and it still fails but works just fine in getting mail in gmail web client.
2023-12-22 19:43:11 SERVER -> CLIENT: 220 dragon.gplgoods.xyz ESMTP Postfix<br>
2023-12-22 19:43:11 CLIENT -> SERVER: EHLO www.upward.cf<br>
2023-12-22 19:43:11 SERVER -> CLIENT: 250-dragon.gplgoods.xyz250-PIPELINING250-SIZE 204800000250-ETRN250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 CHUNKING<br>
2023-12-22 19:43:11 CLIENT -> SERVER: AUTH LOGIN<br>
2023-12-22 19:43:11 SERVER -> CLIENT: 334 VXNlcm5hbWU6<br>
2023-12-22 19:43:11 CLIENT -> SERVER: [credentials hidden]<br>
2023-12-22 19:43:11 SERVER -> CLIENT: 334 UGFzc3dvcmQ6<br>
2023-12-22 19:43:11 CLIENT -> SERVER: [credentials hidden]<br>
2023-12-22 19:43:13 SERVER -> CLIENT: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6<br>
2023-12-22 19:43:13 SMTP ERROR: Password command failed: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6<br>
SMTP Error: Could not authenticate.<br>
2023-12-22 19:43:13 CLIENT -> SERVER: QUIT<br>
2023-12-22 19:43:13 SERVER -> CLIENT: 221 2.0.0 Bye<br>
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting<br>
-
If your password contains special characters, at lot of PHP mail programs will screw up the password.
-
If your password contains special characters, at lot of PHP mail programs will screw up the password.
Does the same thing with a password with nothing but letters.
-
Can't win for losing now getting this with admin at upward . cf
The response from the remote server was:
554 5.7.1 Service unavailable; Client host [209.85.221.49] blocked using zen.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/172.71.97.10