Author Topic: Couldn't successfully setup mail server  (Read 8035 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Couldn't successfully setup mail server
« on: March 05, 2017, 07:06:11 PM »
Hi all,

I tried many things but couldn't setup mail server successfully.
My sending mails do not hit inbox of recipients.

I collected my attemption results here.

I'm using CWP on Centos 6.8.

My running systems:
* "Apache Webserver" running.
* "MySQL Database Server" running.
* "BIND DNS Server" running.
* "Crontab" running.
* "Postfix Mail Server" running.
* "Dovecot IMAP/POP3 Server" running.
* "OpenDKIM" running.

I specified xxxxxx as my domain and IPs below.

On "DKIM & SPF Manager" page, I added xxxxxx.com.db with Trusted Host enabled, KeyTable enabled, v=DKIM1 enabled, v=spf1 enabled.

Quote
; Panel %version%
; Zone file for xxxxxx.com
$TTL 14400
xxxxxx.com.      86400        IN      SOA     ns1.centos-webpanel.com. xxxxxx.xxxxxx.com. (
         2013071601      ; serial, todays date+todays
                86400           ; refresh, seconds
          7200            ; retry, seconds
            3600000         ; expire, seconds
           86400 )         ; minimum, seconds

xxxxxx.com. 86400 IN NS ns1.centos-webpanel.com.
xxxxxx.com. 86400 IN NS ns2.centos-webpanel.com.

xxxxxx.com. IN A XXX.XX.XX.XX

localhost.xxxxxx.com. IN A 127.0.0.1

xxxxxx.com. IN MX 0 xxxxxx.com.

mail IN CNAME xxxxxx.com.
www IN CNAME xxxxxx.com.
ftp IN CNAME xxxxxx.com.
; Add additional settings below this line


xxxxxx.com. IN TXT "v=spf1 mx a"

default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=XXXXXXXXXXXXXXXXX"

I rebuilt mail servers and BIND DNS server.
However mxtoolbox.com returns 1 error and 2 warnings.
Quote
1st error : dmarc   xxxxxx.com   Record Missing
1st warning: spf   xxxxxx.com   No records found
2nd warning: smtp   mail.xxxxxx.com   Reverse DNS does not match SMTP Banner

And I also sent an email to check-auth@verifier.port25.com.
It returns:

Quote
==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   neutral
DKIM check:         permerror
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  srv1.xxxxxx.com
Source IP:      XXX.XX.XX.XX
mail-from:      xxxxxx@xxxxxx.com

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: smtp.mailfrom=xxxxxx@xxxxxx.com
DNS record(s):
    xxxxxx.com. SPF (no records)
    xxxxxx.com. TXT (no records)

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=xxxxxx@xxxxxx.com
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         permerror (key "default._domainkey.xxxxxx.com" doesn't exist)
ID(s) verified:
Canonicalized Headers:
    date:Sun,'20'05'20'Mar'20'2017'20'20:21:13'20'+0200'0D''0A'
    from:xxxxxx@xxxxxx.com'0D''0A'
    to:<check-auth@verifier.port25.com>'0D''0A'
    subject:test7'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=xxxxxx.com;'20's=default;'20't=1488738074;'20'bh=HCUCD5NcipzH9VGYlghyFuRJ7ITprxMz6Z+i7qrE5HA=;'20'h=Date:From:To:Subject;'20'b=

Canonicalized Body:
    test7'0D''0A'
   

DNS record(s):
    default._domainkey.xxxxxx.com. TXT (NXDOMAIN)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)

Result:         ham  (-1.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0002]
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================

SPF and Sender-ID Results
=========================

"none"
      No policy records were published at the sender's DNS domain.

"neutral"
      The sender's ADMD has asserted that it cannot or does not
      want to assert whether or not the sending IP address is authorized
      to send mail using the sender's DNS domain.

"pass"
      The client is authorized by the sender's ADMD to inject or
      relay mail on behalf of the sender's DNS domain.

"policy"
     The client is authorized to inject or relay mail on behalf
      of the sender's DNS domain according to the authentication
      method's algorithm, but local policy dictates that the result is
      unacceptable.

"fail"
      This client is explicitly not authorized to inject or
      relay mail using the sender's DNS domain.

"softfail"
      The sender's ADMD believes the client was not authorized
      to inject or relay mail using the sender's DNS domain, but is
      unwilling to make a strong assertion to that effect.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability to
      retrieve a policy record from DNS.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being absent or
      a syntax error in a retrieved DNS TXT record.  A later attempt is
      unlikely to produce a final result.


DKIM and DomainKeys Results
===========================

"none"
      The message was not signed.

"pass"
      The message was signed, the signature or signatures were
      acceptable to the verifier, and the signature(s) passed
      verification tests.

"fail"
      The message was signed and the signature or signatures were
      acceptable to the verifier, but they failed the verification
      test(s).

"policy"
      The message was signed but the signature or signatures were
      not acceptable to the verifier.

"neutral"
      The message was signed but the signature or signatures
      contained syntax errors or were not otherwise able to be
      processed.  This result SHOULD also be used for other
      failures not covered elsewhere in this list.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability
      to retrieve a public key.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being
      absent. A later attempt is unlikely to produce a final result.

What can I do for this?
Quote
Result:         permerror (key "default._domainkey.xxxxxx.com" doesn't exist)

Last thing, is my rdns checker normal?
Simple rDNS Checker (PTR records)
Your rDNS for IP 10.1.1.1 is set as following:
Quote
(empty)
resolves to:
Quote
k.root-servers.net.
l.root-servers.net.
f.root-servers.net.
a.root-servers.net.
c.root-servers.net.
d.root-servers.net.
b.root-servers.net.
g.root-servers.net.
j.root-servers.net.
m.root-servers.net.
h.root-servers.net.
e.root-servers.net.
i.root-servers.net.
Another check resolves to:
Quote
(empty)
« Last Edit: March 05, 2017, 07:09:39 PM by ozgur »