MXROUTE DKIM and SPF records
Need some help with DKIM and SPF record setup suitable for MXROUTE.
I have 3 proxmox vms - lets call them vma.myfqdn, vmb.myfqdn and vmc.myfqdn with full dns control on my own nameservers
All 3 vms send their emails to a fourth server lets call it ms.myfqdn
vms emails are being delivered (via ms.myfqdn) through MXROUTE. With all my messing around with dns TXT records, the best I get is SPF pass when received email is checked on gmail - which is great (not in spam), but I would like the best. Gmail shows email as coming from vma,b or c.myfqdn which is what I want.
From directadmin (on mxroute) I can see my DKIM and SPF TXT records. Do these records need to be inserted in my main fqdn or do I need to enter them in to each of the vms subdomain records?
Or have I completely misunderstood something?
Comments
assuming youre sending from [email protected]
they need to be inserted at main fqdn level
https://webhorizon.net
This depends on sender address.
If sender address is
[email protected]
:example.org
on MXroute.example.org
domain.If sender address is
[email protected]
:vm1.example.org
on MXroute.vm1.example.org
domain.Accepting submissions for IPv6 less than /64 Hall of Incompetence.
Thankyou @yoursunny and @Abdullah - Understood.
Idealy I would prefer
But the problem is how do you configure postfix on my mailserver (ms.myfqdn) to route to different domain accounts on MXROUTE based on where they were received from i.e. vma,b or c?
or
Is there an easier way of doing things - all I really need is to know the email came from vma,b or c.
Thanks again.
If you are relaying through mxroute, I don't think they are going to attach a dkim record to the outgoing email.
Do you see a dkim record in the header of the email you sent to gmail ?
If so then you need to set up the dkim TXT DNS record on your DNS servers accordingly based on that dkim key.
if not, then you can do it multiple ways, You can set up opendkim on each of the three VMs (vma.myfqdn, vmb.myfqdn and vmc.myfqdn) and setup one default dkim record for the main domain and copy the keys over to the other two VMs. All keys will be the same on all three VMs. Then set one DNS dkim TXT record for the main domain.
or
You can setup opendkim on each of the three VMs and setup unique keys for each subdomain. In which case you would add the dkim default DNS TXT record for each under the subdomain DNS record, not the main domain.
If you are using a from email address when sending mail as [email protected] and you are not using something@myfqdn then I would recommend the second option. If your from email address is something@myfqdn than I would do the first option.
If you are getting a pass on the SPF record at gmail than you are probably setup correctly, but just in case...
You need to have a spf TXT record similar to the below for the main domain name DNS record on your DNS servers.
`myfqdn. 3600 TXT "v=spf1 include:mxlogin.com ~all"
It would help me if I knew what o/s and mail server you were using.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Put them on the same domain:
[email protected]
,[email protected]
, …Accepting submissions for IPv6 less than /64 Hall of Incompetence.
@FrankZ Thank you - very informative. I am using postfix on Debian 11
You are correct MXROUTE is NOT sending a DKIM in the email header.
Yes the second option
Sounds like the way to go.
Have not messed around with opendkim but setup would just be repeated on other servers so don't see it as a big deal. DNS TXT records per subdomain are not a problem.
Gmail gives an SPF pass everytime so yes I also beleive my setup is working.
So (if I understand your comment) rather than relay everything through my mailserver, I could just create seperate accounts for each VM on MXROUTE and tell postfix on each vm to go directly to them. Sounds reasonable @FrankZ what do you think?
Thanks again guys - hopefully this thread will also prove useful for others
I am not as familiar with doing the setup inside of mxroute as @yoursunny so I will defer to him on setting things up inside of mxroute. If you are going to setup opendkim on each sending server then you can relay all three VMs directly through the same account at mxroute and skip the relay server. No need for three mxroute accounts.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Happy to say I now have SPF and DKIM pass on Gmail for my vm's.
Appreciate your suggestion @FrankZ but @yoursunny I think had the easier solution.
For the benefit of clarity -
Created domain and an email account on MXROUTE for each vm.
Configured postfix on each vm to use the MXROUTE account credentials.
Added TXT SPF and DKIM records as shown in dns managament for each VM (on my name servers).
Really pleased I asked as I know I would have eventually got something working but it would have taken a very long time. This way I still learnt and hopefully this can help others.
I hope this shows (to others) how a forum can work
@msatt glad you got it to work the easy way. @yoursunny does normally make good suggestions. Now I should go look at doing the same thing on mxroute.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
@jarland won't be happy delivering cronjob mails
https://webhorizon.net
I did not say these were cronjob mails and I am only talking at most 1 or 2 emails per day per server (3) giving a nightly combined report. I don't think that is unreasonable use although I am prepared to listen to what @jarland thinks.
As far as emails (that I send) they are sent from the Gmail web interface.
Thanks for taking the time to provide feedback - and confirm what worked for you.
Regarding the mentioned cron emails - I don't think daily reports will be a problem with MXroute. As far as I know, cron-created mass-mailing lists are what the service is not intended for, and that's a different matter from what you are doing.
I'll just add this video here, for some shameless self-promotion and in case it helps anyone else (long, boring, tedious, step-by-step, with explanations of what I'm doing and why) - the important part is explaining how to confirm all the SPF, DKIM and DMARC records are configured properly:
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
It's the huge volumes of CSF spam that he really objects to, which kind of makes sense given that they generally go straight in the spam folder anyway.
It's trained me to be more aggressive it turning off a lot of those pointless warnings, so overall a force for good :-)
AFAIK it is not cron related emails that are the issue at all .... instead it is emails that are created from cron jobs that are not properly configured ... i.e. emails from root@localhost, etc.
Recommended providers: BuyVM - MXroute - LunaNode - Forpsi - IntoVPS
Contact me for all of your Mail-in-a-Box email hosting needs at AnyDomain. I am also a proud reseller of MXroute email.