Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    ElasticEmail dns record problem... i guess?

    Support
    relay mail elasticemail
    3
    7
    574
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DanTheMan
      DanTheMan last edited by girish

      Hi everyone,

      Can somebody point me into the right direction, to solve my last error i get when i check my mail-score at mail-tester.com.
      The score gives me a big 10, so i should be happy with that, but....

      When i look at the Dmarc-test details i discovered the line that says:
      "mail-tester.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=example.com header.i=@example.com header.b=PbG0+owL; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=elasticemail.com header.i=@elasticemail.com header.b=WSscCazF; dkim-atps=neutral"

      For dns setup i used the following records:

      SPF: "v=spf1 a:my.example.com a mx include:_spf.elasticemail.com ~all" ( I edited this record)

      DKIM: TXT record for api._domainkey.example.com with value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

      Tracking: CNAME record for tracking.example.com to api.elasticemail.com

      Bounces: CNAME record for bounces.example.com to bounces.elasticemail.net

      DMARC: TXT record for _dmarc with "v=DMARC1;p=none;rua=mailto:webmaster@domain.com;pct=100;ruf=mailto:webmaster@domain.com;fo=0:d:s;aspf=r;adkim=r;"

      MX: MX record for my.example.com (this was already in place)

      Where example.com is my actual domain, removed it for privacy reasons.

      Do i overlook something or is it a dns-resolving problem somewhere, or maybe it's mail-tester.com that shows a problem that i don't have?
      This thing keeps me busy now for days and normally i solve things on my own, but this time i can't 😕

      marcusquinn 1 Reply Last reply Reply Quote 0
      • marcusquinn
        marcusquinn @DanTheMan last edited by

        @dantheman Odd, if you've followed everything with EE instructions, it should all be good.

        One caveat, don't use Cloudflare DNS proxy on the bounces and tracking CNAME records.

        You could try wrapping the DKIM TXT value with quotes, so:

        "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB"

        Here's my related working Cloudflare records on one domain using EE for reference:

        feafa88e-94ac-4eec-8469-ebf210e72f15-image.png

        292859e7-504b-499f-ab25-85f68adb05c6-image.png

        2a9d2636-faa8-4f58-a5b5-e2bdc95a4584-image.png

        We're not here for a long time - but we are here for a good time :)
        Jersey/UK
        Work & Ecommerce Advice: https://brandlight.org
        Personal & Software Tips: https://marcusquinn.com

        DanTheMan 1 Reply Last reply Reply Quote 0
        • DanTheMan
          DanTheMan @marcusquinn last edited by DanTheMan

          @marcusquinn said in ElasticEmail dns record problem... i guess?:

          "

          Thanks for helping me out and sharing your config.. 👍👍

          I did tried it the first time, wrapping the DKIM TXT with quotes .. but that doesn't seem to change it also...
          I just rolled it back now just to be sure, so it's wrapped with double quotes again at this point.

          I did another test at appmaildev.com to see what they are saying about my records...
          funny 🙄
          Because now the output of every record passed the test with a full green text "Passed" and no Fails at all...

          this is the output of that test:
          _dmarc.example.com: v=DMARC1;p=none;rua=mailto:webmaster@domain.com;pct=100;ruf=mailto:webmaster@domain.com;fo=0:d:s;aspf=r;adkim=r;
          Received-SPF: pass (appmaildev.com: domain of my-name=example.com@bounces.example.com designates 54.36.22.222 as permitted sender) client-ip=54.36.22.222
          Authentication-Results: appmaildev.com;
          dkim=pass header.d=example.com;
          spf=pass (appmaildev.com: domain of my-name=example.com@bounces.example.com designates 54.36.22.222 as permitted sender) client-ip=54.36.22.222;
          dmarc=pass (adkim=r aspf=r p=none) header.from=example.com;

          Where "example.com" is my actual domain redacted for privacy

          SPF: Pass
          DKIM: pass
          DMARC: pass
          DomainKey-Result: none (no signature)
          If DKIM result is passed, you can ignore DomainKey result: none
          Notice: DomainKey is obsoleted standard, the new standard is DKIM.

          PTR: ExistsRecord
          RBL: NotListed

          marcusquinn girish 2 Replies Last reply Reply Quote 1
          • marcusquinn
            marcusquinn @DanTheMan last edited by

            @dantheman Strange, sounds like you're doing all the right things.

            I guess the real test is just straight-up real user delivery tests.

            Maybe more relevant reading in this thread:

            https://forum.cloudron.io/topic/2851/seeking-recommendations-based-on-experience-for-sendmail-relays/24?_=1613154358418

            We're not here for a long time - but we are here for a good time :)
            Jersey/UK
            Work & Ecommerce Advice: https://brandlight.org
            Personal & Software Tips: https://marcusquinn.com

            1 Reply Last reply Reply Quote 2
            • girish
              girish Staff @DanTheMan last edited by

              @dantheman Your second result atleast shows that the DKIM signing is working fine. Maybe try again with mail-tester in a week or so to check if they fixed some bug on their side?

              DanTheMan 1 Reply Last reply Reply Quote 1
              • DanTheMan
                DanTheMan @girish last edited by DanTheMan

                @girish @marcusquinn
                Thanks a lot guys for the input. This is exactly why i just love Cloudron so much!! 👍 👍
                Helpfull community and Staff, you guys helped me so much already, just by reading the forums and mostly finding my answers over there, normally... but this time i had to ask about this one, and the help again was there really quickly, really appreciate it!! 👍 👍

                I'll wait for another week, to throw out another test @mail-tester.com.
                In the meantime i also got some Dmarc_reports delivered to my mailbox and everything is evaluated with <check>passed<, so i also think it has to be some kind of bug at the mail-tester end.
                I also keep an eye open on my Dmarc_reports in the meantime.....

                marcusquinn 1 Reply Last reply Reply Quote 1
                • marcusquinn
                  marcusquinn @DanTheMan last edited by

                  @dantheman https://mxtoolbox.com/emailhealth is another good one.

                  We're not here for a long time - but we are here for a good time :)
                  Jersey/UK
                  Work & Ecommerce Advice: https://brandlight.org
                  Personal & Software Tips: https://marcusquinn.com

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Powered by NodeBB