Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

ElasticEmail dns record problem... i guess?

Scheduled Pinned Locked Moved Support
relaymailelasticemail
7 Posts 3 Posters 635 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • DanTheManD Offline
    DanTheManD Offline
    DanTheMan
    wrote on last edited by girish
    #1

    Hi everyone,

    Can somebody point me into the right direction, to solve my last error i get when i check my mail-score at mail-tester.com.
    The score gives me a big 10, so i should be happy with that, but....

    When i look at the Dmarc-test details i discovered the line that says:
    "mail-tester.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=example.com header.i=@example.com header.b=PbG0+owL; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=elasticemail.com header.i=@elasticemail.com header.b=WSscCazF; dkim-atps=neutral"

    For dns setup i used the following records:

    SPF: "v=spf1 a:my.example.com a mx include:_spf.elasticemail.com ~all" ( I edited this record)

    DKIM: TXT record for api._domainkey.example.com with value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

    Tracking: CNAME record for tracking.example.com to api.elasticemail.com

    Bounces: CNAME record for bounces.example.com to bounces.elasticemail.net

    DMARC: TXT record for _dmarc with "v=DMARC1;p=none;rua=mailto:webmaster@domain.com;pct=100;ruf=mailto:webmaster@domain.com;fo=0:d:s;aspf=r;adkim=r;"

    MX: MX record for my.example.com (this was already in place)

    Where example.com is my actual domain, removed it for privacy reasons.

    Do i overlook something or is it a dns-resolving problem somewhere, or maybe it's mail-tester.com that shows a problem that i don't have?
    This thing keeps me busy now for days and normally i solve things on my own, but this time i can't 😕

    marcusquinnM 1 Reply Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to DanTheMan on last edited by
    #2

    @dantheman Odd, if you've followed everything with EE instructions, it should all be good.

    One caveat, don't use Cloudflare DNS proxy on the bounces and tracking CNAME records.

    You could try wrapping the DKIM TXT value with quotes, so:

    "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB"

    Here's my related working Cloudflare records on one domain using EE for reference:

    feafa88e-94ac-4eec-8469-ebf210e72f15-image.png

    292859e7-504b-499f-ab25-85f68adb05c6-image.png

    2a9d2636-faa8-4f58-a5b5-e2bdc95a4584-image.png

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    DanTheManD 1 Reply Last reply
    0
  • DanTheManD Offline
    DanTheManD Offline
    DanTheMan
    replied to marcusquinn on last edited by DanTheMan
    #3

    @marcusquinn said in ElasticEmail dns record problem... i guess?:

    "

    Thanks for helping me out and sharing your config.. 👍👍

    I did tried it the first time, wrapping the DKIM TXT with quotes .. but that doesn't seem to change it also...
    I just rolled it back now just to be sure, so it's wrapped with double quotes again at this point.

    I did another test at appmaildev.com to see what they are saying about my records...
    funny 🙄
    Because now the output of every record passed the test with a full green text "Passed" and no Fails at all...

    this is the output of that test:
    _dmarc.example.com: v=DMARC1;p=none;rua=mailto:webmaster@domain.com;pct=100;ruf=mailto:webmaster@domain.com;fo=0:d:s;aspf=r;adkim=r;
    Received-SPF: pass (appmaildev.com: domain of my-name=example.com@bounces.example.com designates 54.36.22.222 as permitted sender) client-ip=54.36.22.222
    Authentication-Results: appmaildev.com;
    dkim=pass header.d=example.com;
    spf=pass (appmaildev.com: domain of my-name=example.com@bounces.example.com designates 54.36.22.222 as permitted sender) client-ip=54.36.22.222;
    dmarc=pass (adkim=r aspf=r p=none) header.from=example.com;

    Where "example.com" is my actual domain redacted for privacy

    SPF: Pass
    DKIM: pass
    DMARC: pass
    DomainKey-Result: none (no signature)
    If DKIM result is passed, you can ignore DomainKey result: none
    Notice: DomainKey is obsoleted standard, the new standard is DKIM.

    PTR: ExistsRecord
    RBL: NotListed

    marcusquinnM girishG 2 Replies Last reply
    1
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to DanTheMan on last edited by
    #4

    @dantheman Strange, sounds like you're doing all the right things.

    I guess the real test is just straight-up real user delivery tests.

    Maybe more relevant reading in this thread:

    https://forum.cloudron.io/topic/2851/seeking-recommendations-based-on-experience-for-sendmail-relays/24?_=1613154358418

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    replied to DanTheMan on last edited by
    #5

    @dantheman Your second result atleast shows that the DKIM signing is working fine. Maybe try again with mail-tester in a week or so to check if they fixed some bug on their side?

    DanTheManD 1 Reply Last reply
    1
  • DanTheManD Offline
    DanTheManD Offline
    DanTheMan
    replied to girish on last edited by DanTheMan
    #6

    @girish @marcusquinn
    Thanks a lot guys for the input. This is exactly why i just love Cloudron so much!! 👍 👍
    Helpfull community and Staff, you guys helped me so much already, just by reading the forums and mostly finding my answers over there, normally... but this time i had to ask about this one, and the help again was there really quickly, really appreciate it!! 👍 👍

    I'll wait for another week, to throw out another test @mail-tester.com.
    In the meantime i also got some Dmarc_reports delivered to my mailbox and everything is evaluated with <check>passed<, so i also think it has to be some kind of bug at the mail-tester end.
    I also keep an eye open on my Dmarc_reports in the meantime.....

    marcusquinnM 1 Reply Last reply
    1
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to DanTheMan on last edited by
    #7

    @dantheman https://mxtoolbox.com/emailhealth is another good one.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.