Solved Using alternative MX
we're using N-able Mail Assure for Spam Filtering, so naturally the MX records are set to:
mx1-eu.mtaroutes.com (priority 10)
mx2-eu.mtaroutes.com (priority 20)
mx3-eu.mtaroutes.com (priority 30)
mx4-eu.mtaroutes.com (priority 40)
Now, obviously Cloudron doesn't like this and throws out an error on the status page.
As i don't like error notifications even though everything works as expected, i looked for a solution and stumbled upon this in the documentation:
So, i have added mtaroutes.com to the SPF record, but honestly i do not understand how the SPF record should change anything in this situation.
Can someone explain like i'm 5 how this would actually work?
And i guess, i'll still not be able to get rid of the MX error on the status page right, at least i do not see a connection here?
Thanks in advance everyone!
@teamcrw With the mx record and spf matching cloudron will see that and probably either suppress or remove the errors.
Cloudron has a anti-spoof feature to ensure that only it can generate emails for the incoming domains. This feature will prevent the external MX from forwarding emails to it. However, Cloudron skips this spoof check for servers listed in the domain's SPF record. So, white list the MX's IP address block in the domain's SPF record. Note that it is necessary to specifically whitelist the server(s).
This means Cloudron uses the SPF record to confirm emails sent from a domain cloudron controls uses the right server(s). Add the N-able MX servers to SPF and call it day I'd say
@murgero thank you!