MXROUTE DKIM and SPF records

Need some help with DKIM and SPF record setup suitable for MXROUTE.

I have 3 proxmox vms - lets call them vma.myfqdn, vmb.myfqdn and vmc.myfqdn with full dns control on my own nameservers

All 3 vms send their emails to a fourth server lets call it ms.myfqdn

vms emails are being delivered (via ms.myfqdn) through MXROUTE. With all my messing around with dns TXT records, the best I get is SPF pass when received email is checked on gmail - which is great (not in spam), but I would like the best. Gmail shows email as coming from vma,b or c.myfqdn which is what I want.

From directadmin (on mxroute) I can see my DKIM and SPF TXT records. Do these records need to be inserted in my main fqdn or do I need to enter them in to each of the vms subdomain records?

Or have I completely misunderstood something?

Comments

  • AbdullahAbdullah Hosting ProviderOG

    From directadmin (on mxroute) I can see my DKIM and SPF TXT records. Do these records need to be inserted in my main fqdn or do I need to enter them in to each of the vms subdomain records?

    assuming youre sending from [email protected]
    they need to be inserted at main fqdn level

    Thanked by (1)msatt
  • @msatt said:
    From directadmin (on mxroute) I can see my DKIM and SPF TXT records. Do these records need to be inserted in my main fqdn or do I need to enter them in to each of the vms subdomain records?

    This depends on sender address.

    If sender address is [email protected]:

    1. Create domain example.org on MXroute.
    2. Add DKIM and SPF TXT records under example.org domain.

    If sender address is [email protected]:

    1. Create domain vm1.example.org on MXroute.
    2. Add DKIM and SPF TXT records under vm1.example.org domain.
    Thanked by (2)msatt bikegremlin

    ServerFactory aff best VPS; HostBrr aff best storage.

  • Thankyou @yoursunny and @Abdullah - Understood.
    Idealy I would prefer

    @yoursunny said: If sender address is [email protected]:

    Create domain vm1.example.org on MXroute.
    Add DKIM and SPF TXT records under vm1.example.org domain.

    But the problem is how do you configure postfix on my mailserver (ms.myfqdn) to route to different domain accounts on MXROUTE based on where they were received from i.e. vma,b or c?
    or
    Is there an easier way of doing things - all I really need is to know the email came from vma,b or c.

    Thanks again.

  • FrankZFrankZ Moderator
    edited February 2023

    @msatt said: From directadmin (on mxroute) I can see my DKIM and SPF TXT records. Do these records need to be inserted in my main fqdn or do I need to enter them in to each of the vms subdomain records?

    If you are relaying through mxroute, I don't think they are going to attach a dkim record to the outgoing email.
    Do you see a dkim record in the header of the email you sent to gmail ?
    If so then you need to set up the dkim TXT DNS record on your DNS servers accordingly based on that dkim key.

    if not, then you can do it multiple ways, You can set up opendkim on each of the three VMs (vma.myfqdn, vmb.myfqdn and vmc.myfqdn) and setup one default dkim record for the main domain and copy the keys over to the other two VMs. All keys will be the same on all three VMs. Then set one DNS dkim TXT record for the main domain.
    or
    You can setup opendkim on each of the three VMs and setup unique keys for each subdomain. In which case you would add the dkim default DNS TXT record for each under the subdomain DNS record, not the main domain.

    If you are using a from email address when sending mail as [email protected] and you are not using something@myfqdn then I would recommend the second option. If your from email address is something@myfqdn than I would do the first option.

    If you are getting a pass on the SPF record at gmail than you are probably setup correctly, but just in case...
    You need to have a spf TXT record similar to the below for the main domain name DNS record on your DNS servers.
    `myfqdn. 3600 TXT "v=spf1 include:mxlogin.com ~all"

    It would help me if I knew what o/s and mail server you were using.

    Thanked by (1)bikegremlin

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • @msatt said:
    Is there an easier way of doing things - all I really need is to know the email came from vma,b or c.

    Put them on the same domain: [email protected], [email protected], …

    ServerFactory aff best VPS; HostBrr aff best storage.

  • @FrankZ Thank you - very informative. I am using postfix on Debian 11
    You are correct MXROUTE is NOT sending a DKIM in the email header.
    Yes the second option

    @FrankZ said: You can setup opendkim on each of the three VMs and setup unique keys for each subdomain. In which case you would add the dkim default DNS TXT record for each under the subdomain DNS record, not the main domain.

    Sounds like the way to go.
    Have not messed around with opendkim but setup would just be repeated on other servers so don't see it as a big deal. DNS TXT records per subdomain are not a problem.

    Gmail gives an SPF pass everytime so yes I also beleive my setup is working.

  • @yoursunny said:

    @msatt said:
    Is there an easier way of doing things - all I really need is to know the email came from vma,b or c.

    Put them on the same domain: [email protected], [email protected], …

    So (if I understand your comment) rather than relay everything through my mailserver, I could just create seperate accounts for each VM on MXROUTE and tell postfix on each vm to go directly to them. Sounds reasonable @FrankZ what do you think?

    Thanks again guys - hopefully this thread will also prove useful for others :)

  • FrankZFrankZ Moderator
    edited February 2023

    @msatt said:

    @yoursunny said:

    @msatt said:
    Is there an easier way of doing things - all I really need is to know the email came from vma,b or c.

    Put them on the same domain: [email protected], [email protected], …

    So (if I understand your comment) rather than relay everything through my mailserver, I could just create seperate accounts for each VM on MXROUTE and tell postfix on each vm to go directly to them. Sounds reasonable @FrankZ what do you think?

    Thanks again guys - hopefully this thread will also prove useful for others :)

    I am not as familiar with doing the setup inside of mxroute as @yoursunny so I will defer to him on setting things up inside of mxroute. If you are going to setup opendkim on each sending server then you can relay all three VMs directly through the same account at mxroute and skip the relay server. No need for three mxroute accounts.

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • Happy to say I now have SPF and DKIM pass on Gmail for my vm's. :)
    Appreciate your suggestion @FrankZ but @yoursunny I think had the easier solution.

    For the benefit of clarity -

    Created domain and an email account on MXROUTE for each vm.
    Configured postfix on each vm to use the MXROUTE account credentials.
    Added TXT SPF and DKIM records as shown in dns managament for each VM (on my name servers).

    Really pleased I asked as I know I would have eventually got something working but it would have taken a very long time. This way I still learnt and hopefully this can help others.

    I hope this shows (to others) how a forum can work :)

    Thanked by (2)FrankZ bikegremlin
  • FrankZFrankZ Moderator

    @msatt glad you got it to work the easy way. @yoursunny does normally make good suggestions. Now I should go look at doing the same thing on mxroute. :)

    Thanked by (2)msatt yoursunny

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • AbdullahAbdullah Hosting ProviderOG

    @jarland won't be happy delivering cronjob mails

  • I did not say these were cronjob mails and I am only talking at most 1 or 2 emails per day per server (3) giving a nightly combined report. I don't think that is unreasonable use although I am prepared to listen to what @jarland thinks.
    As far as emails (that I send) they are sent from the Gmail web interface.

    Thanked by (1)Abdullah
  • bikegremlinbikegremlin ModeratorOGContent Writer

    @msatt said:
    Happy to say I now have SPF and DKIM pass on Gmail for my vm's. :)
    Appreciate your suggestion @FrankZ but @yoursunny I think had the easier solution.

    For the benefit of clarity -

    Created domain and an email account on MXROUTE for each vm.
    Configured postfix on each vm to use the MXROUTE account credentials.
    Added TXT SPF and DKIM records as shown in dns managament for each VM (on my name servers).

    Really pleased I asked as I know I would have eventually got something working but it would have taken a very long time. This way I still learnt and hopefully this can help others.

    I hope this shows (to others) how a forum can work :)

    Thanks for taking the time to provide feedback - and confirm what worked for you.

    Regarding the mentioned cron emails - I don't think daily reports will be a problem with MXroute. As far as I know, cron-created mass-mailing lists are what the service is not intended for, and that's a different matter from what you are doing.

    I'll just add this video here, for some shameless self-promotion and in case it helps anyone else (long, boring, tedious, step-by-step, with explanations of what I'm doing and why) - the important part is explaining how to confirm all the SPF, DKIM and DMARC records are configured properly:

    Thanked by (1)beagle

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • It's the huge volumes of CSF spam that he really objects to, which kind of makes sense given that they generally go straight in the spam folder anyway.

    It's trained me to be more aggressive it turning off a lot of those pointless warnings, so overall a force for good :-)

  • alentoalento Hosting ProviderOGServices Provider

    AFAIK it is not cron related emails that are the issue at all .... instead it is emails that are created from cron jobs that are not properly configured ... i.e. emails from root@localhost, etc.

    Thanked by (2)FrankZ bikegremlin

    Recommended providers: BuyVM - MXroute - LunaNode - Forpsi - IntoVPS
    Contact me for all of your Mail-in-a-Box email hosting needs at AnyDomain. I am also a proud reseller of MXroute email.

Sign In or Register to comment.