DNS for mail server and dynamic IP

I´m a newbie and looking for using the yunohost Mailserver. I installed roundcub

Right now if I try to send a mail to a yunohost user form an other emailadress form an other mail server - I get the just a loop back. SO i gues i have not set up the Records for the used Yunohost Mailserver domian in the right way.

I´m on a small home server behind a dynamic IP

I use a Service to root the domain name to the dynamic IP – which works but maybe i set the Mail Records not correct

Yunohost Mail DNS shout be configured as:

; Mail
@ 3600 IN MX 10 my.domain.tld.
@ 3600 IN TXT "v=spf1 a mx ip4:xx.yy.zzz.xx -all"
mail._domainkey 3600 IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY3qo8XQdCaJEVmASDs0n5Hp9VRN04Zs3aCQOKUe+gwbT1byuv5xPmrRegFYAs9EDmvgjblh7NtD/tZVUQpPkwoDml4SRTu1ZW2YoVK8y4B81ZB3wCzKtxV8M6O0RjSCrUwsfAirBOmFlT0tyJ51ev6EDxJml+Fw2Ep1e2gC4qFwIDAQAB"
_dmarc 3600 IN TXT "v=DMARC1; p=none" 

So how can I deal with @ 3600 IN TXT “v=spf1 a mx ip4:xx.yy.zzz.xx -all”

since I´m with a dynamic IP?


@ 3600 IN TXT “v=spf1 a mx my.domain.tld. -all”

be OK ???

Thanks for help

Hmm I would be less concerned about the SPF record and more about the basic A record in the first place. If you are in dynamic IP, don’t you have something that updates your A record regularly ?

Yes A record is updated by a DynDNS serverice. the domain is working well so fare…

I can send Mails from my Yunohost Webserverdomain to other servers but I can´t receive Mails…

Okay so :

  • couldn’t you use the same DynDNS service to also update the SPF record
  • I’m not sure that the fact that you can’t receive mails is related to the SPF record…

Yes - so how do I do this?

my.domain.tld 3600 IN A xx.yy.zzz.xx (ip is updated)
my.domain.tld. 3600 IN MX 10 my.domain.tld .

is working finde with the DynDNS service

but how do I translate “v=spf1 a mx ip4:xx.yy.zzz.xx -all”

that´s what I did:
my.domain.tld. 3600 IN TXT “v=spf1 a mx my.domain.tld. -all”
Would that be OK?

Yes, basically :+1: (though I believe in the last line you put my.domain.tld. between the ", but you should put the ip4:xx.yy.zz.xx instead ?

DynDNS service I use can´t update the line “v=spf1 a mx ip4:xx.yy.zzz.xx -all”

So how you are doing it? You all have a static IP ?

i don’t know exactly, I think yes, a lot of people have static IP. Or use Yunohost DynDNS service for nohost.me / noho.st. Otherwise, having a “wrong” SPF record might not prevent you to send email, they are just likely to be flagged as spam …

But maybe just removing the ip4:xx… part (keeping the “v=spf1 a mx -all”) might work.

hmm … what can i try next? maybe the DynDNS service I use does not work with the mx record i set .

It there a good way to test the mx record settings?

“spf1 a mx” means "authorize the ip behind A DNS record and MX dns record, so you don’t need to update the ip4, just remove it.
“v=spf1 a mx -all”

OK thanks,

but how can I test this mx record settings?

how can I test that

@ 3600 IN MX 10 my.domain.tld.

ist working?

can someone help ? thanks

I think just sending an email to some user on your yunohost (from an external mail account like gmail or whatever) should be enough to validate that it works

well it does not… and i´m still wondering why.
is it the MX record - the DynDNS Service, or something else …

Well if you want, you can try to diagnose your DNS records with the following script :

on your server, run

wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py
python yunoCheckDNS.py your.domain.tld

Thanks Aleks - have a look - does this seam right?

root@my:~# wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py python yunoCheckDNS.
py my.domain.tld                                                                                                   
--2019-02-07 14:45:26--  https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py            
Resolving raw.githubusercontent.com (raw.githubusercontent.com)...                                  
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)||:443... connected.              
HTTP request sent, awaiting response... 200 OK                                                                     
Length: 5997 (5.9K) [text/plain]                                                                                   
Saving to: ‘yunoCheckDNS.py’                                                                                       
yunoCheckDNS.py              100%[=============================================>]   5.86K  --.-KB/s    in 0.001s   
2019-02-07 14:45:27 (4.05 MB/s) - ‘yunoCheckDNS.py’ saved [5997/5997]                                              
--2019-02-07 14:45:27--  http://python/                                                                            
Resolving python (python)... failed: No address associated with hostname.                                          
wget: unable to resolve host address ‘python’                                                                      
--2019-02-07 14:45:27--  http://yunocheckdns.py/                                                                   
Resolving yunocheckdns.py (yunocheckdns.py)... failed: Name or service not known.                                  
wget: unable to resolve host address ‘yunocheckdns.py’                                                             
--2019-02-07 14:45:27--  http://my.domain.tld/                                                                     
Resolving my.domain.tld (my.domain.tld)... fe80::42:8ff:fe83:26a9,                                  
Connecting to my.domain.tld (my.domain.tld)|fe80::42:8ff:fe83:26a9|:80... connected.                               
HTTP request sent, awaiting response... 302 Moved Temporarily                                                      
Location: https://my.domain.tld/yunohost/sso/?r=aHR0cHM6Ly9teS5pbmZvem9vLmRlLw== [following]                       
--2019-02-07 14:45:27--  https://my.domain.tld/yunohost/sso/?r=aHR0cHM6Ly9teS5pbmZvem9vLmRlLw==                    
Connecting to my.domain.tld (my.domain.tld)|fe80::42:8ff:fe83:26a9|:443... connected.                              
HTTP request sent, awaiting response... 200 OK                                                                     
Length: unspecified [text/html]                                                                                    
Saving to: ‘index.html’                                                                                            
index.html                       [ <=>                                          ]   2.84K  --.-KB/s    in 0s       
2019-02-07 14:45:28 (11.5 MB/s) - ‘index.html’ saved [2910]                                                        
FINISHED --2019-02-07 14:45:28--                                                                                   
Total wall clock time: 1.3s                                                                                        
Downloaded: 2 files, 8.7K in 0.002s (5.14 MB/s)                                                                    


Uh there are two commands :confused: You somewhat wrote only one command (and added your.domain.tld at the end of the first)

So run :

wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py

then (possibly as root if it doesn’t work as admin)

python yunoCheckDNS.py your.domain.tld

Thanks… this gives me this here:

root@my:~# python yunoCheckDNS.py my.domain.tld                                                                    
Traceback (most recent call last):                                                                                 
  File "yunoCheckDNS.py", line 202, in <module>                                                                    
  File "yunoCheckDNS.py", line 79, in main                                                                         
    currentValue = get_current_record(domain, record["name"], record["type"])                                      
  File "yunoCheckDNS.py", line 118, in get_current_record                                                          
    output = subprocess.check_output(command.split()).strip()                                                      
  File "/usr/lib/python2.7/subprocess.py", line 219, in check_output                                               
    raise CalledProcessError(retcode, cmd, output=output)                                                          
subprocess.CalledProcessError: Command '['dig', '+short', '@', 'SRV', '_xmpp-client._tcp.my.domain.tld'
]' returned non-zero exit status 9                                                                                 

Does this look right?

Uuuh that’s kinda bad luck but that’s related to a small bug we just fixed …

can you run apt update && apt dist-upgrade

then re-run the python yunoCheckDNS.py my.domain.tld ?

Yoo… I think this looks better now…

root@my:~# python yunoCheckDNS.py my.domain.tld

SRV record for _xmpp-client._tcp : OK! :)                                                                          
SRV record for _xmpp-server._tcp : OK! :)                                                                          
CNAME record for muc : OK! :)                                                                                      
CNAME record for pubsub : OK! :)                                                                                   
CNAME record for vjud : OK! :)                                                                                     

MX record for @ : OK! :)                                                                                           

TXT record for @ : Problem found :(                                                                                
    Expected : "v=spf1 a mx ip4: -all"                                                                 
    Current  : "v=spf1 a mx -all"                                                                                  

TXT record for mail._domainkey : Problem found :(                                                                  
    Expected : "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY3qo8XQdCaJEVmASDs0n5Hp9VRN04Zs3aCQOKUe+gw
    Current  : "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC315i5mdUBtCcKa0wXdvkrk57TzG8WVAb

TXT record for _dmarc : OK! :) 

A record for @ : OK! :)                                                                                            
root@my:~# `

I will test E-Mail in a minute