DNS for mail server and dynamic IP

rockyIII · January 26, 2019, 10:32am

I´m a newbie and looking for using the yunohost Mailserver. I installed roundcub

Right now if I try to send a mail to a yunohost user form an other emailadress form an other mail server - I get the just a loop back. SO i gues i have not set up the Records for the used Yunohost Mailserver domian in the right way.

I´m on a small home server behind a dynamic IP

I use a Service to root the domain name to the dynamic IP – which works but maybe i set the Mail Records not correct

Yunohost Mail DNS shout be configured as:

; Mail
@ 3600 IN MX 10 my.domain.tld.
@ 3600 IN TXT "v=spf1 a mx ip4:xx.yy.zzz.xx -all"
mail._domainkey 3600 IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY3qo8XQdCaJEVmASDs0n5Hp9VRN04Zs3aCQOKUe+gwbT1byuv5xPmrRegFYAs9EDmvgjblh7NtD/tZVUQpPkwoDml4SRTu1ZW2YoVK8y4B81ZB3wCzKtxV8M6O0RjSCrUwsfAirBOmFlT0tyJ51ev6EDxJml+Fw2Ep1e2gC4qFwIDAQAB"
_dmarc 3600 IN TXT "v=DMARC1; p=none"

So how can I deal with @ 3600 IN TXT “v=spf1 a mx ip4:xx.yy.zzz.xx -all”

since I´m with a dynamic IP?

Would

@ 3600 IN TXT “v=spf1 a mx my.domain.tld. -all”

be OK ???

Thanks for help

Aleks · January 26, 2019, 1:59pm

Hmm I would be less concerned about the SPF record and more about the basic A record in the first place. If you are in dynamic IP, don’t you have something that updates your A record regularly ?

rockyIII · January 26, 2019, 3:00pm

Yes A record is updated by a DynDNS serverice. the domain is working well so fare…

I can send Mails from my Yunohost Webserverdomain to other servers but I can´t receive Mails…

Aleks · January 26, 2019, 3:02pm

Okay so :

couldn’t you use the same DynDNS service to also update the SPF record
I’m not sure that the fact that you can’t receive mails is related to the SPF record…

rockyIII · January 26, 2019, 3:56pm

Yes - so how do I do this?

my.domain.tld 3600 IN A xx.yy.zzz.xx (ip is updated)
my.domain.tld. 3600 IN MX 10 my.domain.tld .

is working finde with the DynDNS service

but how do I translate “v=spf1 a mx ip4:xx.yy.zzz.xx -all”

that´s what I did:
my.domain.tld. 3600 IN TXT “v=spf1 a mx my.domain.tld. -all”
Would that be OK?

Aleks · January 26, 2019, 3:59pm

Yes, basically (though I believe in the last line you put my.domain.tld. between the ", but you should put the ip4:xx.yy.zz.xx instead ?

rockyIII · January 27, 2019, 9:15am

DynDNS service I use can´t update the line “v=spf1 a mx ip4:xx.yy.zzz.xx -all”

So how you are doing it? You all have a static IP ?

Aleks · January 27, 2019, 2:54pm

i don’t know exactly, I think yes, a lot of people have static IP. Or use Yunohost DynDNS service for nohost.me / noho.st. Otherwise, having a “wrong” SPF record might not prevent you to send email, they are just likely to be flagged as spam …

But maybe just removing the ip4:xx… part (keeping the “v=spf1 a mx -all”) might work.

rockyIII · January 29, 2019, 11:10am

hmm … what can i try next? maybe the DynDNS service I use does not work with the mx record i set .

It there a good way to test the mx record settings?
thanks

ljf · January 29, 2019, 1:57pm

“spf1 a mx” means "authorize the ip behind A DNS record and MX dns record, so you don’t need to update the ip4, just remove it.
“v=spf1 a mx -all”

rockyIII · January 29, 2019, 6:40pm

OK thanks,

but how can I test this mx record settings?

how can I test that

@ 3600 IN MX 10 my.domain.tld.

ist working?

rockyIII · February 7, 2019, 2:10pm

can someone help ? thanks

Aleks · February 7, 2019, 2:12pm

I think just sending an email to some user on your yunohost (from an external mail account like gmail or whatever) should be enough to validate that it works

rockyIII · February 7, 2019, 2:18pm

well it does not… and i´m still wondering why.
is it the MX record - the DynDNS Service, or something else …

Aleks · February 7, 2019, 2:28pm

Well if you want, you can try to diagnose your DNS records with the following script :

on your server, run

wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py
python yunoCheckDNS.py your.domain.tld

rockyIII · February 7, 2019, 2:52pm

Thanks Aleks - have a look - does this seam right?

root@my:~# wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py python yunoCheckDNS.
py my.domain.tld                                                                                                   
--2019-02-07 14:45:26--  https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py            
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133                                  
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.              
HTTP request sent, awaiting response... 200 OK                                                                     
Length: 5997 (5.9K) [text/plain]                                                                                   
Saving to: ‘yunoCheckDNS.py’                                                                                       
                                                                                                                   
yunoCheckDNS.py              100%[=============================================>]   5.86K  --.-KB/s    in 0.001s   
                                                                                                                   
2019-02-07 14:45:27 (4.05 MB/s) - ‘yunoCheckDNS.py’ saved [5997/5997]                                              
                                                                                                                   
--2019-02-07 14:45:27--  http://python/                                                                            
Resolving python (python)... failed: No address associated with hostname.                                          
wget: unable to resolve host address ‘python’                                                                      
--2019-02-07 14:45:27--  http://yunocheckdns.py/                                                                   
Resolving yunocheckdns.py (yunocheckdns.py)... failed: Name or service not known.                                  
wget: unable to resolve host address ‘yunocheckdns.py’                                                             
--2019-02-07 14:45:27--  http://my.domain.tld/                                                                     
Resolving my.domain.tld (my.domain.tld)... fe80::42:8ff:fe83:26a9, 192.168.178.39                                  
Connecting to my.domain.tld (my.domain.tld)|fe80::42:8ff:fe83:26a9|:80... connected.                               
HTTP request sent, awaiting response... 302 Moved Temporarily                                                      
Location: https://my.domain.tld/yunohost/sso/?r=aHR0cHM6Ly9teS5pbmZvem9vLmRlLw== [following]                       
--2019-02-07 14:45:27--  https://my.domain.tld/yunohost/sso/?r=aHR0cHM6Ly9teS5pbmZvem9vLmRlLw==                    
Connecting to my.domain.tld (my.domain.tld)|fe80::42:8ff:fe83:26a9|:443... connected.                              
HTTP request sent, awaiting response... 200 OK                                                                     
Length: unspecified [text/html]                                                                                    
Saving to: ‘index.html’                                                                                            
                                                                                                                   
index.html                       [ <=>                                          ]   2.84K  --.-KB/s    in 0s       
                                                                                                                   
2019-02-07 14:45:28 (11.5 MB/s) - ‘index.html’ saved [2910]                                                        
                                                                                                                   
FINISHED --2019-02-07 14:45:28--                                                                                   
Total wall clock time: 1.3s                                                                                        
Downloaded: 2 files, 8.7K in 0.002s (5.14 MB/s)                                                                    
root@my:~#

[/quote]

Aleks · February 7, 2019, 2:54pm

Uh there are two commands You somewhat wrote only one command (and added your.domain.tld at the end of the first)

So run :

wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py

then (possibly as root if it doesn’t work as admin)

python yunoCheckDNS.py your.domain.tld

rockyIII · February 7, 2019, 3:05pm

Thanks… this gives me this here:

root@my:~# python yunoCheckDNS.py my.domain.tld                                                                    
Traceback (most recent call last):                                                                                 
  File "yunoCheckDNS.py", line 202, in <module>                                                                    
    main()                                                                                                         
  File "yunoCheckDNS.py", line 79, in main                                                                         
    currentValue = get_current_record(domain, record["name"], record["type"])                                      
  File "yunoCheckDNS.py", line 118, in get_current_record                                                          
    output = subprocess.check_output(command.split()).strip()                                                      
  File "/usr/lib/python2.7/subprocess.py", line 219, in check_output                                               
    raise CalledProcessError(retcode, cmd, output=output)                                                          
subprocess.CalledProcessError: Command '['dig', '+short', '@213.73.91.35', 'SRV', '_xmpp-client._tcp.my.domain.tld'
]' returned non-zero exit status 9                                                                                 
root@my:~#

Does this look right?

Aleks · February 7, 2019, 3:07pm

Uuuh that’s kinda bad luck but that’s related to a small bug we just fixed …

can you run apt update && apt dist-upgrade

then re-run the python yunoCheckDNS.py my.domain.tld ?

rockyIII · February 7, 2019, 3:36pm

Yoo… I think this looks better now…

root@my:~# python yunoCheckDNS.py my.domain.tld


xmpp
-------                                                                                                            
SRV record for _xmpp-client._tcp : OK! :)                                                                          
SRV record for _xmpp-server._tcp : OK! :)                                                                          
CNAME record for muc : OK! :)                                                                                      
CNAME record for pubsub : OK! :)                                                                                   
CNAME record for vjud : OK! :)                                                                                     


mail                                                                                                               
-------                                                                                                            
MX record for @ : OK! :)                                                                                           


TXT record for @ : Problem found :(                                                                                
    Expected : "v=spf1 a mx ip4:78.48.27.238 -all"                                                                 
    Current  : "v=spf1 a mx -all"                                                                                  



TXT record for mail._domainkey : Problem found :(                                                                  
    Expected : "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY3qo8XQdCaJEVmASDs0n5Hp9VRN04Zs3aCQOKUe+gw
bT1byuv5xPmrRegFYAs9EDmvgjblh7NtD/tZVUQpPkwoDml4SRTu1ZW2YoVK8y4B81ZB3wCzKtxV8M6O0RjSCrUwsfAirBOmFlT0tyJ51ev6EDxJml+
Fw2Ep1e2gC4qFwIDAQAB"                                                                                              
    Current  : "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC315i5mdUBtCcKa0wXdvkrk57TzG8WVAb
qxgjKju0zQhQDKewVCB41domqF0KHDjfZiU08usxu/A67apmvd2LJ8532va5WBmFQp7LatO86UqBXSlj5SfaGfSgQX0lj15lgW3Za1/ke3MFI9agCT8
9yh+jp2ujdYwx1Ol7VgQmQhQIDAQAB"                                                                                    


TXT record for _dmarc : OK! :) 
                                                                                   


basic                                                                                                              
-------                                                                                                            
A record for @ : OK! :)                                                                                            
root@my:~# `

I will test E-Mail in a minute