I have used mailtester to detect the problem but I am still more confused.
The result is: Spam Test Result
I show you my logs because I think they are ok.
Can someone inspire me to find the solution?
Hi @miguelthepoog,
Seems your dns server is not serving the right TXT records for @ and _dmarc:
❯ dig vinalopo-rent.com txt +short
"v=spf1 include:_vinalopo-rent.com.protect._spf.skysnag.com ~all"
❯ dig _dmarc.vinalopo-rent.com txt +short
vinalopo-rent.com.protect._d.skysnag.com.
"v=DMARC1;p=none;adkim=r;pct=100;fo=1;ri=3600;rua=mailto:[email protected];ruf=mailto:[email protected];"
Try to restart bind service.
2 Likes
The _domainkey. policy record is part of the long obsolete DomainKeys RFC and should not be used. It is not part of DKIM and anyone suggesting its use should review current standards and update their documentation to stop suggesting it use.
1 Like
As far as I know _domainkey is part of RFC 6376 - DomainKeys Identified Mail (DKIM) Signatures
7.5. _domainkey DNS TXT Resource Record Tag Specifications
A _domainkey DNS TXT RR provides for a list of tag specifications.
IANA has established the DKIM "_domainkey DNS TXT Record Tag
Specifications" registry for tag specifications that can be used in
DNS TXT resource records.
+------+-----------------+----------+
| TYPE | REFERENCE | STATUS |
+------+-----------------+----------+
| v | (this document) | active |
| g | [RFC4871] | historic |
| h | (this document) | active |
| k | (this document) | active |
| n | (this document) | active |
| p | (this document) | active |
| s | (this document) | active |
| t | (this document) | active |
+------+-----------------+----------+
Table 5: _domainkey DNS TXT Record Tag Specifications Registry
Updated Values
1 Like
I try to restart bind9 but it returns the error:
Unknown operation restart bind9
Thank you very much for the information, I will rewrite my log notes and apply the tags you mention.
You should use:
systemctl restart bind9
or
systemctl restart named
What is your OS version?
Show the output of these commands (replace YourUser with the actual user):
cat /usr/local/hestia/data/users/YourUser/dns/vinalopo-rent.com.conf
cat /home/YourUser/conf/dns/vinalopo-rent.com.db
You don’t need to do that, the record _domainkey in your screenshot is fine.
It is not used by DKIM, so it is is a meaningless record that creates unnecessary clutter in the zone data. If it were valid you would see it mentioned in the DKIM guides of all the prominent DMARC reporting services. None suggest creating such a record.
That section you linked to in RFC 6376 describes the valid flags used in a DKIM record (and one deprecated flag). It is published with a selector to the left of the ._domainkey. label. Publishing a naked _domainkey. policy record is not described anywhere in RFC 6376.
2 Likes
You are right, I misinterpreted the RFC.
Thank you for pointing it out, I’m gonna remove it from all my domains.
A new PR should be created to fix it in Hestia.
1 Like
cat: /usr/local/hestia/data/users/YourUser/dns/vinalopo-rent.com.conf: No such file or directory
root@vps:~# cat /usr/local/hestia/data/users/vinalopo-rent/dns/vinalopo-rent.com.conf
ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.tonwycloud4.com.' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.tonwycloud4.com.' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='5.189.153.105' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='10' RECORD='www' TYPE='CNAME' PRIORITY='' VALUE='vinalopo-rent.com.' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='11' RECORD='ftp' TYPE='CNAME' PRIORITY='' VALUE='vinalopo-rent.com.' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='5.189.153.105' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='mail.vinalopo-rent.com.' SUSPENDED='no' TIME='00:27:21' DATE='2024-02-22'
ID='16' RECORD='_dmarc' TYPE='CNAME' PRIORITY='' VALUE='vinalopo-rent.com.protect._d.skysnag.com.' SUSPENDED='no' TIME='23:01:50' DATE='2024-03-06' TTL='14400'
ID='17' RECORD='_domainkey' TYPE='TXT' PRIORITY='' VALUE='"t=y; o=~;"' SUSPENDED='no' TIME='00:27:22' DATE='2024-02-22'
ID='18' RECORD='mail._domainkey' TYPE='TXT' PRIORITY='' VALUE='"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWWqCzsuFdurYNwH/7fuTTijC40oGZ/aa4xePeDmHMI8RkPwFtPd6Gl3bmqHi8sZbQIqX+GOEG0M5cGVmh4NacTqK5UwUGFQlXOcUYw0CSbkg6Q3SSXLsZj6ILQfE5KJ2s1+edfhC3WFymewanXNRXg4VEaiBRhMNZssoDL0Yl7QIDAQAB"' SUSPENDED='no' TIME='00:27:23' DATE='2024-02-22'
ID='20' RECORD='@' TYPE='CAA' PRIORITY='' VALUE='0 issue "letsencrypt.org"' SUSPENDED='no' TIME='19:16:56' DATE='2024-02-22'
ID='21' RECORD='webmail' TYPE='A' PRIORITY='' VALUE='5.189.153.105' SUSPENDED='no' TIME='19:17:53' DATE='2024-02-22'
ID='22' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 include:_vinalopo-rent.com.protect._spf.skysnag.com ~all"' SUSPENDED='no' TIME='23:03:59' DATE='2024-03-06' TTL='14400'
ID='23' RECORD='default._bimi' TYPE='CNAME' PRIORITY='' VALUE='_bimi.vinalopo-rent.com.protect._bimi.skysnag.com.' SUSPENDED='no' TIME='23:07:32' DATE='2024-03-06'
ID='24' RECORD='@' TYPE='SPF' PRIORITY='' VALUE='5.189.153.105' SUSPENDED='no' TIME='23:16:59' DATE='2024-03-06'
I don’t really know what I have to see
$TTL 14400
@ IN SOA ns1.tonwycloud4.com. root.vinalopo-rent.com. (
2024030608
7200
3600
1209600
180 )
@ 14400 IN NS ns1.tonwycloud4.com.
@ 14400 IN NS ns2.tonwycloud4.com.
@ 14400 IN A 5.189.153.105
www 14400 IN CNAME vinalopo-rent.com.
ftp 14400 IN CNAME vinalopo-rent.com.
mail 14400 IN A 5.189.153.105
@ 14400 IN MX 0 mail.vinalopo-rent.com.
_dmarc 14400 IN CNAME vinalopo-rent.com.protect._d.skysnag.com.
_domainkey 14400 IN TXT "t=y; o=~;"
mail._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWWqCzsuFdurYNwH/7fuTTijC40oGZ/aa4xePeDmHMI8RkPwFtPd6Gl3bmqHi8sZbQIqX+GOEG0M5cGVmh4NacTqK5UwUGFQlXOcUYw0CSbkg6Q3SSXLsZj6ILQfE5KJ2s1+edfhC3WFymewanXNRXg4VEaiBRhMNZssoDL0Yl7QIDAQAB"
@ 14400 IN CAA 0 issue "letsencrypt.org"
webmail 14400 IN A 5.189.153.105
@ 14400 IN TXT "v=spf1 include:_vinalopo-rent.com.protect._spf.skysnag.com ~all"
default._bimi 14400 IN CNAME _bimi.vinalopo-rent.com.protect._bimi.skysnag.com.
@ 14400 IN SPF 5.189.153.105
The problem here is that your screenshot shows the right records but neither the conf file nor the bind db file show them:
_dmarc is a TXT record in your screenshot but in your conf it is a CNAME
ID='16' RECORD='_dmarc' TYPE='CNAME' PRIORITY='' VALUE='vinalopo-rent.com.protect._d.skysnag.com.' SUSPENDED='no' TIME='23:01:50' DATE='2024-03-06' TTL='14400'
_dmarc 14400 IN CNAME vinalopo-rent.com.protect._d.skysnag.com.
Also, @ TXT record is
ID='22' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 include:_vinalopo-rent.com.protect._spf.skysnag.com ~all"' SUSPENDED='no' TIME='23:03:59' DATE='2024-03-06' TTL='14400'
@ 14400 IN TXT "v=spf1 include:_vinalopo-rent.com.protect._spf.skysnag.com ~all"
And that’s totally different from the screenshot you shared on first post.
Are you using skysnag as an smtp relay and they requested to modify those records?
1 Like
First of all, I want to apologise to @sahsanu and everyone who tried to help me with my email problem.
I want to say that the whole problem was mine, that it had nothing to do with HestiaCP and the whole environment.
While I was making queries to the forum, I was doing NS correction tests and that’s why the information was so confusing. At the beginning everything was going through Cloudflare and that meant that not everything was as it should be. Once corrected and gathering information from all over the net, I solved the problem that was mine and mine alone.
I have to say that the error was that I had misspelled records and being obsessed with that (along with the sense of urgency on the part of the client) I was not able to see them.
Thank you all very much for your help.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.