Hello, since yesterday I have information from friends that messages are not reaching the post office. Today I received information that the post cannot be delivered. What could be the reason? Please reply quickly
Wait, we’ll take out the guessing ball. Also, they want us to respond quickly hahaha.
1 Like
That is, I send a message from a gmail account, the message goes out but does not reach the mailbox that is on hestiacp.
Is it your HestiaCP instance? Do you see anything in its logs? Do you receive an NDR in your Gmail? What does it tell you?
With the total lack useful information that you have offered thus far, no one will be able to give you any answers.
Please remember that HestiaCP is not a substitute for the required server management skills.
For your server settings, please contact your system administrators.
That screenshot was helpful. The error message includes a very concise description of the problem.
You are using the Spamhaus DNSbl, which is enabled by default. It is very effective in preventing spam. Unfortunately, you have configured your HestiaCP server to use a public (or open) DNS resolver. Spamhaus does not permit that and responds to all such inquiries with a positive spam listing, regardless of whether the IP is actually on their list.
Follow the guide in the HestiaCP documentation linked below to fix it.
Regarding the first two screenshots, @linkp already referred you to the documentation. I just wanted to provide you with additional options:
1.- Modify the DNS Servers
Update the DNS servers used by your server to ones not blocked by Spamhaus, such as 76.76.2.0 and 76.76.10.0.
2.- Remove the Block List from Exim
Alternatively, you can remove the block list from Exim to bypass its use, allowing your emails to be sent. However, this approach is not recommended.
To remove the block list, run the following command:
sudo sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf
3.- You can also follow the steps outlined in this documentation (this is the fix provided by @linkp): https://hestiacp.com/docs/server-administration/email.html#rejected-because-ip-is-in-black-list-at-zen-spamhaus-org-error-open-resolver-https-www-spamhaus-org-returnc-pub-65-1-174-102
Regarding the third screenshot, Gmail is not accepting your emails because you are not providing either the DKIM public key or the correct SPF record.
As for the SPF record, you added it, but it does not include the correct options, and you also included a double dot in your IP address
❯ dig lgdgryflandia.pl txt +short
"v=spf1 +a +mx ip4:128..204.216.37 -all" <-- this is wrong
"mail.lgdgryflandia.pl" <-- remove this
"google-site-verification=FqROV0hR4bHeuRXl3UCfR8gCTpBRdU58MyHDZ3K_rX4"
Instead of:
v=spf1 +a +mx ip4:128..204.216.37 -all
you should have this:
v=spf1 a mx ip4:128.204.216.37 -all
For DKIM, you must check* what is the public DKIM assigned in Hestia and add a TXT record for mail._domainkey on your DNS hosting (Cloudflare).
* You can view the right DNS value that must be used using this command (replace YourUser by the actual user):
v-list-mail-domain-dkim-dns YourUser lgdgryflandia.pl
1 Like
Will this also be the reason why messages are not reaching me?
Yes, it is. Exim thinks that all ips sending mails to your server are in Spamhaus list so it is blocking them.
1 Like
And I have one more question because my DNS is redirected through Cloudflare and should I also add all these SPF DKIM DMARC to the Cloudflare account?
Yes, you must add those records in the current DNS server used by your domain, in this case, in Cloudflare.
Is it possible to re-generate DKIM?
how can i check it in terminal?? because i am beginner with linux
Please read trough Please read this, before you start!
If you don’t know, how to connect to ssh/terminal, then hestia isnt the right solution for you.
1 Like