Send email from the accounts IP

[JIKOmetrix]

Hi,

The 11.23 cpanel is supposed to be able to send email from the account IP instead of the host's IP. Can this be set on per account basis? Many of the users on my server still share the main IP of the server. While others have opted for dedicated IP addresses. I have proper rDNS for account with dedicated IP addressed however the accounts with shared IP addresses do not have proper rDNS.

Can sending email from the account IP address be set on an account basis?

Maybe add to a wish list somewhere?

Thanks,
Mike

[tribal]

Is there going to be an issue:

When you enable this feature, you are told to ensure that the reverse DNS is correctly set as per /etc/mail_reverse_dns

Which has entrie such as:

203.23.23.23: mydomain.com

When previously the reverse has read

23 14400 IN PTR www.mydomain.com.

This exists to allow the correct operation of a web SSL certificate.

Obviously I cannot change the reverse of the SSL cert will produce an error.
How will this effect mail transport.

Kevin

[Serra]

Obviously I cannot change the reverse of the SSL cert will produce an error.
How will this effect mail transport.

SSLs have nothing to do with transports, so that doesn't matter. However, my system properly identifies all of my domains and the /etc/mail_reverse_dns matches the SSL name.

[Serra]

. I have proper rDNS for account with dedicated IP addressed however the accounts with shared IP addresses do not have proper rDNS.

The rDNS for your shared accounts should be the server name, not their address. That is normal and works fine.

[tribal]

SSLs have nothing to do with transports, so that doesn't matter. However, my system properly identifies all of my domains and the /etc/mail_reverse_dns matches the SSL name.

Serra,

I can only assume that you have all your SSL web certificates in the form

mydomain.tld rather than www.mydomain.tld

For the correct operation of a web certificate registered as www.mydomain.tld the reverse must match.

WHM is telling me I must set the reverse as mydomain.tld rather than www.mydomain.tld.

Thus the question is what effects will this have on mail transport if I do not do as WHM suggest and change the reverse as it advises.

Kevin

[JIKOmetrix]

The rDNS for your shared accounts should be the server name, not their address. That is normal and works fine.

Ah ha!, I was under the impression that it went something like for NOT having this set:

email is queued, host connects to receiving server, Identifies itself as the host, receiving server reverse lookup host and confirm the rDNS of IP being sent from matches the host identity.

Now with Send from Account IP ON:

host identifies itself as the sending domain, receiving server reverse lookup domain to confirm the rDNS of IP being sent from matches the host identity.

I thought that was why it was important to have proper rDNS so forward and reverse DNS point to each other.

I may not have the proper flow here. I'm going to test this on a beta server I have.

Mike

[Serra]

I thought that was why it was important to have proper rDNS so forward and reverse DNS point to each other.

On the shared IP, the RDNS is the server. The mail server looks at the RDNS to see if the sender is authorized to send on that IP by looking up the DNS record of the domain, which points to the IP, which has the RDNS.

Send an email to gmail and look at the header.

It is ok if the RDNS doesn't match the domain name. It just has to point to the IP.

(Otherwise, you'd need a dedicated IP for every domain.)

[JIKOmetrix]

Hi,

I see. Thanks for the follow up.

Mike

[cpdan]

you are told to ensure that the reverse DNS is correctly set as per /etc/mail_reverse_dns

Which has entrie such as:

203.23.23.23: mydomain.com

When previously the reverse has read

23 14400 IN PTR www.mydomain.com.

The first is not a DNS entry but an data mapping for internal use. The latter is a DNS entry that should be in the reverse DNS entry's zone file

[JIKOmetrix]

Hi,

I have enabled the send from account IP in Exim config on my shared server and all seems to be working well. cPanel made the mapping entries for those accounts that do not use the shared IP and have dedicated IP's.

So far so good.

Mike

[tribal]

The first is not a DNS entry but an data mapping for internal use. The latter is a DNS entry that should be in the reverse DNS entry's zone file

Dan,

Firstly, You are correct the first is not a DNS entry. But secondly the second is an example of a reverse DNS entry that WHM is advising me should not be in the zone file. WHM is saying I need to ensure the entry has no www which breaks the entire system that WHM has set up for hosting SSL websites.

I will annotate the previous post

you are told to ensure that the reverse DNS is correctly set as per /etc/mail_reverse_dns

Which has entries such as:

203.23.23.23: mydomain.com

Yes the above is not a DNS entry, WHM is instructing us to ensure it matches the reverse DNS entries

When previously the reverse has read

23 14400 IN PTR www.mydomain.com.

The above is a DNS entry, and it is set such that SSL works on the web.

If I do what WHM instructs, that is ENSURE then the SSL cert will not work

The question is do I have to ensure this or not. Have a think, about where bounced mail will go, that's what I am wondering.

Cheers

Kevin

[cpdan]

WHM is saying I need to ensure the entry has no www

Could you be more specific where its saying this?

SSL works on the web ... SSL cert will not work

Just for clarification, you're point is that if the FQDN that the IP points to does not match the FQDN of the cert, you'll get a "do you accept this cert" prompt from the browser?

[tribal]

Could you be more specific where its saying this?

Dan, right next to the checkbox to turn this feature on.

** Send outgoing mail from accounts ip address instead of the main ip address. [Warning: If you turn this setting on you should make sure your reverse dns entries match the ones in /etc/mail_reverse_dns] [?]

My bad, it's 'make sure' not 'ensure'

Just for clarification, you're point is that if the FQDN that the IP points to does not match the FQDN of the cert, you'll get a "do you accept this cert" prompt from the browser?

Yes, for now that's the first point - if I follow the instruction then a cert warning will occur.


Kevin

[tribal]

Dan,

Check this thread
http://forums.cpanel.net/showthread.php?t=84025

It's may point to other issues with this feature.

Kevin

[cpdan]

thanks for the specifics, from what I read it sounded like the zone editor or something was throwing a warning about the entry having no preceeding 'www.'