Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Cron Emails Are Treated As Spam By Gmail

Discussion in 'E-mail Discussions' started by linux4me2, Jun 10, 2017.

  1. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Recently, the cron emails for /usr/local/cpanel/scripts/upcp have started ending up in my Gmail spam folder. Gmail puts a notice on the emails that says, "Gmail couldn't verify that host.mydomain.com actually sent this message (and not a spammer)." The subdomain "host.mydomain.com" is my hostname, and it is listed as an A record in the DNS zone for mydomain.com.

    If I look at the source of the email, the problem appears to be that there is no SPF record for host.mydomain.com, where XXX.XXX.XXX.XXX is my primary domain:
    If I look in /var/cpanel/domain_keys/public, there is no entry for host.mydomain.com.

    The command:
    Code:
    dig host.mydomain.com +short
    returns my server's primary IP address, and the command:
    Code:
    dig -x XXX.XXX.XXX.XXX +short
    returns:
    Code:
    host.mydomain.com
    so it appears my PTR record is correctly set up.

    If I send email to the same Gmail account using a regular email account on the server, the SPF passes:
    If I'm right about the cause of this problem, it seems like adding a valid SPF and DKIM entry for my hostname would solve it.

    I found this old post in which cPanelTristan suggests, "As such, if you want the hostname covered, your best bet is to temporarily change the hostname to another name, put the hostname onto the account as a subdomain, use Email Authentication area to add the SPF and domain keys records, then remove the subdomain manually and change the hostname back to what it was before. It does appear to be a lot of steps simply to get the records added. Right now, I simply can't think of a simpler way to do it."

    Is there a better way to accomplish this in WHM 64? I'm worried that I'll break something else by changing my hostname as suggested.
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,597
    Likes Received:
    67
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    The mail you are receiving are the part of the cPanel job and the preferred email account setting you set. The mail send to root is forwarded to the Gmail account and now, this is what should be taken care of.. If you are going to end up sending lot of notifications unknowingly to the Gmail account, the Gmail system is going to track the incoming mails and may result in having your mail server IP also blacklisted to cause issues to the other user account, if any, on your server..

    You should be forwarding the root mail to other email account rather than standard Gmail and Hotmail services..
     
  3. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Thanks, I know the email is from the cPanel update. I get one from Logwatch each day, too. I have system emails to root forwarded to a Gmail account (WHM -> Server Contacts -> Edit System Mail Preferences) because I don't have another server I can use and sending the emails to an account on the same server wouldn't work if there are issues.

    It seems like there should be a way to add SPF/DKIM records for the hostname, which I believe would solve the problem. That's what I'm asking.
     
    #3 linux4me2, Jun 11, 2017
    Last edited: Jun 11, 2017
  4. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I went into WHM -> DNS Functions -> Edit DNS Zone and in the section "Add New Entries Below this Line," I added an SPF record for "host" using the server's primary IP address. I ran it through MX Toolbox, and it passed, so the SPF part appears to be fixed this way. I'll see tomorrow when Logwatch and upcp run if Gmail likes it.

    Adding a domain key is next...
     
  5. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I followed the directions in this post to add a domain key for host.mydomain.com. I added the user "nobody" to /var/cpanel/users, ran /usr/local/cpanel/scripts/updateuserdomains, and then attempted to run /usr/local/cpanel/scripts/updateuserdomains; however, I got the error:
    According to the thread above, that's because I need to create a valid DNS zone for my server's hostname. I do have an A record DNS entry in mydomain.com for host, so I think the problem may actually be that the entry in /var/cpanel/users/nobody should perhaps be different than just:
    Code:
    DNS=host.mydomain.com
    Maybe something like:
    Code:
    DNS=mydomain.com
    DNS1=host.mydomain.com
    
    I don't want to try it until I know if that will mess something up.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,631
    Likes Received:
    1,550
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I recommend creating a separate DNS zone for your server's hostname via "WHM >> DNS Functions >> Add A DNS Zone", and then removing the "A" entry for the hostname from the parent domain name's DNS zone. This should allow you to proceed with the workaround instructions referenced on that thread.

    Thank you.
     
    linux4me2 likes this.
  7. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    When I try to create a separate DNS zone for my server's hostname, I get the message, "Sorry, a DNS entry for host.mydomain.com already exists." I suspect this is because there's already an "A" entry in the parent domain. If I delete the "A" record from the parent domain first to get around that, won't that keep me from logging into WHM to add the separate DNS zone? : )
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,631
    Likes Received:
    1,550
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You can still login via any other domain name that resolves to the server's IP address, or via the server's IP address.

    Thank you.
     
    linux4me2 likes this.
  9. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I didn't know I could log in with another domain name. :oops: I picked one with an SSL cert so I didn't get the connection warning I'd get using the IP address and could still use HTTPS.

    I deleted the two entries ("A" record and SPF entry I manually added) in the parent domain for my hostname and set up the new DNS zone, which automagically added the SPF record for it from my DNS profile, then added the "nobody" record in /var/cpanel/users/ and ran the command to create the domain key.

    I can now see the DKIM entry when I look at the newly created DNS zone for my hostname, and there are entries in both the public and private folders of /var/cpanel/domain_keys, so it looks like I am in business. I won't know for sure until I see the emails cron sends out to Gmail tomorrow morning, but I suspect it's fixed. I will follow up tomorrow with the results.
     
  10. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    182
    Likes Received:
    37
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Both SPF and DKIM now pass with Gmail. Thanks for all your help, Michael. You can mark this one solved.
     
    cPanelMichael likes this.
  11. rinkleton

    rinkleton Well-Known Member

    Joined:
    Jul 16, 2015
    Messages:
    73
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    I'm trying to set this up. But I'm getting the "Empty DNS zone" error. I've deleted the A records from the parent zone. Added a new, dedicated zone. Ran /usr/local/cpanel/scripts/updateuserdomains. Checked everything in MX toolbox. Everything seems fine, but i still get the error. Any ideas?
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,631
    Likes Received:
    1,550
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Does the "/var/cpanel/users/nobody" file exist on your system, and if so, does it include a DNS= entry for your server's hostname within it?

    Thank you.
     
  13. rinkleton

    rinkleton Well-Known Member

    Joined:
    Jul 16, 2015
    Messages:
    73
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Yes
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,631
    Likes Received:
    1,550
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It looks like the custom workaround referenced in that thread is no longer working (it was always an unsupported workaround). As an alternative, you can use the openssl utility on your server's command line and then add the TXT record to the DNS zone of your server's hostname. This URL explains how to setup the key:

    DKIM Core Technical Specification

    I encourage you to vote and add feedback to the following feature request if you'd like to see support for this added to the product:

    DKIM for Hostname

    Thank you.
     
  15. rinkleton

    rinkleton Well-Known Member

    Joined:
    Jul 16, 2015
    Messages:
    73
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    It looks like it did create the keys and place them in the proper files, but it just wouldn't add them to the DNS zone. I manually did that and it looks like it's working. Thanks.
     
  16. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,517
    Likes Received:
    41
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    All you really need to do is generate a public/private key pair.

    openssl genrsa -out /root/rsa.private 1024
    openssl rsa -in /root/rsa.private -out /root/rsa.public -pubout -outform PEM


    Now convert the public key into a single line:

    cat /root/rsa.public | grep -v '^-----' | tr '\n' ' ' | sed s/" "//g ; echo ""

    The output from this is important for the next step.

    Now add a DNS entry:

    default._domainkey.%HOSTNAME%. IN TXT "v=DKIM1; k=rsa; p=%ABOVE%;"

    Replace %HOSTNAME% with the server's hostname (don't forget the . at the end)

    Replace %ABOVE% with the single line public key output from above.

    Then finally copy the public and private keys so Exim knows to read them

    cp -a /root/rsa.private /var/cpanel/domain_keys/private/%HOSTNAME%
    cp -a /root/rsa.public /var/cpanel/domain_keys/public/%HOSTNAME%
     
    cPanelMichael likes this.
Loading...

Share This Page