Email Bouncing: SPF with 'Virgin IP'

[cmo]

I have a new KVM-based VPS setup with CentOS 6.5 and WHM/cPanel. I set WHM to send system/root emails to [email protected]. I haven't received any emails, so after a little digging into the mail queue manager I found they were being bounced by MS. I have edited the IP and real hostname:

SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=14820:
host mx3.hotmail.com [65.55.92.136]: 550 OU-002 (SNT0-MC1-F4) Unfortunately, messages from XXX.XXX.XXX.XXX weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to Troubleshooting.

My VPS provider claims the IP is a virgin IP and has never been used (I didn't think that was possible today). I can't remember which site I checked, but IP history shows no other hostnames associated with that IP.

1. Will SPF records solve this problem?

2. Do I need to install anything on the server for SPF or is SPF completely dependant on DNS records?

3. How do I set an SPF record for my hostname?

4. Right now I don't have any accounts setup in WHM. I wanted to wait until I got everything configured properly. All of my current domains are hosted with a shared hosting company that uses cPanel. I have looked at the DNS records for my main domain and one of my addon domains to get the format when I do finally move my domains over to this VPS.
A) Does this look correct? Will this syntax cause any problems?
mydomain.com. 14400 IN TXT v=spf1 +a +mx +ip4:XXX.XXX.XXX.XXX ?all
addondomain.com. 14400 IN TXT v=spf1 +a +mx +ip4:XXX.XXX.XXX.XXX ?all
B) Should I use ?all, ~all, or -all ?

5. If the above is correct, how do I set up WHM so that all future domains, sub-domains, and addon domains have the proper SPF records?

6. I also read something about senderID reputation and now I am thoroughly confused. Is this something else I need to worry about?

7. Why have I recently started to find piles of my hair around my desk?

Thanks in advance for any insight,

- cmo

 

[cPanelMichael]

Hello

I recommend setting up a cPanel account and creating email accounts in cPanel for use with sending to remote mail servers. Then, setup the "root" email address to forward to one of the actual email addresses you have created in cPanel. This is configurable via:

"WHM Home » Server Contacts » Edit System Mail Preferences"

Then, you can setup a forwarder in cPanel to forward email sent to this address directly to your Outlook email address. This will allow you to ensure SPF records are setup correctly using the "Email Authentication" area in cPanel.

Documentation on this is available at:

cPanel - Email Authentication

Note that in "WHM Home » Server Configuration » Tweak Settings", under the "Domains" tab, you can enable the following option:

"Enable SPF on domains for newly created accounts"

Thank you.

 

[cmo]

"Enable SPF on domains for newly created accounts"

Perfect! This is much easier than editing the templates Thanks again, Michael.

 

[cmo]

I'm posting this so other new users experiencing problems with 'virgin ip' mail bouncing might know what to expect. If it's not against the rules, I will update this post with the final outcome.

After having enabled "Enable SPF on domains for newly created accounts" in WHM and creating a new domain account with a proper email address and SPF records, I sent a test message to one of my Outlook.com accounts and received the same bounce message listed in my first post.

I have now submitted the Microsoft form found here: https://support.live.com/eform.aspx?productKey=edfsmsbl3&ct=eformts&scrx=1
I am just waiting to hear back, which I imagine might take a while. Perhaps MS can give me more insight into the problem.

 

[cPanelMichael]

Yes, assuming you have SPF records and RDNS configured for the IP address you use to send email, you will likely get better feedback directly from MS on why they have blocked messages from your server.

Thank you.