Email Deliverablity issue with Multiple IPs on Server

[nabor]

Hi, I have a WHM server that has assigned multiple IPs because the server has hundreds of accounts, and I need to distribute the IPs across those accounts just in case one of the accounts was compromised and that IP was blocked by other ISPs.

Now I'm facing a new issue: the Email Deliverability says an account is sending Email on behalf of the WHM server's domain while this domain only resolves to its primary IP. So that causes emails sent by that account will go to the destination's junk box directly.

I don't think it resolves the problem by associate all of the A records to the WHM server's domain since DNS will resolve multiple A records in rotation.

My WHM server's domain is using this format: server10.example.com

If I create multiple subdomains and assign each secondary IP to each subdomain, and then add rDNS for those subdomains, will it solve the issue without break anything else? (I've enabled "Use the reverse DNS entry for the mail HELO/EHLO if available" in Exim configuration)

If not, is there a way to address this issue?

Thanks in advance.

 

[cPRex]

Hey there! That wouldn't be my preferred method to fix the issue. I'd recommend using the "Send mail from account's dedicated IP" option as described here:

How to send email from a dedicated IP address

To send outgoing email from all cPanel accounts on a dedicated IP address, you would need to enable the "Send mail from the accounts's IP address" option in the Exim Configuration Manager. 1. Nav...

support.cpanel.net

Can you work through that and see if that helps get things working how you expect?

 

[nabor]

Hi there, I've already enabled that option and added all the rDNS for the WHM's hostname. Then saw this warning.

 

[cPRex]

Thanks for the details. It sounds like there have been some additional modifications to the /etc/mailhelo file on the system as well. Has that file been modified on your system? By default, the file is blank unless it has been adjusted, and there are details on how to format the file here:

How to Configure the Exim Outgoing IP Address | cPanel & WHM Documentation

To decrease the chance that spam filters mark your mail as spam, verify that the reverse DNS (rDNS) entry of Exim's outgoing IP address matches the DNS response of your server's hostname.

docs.cpanel.net

 

[nabor]

I didn't manually modify them. Seems they were modified after I assigned IPs to different accounts and mailips reflects what IP is associated to what account while all the account's domains are using the WHM's domain for HELO header in the mailhelo file.

Do you suggest me to change those settings? How?

 

[cPRex]

Can you run the following command on the system to get us more details? Just make sure to obscure any public information there.

cat /etc/mailhelo

 

[nabor]

Hi, it's something like that:

domain1: whm_hostname
domain2: whm_hostname
domain3: whm_hostname
domain4: whm_hostname
...
*: whm_hostname

My thought is to add extra A records and change the mailhelo file to map the individual account to those new domains.

For instance, whm_hostname is using 100.0.0.1. I also have 100.0.0.2 and 100.0.0.3 for this machine.

Now I create some A records for those new IPs:

100.0.0.2   whm1_hostname
100.0.0.3   whm2_hostname

Since domain2 is using the IP of 100.0.0.2 while domain3 and 4 is using the IP of 100.0.0.3, I update the mailhelo file:

domain1: whm_hostname
domain2: whm1_hostname
domain3: whm2_hostname
domain4: whm2_hostname
...
*: whm_hostname

What do you think of it? Will it solve the problem without infect other services?

 

[cPRex]

I think your plan should work, but I don't think you'd need the extra A records. You could just use the domain name on that dedicated IP address in order to get that working.

 

[nabor]

I think your plan should work, but I don't think you'd need the extra A records. You could just use the domain name on that dedicated IP address in order to get that working.

You mean create multiple A records for those new IPs and point to the same domain name?

Will that cause name resolution rotation and won't hit the aligned IP when an account is sending an email?

 

[cPRex]

Nope - I'm saying no A records at all. Just use the existing domains that are setup on those IP addresses if you want to change the mail helo entry for those dedicated IPs.

 

[nabor]

Nope - I'm saying no A records at all. Just use the existing domains that are setup on those IP addresses if you want to change the mail helo entry for those dedicated IPs.

Could you show me an example please?

Here's what my current mailips looks like:

domain1: 100.0.0.1
domain2: 100.0.0.2
domain3: 100.0.0.3
domain4: 100.0.0.3

 

[cPRex]

That format is fine for the mailips file. Is there something specific that isn't working how you expect?

 

[nabor]

That format is fine for the mailips file. Is there something specific that isn't working how you expect?

The email deliverability is giving warnings (see the screenshot I attached at the top). Seems the domains are using the WHM's hostname as the HELO header while the outgoing IPs are dedicated IPs which don't match the IP of the WHM's domain.

Some customers reported the mails they sent went to the destinations' junk box.

So you mean that was not the root cause? They should check the mail contents before sending it out?

 

[cPRex]

Right, so we don't want to make any more edits to the mailips file, but we may want to adjust the mailhelo file to match the headers. Details on that can be found here: How to Configure the Exim Outgoing IP Address | cPanel & WHM Documentation

I don't believe that would be enough to route a message to junk, as the hostname is still going to show up in the headers of the message no matter how the mailhelo is formatted. It is important to ensure the content of the messages are good before sending.

 

[nabor]

Yeah, I think the contents are more important as well. However, I just want to get rid of this ugly warning, so that the customers will believe that's not our server's issue.

So, the solution would be the thread #7 I proposed?

 

[cPRex]

I don't really understand what you plan to do with those A records. Are they just going to point to a domain name?

 

[nabor]

I don't really understand what you plan to do with those A records. Are they just going to point to a domain name?

Point them to the WHM's new domain names. (for instance, whm11.example.com, whm12.example.com, etc.)

Because the situation we are facing is the email HELO mismatch. So what I'm thinking is to create new A records for those IPs. Then change the mailhelo file, point those accounts to those new domains(e.g. domain1:whm11.example.com, domain2:whm12.example.com). I think that will eliminate the warnings.

More importantly, that should not affect the email deliverability, will it?

 

[cPRex]

It might eliminate the warnings, but I'm not sure it would actually improve the mail deliverability if you're seeing messages go to spam.

 

[nabor]

It might eliminate the warnings, but I'm not sure it would actually improve the mail deliverability if you're seeing messages go to spam.

Right. But I will give it a try anyway, if it's not improving, at least we won't see any warnings. I will keep you updated.

Thanks man.

 

[nabor]

UPDATE,

I added new A records and adjusted the rDNS, mailhelo file afterward. All the warnings have gone, no mail deliverability issue at the moment.