Email Deliverablity issue with Multiple IPs on Server

Operating System & Version
CloudLinux release 7.8
cPanel & WHM Version
v92.0.9

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
Hi, I have a WHM server that has assigned multiple IPs because the server has hundreds of accounts, and I need to distribute the IPs across those accounts just in case one of the accounts was compromised and that IP was blocked by other ISPs.

Now I'm facing a new issue: the Email Deliverability says an account is sending Email on behalf of the WHM server's domain while this domain only resolves to its primary IP. So that causes emails sent by that account will go to the destination's junk box directly.

I don't think it resolves the problem by associate all of the A records to the WHM server's domain since DNS will resolve multiple A records in rotation.

My WHM server's domain is using this format: server10.example.com

If I create multiple subdomains and assign each secondary IP to each subdomain, and then add rDNS for those subdomains, will it solve the issue without break anything else? (I've enabled "Use the reverse DNS entry for the mail HELO/EHLO if available" in Exim configuration)

If not, is there a way to address this issue?

Thanks in advance.
 

Attachments

Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,283
536
273
cPanel Access Level
Root Administrator
Hey there! That wouldn't be my preferred method to fix the issue. I'd recommend using the "Send mail from account's dedicated IP" option as described here:


Can you work through that and see if that helps get things working how you expect?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,283
536
273
cPanel Access Level
Root Administrator
Thanks for the details. It sounds like there have been some additional modifications to the /etc/mailhelo file on the system as well. Has that file been modified on your system? By default, the file is blank unless it has been adjusted, and there are details on how to format the file here:

 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
I didn't manually modify them. Seems they were modified after I assigned IPs to different accounts and mailips reflects what IP is associated to what account while all the account's domains are using the WHM's domain for HELO header in the mailhelo file.

Do you suggest me to change those settings? How?
 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
Hi, it's something like that:
Code:
domain1: whm_hostname
domain2: whm_hostname
domain3: whm_hostname
domain4: whm_hostname
...
*: whm_hostname
My thought is to add extra A records and change the mailhelo file to map the individual account to those new domains.

For instance, whm_hostname is using 100.0.0.1. I also have 100.0.0.2 and 100.0.0.3 for this machine.

Now I create some A records for those new IPs:
Code:
100.0.0.2   whm1_hostname
100.0.0.3   whm2_hostname
Since domain2 is using the IP of 100.0.0.2 while domain3 and 4 is using the IP of 100.0.0.3, I update the mailhelo file:
Code:
domain1: whm_hostname
domain2: whm1_hostname
domain3: whm2_hostname
domain4: whm2_hostname
...
*: whm_hostname
What do you think of it? Will it solve the problem without infect other services?
 
Last edited:

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
I think your plan should work, but I don't think you'd need the extra A records. You could just use the domain name on that dedicated IP address in order to get that working.
You mean create multiple A records for those new IPs and point to the same domain name?

Will that cause name resolution rotation and won't hit the aligned IP when an account is sending an email?
 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
Nope - I'm saying no A records at all. Just use the existing domains that are setup on those IP addresses if you want to change the mail helo entry for those dedicated IPs.
Could you show me an example please?

Here's what my current mailips looks like:
Code:
domain1: 100.0.0.1
domain2: 100.0.0.2
domain3: 100.0.0.3
domain4: 100.0.0.3
 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
That format is fine for the mailips file. Is there something specific that isn't working how you expect?
The email deliverability is giving warnings (see the screenshot I attached at the top). Seems the domains are using the WHM's hostname as the HELO header while the outgoing IPs are dedicated IPs which don't match the IP of the WHM's domain.

Some customers reported the mails they sent went to the destinations' junk box.

So you mean that was not the root cause? They should check the mail contents before sending it out?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,283
536
273
cPanel Access Level
Root Administrator
Right, so we don't want to make any more edits to the mailips file, but we may want to adjust the mailhelo file to match the headers. Details on that can be found here: How to Configure the Exim Outgoing IP Address | cPanel & WHM Documentation

I don't believe that would be enough to route a message to junk, as the hostname is still going to show up in the headers of the message no matter how the mailhelo is formatted. It is important to ensure the content of the messages are good before sending.
 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
Yeah, I think the contents are more important as well. However, I just want to get rid of this ugly warning, so that the customers will believe that's not our server's issue.

So, the solution would be the thread #7 I proposed?
 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
I don't really understand what you plan to do with those A records. Are they just going to point to a domain name?
Point them to the WHM's new domain names. (for instance, whm11.example.com, whm12.example.com, etc.)

Because the situation we are facing is the email HELO mismatch. So what I'm thinking is to create new A records for those IPs. Then change the mailhelo file, point those accounts to those new domains(e.g. domain1:whm11.example.com, domain2:whm12.example.com). I think that will eliminate the warnings.

More importantly, that should not affect the email deliverability, will it?
 

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
It might eliminate the warnings, but I'm not sure it would actually improve the mail deliverability if you're seeing messages go to spam.
Right. But I will give it a try anyway, if it's not improving, at least we won't see any warnings. I will keep you updated.

Thanks man.
 
  • Like
Reactions: cPRex

nabor

Member
Dec 11, 2019
18
2
3
nz
cPanel Access Level
Root Administrator
UPDATE,

I added new A records and adjusted the rDNS, mailhelo file afterward. All the warnings have gone, no mail deliverability issue at the moment.