I have one domain on a dedicated IPv4 address different from the one my main WHM account uses, and am having some trouble with Exim choosing the correct outbound IP and domain. I also appear to have some DKIM issues.
A little bit of substitution: the actual value are correct in both /etc/mailhelo and /etc/mailips.
For my main WHM user: example_main.com with an IPv4 address of 1.2.3.4
For my other domain user: example_alternate.com with an IPv4 address of 5.6.7.8
So far as I can tell, reverse DNS is set up correctly.
running "nslookup 5.6.7.8" returns
8.7.6.5.in-addr.arpa name = example_alternate.com
Same for 1.2.3.4 and example_main.com
Also, using misk's DNS lookup tool ( DNS Lookup / NSLookup: Check DNS Records - Misk.com ) on 5.6.7.8 returns the main WHM accounts' NS records (ns1.example_main.com, ns2.example_main.com) as authoritive.
(I know, they're on the same machine, don't really *need* two entries...)
With regards the sending IP:
"Send mail from account’s dedicated IP address" is ON in Service Configuration / Exim Configuration.
Using the above substitution:
/etc/mailhelo has example_alternate.com: example_alternate.com
/etc/mailips has example_alternate.com: 5.6.7.8
Permission for both files appear OK (root/mail, 0640).
There are default * entries in both for vps.example_main.com and 1.2.3.4, respectively.
The messages were sent from a machine external to Exim, not from the server itself, via SMTP with credentials from an email account associated with example_alternate.com.
Sending to a hotmail address resulted in these headers:
Authentication-Results: spf=pass (sender IP is 1.2.3.4)
smtp.mailfrom=example_alternate.com; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=pass action=none
header.from=example_alternate.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of example_alternate.com designates
1.2.3.4 as permitted sender) receiver=protection.outlook.com;
client-ip=1.2.3.4; helo=vps.example_main.com;
Shouldn't that be referencing example_alternate's IP, not example_main's? And why is there no DKIM, when example_alternate's zone file clearly has one?
Sending to an AOL address resulted in this header:
X-Originating-IP: [1.2.3.4]
And this is what sending to a gMail address had:
Received: from vps.example_main.com (vps.example_main.com. [1.2.3.4])
Assuming Exim is honoring /etc/mailips, Shouldn't all of them been showing example_alternate.com and 5.6.7.8 ?
AOL also had a couple of interesting headers that look to have been inserted by /etc/exim.pl.local
X-Get-Message-Sender-Via: vps.example_main.com: mailgid via get_recent_authed_mail_ips_entry: recentlyusedsender@example_main.com/cached: in recent_authed_mail_ips_users using first address
X-Authenticated-Sender: vps.example_main.com: recentlyusedsender@example_main.com
It looks like this might be an attempt to eliminate unnecessary lookups and save system overhead. However, I legitimately send emails from one machine, using multiple "sender" domains and addresses (work hat, home hat, etc.). Why would Exim not be noticing the domain in the "from" address doesn't match the cached one? It had no business inserting that header with an email address that didn't match the sender's domain. In this case, test emails were sent not sent from my email client, but an instance of PHPMailer which knew nothing about example_main.com, so cPanel seems to be adding these headers based on the sending IP.
There should be a way to turn that off, or at least let the routine be smart enough to compare current and cached domains of the sender address before avoiding the lookup and returning the cached value.
With regards to DKIM:
In example_alternate.com's zone file, there is a TXT entry:
default._domainkey
with a value of "v=DKIM1; k=rsa; p=(a very long key)"
Yet, the source of the message to hotmail says:
smtp.mailfrom=example_alternate.com; hotmail.com; dkim=none (message not signed)
For the message to AOL, this was in the headers:
dkim=neutral (no sig) header.i=@example_alternate.com;
Headers in a message to a gMail address had no reference to dkim.
Just curious what I could be doing wrong. According to all docs I've read, when a remote host receives a message from example_alternate.com, it should show it as coming from 2.3.4.5, not 1.2.3.4, and it should have the signed DKIM record.
FWIW, the messages *do* appear to be getting delivered. I just don't understand why they have the wrong IP's and domain names attached to them.
Any replies would be most appreciated. Thanks!
--
Carl
A little bit of substitution: the actual value are correct in both /etc/mailhelo and /etc/mailips.
For my main WHM user: example_main.com with an IPv4 address of 1.2.3.4
For my other domain user: example_alternate.com with an IPv4 address of 5.6.7.8
So far as I can tell, reverse DNS is set up correctly.
running "nslookup 5.6.7.8" returns
8.7.6.5.in-addr.arpa name = example_alternate.com
Same for 1.2.3.4 and example_main.com
Also, using misk's DNS lookup tool ( DNS Lookup / NSLookup: Check DNS Records - Misk.com ) on 5.6.7.8 returns the main WHM accounts' NS records (ns1.example_main.com, ns2.example_main.com) as authoritive.
(I know, they're on the same machine, don't really *need* two entries...)
With regards the sending IP:
"Send mail from account’s dedicated IP address" is ON in Service Configuration / Exim Configuration.
Using the above substitution:
/etc/mailhelo has example_alternate.com: example_alternate.com
/etc/mailips has example_alternate.com: 5.6.7.8
Permission for both files appear OK (root/mail, 0640).
There are default * entries in both for vps.example_main.com and 1.2.3.4, respectively.
The messages were sent from a machine external to Exim, not from the server itself, via SMTP with credentials from an email account associated with example_alternate.com.
Sending to a hotmail address resulted in these headers:
Authentication-Results: spf=pass (sender IP is 1.2.3.4)
smtp.mailfrom=example_alternate.com; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=pass action=none
header.from=example_alternate.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of example_alternate.com designates
1.2.3.4 as permitted sender) receiver=protection.outlook.com;
client-ip=1.2.3.4; helo=vps.example_main.com;
Shouldn't that be referencing example_alternate's IP, not example_main's? And why is there no DKIM, when example_alternate's zone file clearly has one?
Sending to an AOL address resulted in this header:
X-Originating-IP: [1.2.3.4]
And this is what sending to a gMail address had:
Received: from vps.example_main.com (vps.example_main.com. [1.2.3.4])
Assuming Exim is honoring /etc/mailips, Shouldn't all of them been showing example_alternate.com and 5.6.7.8 ?
AOL also had a couple of interesting headers that look to have been inserted by /etc/exim.pl.local
X-Get-Message-Sender-Via: vps.example_main.com: mailgid via get_recent_authed_mail_ips_entry: recentlyusedsender@example_main.com/cached: in recent_authed_mail_ips_users using first address
X-Authenticated-Sender: vps.example_main.com: recentlyusedsender@example_main.com
It looks like this might be an attempt to eliminate unnecessary lookups and save system overhead. However, I legitimately send emails from one machine, using multiple "sender" domains and addresses (work hat, home hat, etc.). Why would Exim not be noticing the domain in the "from" address doesn't match the cached one? It had no business inserting that header with an email address that didn't match the sender's domain. In this case, test emails were sent not sent from my email client, but an instance of PHPMailer which knew nothing about example_main.com, so cPanel seems to be adding these headers based on the sending IP.
There should be a way to turn that off, or at least let the routine be smart enough to compare current and cached domains of the sender address before avoiding the lookup and returning the cached value.
With regards to DKIM:
In example_alternate.com's zone file, there is a TXT entry:
default._domainkey
with a value of "v=DKIM1; k=rsa; p=(a very long key)"
Yet, the source of the message to hotmail says:
smtp.mailfrom=example_alternate.com; hotmail.com; dkim=none (message not signed)
For the message to AOL, this was in the headers:
dkim=neutral (no sig) header.i=@example_alternate.com;
Headers in a message to a gMail address had no reference to dkim.
Just curious what I could be doing wrong. According to all docs I've read, when a remote host receives a message from example_alternate.com, it should show it as coming from 2.3.4.5, not 1.2.3.4, and it should have the signed DKIM record.
FWIW, the messages *do* appear to be getting delivered. I just don't understand why they have the wrong IP's and domain names attached to them.
Any replies would be most appreciated. Thanks!
--
Carl