The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sending between accounts on the same server w/ remote MX - SPF problem

Discussion in 'E-mail Discussions' started by rinkleton, Jul 16, 2015.

  1. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Ok so this is a very specific issue. 2 accounts on a server. Account a.com is the sender, account b.com the receiver. b.com is setup as a remote MX (google apps) and also has a dedicated IP.

    What seems to be happening is when test@a.com sends to test@b.com, cpanel tries to deliver locally, which sort of succeeds. b.com sort of accepts it, but then realizes it is configured as a remote so then b.com takes it upon itself to send the email out (from it's own dedicated IP). So when the message arrives in google apps account it does an SPF check against the b.com IP but against the SPF record for a.com... which doesn't have b.com's IP listed in it. It obviously fails.

    Is it possible to make a.com smart enough to not try and deliver locally when b.com is set as remote?
     
    #1 rinkleton, Jul 16, 2015
    Last edited by a moderator: Jul 16, 2015
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    you might want to correct your post as it make no sense

    1st you say a.com is the sender then later in the post you have test@b.com is the sender which one is it ?
    2nd you say b.com is remote than later on in the post you say a.com is remote which one is it?

    that being said ensure which ever domain is the remote domain be sure its in
    /etc/remotedomains
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,465
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Original post updated.
     
  4. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    As far as solutions go, I tried using the API to collect all dedicated IPs on the server and add them to the SPF record, but it results in a string that is too long. And I would have to do that for every account on the server and keep them all up to date.
     
  5. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Also, account b.com is listed in remotedomains and not in localdomains
     
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If a.com is in /etc/localdomains and b.com is in /etc/remotedomains, then the system really isn't struggling to deliver from a.com local to b.com on Google. You might think so, but it's fairly straightforward.

    Just add b.com's dedicated IP address to a.com's SPF record.

    If a.com's record looks anything like this:

    "v=spf1 +a +mx +ip4:aaa.aaa.aaa.aaa ~all"

    - where aaa.aaa.aaa.aaa is the IP address that a.com usually sends mail from

    Then just add another +ip4 referencing B's IP address

    "v=spf1 +a +mx +ip4:aaa.aaa.aaa.aaa +ip4:bbb.bbb.bbb.bbb ~all"
    - where bbb.bbb.bbb.bbb is the dedicated IP address that b.com sends mail through

    So any time a.com sends email to b.com and it arrives at Google apps via b.com's dedicated IP, it'll do the SPF check and see that b.com's dedicated IP is an allowed Ip address for sending a.com mail.

    But i'd really like to understand what is going on.

    a. is b.com's MX records pointing to Google mailservers and is b.com in /etc/remotedomains on the server?

    OR

    b. is b.com's mail being accepted locally and then forwarded to some other email accounts on Google apps [not @b.com] ?

    Two different things there.

    Depending upon how things are really set up [and it is impossible for us to know based upon the information you've given and the confusing nature of your email in general], just adding the IP address to the SPF may not be the preferred/best method. But it should get the job done in a pinch.

    Mike
     
  7. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    The SPF method won't work for reasons I listed in a subsequent reply.

    I too want to get to the bottom of it. The setup is scenario A. b.com is in remote domains and we are using google's mx records for b.com (a.com is configured as a local domain). However looking at the email's headers it shows that google accepted the email from mail.b.com with b.com's dedicated IP. I can't really fathom why this would be happening other than a bug in cpanel or some random setting buried way deep.
     
  8. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Well, if a website has a dedicated IP address, cPanel can be configured to use that dedicated IP address for outbound email delivery. And I'm guessing it probably is.

    Your cPanel is likely either set to automatically configure any static IP websites to send out mail using the static IP, or your server may have been set up manually to have exim use the dedicated ip to send mail.

    See: https://documentation.cpanel.net/display/CKB/How+to+Configure+Exim's+Outgoing+IP+Address

    Are you using the automatic or manual method?

    If you're using manual method, then just revert the process so there are no entries in /etc/mailhelo, /etc/mailips and /etc/mail/ for that particular website (b.com) with the dedicated IP for which mail is being handled at Google.

    Mike
     
  9. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Yeah, I've configured cpanel to use each account's dedicated IP for sending.... except when sending from a.com it shouldn't be using b.com's dedicated IP right?
     
  10. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I get what you are saying. I agree that it shouldn't. And maybe that should be classified as a bug / unwanted behavior. But I suspect it's not erroneously sending ALL of A's mail out B's static, but rather only mail sent to b.com. Right? If that's the case, with your configuration the way it is, I can understand why exim might be wanting to use b.com's static IP to send email destined for b.com.

    Mike
     
  11. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    That's correct. But I only see it trying to do that if b.com was listed as a localdomain. Interesting tidbit....it still does this even if I turn off sending from each account's dedicated IP.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  13. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Thanks for the response.... Ok I have included output from 3 test along with their respective headers. I've changed domain names and IPs. If you need the unedited version, or don't think it's a security issue, I can post the original.

    All emails were sent from IP 11.11.11.11 using SMTP server 00.00.00.00 logging in as account sender@a3.tld. This account exists on the same servers that the tests were sent to.

    -----------------------

    Code:
    Test 1 - to an address on account b.tld.  This account has dedicated IP 44.44.44.44 and uses google for email (setup as remote)
    
    2015-07-22 11:06:13 SMTP connection from [11.11.11.11]:63366 (TCP/IP connection count = 1)
    2015-07-22 11:06:14 1ZHvb4-003xrQ-8e <= [EMAIL]sender@a3.tld[/EMAIL] H=rrcs-11-11-11-11.central.biz.rr.com (localhost) [11.11.11.11]:63366 P=esmtpsa X=TLSv1:DHE-RSA-AES256-SHA:256 A=dovecot_login:[EMAIL]sender@a3.tld[/EMAIL] S=8135 T="Test - Email" for [EMAIL]cron@b.tld[/EMAIL]
    2015-07-22 11:06:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ZHvb4-003xrQ-8e
    2015-07-22 11:06:14 1ZHvb4-003xrQ-8e SMTP connection outbound 1437577574 1ZHvb4-003xrQ-8e a3.tld [EMAIL]cron@b.tld[/EMAIL]
    2015-07-22 11:06:14 SMTP connection from rrcs-11-11-11-11.central.biz.rr.com (localhost) [11.11.11.11]:63366 closed by QUIT
    2015-07-22 11:06:15 1ZHvb4-003xrQ-8e => [EMAIL]cron@b.tld[/EMAIL] R=lookuphost T=remote_smtp H=aspmx.l.google.com [74.125.28.26] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1437577577 a20si1758166ioe.144 - gsmtp"
    2015-07-22 11:06:15 1ZHvb4-003xrQ-8e Completed
    
    
    Delivered-To: [EMAIL]cron@b.tld[/EMAIL]
    Received: by 22.22.22.22 with SMTP id v6csp1893339oaf;
      Wed, 22 Jul 2015 08:06:17 -0700 (PDT)
    X-Received: by 33.33.33.33 with SMTP id d71mr5781138ioe.41.1437577577314;
      Wed, 22 Jul 2015 08:06:17 -0700 (PDT)
    Return-Path: <[EMAIL]sender@a3.tld[/EMAIL]>
    [B]Received: from b.tld (mail.b.tld. [44.44.44.44])
      by mx.google.com[/B] with ESMTPS id a20si1758166ioe.144.2015.07.22.08.06.17
      for <[EMAIL]cron@b.tld[/EMAIL]>
      (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
      Wed, 22 Jul 2015 08:06:17 -0700 (PDT)
    Received-SPF: softfail (google.com: domain of transitioning [EMAIL]sender@a3.tld[/EMAIL] does not designate 44.44.44.44 as permitted sender) client-ip=44.44.44.44;
    Authentication-Results: mx.google.com;
      spf=softfail (google.com: domain of transitioning [EMAIL]sender@a3.tld[/EMAIL] does not designate 44.44.44.44 as permitted sender) smtp.mail=[EMAIL]sender@a3.tld[/EMAIL]
    Date: Wed, 22 Jul 2015 08:06:17 -0700 (PDT)
    Message-Id: <[EMAIL]55afb169.14986b0a.0f28.0fc6SMTPIN_ADDED_MISSING@mx.google.com[/EMAIL]>
    Received: from rrcs-11-11-11-11.central.biz.rr.com ([11.11.11.11]:63366 helo=localhost)
       by s3.a.tld with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
       (Exim 4.82)
       (envelope-from <[EMAIL]sender@a3.tld[/EMAIL]>)
       id 1ZHvb4-003xrQ-8e
       for [EMAIL]cron@b.tld[/EMAIL]; Wed, 22 Jul 2015 11:06:14 -0400
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="=_979b112cb37c952bb881bd9fb7a9e872"
    From: [EMAIL]test@test.com[/EMAIL]
    To: [EMAIL]cron@b.tld[/EMAIL]
    Subject: Test - Email
    X-Mailer: Test Mailer
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - s3.a.tld
    X-AntiAbuse: Original Domain - b.tld
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - a3.tld
    X-Get-Message-Sender-Via: s3.a.tld: authenticated_id: [EMAIL]sender@a3.tld[/EMAIL]
    
    
    -----------------

    Code:
    
    Test 2 - to an address on account d.tld.  This account has dedicated IP 88.88.88.88 and uses enom for email (setup as remote)
    
    2015-07-22 11:16:58 SMTP connection from [11.11.11.11]:64016 (TCP/IP connection count = 1)
    2015-07-22 11:16:59 1ZHvlT-003yMH-EX <= [EMAIL]sender@a3.tld[/EMAIL] H=rrcs-11-11-11-11.central.biz.rr.com (localhost) [11.11.11.11]:64016 P=esmtpsa X=TLSv1:DHE-RSA-AES256-SHA:256 A=dovecot_login:[EMAIL]sender@a3.tld[/EMAIL] S=8153 T="Test - Email" for [EMAIL]sales@d.tld[/EMAIL]
    2015-07-22 11:16:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ZHvlT-003yMH-EX
    2015-07-22 11:16:59 1ZHvlT-003yMH-EX SMTP connection outbound 1437578219 1ZHvlT-003yMH-EX a3.tld [EMAIL]sales@d.tld[/EMAIL]
    2015-07-22 11:17:00 SMTP connection from rrcs-11-11-11-11.central.biz.rr.com (localhost) [11.11.11.11]:64016 closed by QUIT
    2015-07-22 11:18:04 1ZHvlT-003yMH-EX mx.mail2.name-services.com [55.55.55.55] Connection timed out
    2015-07-22 11:18:04 1ZHvlT-003yMH-EX => [EMAIL]sales@d.tld[/EMAIL] R=lookuphost T=remote_smtp H=mx.mail2.name-services.com [66.66.66.66] C="250 2.0.0 Ok: queued as C5C6544B031"
    2015-07-22 11:18:04 1ZHvlT-003yMH-EX Completed
    
    
    Return-Path: <[EMAIL]sender@a3.tld[/EMAIL]>
    Received: from 77.77.77.77 unverified ([77.77.77.77]) by spsmtp01oc.mail2world.com with Mail2World SMTP Server; Wed, 22 Jul 2015 08:18:42 -0700
    [B]Received: from d.tld (unknown [88.88.88.88])[/B]by c1mailgw10.amadis.com (Postfix) with ESMTP id C5C6544B031for <[EMAIL]sales@d.tld[/EMAIL]>; Wed, 22 Jul 2015 08:18:05 -0700 (PDT)
    Received: from rrcs-11-11-11-11.central.biz.rr.com ([11.11.11.11]:64016 helo=localhost)by s3.a.tld with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.82)(envelope-from <[EMAIL]sender@a3.tld[/EMAIL]>)id 1ZHvlT-003yMH-EXfor [EMAIL]sales@d.tld[/EMAIL]; Wed, 22 Jul 2015 11:16:59 -0400
    MIME-Version: 1.0
    Content-Type: multipart/alternative;boundary="=_87d8b46def4dbee81327f7ffa1a33036"
    From: [EMAIL]test@test.com[/EMAIL]
    To: [EMAIL]sales@d.tld[/EMAIL]
    Subject: Test - Email
    X-Mailer: Test Mailer
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - s3.a.tld
    X-AntiAbuse: Original Domain - d.tld
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - a3.tld
    X-Get-Message-Sender-Via: s3.a.tld: authenticated_id: [EMAIL]sender@a3.tld[/EMAIL]
    X-CTASD-RefID: str=0001.0A010202.55AFB448.00BE,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    X-CTASD-IP: 88.88.88.88
    X-CTASD-Sender: [EMAIL]test@test.com[/EMAIL]
    x-ctasd: uncategorized
    x-ctasd-vod: uncategorized
    x-ctasd-station:
    
    
    ---------------

    Code:
    Test 3 - to an address on account c.tld.  This account has dedicated IP 99.99.99.99 and uses cpanel for email (setup as automatic) It looks like since this was delivered locally no SPF check was done.
    
    SMTP connection from [11.11.11.11]:63834 (TCP/IP connection count = 1)
    2015-07-22 11:13:03 1ZHvhf-003y8L-2Y <= [EMAIL]sender@a3.tld[/EMAIL] H=rrcs-11-11-11-11.central.biz.rr.com (localhost) [11.11.11.11]:63834 P=esmtpsa X=TLSv1:DHE-RSA-AES256-SHA:256 A=dovecot_login:[EMAIL]sender@a3.tld[/EMAIL] S=8147 T="Test - Email" for [EMAIL]ryan@c.tld[/EMAIL]
    2015-07-22 11:13:03 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ZHvhf-003y8L-2Y
    2015-07-22 11:13:03 SMTP connection from rrcs-11-11-11-11.central.biz.rr.com (localhost) [11.11.11.11]:63834 closed by QUIT
    2015-07-22 11:13:03 1ZHvhf-003y8L-2Y => ryan <[EMAIL]ryan@c.tld[/EMAIL]> R=virtual_user T=virtual_userdelivery
    2015-07-22 11:13:03 1ZHvhf-003y8L-2Y Completed
    
    
    Return-path: <[EMAIL]sender@a3.tld[/EMAIL]>
    Envelope-to: [EMAIL]ryan@c.tld[/EMAIL]
    Delivery-date: Wed, 22 Jul 2015 11:13:03 -0400
    Received: from rrcs-11-11-11-11.central.biz.rr.com ([11.11.11.11]:63834 helo=localhost)
       by s3.a.tld with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
       (Exim 4.82)
       (envelope-from <[EMAIL]sender@a3.tld[/EMAIL]>)
       id 1ZHvhf-003y8L-2Y
       for [EMAIL]ryan@c.tld[/EMAIL]; Wed, 22 Jul 2015 11:13:03 -0400
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="=_97acbe865ce37cacdcfac1ef5a2c8184"
    From: [EMAIL]test@test.com[/EMAIL]
    To: [EMAIL]ryan@c.tld[/EMAIL]
    Subject: Test - Email
    X-Mailer: Test Mailer
    
    
     
    #13 rinkleton, Jul 22, 2015
    Last edited by a moderator: Jul 22, 2015
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you open a support ticket using the link in my signature so we can take a better look at how this email account is configured on your system? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  15. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Thanks for your help.... ticket ID 7071901
     
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case FB-171477 is open to address the issue where when the exchange is a remote exchange for a destination domain, and that destination domain is hosted on the server, the mail IP address used is not the sender domain IP address from the /etc/mailips file. You can monitor our change log to see when a resolution has been implemented:

    cPanel - Change Logs

    Thank you.
     
Loading...

Share This Page