The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setting up SPF and DKIM records

Discussion in 'E-mail Discussions' started by magicalwonders, Feb 7, 2013.

  1. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I'm trying to improve the deliverability of my email from a domain on my server to Hotmail and MSN addresses.

    So far I have assigned the domain a dedicated IP address, and have requested the host to apply reverse DNS.

    My autoresponder vendor has advised that I should also enable SPF and DKIM records. I understand that I do this through the Advanced DNS Zone Editor in cPanel. However, I don't know what to put in the various boxes! Can anyone advise me where I get this info from?

    Hope someone can help.

    Myles
     
  2. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    262
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    Actually you do it through the Email Authentication option under the Mail section.
     
  3. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    It seems to be a bit more complicated than that. The Email Authentication option under the Mail section applies to incoming mail.
    I'm trying to set up DKIM for out going mail.

    I've found one reference which says it is done through the Advance DNS Zone Editor, but doesn't really explain much more. Then there are these instructions /http://www.digitalsanctuary.com/tech-blog/debian/setting-up-spf-senderid-domain-keys-and-dkim.html which seem to apply to smpt mail whereas I'm using Exim.

    It might be time to find an expert and pay someone!
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Open your cPanel, find Mail section, find Email Authentication icon and click. On this page click the enable buttons.
     
  5. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    See my post No.3

    The Email Authentication icon only applies to incoming email. I need to setup DKIM for outgoing email.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Enable those. Send an email from the account to this address: check-auth@verifier.port25.com wait a few moment for a result email back to you.

    What does that email tell you?
     
  7. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I got the following report -

    Code:
    ==========================================================
    Summary of Results
    ==========================================================
    SPF check:          neutral
    DomainKeys check:   neutral
    DKIM check:         neutral
    Sender-ID check:    neutral
    SpamAssassin check: ham
    
    ==========================================================
    Details:
    ==========================================================
    
    HELO hostname:  avasout02.plus.net
    Source IP:      212.159.14.17
    mail-from:      myles@domain removed
    
    ----------------------------------------------------------
    SPF check details:
    ----------------------------------------------------------
    Result:         neutral (SPF-Result: Neutral)
    ID(s) verified: smtp.mailfrom=myles@magicalwonders.com
    DNS record(s):
        magicalwonders.com. SPF (no records)
        magicalwonders.com. 12796 IN TXT "v=spf1 mx ip4:198.23.157.249 mx:magicalwonders.com ?all"
        magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
        magicalwonders.com. 12796 IN A 198.23.157.249
        magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
        magicalwonders.com. 12796 IN A 198.23.157.249
    
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result:         neutral (message not signed)
    ID(s) verified: header.From=myles@magicalwonders.com
    DNS record(s):
    
    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result:         neutral (message not signed)
    ID(s) verified: 
    
    NOTE: DKIM checking has been performed based on the latest DKIM specs
    (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
    older versions.  If you are using Port25's PowerMTA, you need to use
    version 3.2r11 or later to get a compatible version of DKIM.
    
    ----------------------------------------------------------
    Sender-ID check details:
    ----------------------------------------------------------
    Result:         neutral (SPF-Result: Neutral)
    ID(s) verified: header.From=myles@magicalwonders.com
    DNS record(s):
        magicalwonders.com. SPF (no records)
        magicalwonders.com. 12796 IN TXT "v=spf1 mx ip4:198.23.157.249 mx:magicalwonders.com ?all"
        magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
        magicalwonders.com. 12796 IN A 198.23.157.249
        magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
        magicalwonders.com. 12796 IN A 198.23.157.249
    
    ----------------------------------------------------------
    SpamAssassin check details:
    ----------------------------------------------------------
    SpamAssassin v3.3.1 (2010-03-16)
    
    Result:         ham  (0.1 points, 5.0 required)
    
     pts rule name              description
    ---- ---------------------- --------------------------------------------------
    -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at [url=http://www.dnswl.org/]dnswl.org - Protect against false positives[/url], low
                                trust
                                [212.159.14.17 listed in list.dnswl.org]
     0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                                [score: 0.4570]
    
    ==========================================================
    Explanation of the possible results (from RFC 5451)
    ==========================================================
    
    SPF and Sender-ID Results
    =========================
    
    "none"
          No policy records were published at the sender's DNS domain.
    
    "neutral"
          The sender's ADMD has asserted that it cannot or does not
          want to assert whether or not the sending IP address is authorized
          to send mail using the sender's DNS domain.
    
    "pass"
          The client is authorized by the sender's ADMD to inject or
          relay mail on behalf of the sender's DNS domain.
    
    "policy"
         The client is authorized to inject or relay mail on behalf
          of the sender's DNS domain according to the authentication
          method's algorithm, but local policy dictates that the result is
          unacceptable.
    
    "fail"
          This client is explicitly not authorized to inject or
          relay mail using the sender's DNS domain.
    
    "softfail"
          The sender's ADMD believes the client was not authorized
          to inject or relay mail using the sender's DNS domain, but is
          unwilling to make a strong assertion to that effect.
    
    "temperror"
          The message could not be verified due to some error that
          is likely transient in nature, such as a temporary inability to
          retrieve a policy record from DNS.  A later attempt may produce a
          final result.
    
    "permerror"
          The message could not be verified due to some error that
          is unrecoverable, such as a required header field being absent or
          a syntax error in a retrieved DNS TXT record.  A later attempt is
          unlikely to produce a final result.
    
    
    DKIM and DomainKeys Results
    ===========================
    
    "none"
          The message was not signed.
    
    "pass"
          The message was signed, the signature or signatures were
          acceptable to the verifier, and the signature(s) passed
          verification tests.
    
    "fail"
          The message was signed and the signature or signatures were
          acceptable to the verifier, but they failed the verification
          test(s).
    
    "policy"
          The message was signed but the signature or signatures were
          not acceptable to the verifier.
    
    "neutral"
          The message was signed but the signature or signatures
          contained syntax errors or were not otherwise able to be
          processed.  This result SHOULD also be used for other
          failures not covered elsewhere in this list.
    
    "temperror"
          The message could not be verified due to some error that
          is likely transient in nature, such as a temporary inability
          to retrieve a public key.  A later attempt may produce a
          final result.
    
    "permerror"
          The message could not be verified due to some error that
          is unrecoverable, such as a required header field being
          absent. A later attempt is unlikely to produce a final result.
    
    It looks like it's saying I have no SPF record - I entered "v=spf1 mx ip4:198.23.157.249 mx:magicalwonders.com ?all" So not sure what's gone wrong?
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you done this as well?
    Changing the Sending IP for Outbound Email in Exim - cPanel Documentation

    Why? You might try removing all changes you've made, disable both SPF and DKIM and then enable once again.
     
  9. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Well that was the output when I used the microsoft wizard for creating a SPF record.

    I think I'm using cPanel 11 - So I'll see about upgrading to latest version and start again.
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    cPanel takes care of this for you, with a few buttons. :)
     
  11. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    O.K. thanks. Maybe this will be easier than it first looked!

    I removed the changes, then re-enabled them. This time I got this result -

    It still seems to be referring to just incoming mail though -
    I checked my version of cPanel and I'm running 11.34.1

    The SPF record is now showing as follows -
    The IP address it is showing though is the main server address and not the dedicated IP address for the domain. Is that how it's supposed to be?
     
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you check out that other link I posted about changing the IP?
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    #13 Infopro, Feb 8, 2013
    Last edited: Dec 1, 2016
  14. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Yes, I've looked at the page, but I haven't implemented the changes yet. Should that really be done before creating the SPF and DKIM records?

    The first part of the instructions are fine, but I've not created files from the command line yet, so I'll need to read up on that.

    ....I've just had a look using Bitvese SSH Client. As well as a command line it displays all the files on the server, very much like FileZilla. I can see under /etc that the two files mailhelo and mailips already exist, and were created on 7th Feb. They are showing file size 0. Is my next step to download them, edit them with nano, vi, or vim, and upload back to the directory?

    I don't suppose a regular text editor like Notepad will work?
     
  15. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In doing so it will add the account's IP to the record.

    Your suggested steps are outlined in the docs.

    You probably should not edit anything like this in notepad, or MS wizard or anything else other than from the command line, logged in as root. There are plenty of threads on this forum, and docs and how-tos via Google to get you going in the right direction. You should read up a bit before making any changes to be safe.
     
  16. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    O.K. Thanks for all the help. It's much appreciated! :)

    I'll have a good study over the next few days before doing anything!
     
  17. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Good luck! It's not so bad. :)
     
  18. SrVeteranAdm

    SrVeteranAdm Registered

    Joined:
    Nov 1, 2013
    Messages:
    1
    Likes Received:
    2
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I'm curious why the person with the original question needed to ask the same question over and over again.
    Why couldn't the Product Evangelist have given all the instructions in one entry?
    It seems to have been unnecessarily drawn out.
     
    Jan-Paul Kleijn and FrankJ like this.
  19. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The original question was actually answered twice.

    Question:
    Answer:
    Answer:
    The Email Authentication page is where this is enabled.

    Is there something you're stuck on here or was this thread useful to you?
     
  20. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Well, I am the OP and I don't believe I asked the same question over and over again. Lol. I was stuck with a problem that has conflicting advice from around the internet. So I posted on this forum. Was it wrong to engage in a dialogue and seek clarification on a subject I was confused about?

    Whilst on the subject of curiosity however, I'm now curious as to why someones first post resurrects a thread that has been dormant for three months! Lol
     
Loading...

Share This Page