I have contacted cPanel Support directly via my VPS,WHM etc but it seems kind of stuck and I don't think I can furnish the guy 100% with more experience on my part. 
Here's my initial ticket request wording;
v=spf1 +a +mx include:spf.isknow.how -all
I added the include:spf.isknow.how section, as I wanted to setup smtp send ability on my servers mailserver etc, to try and fix a seperate to the above issue (Will deal with that down the line)
I tried going to the Microsoft SPD Wizard registration site, I used this last summer without a problem but now I'm faced with;
So that's out and I'm just ending up more confused by the minute with the whole SPD and DKIM aspects I need to get correct,;not helped by a severe bout of Pneumonia this festive season, that I'm still not fully over grrrr.
Can anybody kindly offer to help work through the above with me please, it would be very much appreciated indeed.
Regards,
Rob
Here's my initial ticket request wording;
The first reply was;Hi There,
I'm suddenly seeing a lot of bouncebacks when I'm sending emails from my @isknow.how domain name email address, that is hosted on my unmanaged VPS (I manage it, the provider doesn't)
However, these bounceback emails only seem to be if I'm sending to Microsoft "hotmail, live" addresses - as the error I'm pasting below was from an email with multiple contacts included and ONLY the MS one bounced back, the others with their own personal domain email addresses are as normal as to be expected.
One such example that is to a friends email address at that, is as follows;
"This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
host mx1.hotmail.com [65.55.37.88]
SMTP error from remote mail server after MAIL FROM:<emailremovedforthispost> SIZE=76103:
550 SC-001 (COL004-MC2F48) Unfortunately, messages from 46.32.249.220 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to Troubleshooting.
The details.txt file content for the above bounceback is;
Reporting-MTA: dns; vpshostnameremovedforthispost
Action: failed
Final-Recipient: rfc822;emailremovedforthispost
Status: 5.0.0
Remote-MTA: dns; mx1.hotmail.com
Diagnostic-Code: smtp; 550 SC-001 (COL004-MC2F48) Unfortunately, messages from 46.32.249.220 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to Troubleshooting.
I had previously last year added an SPF record, DKIM, registered my domain with some microsoft website to prove ownership and that thus my domains emails wouldn't be marked spam etc... is it normal for these kind of registrations to run out at all?
Anyway, I shall leave it at that and look forward to hearing from you in due course.
Regards,
Robert Stones
My reply was;Hello,
Typically, you receive the message you did when someone on your server has been sending spam. You can often find the culpret by running the following one-liner:
grep 'sendmail' /var/log/exim_mainlog | awk '{print $3}' | sort | uniq -c | sort -n
This shows where `sendmail` was executed from, and can possibly show the directory a possible malicious script installed thru compromised software. I'd recommend removing said malicious script (if exists) and updating all software associated with the affected website (plugins and themes included), update all authentication details associated with said website (including those where the password is shared with another web asset), et cetera.
Right. Looking at your server, it doesn't appear that there was any spam sent ever, at least according to the exim logs. However, there may be something that I am missing. You may wish to contact a systems administrative service to look your server over and ensure that no spam is being sent.
Looking at < MultiRBL.valli.org - Results of the query 46.32.249.220 >, your IP is on 2 blacklists (other than the one it says to ignore). You may wish to investigate means to be delisted from said blacklists. The page provides links to said blacklists which you are blacklisted from, so that you may follow each blacklists documentation for delistment.
Best regards,
His reply was;I will look in to that Blacklist you mention thanks Andrew.
I'm just in the domain in questions DNS editor zone and looking specifically at the SPF record I'd previously entered last summer;
"v=spf1 +a +mx +ip4:ipremovedforthispost ~all"
Doing some further reading up if the above selections are used and I think by having +a and +mx maybe an issue? Unless I'm reading things wrong, it should be better and safer set at;
"v=spf1 a mx +ip4:ipremovedforthispost ~all"
Would you concur at all, I personally am not experienced in the above but trying to assume and learn the right understanding from this new issue I'm facing.
Regards,
Hello,
You can generate a syntactically-valid SPF record in cPanel -> Email -> Authentication. The +a means to add the A record for the domain, the +mx means to add the MX record for the domain. Since you have +ip4:<ip address>, this isn't strictly needed, however, it won't cause harm, unless you have your receiving email server or your web site on a hosting provider that you do not trust to send mail in your name.
Best regards,
the last reply was;Hi Andrew,
So in your experience, would my current SPF record settings of: "v=spf1 a mx +ip4:46.32.249.220 ~all" be really good, ok / satisfactory or actually need amending in some way, as my interpretation when setting it previously was all wrong?
I've logged into my @isknow.how domain's cPanel and navigated to the Email>Authentication and can see the various fields to set SPF record but that's as far as it goes.
Thanks in advance.
So I've spent a number of hours reading up again (I set SPF and DKIM up last summer and it's worked until only the other day) and just edited my SPF to;Hello,
If you want the A and MX records included, you need to do +a +mx. If you want them to be excluded, remove those two tokens from the SPF string entirely. I don't believe the string you provided is a valid record.
Best regards,
v=spf1 +a +mx include:spf.isknow.how -all
I added the include:spf.isknow.how section, as I wanted to setup smtp send ability on my servers mailserver etc, to try and fix a seperate to the above issue (Will deal with that down the line)
I tried going to the Microsoft SPD Wizard registration site, I used this last summer without a problem but now I'm faced with;
So that's out and I'm just ending up more confused by the minute with the whole SPD and DKIM aspects I need to get correct,;not helped by a severe bout of Pneumonia this festive season, that I'm still not fully over grrrr.
Can anybody kindly offer to help work through the above with me please, it would be very much appreciated indeed.
Regards,
Rob
Attachments
-
25.2 KB Views: 1
-
25.2 KB Views: 1