Mail Server for Outlook

18 posts / 0 new
Last post
#1 Sat, 06/04/2016 - 17:20
cs10

Mail Server for Outlook

Hi there. I have created a test email account in VirtualMin for one of my servers.

I can send mail to it (and view it in Read Users Mail), and I can also send mail from it.

But I can't configure it correctly in Outlook.

I think its the mail server... what should this be?

Any help would be much appreciated.

Thanks, Craig

Sat, 06/04/2016 - 20:07
andreychek

Howdy,

What happens when trying to connect with Outlook? Do you get an error of some kind?

And do you see any errors in the email logs, located in either /var/log/mail.log, or /var/log/maillog?

-Eric

Sun, 06/05/2016 - 02:42
cs10

I don't believe it. I just tried it again to get the error message from Outlook, and its only gone and connected correctly!

I feel a bit silly now!

Whilst I'm here though, is there anything else I should do regarding email to make sure it works properly? I read somewhere about Reverse DNS? Is this important? Also, what should I do to ensure that the server isn't blacklisted or classed as spam?

Many thanks! Craig

Sun, 06/05/2016 - 03:26
Diabolico
Diabolico's picture

You must have rDNS, SPF and DKIM or Gmail will be the 1st one to mark all your emails as spam. To avoid blacklisting sort the records i mentioned earlier and if you will send marketing/promo emails each one of them must have visible unsubscribe option or link. Last but not least dont forget to have double opt-in or just this is enough to blacklist you.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Mon, 06/06/2016 - 07:26
cs10

Hi there, Thanks very much for the reply! rDNS and SPF were already sorted I think (well they passed the check at allaboutspam).

Regarding DKIM, I have installed this through VirtualMin and enabled it for the domain in question (I had to turn on Bind DNS and then enable DNS against this domain name).

I have signed outgoing emails, in the additional domains to sign for, the hostname was listed, so I've also added the proper domain name in here - not sure if I should have.

However, it still appears to fail on the allaboutspam test. In the DKIM section for this reason:

Email contains invalid DKIM/Domain Keys Signature. Published Domain Keys policy does not specify whether to accept/reject such emails. Signing your Outbound emails and clearly specifying a policy to accept signed emails will minimize chances of your Email being considered as SPAM.

The other warnings on this report are BATV, it says this is not used by the mail server, and the RBL (real time black list) shows the email server is listed on one of them (b.baracuda.org).

What should I do for the DKIM issue? And do i need to worry about BATV and RBL?

If this helps, this is in the original message that I tried to a gmail account (went into spam).

dkim=temperror (no key for signature) header.i=@kevknightwindows.co.uk;

Yahoo shows this in the header:

Authentication-Results: mta1095.mail.ir2.yahoo.com from=kevknightwindows.co.uk; domainkeys=neutral (no sig); from=kevknightwindows.co.uk; dkim=permerror (no key)

There is also a DKIM-Signature: bit with lots of info in there, would it help posting this?

The only thing I have done to the virtual server regarding DNS, is to turn on the DNS Enabled setting. Do I then need to add a DNS entry myself against the domain name for where it is registered? Or does BIND DNS take care of this?

Many thanks again for the help so far! Craig

Mon, 06/06/2016 - 10:08
Diabolico
Diabolico's picture

Easiest solution is to host DNS on your server and sort your DNS records locally. This will reduce the chance to get any errors. For the blacklist i know for Barracuda and Sorbs (you are listed with both of them + few more) you must contact them to solve the problem. Keep in mind to do this AFTER you sort all your problems if not you will be listed back in no time. Especially Sorbs who is pretty aggressive what they show by blacklisting almost entire Gmail IP range. If this happens then you could have problem delisting again as some of them can reject your application.

But checking your domain i saw another problem, your nameservers are allowing recursive queries. This is really bad as can be used in amplification of DDoS attacks at which point your server provider or ISP will immediately suspend (and probably delete) your service/account, no question asked.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Mon, 06/06/2016 - 10:51
cs10

Thanks for your reply again.

How do I go about hosting the DNS on the server and then sorting them locally? I haven't done this before so sorry for having to ask.

Regarding the nameserver issue, what can I do to solve this?

The nameservers have been left as they were (from where the domain is registered...)

By the way, how could you tell this was an issue? I just did a quick check and it said it wasn't at risk.

Mon, 06/06/2016 - 20:11
Diabolico
Diabolico's picture

How do I go about hosting the DNS on the server and then sorting them locally?

With your domain registrar sort your nameservers as ns1.yourdomain.com -> yourserver ip and ns2.yourdomain.com -> your server ip (ip can be same as ns1 or different). Then check under Vmin - System - Features and see if "BIND DNS domain" is enabled, if is not then enable. Then make a backup! of your website (db and files) and then delete that virtual server. Recreate new virtual server with same domain and Vmin will sort your DNS. Dont forget to enable SPF and DKIM for this virtual server. This is maybe not the best solution but is one of the quickest.

Regarding the nameserver issue, what can I do to solve this?

If you recreate your virtual server as i mentioned earlier it should be ok.

By the way, how could you tell this was an issue?

Something changed from last time and recursive queries are ok but now you have a lot more issues. http://www.intodns.com/kevknightwindows.co.uk

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Mon, 06/06/2016 - 20:14
Diabolico
Diabolico's picture

It is safe to ignore "Different subnets" and "Different autonomous systems" but the rest must be repaired.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Tue, 06/07/2016 - 02:46
cs10

Thanks again for the reply.

Here is what I did before your reply, and why the DNS results were different second time you looked.

1/ Against the domain name with the registrar, I altered the nameservers to ns1.kevknightwindows.co.uk. and ns2.kevknightwindows.co.uk.

2/ Against the DNS Record for the Virtual Server (within VirtualMin itself), I added an A Record for each nameserver above, and pointed to the IP Address of the server.

BIND DNS is running, and is/should be being used by this domain.

The bit in that DNS report Missing NS records at parent servers and Missing NS records at local servers is confusing me. green6119.server-cp.com is the hostname of the whole webmin/virtualmin installation.

Have I missed something in what I did? Or am I going along the right lines? Whatever I did do has meant gmail is showing dkim as pass in the header. So thats good I think, but as you pointed out, there are a few more issues that I need to sort... and I would really appreciate your help further with this if you wouldn't mind?

Wed, 06/08/2016 - 03:33
cs10

Ok, so after a lot of playing around and trial and error, I've managed to more or less remove all of the issues from the intoDNS site.

The only thing I've got is SOA warning. green6119 is the host name of the whole server. Below is the warning in SOA.

SOA MNAME entry WARNING: SOA MNAME (green6119.server-cp.com) is not listed as a primary nameserver at your parent nameserver!

What can I do to sort this?

Wed, 06/08/2016 - 07:48
Diabolico
Diabolico's picture

This is just one example i'm using but ofc the values can vary and it will be ok if you stay inside the limits:

@ IN SOA ns1.yourdomain.com. hostmaster.yourdomain.com. (
2016060503
10800
3600
1209600
3600 )
  • "ns1.yourdomain.com." - this should be your primary nameserver
  • "hostmaster.yourdomain.com." - admin email and can be whatever you want but must be valid, e.g. instead of hostmaster you can use admin, server, etc... but must be valid email.
  • "2016060503" - valid SOA number: YYYYMMDDNN where Y is year, M is month, D is for day and N is revision. So if you go to setup your zone today it would be 2016060801. Once you set your SOA serial Vmin will automatically increase by one each time you make some change in the zone.
  • rest of the values leave it as i posted here
  • dont forget to put the dots after nameserver and email (see my example) and for email dont use "@" but "." (again check my example)
  • if you are manually editing the zone then you must increase the revision number by one each time you make a change, e.g. 2016....01, 2016....02 and so on for each change inside the zone.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 06/08/2016 - 07:45
cs10

Thank you so much, I think I have done it.

I've checked intodns and it looks correct to me.

Are you in agreement that I have done it all, and the emails should send correctly and not be marked as spam etc.?

If there is anything else I could do to generally improve things, I'd love to hear them.....

Wed, 06/08/2016 - 08:01
Diabolico
Diabolico's picture

Are you in agreement that I have done it all, and the emails should send correctly and not be marked as spam etc.?

No as i dont know your situation but looks like it could be ok. Best to visit "https://www.unlocktheinbox.com/resources/emailauthentication/", send the email and wait few minutes to get the report back to you.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 06/08/2016 - 08:17
cs10

Thanks very much. I'll give that link a try. My final question (I hope). Now that I set the nameserver, can I use this for other domains, or do I create a new nameserver per domain?

Wed, 06/08/2016 - 14:09
Diabolico
Diabolico's picture

If other domains will go in the same Vmin like your first domain you can use same nameservers. Actually i would suggest that so in the future if you change IP or move to another server you will have less modifications to carry on.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 06/08/2016 - 15:13
cs10

Ah I see.

And what about if it was on another server with another vmin?

Wed, 06/08/2016 - 16:25
Diabolico
Diabolico's picture

You cant have same nameserver with diferent IP whatever you want to achieve.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked