Not sure if this belongs here?

rivermobster

• December 05, 2023 18:34

So I know how to set up the SPF and DKIM in cPanel, but how do you set it up for the actual server? 

I recently just got this error message from gmail:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

(myemailaddress)@gmail.com
(generated from root@orlando1.rmwebdevelopment.com)
host gmail-smtp-in.l.google.com [173.194.212.27]
SMTP error from remote mail server after end of data:
550-5.7.26 This mail has been blocked because the sender is
unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with either SPF
or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [orlando1.rmwebdevelopment.com] with ip:
[107.190.128.61] = did
550-5.7.26 not pass
550-5.7.26
550-5.7.26 To mitigate this issue, please visit Gmail's authentication
guide
550-5.7.26 for instructions on setting up authentication:
550 5.7.26
https://support.google.com/mail/answer/81126#authentication
c14-20020a0561023a4e00b00457bf12e139si3803155vsu.527
- gsmtp

 

I poked around WHM, but didn't see a place to add the settings?  Any ideas?

Thanks in advance,

-Joe   :)

• 

  ffeingol

  • December 05, 2023 20:15

  In WHM you can do it under Enable DKIM/SPF globally (it's under DNS functions).   To do it account by account it's under Email, Email Deliverability.

  You may not want to globally enable it because you don't know where all your customers send mail from.  If, for example they use MailChimp or Constant Contact etc. and you enable it, those emails may be rejected as they won't match SPF.

  0
• 

  rivermobster

  • December 05, 2023 20:40

  I just looked, and everything there IS filled out.  

  When I check with mxtoolbox.com, it says DKIM is missing

  When I check with easydmark.com, its there.

  mail-tester.com gave me a 10 of 10.

  What the heck is gmails problem??  :P

  0
• 

  rbairwell

  • December 06, 2023 01:44

  The key bit is:

  (generated from root@orlando1.rmwebdevelopment.com)

  I note that you do have a DKIM entry for both rmwebdevelopment.com and orlando1.rmwebdevelopment.com (which is the important bit here) setup so that should be working.

  MXTolbox , EasyDmarc, Dmarcian , DNSChecker , MailTester all confirm the DKIM entry is there (for selector "default"), but Google is unable to find it [even though their DNS Servers do show it].... Doing a Dig command for the txt record on default._domainkey.orlando1.rmwebdevelopment.com shows it only having a 1048 second TTL (about 17.5minutes) - I use a 21600 second TTL (6 hours) and have no problems with practically identical looking records (i.e. default._domainkey.<serverhostname>.<domainname> and then the key split into two sections).

  Based on this, I would suggest increasing your TTL as it is possible Google has a minimum TTL (they also can cache records for 48 hours so, depending on when you set things up and when Gmail last queried your records they may have cached a "no entry" response).

  2
• 

  rivermobster

  • December 06, 2023 17:08

  Wow.  Great info.  Thank you for digging that up!. :thumbup:

  I reset the TTL for rmwebdevlopment domain.  

  I also asked ChatGPT about TTL settings.  The answers were very different, depending on what Exactly you were asking about.  This was the answer specificly for the DKIM record.  rbairwell  Yours was a good call for making it longer.  Thank you.

  ______________________________

  In the context of DKIM (DomainKeys Identified Mail), the TTL (Time to Live) setting is associated with DNS (Domain Name System) records. DKIM uses DNS records to store public keys used for email signature verification.

  The TTL for DKIM DNS records determines how long DNS resolvers and caches should store the DKIM public key information before querying the DNS server again. The TTL is specified in seconds.

  A reasonable TTL value for DKIM DNS records is often between 300 seconds (5 minutes) and 86400 seconds (1 day). Here are some considerations:

  1. Shorter TTL: A shorter TTL allows for quicker updates when changes are made to the DKIM configuration. This is useful during key rotation or if you anticipate frequent changes to your DKIM records. However, setting TTLs too short may result in increased DNS query traffic.

  2. Longer TTL: A longer TTL reduces DNS query traffic but may result in delays when you make changes to the DKIM configuration. It's a trade-off between responsiveness to changes and reducing the load on DNS infrastructure.

  Consider your specific needs and how frequently you expect to update the DKIM configuration. If you plan to make changes often, a shorter TTL may be suitable. If changes are infrequent, a longer TTL can help reduce unnecessary DNS queries.

  As always, it's important to balance the need for timely updates with the desire to minimize the impact on DNS infrastructure and overall system performance.

  -ChatGPT

  0

Please sign in to leave a comment.