Skip to main content

Cron Emails Are Treated As Spam By Gmail

linux4me2
Recently, the cron emails for /usr/local/cpanel/scripts/upcp have started ending up in my Gmail spam folder. Gmail puts a notice on the emails that says, "Gmail couldn't verify that host.mydomain.com actually sent this message (and not a spammer)." The subdomain "host.mydomain.com" is my hostname, and it is listed as an A record in the DNS zone for mydomain.com. If I look at the source of the email, the problem appears to be that there is no SPF record for host.mydomain.com, where XXX.XXX.XXX.XXX is my primary domain: Received-SPF: neutral (google.com: XXX.XXX.XXX.XXX is neither permitted nor denied by best guess record for domain of root@host.mydomain.com) client-ip=XXX.XXX.XXX.XXX; Authentication-Results: mx.google.com; spf=neutral (google.com: XXX.XXX.XXX.XXX is neither permitted nor denied by best guess record for domain of root@host.mydomain.com) smtp.mailfrom=root@host.mydomain.com
If I look in /var/cpanel/domain_keys/public, there is no entry for host.mydomain.com. The command:
dig host.mydomain.com +short
returns my server's primary IP address, and the command:
dig -x XXX.XXX.XXX.XXX +short
returns:
host.mydomain.com
so it appears my PTR record is correctly set up. If I send email to the same Gmail account using a regular email account on the server, the SPF passes: Received-SPF: pass (google.com: domain of user@mydomain.com designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXX.XXX.XXX.XXX; Authentication-Results: mx.google.com; dkim=pass header.i=@mydomain.com; spf=pass (google.com: domain of user@mydomain.com designates XXX.XXX.XXX.XXX as permitted sender) smtp.mailfrom=user@mydomain.com
If I'm right about the cause of this problem, it seems like adding a valid SPF and DKIM entry for my hostname would solve it. I found this old post in which cPanelTristan suggests, "As such, if you want the hostname covered, your best bet is to temporarily change the hostname to another name, put the hostname onto the account as a subdomain, use Email Authentication area to add the SPF and domain keys records, then remove the subdomain manually and change the hostname back to what it was before. It does appear to be a lot of steps simply to get the records added. Right now, I simply can't think of a simpler way to do it." Is there a better way to accomplish this in WHM 64? I'm worried that I'll break something else by changing my hostname as suggested.

Comments

15 comments

Date Votes
  • 24x7server
    Hi, The mail you are receiving are the part of the cPanel job and the preferred email account setting you set. The mail send to root is forwarded to the Gmail account and now, this is what should be taken care of.. If you are going to end up sending lot of notifications unknowingly to the Gmail account, the Gmail system is going to track the incoming mails and may result in having your mail server IP also blacklisted to cause issues to the other user account, if any, on your server.. You should be forwarding the root mail to other email account rather than standard Gmail and Hotmail services..
    0
  • linux4me2
    Thanks, I know the email is from the cPanel update. I get one from Logwatch each day, too. I have system emails to root forwarded to a Gmail account (WHM -> Server Contacts -> Edit System Mail Preferences) because I don't have another server I can use and sending the emails to an account on the same server wouldn't work if there are issues. It seems like there should be a way to add SPF/DKIM records for the hostname, which I believe would solve the problem. That's what I'm asking.
    0
  • linux4me2
    I went into WHM -> DNS Functions -> Edit DNS Zone and in the section "Add New Entries Below this Line," I added an SPF record for "host" using the server's primary IP address. I ran it through MX Toolbox, and it passed, so the SPF part appears to be fixed this way. I'll see tomorrow when Logwatch and upcp run if Gmail likes it. Adding a domain key is next...
    0
  • linux4me2
    I followed the directions in this post to add a domain key for host.mydomain.com. I added the user "nobody" to /var/cpanel/users, ran /usr/local/cpanel/scripts/updateuserdomains, and then attempted to run /usr/local/cpanel/scripts/updateuserdomains; however, I got the error: warn [dkim_keys_install] Cpanel::DnsUtils::_add_error: Empty dns zone host.mydomain.com Cpanel::DnsUtils:588: Empty dns zone host.mydomain.com at /usr/local/cpanel/bin/dkim_keys_install line 27, <$socket> line 3.
    According to the thread above, that's because I need to create a valid DNS zone for my server's hostname. I do have an A record DNS entry in mydomain.com for host, so I think the problem may actually be that the entry in /var/cpanel/users/nobody should perhaps be different than just:
    DNS=host.mydomain.com
    Maybe something like:
    DNS=mydomain.com DNS1=host.mydomain.com
    I don't want to try it until I know if that will mess something up.
    0
  • cPanelMichael
    According to the thread above, that's because I need to create a valid DNS zone for my server's hostname. I do have an A record DNS entry in mydomain.com for host, so I think the problem may actually be that the entry in /var/cpanel/users/nobody should perhaps be different than just:

    Hello, I recommend creating a separate DNS zone for your server's hostname via "WHM >> DNS Functions >> Add A DNS Zone", and then removing the "A" entry for the hostname from the parent domain name's DNS zone. This should allow you to proceed with the workaround instructions referenced on that thread. Thank you.
    0
  • linux4me2
    Hello, I recommend creating a separate DNS zone for your server's hostname via "WHM >> DNS Functions >> Add A DNS Zone", and then removing the "A" entry for the hostname from the parent domain name's DNS zone. This should allow you to proceed with the workaround instructions referenced on that thread. Thank you.

    When I try to create a separate DNS zone for my server's hostname, I get the message, "Sorry, a DNS entry for host.mydomain.com already exists." I suspect this is because there's already an "A" entry in the parent domain. If I delete the "A" record from the parent domain first to get around that, won't that keep me from logging into WHM to add the separate DNS zone? : )
    0
  • cPanelMichael
    If I delete the "A" record from the parent domain first to get around that, won't that keep me from logging into WHM to add the separate DNS zone? : )

    You can still login via any other domain name that resolves to the server's IP address, or via the server's IP address. Thank you.
    0
  • linux4me2
    I didn't know I could log in with another domain name. :oops: I picked one with an SSL cert so I didn't get the connection warning I'd get using the IP address and could still use HTTPS. I deleted the two entries ("A" record and SPF entry I manually added) in the parent domain for my hostname and set up the new DNS zone, which automagically added the SPF record for it from my DNS profile, then added the "nobody" record in /var/cpanel/users/ and ran the command to create the domain key. I can now see the DKIM entry when I look at the newly created DNS zone for my hostname, and there are entries in both the public and private folders of /var/cpanel/domain_keys, so it looks like I am in business. I won't know for sure until I see the emails cron sends out to Gmail tomorrow morning, but I suspect it's fixed. I will follow up tomorrow with the results.
    0
  • linux4me2
    Both SPF and DKIM now pass with Gmail. Thanks for all your help, Michael. You can mark this one solved.
    0
  • rinkleton
    I'm trying to set this up. But I'm getting the "Empty DNS zone" error. I've deleted the A records from the parent zone. Added a new, dedicated zone. Ran /usr/local/cpanel/scripts/updateuserdomains. Checked everything in MX toolbox. Everything seems fine, but i still get the error. Any ideas?
    0
  • cPanelMichael
    But I'm getting the "Empty DNS zone" error.

    Does the "/var/cpanel/users/nobody" file exist on your system, and if so, does it include a DNS= entry for your server's hostname within it? Thank you.
    0
  • rinkleton
    Does the "/var/cpanel/users/nobody" file exist on your system, and if so, does it include a DNS= entry for your server's hostname within it? Thank you.

    Yes
    0
  • cPanelMichael
    Hello, It looks like the custom workaround referenced in that thread is no longer working (it was always an unsupported workaround). As an alternative, you can use the openssl utility on your server's command line and then add the TXT record to the DNS zone of your server's hostname. This URL explains how to setup the key: DKIM Core Technical Specification I encourage you to vote and add feedback to the following feature request if you'd like to see support for this added to the product: DKIM for Hostname Thank you.
    0
  • rinkleton
    It looks like it did create the keys and place them in the proper files, but it just wouldn't add them to the DNS zone. I manually did that and it looks like it's working. Thanks.
    0
  • sparek-3
    All you really need to do is generate a public/private key pair. openssl genrsa -out /root/rsa.private 1024 openssl rsa -in /root/rsa.private -out /root/rsa.public -pubout -outform PEM Now convert the public key into a single line: cat /root/rsa.public | grep -v '^-----' | tr '\n' ' ' | sed s/" "//g ; echo "" The output from this is important for the next step. Now add a DNS entry: default._domainkey.%HOSTNAME%. IN TXT "v=DKIM1; k=rsa; p=%ABOVE%;" Replace %HOSTNAME% with the server's hostname (don't forget the . at the end) Replace %ABOVE% with the single line public key output from above. Then finally copy the public and private keys so Exim knows to read them cp -a /root/rsa.private /var/cpanel/domain_keys/private/%HOSTNAME% cp -a /root/rsa.public /var/cpanel/domain_keys/public/%HOSTNAME%
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post