DMARC

Amazonon DMARC (http://sesblog.amazon.com/post/Tx22ZELXSSZRYZR/What-is-DMARC-and-should-you-use-it).

This Google article is also helpful: https://support.google.com/a/answer/2466563?hl=en

If you scroll down to the ‘Example records’ section, you’ll see a number of examples on how to write the TXT record. Here’s an example of that record:

_dmarc.advancedmediawebs.com. 3600 IN TXT “v=DMARC1; p=quarantine; pct=5; rua=mailto:mark@domain.com”

DNS open resolver test


# dig +short test.openresolver.com TXT @1.1.1.1 (IP of the server)

Other Information

Test your server for an open DNS resolver here:

http://openresolver.com/

Closing DNS Resolvers on Windows Server 2003/2008/2008 R2:

http://technet.microsoft.com/en-us/library/cc787602(v=ws.10).aspx

Windows Servers running Plesk:

http://kb.parallels.com/en/116463

Closing DNS Resolvers on Servers running Bind:

http://www.zytrax.com/books/dns/ch9/close.html

rDNS with a Windows 2008 Server with plesk and Mailenable

Configuring the rDNS for a linux server is easy. A windows server with plesk is a different story.

Plesk

I changed the hostname in the plesk Tools and Settings.

pleskhostname

Rebooted the system. Then sent a test email. Here is the header:


Received: from WIN-QO7M1M92HBS.home

Humm…where is the new hostname? So I did some investigation. I checked the computername in windows:

Win-Computername

Then I checked the Mailenable settings > Services and Connectors > SMTP > properties.

SMTP Connector

So, the email received from name is a combination of the Windows computer name and the Mailenable Local domain name.

Now that I had this information, how do I give the mail server a valid hostname?

Disabling Recursive DNS in the Plesk Panel and No Panels

To Disable Recursive DNS in the Parallels Plesk Panel

  1. Log in to the Parallels Plesk Panel as administrator.
  2. Click Tools & Settings.
  3. From the General Settings area, click DNS Template Settings.
  4. Click DNS Recursion.Select Localnets, and then click Ok.

For Windows Servers:

  1. Log in to your  Server  through a Remote Desktop Connection.
  2. From the Start menu, click Control Panel, Administrative Tools, then DNS.
  3. In the console tree, right-click the appropriate DNS server, and then click Properties.
  4. Click the Advanced tab.
  5. Under Server options, check Disable recursion, and then click OK.
  6. In the console tree, right-click the appropriate DNS server, and then click Clear Cache.

CentOS


# cd /etc
# nano named.conf

Change this line

# recursion yes;

to

# recursion no;

Restart

# service named restart

Ubuntu


# nano /etc/bind/named.conf.options

Set up like this

// global options apply to external clients
options {
    recursion no;
    additional-from-auth no;
    additional-from-cache no;
};

view "local" in {
    // view options enable recursion only for local clients
    match-clients { 172.16.45.80/23; 192.168.12.0/24; 127.0.0.1/8; ::1; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "." in {
            type hint;
            file "/etc/bind/db.root";
    };

    // put definitions for zones like "localhost" and "127.in-addr.arpa" here
}

// put definitions for real authoritative zones here.

Cannot Contact Outlook.com

Mail for some reason is not delivering to outlook.com
Find your namservers.

#cat /etc/resolv.conf
nameserver 69.xx.xx.xx
nameserver 69.xx.xx.xx

– in this case the example is 69.xx.xx.xx

$ dig MX outlook.com @69.xx.xx.xx
; <<>> DiG 9.9.2-P2-RedHat-9.9.2-3.P2.el5 <<>> MX outlook.com @69.64.66.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19033
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;outlook.com. IN MX

;; Query time: 2 msec
;; SERVER: 69.64.66.11#53(69.64.66.11)
;; WHEN: Fri Jan 9 15:38:48 2015
;; MSG SIZE rcvd: 29

There is no result. Now Change to google nameservers. (8.8.8.8 or 8.8.4.4 )


~]$ dig MX outlook.com @8.8.8.8

; <<>> DiG 9.9.2-P2-RedHat-9.9.2-3.P2.el5 <<>> MX outlook.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33959
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;outlook.com. IN MX

;; ANSWER SECTION:
outlook.com. 17432 IN MX 10 mx3.hotmail.com.
outlook.com. 17432 IN MX 10 mx4.hotmail.com.
outlook.com. 17432 IN MX 10 mx1.hotmail.com.
outlook.com. 17432 IN MX 10 mx2.hotmail.com.

;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 9 15:39:26 2015
;; MSG SIZE rcvd: 128

DNS server fails to start in plesk

Starting the DNS server fails. restarting named shows the following error:

service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 20010622
zone domain1.com/IN: loaded serial 1415397236
zone domain2.org/IN: loaded serial 1415411359
zone domain3.com/IN: loaded serial 1415556389

Thats the okay part
And then you see this:


zone domain4.com/IN: NS 'ns2.domain4.com' has no address records (A or AAAA)
zone domain4.com/IN: not loaded due to errors.

Resolution:

Add an A record for the nameserver ns2.domain4.com in the zone DNS manager in plesk. The restart named.

# service named restart

SPF Records

Sender Policy Framework (SPF) is a method of fighting spam. As more time passes, this protocol will be used as one of the standard methods of fighting spam on the Internet. An SPF record is a TXT record that is part of a domain’s DNS zone file. The TXT record specifies a list of authorized host names/IP addresses that mail can originate from for a given domain name. Once this entry is placed within the DNS zone, no further configuration is necessary to take advantage of servers that incorporate SPF checking into their anti-spam systems. This SPF record is added the same way as a regular A, MX, or CNAME record.


v=spf1 mx a ip4:192.55.182.34 ~all

* Make sure the IP above has an A record set in the DNS zone

Default:


"v=spf1 a mx ~all"
“v=spf1 a mx ip4:IP.ADD.RE.SS include:mail.domain.com ~all”

Example:


domain.com. IN TXT “v=spf1 a mx ip4:IP.ADD.RE.SS include:spf.messaging.microsoft.com include:mail.domain2.com ~all”

Description:

When should I use one?

An SPF record is generally used when your company is trying to avoid people using your domain for SPAM. The thing you need to know when working with SurveyGizmo is making sure that if you do have an SPF record, that we are whitelisted in it. Whitelisting us will allow you to use your domain as the FROM field when using the SurveyGizmo application to send out email campaigns or send email actions.

What should I avoid?

If you don’t have an SPF record already in place, then we don’t recommend setting one up mid-campaign. Adding one will most likely not increase your deliverability in any way.

If you already have an SPF record, or are setting one up for other purposes, you’ll want to make sure you don’t set it to only allow SurveyGizmo. If you do, then you won’t be able to send out emails from any other servers.

If I have an SPF record, and need to whitelist SurveyGizmo, what should I use?

If you already have an SPF record set up on the domain you want to send emails from, then we recommend adding the following IP addresses to your SPF.


ipv4:74.63.000.0/24

This will include our servers in your preferred server list. You can also use “include:sgizmo.com”, however, the IP addresses above are more practical. If you were to use “include:sgizmo.com” it would include all of our SPF records, which is excessive as we have internal SurveyGizmo IP addresses that the application doesn’t use.

How to make one

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

SPF – v=spf1 +a +mx +ip4:67.228.44.45 ?all

You can find more about SPF records here:

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_FrameworkHome
Server Status

and you can generate an SPF record here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

DNS Glue records in WHM

You must add this DNS glue record to use you nameservers.

  1. Log into WHM.
  2. Navigate to the DNS Functions section.
  3. Click on the Edit DNS Zone option.
  4. Select the domain that you need to add the Records to.
  5. Click the Edit button and wait for the page to load.
  6. In the first blank, type ns1.
  7. Skip the box with 14400, and go to the drop-down box.
  8. In the drop-down box, select A. A new box will appear.
  9. Erase the IP or hostname within the box.
  10. Type in the IP address for the NS1 private nameserver.
  11. In the second blank, type ns2.
  12. Skip the box with 14400, and go to the drop-down box.
  13. In the drop-down box, select A. A new box will appear.
  14. Erase the IP or hostname within the box.
  15. Type in the IP address for the NS2 private nameserver.
  16. Scroll all the way down to the bottom of the page and click the Save button.

When you get to the last step, your A record entries should look similar to the following:

Glue Record