Confusing DNS and SSL behaviour

Discussion in 'Installation/Configuration' started by adamjedgar, Nov 23, 2019.

  1. adamjedgar

    adamjedgar Member

    I recently I.ported a cpanel account onto a debian 9 apache server that also hosts email (postfix & dovecot)

    If on my server I do dig mx client domain.com it returns the old mail information. However, if I go to mxtoolbox.com in a web browser, the SOA is the new registrar dns and mx record is my server (server1. domain.com)

    Also, if I add mx record server1.domain.com ...email for domain stops working, however if I use mx record mail.clientdomain.com email works again.

    I have another client on same system, account not imported from cpanel, where mx record is server1.domain.com and their email is working.

    Apart from the mx records and different domains, both domains DNS records are identical format.

    The client with the trouble had their website moved to my server a few days ago and email moved to my hosting yesterday.

    Anyone got any ideas on what can cause this?

    If it was caching or TTL, why is mxtoolbox showing my server?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Which name server is that host using?
    Add where?
    Once the sending e-mail server asks from a name server that has up to date information, it sends to the correct e-mail server. Just set the MX record for all your e-mail domains and wait until the information travels to all name servers.
     
  3. adamjedgar

    adamjedgar Member

    They are both user ns1.nameserver.net.au (I think it was .au...anyway both domains on my system are using the same nameservers).

    I will have another look today and see if it was the previous cpanel account TTLS taking some time to refresh.

    Also, can I get something explained about the mx record I often see in DNS "mail.clientdomain.com". (where clientdomain.com is the clients domain)

    Does this have a particular importance generically, or does the host "mail" actually have to exist?

    What is the significance of the host "mail"?

    I ask this because my VPS, that provides shared hosting/mail services to clients, server hostname is "server1" and not "mail"
    Ie... myhosting/email VPS system is not called mail.domain.com , it's called server1.domain.com

    So should i tell clients to set their mxrecord to substitute "mail" for "server1" (my system hostname?

    So does that mean client DNS should read

    clientdomain.com MX server1.clientdomain.com

    Or

    clientdomain.com MX server1.domain.com (where domain.com is my VPS server primary domain)

    Or leave it as is...

    clientdomain.com MX mail.clientdomain.com
     
    Last edited: Nov 24, 2019
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    So it looks like MXToolbox is using another name server, if it get different answers. Verify the authoritative name server(servers) for your domain give the correct answers, then other name servers will eventually also show correct answers.
    The MX record is created for the e-mail domain. So I create it for taleman.ovh, and it points to posti.taleman.ovh, the e-mail server that receives e-mail for that domain.
    https://en.wikipedia.org/wiki/MX_record
    It has to exist, but name can be anything, it does not have to be mail. But you must have e-mail server with FQDN, and name service that resolves that FQDN to the e-mail servers IP-address and PTR record that does the reverse lookup. And for each e-mail domain you host, you must create an MX record that points to your e-mail server.
    This is excerpt from my e-mail Tutorial:
     
  5. adamjedgar

    adamjedgar Member

    Thanks Taleman.
    So how does
    clientdomain.com MX mail.clientdomain.com
    even resolve? (that was the record I saw on previous cpanel account)
    It was a shared hosting server with Siteground. My outlook mobile phone app also seems to want to use such a host record by default for any email account

    Would that record only work if there was also a dns entry

    mail.clientdomain.com A record <server IP address>
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I do not understand what you mean by this question.
    That is autodiscovery:
    https://www.howtoforge.com/community/threads/mail-server-dilema.83147/#post-395409
    That is requirement 3. in my list in message #4.
    Since I do not understand the problem, here is an example using command host:
    Code:
    $ host taleman.ovh
    taleman.ovh has address 188.165.143.5
    taleman.ovh mail is handled by 10 posti.taleman.ovh.
    [email protected]:~
    $ host posti.taleman.ovh
    posti.taleman.ovh has address 178.33.154.66
    [email protected]:~
    $ host 178.33.154.66
    66.154.33.178.in-addr.arpa domain name pointer posti.taleman.ovh.
    [email protected]:~
    
     
  7. adamjedgar

    adamjedgar Member

    I think I am beginning to understand this more...I could just never understand why the mail. Mx record did not represent an actual hostname in example dns record. It didn't make sense to me particularly when client apps are automatically inserting it into their settings.

    Btw Do you have any tutorials on autodiscover and autoconfig xml files?
    The reason I ask this is because outlook mobile phone app is refusing to connect with my server (even though I have correct username and password and incoming/outgoing mail sever) and I am not sure why. Other mobile apps work no problems with same email accounts on my server. Because clients like outlook I really need to get it working.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    @florian030 has developed an ISPConfig plugin for that: https://schaal-it.com/ispconfig-automail/
    But it does not support latest Outlook as far as I know as outlook changed to a different autodiscover system. Not sure about outlook mobile.

    Btw. Googling for ispconfig and autodiscoer would have brought up this link as well, so why not search before asking ? ;)
     
  9. adamjedgar

    adamjedgar Member

    My Google search parameters did not include ispconfig...this is in the linux forum. I did not get that url link, however thank you I will have a read of it.
    The latest version of out look for android is the one I am having problems with. Outlook for desktop PC is easy because I can just get clients to select manual setup and that works no problem...the mobile app on the other hand is terrible.

    I'm sorry thus sometimes seems like I'm not reading what you are saying...I often use a mobile phone whilst in bed at night time to browse these forums and screen isn't large enough for me to get it (understand) as easily as on desktop PC screens.

    Sometimes even I read what I have written the next day and ask myself why did I write that for?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, sorry. I thought you have an ISPConfig system.
     
  11. adamjedgar

    adamjedgar Member

    Yes I do have ispconfig system...but also 3 others 2 x virtualmin and a centos web panel.

    I am about to shut down the second virtualmin one and am seriously thinking about dumping cwp altogether (i have tried to keep it to support development but i dont think my money is being well spent...it's just too unreliable in the backend...so much doesn't work properly). I wonder is perhaps their use of php as the basis for it is fundamentally flawed because client applications settings/restrictions to keep the server safe, also stop the control panel functioning as I it needs to for admin to look after server?

    Now back to email...

    I have problems in outlook even with ispconfig system...so it's something more than just the control panel that I need to research.
    Outlook seems oriented towards exchange. I am not sure exactly what that means in terms of getting it (the android mobile app) working with Linux mail servers. However i have clients who generically have trouble with outlook mobile. I wwnt to make my mail server as user friendly as i can for them... So I thought perhaps if I explore autodiscover and autoconfig xml files this might help?
     
  12. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    It helps in that users do not need to enter e-mail server configuration info, the client get then automatically.
    But you still have to set up the e-mail server properly so the server and clients can work together. If you can not manually set up Outlook, it does not help to have autodiscover.
     
  13. adamjedgar

    adamjedgar Member

    That's a bummer, I wonder why some hosting servers it works but not mine? I had it working perfectly with one of my domains for email, but now it doesn't work with any of them.

    I need to find a linux postfix/dovecot tutorial that is specific for outlook for android

    I don't have any problems with outlook desktop app...however I think that's because the desktop app has a manual install option.
    The mobile app is so restrictive...to begin I have to login...it won't even go past that point to allow anything more.

    If I use gmail app...works. Samsung galaxy email also works with the exact same login information.

    There is something outlook mobile needs that is different from other apps...but I can't figure out what it is?
     
  14. adamjedgar

    adamjedgar Member

    Oh no...I found this on Microsoft site...dont ask for url...i cant copy it from phone but it's "Troubleshooting outlook for mobile"

    "Make sure your email account is supported. You can add accounts from Office 365, Exchange Online, Exchange Server (2007 SP2, 2010, 2013), Outlook.com (including Hotmail, Live, and MSN), Gmail, iCloud and Yahoo! Mail."

    Also, I have just realised, can get this working with ISPCONFIG. I stumbled across another email that is working with outlook for mobile on my ispconfig server.

    Ok this gives me hope...all I have to do is figure out what is different between both mail server postfix/dovecot configurations. Ispconfig saves the day!
     
    Last edited: Nov 27, 2019
  15. adamjedgar

    adamjedgar Member

    Update...I have it working now...although I haven't a clue why or how it fixed?
    Almost like I got one imap account working and the rest just suddenly started to work also.
    I will try with my client Samsung next I see them...last time we tried with 3 Samsung phones and only mine worked initially but neither of their phones would work.. then all 3 stopped working...now mine is again.

    The only thing I have done different tonight, is change from my home internet connection to mobile data ...I wonder if fail2ban has blocked IP addresses because clients were having trouble and got smtp password wrong 3 times? (I hadn't thought of this)
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    Check fail2ban.log, you should find the bans there in case they happened.
     
  17. adamjedgar

    adamjedgar Member

    thanks Till and Taleman, you guys have helped a lot. I have so much to learn about mail servers.
     

Share This Page