Want to subscribe to topics you're interested in?
Become a Member

Sysadmin emails @localdomain

Discussion in 'System Administration' started by dooma, Jul 6, 2017.

  1. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    5:39 AM
    Hello,

    Although my /etc/hosts file has my server name configuration :
    Code (Text):
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    XX.XX.XX.XX hostname.MYdomain.com hostname


    The emails that I got from root comes from root@hostname.localdomain ?!


    How can I change this .localdomain to my domain used ?

    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    1:39 PM
    Nginx 1.25.x
    MariaDB 10.x
    that is normal and expected. You don't change it to @yourdomain.com as you don't have local email setup and use 3rd party @yourdomain.com email.

    or do you mean change to root @ hostname.domain.com ?

    that should of been done when you setup your main hostname when you initially got the server and when you did step 1 of Getting Started Guide to setup main hostname

    what's output for command
    Code (Text):
    postconf -d myhostname mydomain
    

    and
    Code (Text):
    uname -a
    
     
  3. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    5:39 AM
    Yes. :)

    The first command:
    Code (Text):
    postconf -d myhostname mydomain
    myhostname = server1.localdomain
    mydomain = localdomain
    


    second one:
    Code (Text):
    Linux server1 4.9.15-x86_64-linode81 #1 SMP Fri Mar 17 09:47:36 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
     
  4. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    1:39 PM
    Nginx 1.25.x
    MariaDB 10.x
    did you do step 1 of Getting Started Guide to setup main hostname ? uname -a should show your full main hostname

    if not, do step 1 of Getting Started Guide
     
  5. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    Thanks for the info eva. I ran into this issue after cloning my server. It seems that each time I do that I need to go through those steps again.

    I changed the hostname successfully, and then ran the "Sending a test email via SSH" command in the DKIM instructions. But I still got a "Undelivered Mail Returned to Sender" email that said the DKIM and SPF didn't pass. Per the details in the email, everything looks to be valid:
    Code:
    from:    Mail Delivery System <MAILER-DAEMON@hostname.domain.com>
    to:    root@hostname.domain.com
    date:    Mar 24, 2024, 10:12 PM
    subject:    Undelivered Mail Returned to Sender
    mailed-by:    domain.com
    signed-by:    email.cloudflare.net
    security:    Standard encryption (TLS) Learn more
    
    
    This is the mail system at host hostname.domain.com.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to postmaster.
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                       The mail system
    
    <email@gmail.com>: host gmail-smtp-in.l.google.com[142
    .251.163.27]
        said: 550-5.7.26 This mail has been blocked because the sender is
        unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with
        either SPF or DKIM. 550-5.7.26  550-5.7.26  Authentication results:
        550-5.7.26  DKIM = did not pass 550-5.7.26  SPF
        [hostname.domain.com] with ip: [<server IP>] 550-5.7.26
        = did not pass 550-5.7.26  550-5.7.26  For instructions on setting up
        authentication, go to 550 5.7.26
        https://support.google.com/mail/answer/81126#authentication
        f20-20020ac87f14000000b004311edc9d82si4581323qtk.767 - gsmtp (in reply to
        end of DATA command)
    
    
    
    ---------- Forwarded message ----------
    From: root <root@hostname.domain.com>
    To: email@gmail.com
    Cc:
    Bcc:
    Date: Sun, 24 Mar 2024 21:54:04 -0700
    Subject: dkim test Sun Mar 24 21:54:04 PDT 2024
    dkim test today Sun Mar 24 21:54:04 PDT 2024
    
    
    I had an existing TXT SPF record for "@" of
    Code:
    v=spf1 include:_spf.mx.cloudflare.net ~all
    Per the instructions in the getting started guide, I added "a", so now it is
    Code:
    v=spf1 a include:_spf.mx.cloudflare.net ~all
    Is that invalid? This How To Merge SPF Records - MailerLite says it is.

    BTW, I'm using Cloudflare email routing, and under the activity log it's still showing the old "root@hostname.localdomain". And they're all "failed" due to gmail rejecting them due to SPF not passing.

    The getting started guide says "service network restart" is the only restart command required, but I'm wondering if that's correct given that Cloudflare is still showing the old info. I just got a "lfd blocked" email from "root@hostname.localdomain" too. So it definitely doesn't seem to be corrected.

    EDIT: I also just changed the email in "/root/.forward" to a gmail address so that it bypasses cloudflare completely, and I still see new emails showing up in the cloudflare log trying to be sent from "root@hostname.localdomain".
     
    Last edited: Mar 25, 2024
  6. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    1:39 PM
    Nginx 1.25.x
    MariaDB 10.x
    On new cloned server, you may need to regenerate your DKIM as per https://community.centminmod.com/th...ver-email-doesnt-end-up-in-spam-inboxes.6999/ linked to https://community.centminmod.com/threads/automated-dkim-setup-with-opendkim.7011/ using clean command option and update DNS TXT entry for DKIM for cloned server

    For SPF, did you properly setup main hostname and DNS for Getting Started Guide step 1 for both original and cloned servers Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS If you setup on original, the cloned server also needs updating as you can't have 2 servers using same hostname pointing to same IP addresses.
     
  7. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    I never tried the DKIM script yet. I was planning on doing it after I get SPF working. But I just ran it and it seems to have worked. I added the DKIM records. It advised me to add "mx" to the SPF record, so I did:
    Code:
    v=spf1 a mx include:_spf.mx.cloudflare.net ~all
    I sent another test email and it went through. Everything looks correct but on the "show original" page it says:
    Code:
    SPF:    NEUTRAL with IP <Hetzner IPv6> Learn more
    DKIM:    'PASS' with domain hostname.domain.com Learn more
    DMARC:    'PASS' Learn more
    I don't have any other servers active. I think I followed all the directions, and I just read them again. I have an A name with the hostname pointed to the server IP with DNS-only, no cloudflare proxy. And even when I didn't have the correct hostname for email, the subdomain would still load. IE: http://correct-hostname.domain.com/memcache_xxxxxxxxxxxxx.php

    I checked DNS Propagation Checker - Global DNS Checker Tool and most show the correct record. 3 have a red X.

    Should I try restarting Postfix? https://www.cyberciti.biz/faq/linux-unix-start-stop-restart-postfix/ - It seems to have some sort of cache/queue that can't be changed with any of the methods previously listed. EDIT: based on "systemctl status postfix" the DKIM install restarted postfix already.

    EDIT: and now I'm getting more "lfd blocked" emails from the new root@hostname.domain.com, but they're all "to root@hostname.domain.com" instead of to the gmail address I put in "/root/.forward".
     
    Last edited: Mar 25, 2024
  8. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    Wow, this is frustrating and bizarre. The emails being relayed from Cloudflare are passing SPF:
    Code:
    SPF:    PASS with IP <Cloudflare IP> Learn more
    DKIM:    'PASS' with domain hostname.domain.com Learn more
    DMARC:    'PASS' Learn more
    But the emails coming directly from my server to Cloudflare or Gmail are not passing SPF.
    Code:
    echo "dkim test today `date`" | mail -s "dkim test `date`" myemail@gmail.com
    
    From: root <root@hostname.domain.com>
    To: myemail@gmail.com
    Subject: dkim test Sat Apr 13 00:13:40 PDT 2024
    SPF: NEUTRAL with IP <server IP> Learn more
    DKIM: 'PASS' with domain hostname.domain.com Learn more
    DMARC: 'PASS' Learn more
    
    mxtoolbox and others are saying my records are good.

    I was thinking that since cloudflare needs to be specified:
    Code:
    v=spf1 a mx include:_spf.mx.cloudflare.net ~all
    I might need to add the equivalent for Hetzner, IE:
    Code:
    v=spf1 a mx include:_spf.mx.cloudflare.net include:_spf.mx.hetzner.com ~all
    But the email headers are showing my server IP, not random Hetzner IPs.

    I noticed that with one of the emails that failed, the drop-down shows:
    Code:
    from:    root@hostname.domain.com
    to:    me+serveremails@gmail.com
    date:    Apr 12, 2024, 9:36 AM
    subject:    Yum: Updates installed on hostname.domain.com
    signed-by:    hostname.domain.com
    security:    Standard encryption (TLS) Learn more
    Which looks correct. But then in the "show original" page there are some instances of:
    Instead of
    But the DKIM test email has no instances of "localhost" and it still failed SPF.

    I noticed in Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS it says to create the "v=spf1 a ~all" for "hostname.newdomain.com" instead of "newdomain.com". Doesn't that leak your hostname which should be private, since TXT records are public?

    Also, I thought the point of the a in "v=spf1 a ~all" is that it points to "anysubdomainwithanarecord.newdomain.com", and thus you can use "newdomain.com" instead of "hostname.newdomain.com".

    I saw in an unrelated guide that in "nano /etc/hostname" they put "hostname" instead of "hostname.newdomain.com". But I'm using "hostname.newdomain.com", per the centmin instructions.

    And in "nano /etc/hosts" they use
    Code:
    127.0.1.1 sendy.<mydomain>.com
    instead of
    Code:
    <server IP> hostname.newdomain.com hostname
    Again, I'm using the latter. The only thing that sticks out to me is that I see "hetzner-server-nickname" in the file:
    Code:
    # Your system has configured 'manage_etc_hosts' as True.
    # As a result, if you wish for changes to this file to persist
    # then you will need to either
    # a.) make changes to the master file in /etc/cloud/templates/hosts.redhat.tmpl
    # b.) change or remove the value of 'manage_etc_hosts' in
    #     /etc/cloud/cloud.cfg or cloud-config from user-data
    #
    # The following lines are desirable for IPv4 capable hosts
    127.0.0.1 hetzner-server-nickname hetzner-server-nickname
    127.0.0.1 localhost.localdomain localhost
    127.0.0.1 localhost4.localdomain4 localhost4
    <server IP> hostname.domain.com hostname
    
    # The following lines are desirable for IPv6 capable hosts
    ::1 hetzner-server-nickname hetzner-server-nickname
    ::1 localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6
    
    I don't think the "hetzner-server-nickname" matters at all right? Or should I change it to "hostname"?

    Oh, I think I figured it out!!

    I noticed that warning:
    So I did:
    Code:
    nano /etc/cloud/templates/hosts.redhat.tmpl
    And I see it has the wrong server IP. This means the getting started guide is incomplete, no? It should be updated to include/account for this?

    Well, I changed the IP there, then ran "service network restart", then sent another DKIM test, and SPF still didn't pass.

    So, per the getting started, and DKIM guides, I made a new TXT record with "v=spf1 a mx ~all" for "hostname.newdomain.com" instead of "newdomain.com". But SPF still shows "neutral", and it has my server's IPv6 IP this time, so maybe that's why.

    Something I did resulted in Cloudflare's Email Dashboard now showing SPF passing. And I did another DKIM test email, and if it uses the IPv4 IP then it passes SPF now.

    Centmin mod FAQ says I don't need to mess with IPv6 if I'm using the beta (I am).

    When I use the two commands on the Centmin Mod FAQ:
    Code:
    host -t AAAA yourdomain.com
    
    ping6 -c4 yourdomain.com
    I get two different IPv6 addresses, and neither of which are my server's IP. I looked up the IPs and they're Amazon IPs for some reason... I'm not using Amazon anything, so that's odd...

    Oh, it might have to do with a Netlify site I have on the main domain. If I ping:
    Code:
    host -t AAAA hostname.mydomain.com
    ping6 -c4 hostname.mydomain.com
    instead, it does show my server IP.

    New problem:
    IPv6 format.

    Hetzner shows my IPv6 IP as "xxxx:xxx:xx:xxxx::/64". Cloudflare doesn't accept that format -- "Valid IPv6 address is required".

    The DKIM test emails show "SOFTFAIL with IP xxxx:xxx:xx:xxxx:0:0:0:1".

    This is the only explanation/suggestion I could find. So I was going to try "xxxx:xxx:xx:xxxx:0000:0000:0000:64", but Cloudflare accepted "xxxx:xxx:xx:xxxx::64".

    But when I do "AAAA @ xxxx:xxx:xx:xxxx::64" it says:
    So I put "hostname" instead of "@" and it accepted it. Presumably, I should leave this as "proxy status OFF, DNS only".

    But the DKIM test emails still show "SOFTFAIL with IP xxxx:xxx:xx:xxxx:0:0:0:1".

    I tried changing it to "AAAA hostname xxxx:xxx:xx:xxxx:0000:0000:0000:64", but that still SOFTFAILed.

    When I do "host -t AAAA hostname.domain.com" it outputs "xxxx:xxx:xx:xxxx::64", so that seems to be correct so I put it back to that.

    According to this https://dmarcian.com/spf-syntax-table/, the "hostname.newdomain.com" "v=spf1 a ~all" record I have should be good for the AAAA record as well.

    It would be great if the getting started guide could be updated with this info! A few hours in and I still haven't been able to figure it out.

    For reference, I submitted a request to Cloudflare to update their docs.

    EDIT:
    My guess is it's also required to put the IPv6 ip in "nano /etc/hosts", so I added this:
    Code:
    xxxx:xxx:xx:xxxx::64 hostname.domain.com hostname
    then ran "service network restart", and the DKIM test email failed:
    Code:
    This is the mail system at host hostname.domain.com.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to postmaster.
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                       The mail system
    
    <xxx@gmail.com>: host
        gmail-smtp-in.l.google.com[<some IPv6 addr>::1b] said: 550-5.7.25
        [xxxx:xxx:xx:xxxx::1] The IP address sending this message does not
        550-5.7.25 have a PTR record setup, or the corresponding forward DNS entry
        does 550-5.7.25 not point to the sending IP. As a policy, Gmail does not
        accept 550-5.7.25 messages from IPs with missing PTR records. For more
        information, go 550-5.7.25 to 550-5.7.25
        https://support.google.com/mail/answer/81126#ip-practices  550-5.7.25 To
        learn more about Gmail's sender policy, go to 550 5.7.25
        https://support.google.com/mail/answer/81126.
        f20-20020a05620a12f400b0078842405561si5641615qkl.734 - gsmtp (in reply to
        end of DATA command)
    
    
    
    ---------- Forwarded message ----------
    From: root <root@hostname.domain.com>
    To: xxx@gmail.com
    Cc:
    Bcc:
    Date: Sat, 13 Apr 2024 03:29:05 -0700
    Subject: dkim test Sat Apr 13 03:29:05 PDT 2024
    dkim test today Sat Apr 13 03:29:05 PDT 2024
    Sometimes the DKIM test emails get sent from my IPv4 address. I'm not sure why. But the randomness of it makes it harder to diagnose and test the IPv6 issue.

    It looks like if I run "service network restart" then the next DKIM test will use my IPv6 address, and I'm still getting the SOFTFAIL SPF even after adding the IPv6 ip in "nano /etc/hosts".

    I tried adding it to "/etc/cloud/templates/hosts.redhat.tmpl" too, and when it finally sent via IPv6 it still SOFTFAILed.
     
    Last edited: Apr 13, 2024
  9. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    1:39 PM
    Nginx 1.25.x
    MariaDB 10.x
    Make sure any SPF/DKIM/DMARC/PTR reverse DNS records are not Cloudflare Orange Cloud proxy enabled as that will mask your real server IP and show Cloudflare CDN proxied IPs instead. But yes that will reveal server's real IP address.

    If you are using Cloudflare and want to hide your real server's IP address, instead of messing with Centmin Mod main hostname SPF/DKIM/DMARC/PTR records, use
    use Amazon SES 3rd party SMTP in a Postfix relay configuration. So Centmin Mod Postfix will relay and hand off server outbound email to Amazon SES smtp servers which also strip and remove server IP from email headers.

    Centmin Mod is provided as is so no official support for reconfiguring Postfix MTA mail server beyond what Centmin Mod initial setups up and configures for Postfix local outbound email sending.

    However, if you want to sent email outbound via remote mail server like with smtp email providers like Amazon SES, PepiPost/NetcoreCloud, Mailgun, Mailjet etc there are various online guides if you search for "centos postfix relay". Instructions for Debian and Ubuntu may differ from CentOS 6 or CentOS 7 or AlmaLinux/RockyLinux operating systems that Centmin Mod runs on so bear that in mind and read many online guides to understand the best gist of configuring Postfix relay for external mail sending via remote smtp server.

    Remember, troubleshooting and setup is all on you as I provide no support, however fellow forum members are welcome to help each other out.

    The following guides are a start and you should read them all and re-read them to get an understanding of what is required paying attention to differences of CentOS 6 vs CentoS 7 vs Debian/Ubuntu if any.

    Note you can skip installing Postfix via yum as it's already installed
    You can also setup a test VPS with a hourly billing provider and test various Postfix relay guides until you find one that works for you etc.
     
  10. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    I'm not concerned about my server IP showing in the emails. The only emails my server is directly sending are either to me or through Cloudflare's relay to me. So the IP shouldn't be getting leaked anywhere public. The emails are the lfd firewall events, and yum update notifications. And this is where I'm getting the failures due to Gmail's new stricter requirements for SPF, DKIM, DMARC.

    I was concerned about my hostname, and thus server IP, being leaked from TXT records, but from what I could deduce, the person would need to know the hostname/subdomain in order to look up the TXT records.

    Reading my previous comment again, I think one of the main issues was due to creating the "v=spf1 a ~all" TXT record for "newdomain.com" instead of "hostname.newdomain.com".

    I'll assume that the "hetzner-server-nickname" in "nano /etc/hosts" doesn't matter, since you didn't comment on it and it's not mentioned in the Getting Started Guide.

    As far as I could tell, this didn't matter either:
    That leaves the IPv6 issue, and I guess you're saying you're not interested in adding IPv6 info to the Getting Started guide, so I looked up how to prevent Postfix MTA from using my IPv6 address, since the SPF TXT record doesn't seem to be working.

    According to this comment, Postfix randomly chooses IPv4 or IPv6.

    This page shows how to disable IPv6, but based on this info about setting a preference instead, it sounds like it's not recommended.

    Since that's not recommended, and everything else seems to be in order, I tried changing the AAAA record from "xxxx:xxx:xx:xxxx::64" to "xxxx:xxx:xx:xxxx:0:0:0:1" and that worked. So it's apparently some issue with the range formatting. Hopefully Cloudflare will respond and update their docs.
     
  11. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    My lfd emails are all passing SPF, but my yum cron alerts still are not due to being sent from "root@localhost.domain.com" instead of "root@hostname.domain.com".

    I rebooted the server to see if it would fix it, but I doubt it. I looked in the /etc/yum/yum-cron.conf file and see "email_host = localhost" and "email_from = root@localhost". I'm guessing this is the culprit.

    My /etc/yum/yum-cron.conf has "email_from = root" and "email_host = localhost". I'm not even sure that I get any emails from this. The emails I get just say "Yum: Updates installed on hostname.domain.com".

    I don't see "email_host" or "email_from" mentioned in any of the Automatic nightly YUM updates with yum-cron, getting started, or DKIM guides. So it should probably be added there.

    I don't see any instructions in the the Automatic nightly YUM updates with yum-cron, thread to send a test email to check my changes, so I might have to just wait a long time.

    For now, I've changed "email_from = root@localhost" to "email_from = root", and ran "service yum-cron restart".
     
  12. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    1:39 PM
    Nginx 1.25.x
    MariaDB 10.x
    how did you set the server main hostname.domain.com ? If you set it via Getting Started Step 1 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS, it should change for Postfix too. Maybe if you change it later see if postfix server restart also helps
    Code (Text):
    systemctl restart postfix
     
  13. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    I don't think it has anything to do with postfix since as I mentioned, my lfd emails are fine. It's specifically the lines in the yum cron configs.

    The result of setting "email_from = root" is that emails are from
    Code:
    ""@root.domain.com
    So that's definitely incorrect.
    Code:
    "email_from = root@localhost"
    Is probably not correct either, and is probably why they were from "root@localhost.domain.com" instead of "root@hostname.domain.com".

    The correct thing is probably
    Code:
    "email_from = root@hostname"
    I changed it to that, and we'll see what happens.
     
  14. MaximilianKohler

    MaximilianKohler Member

    157
    3
    18
    Jun 23, 2023
    Ratings:
    +18
    Local Time:
    8:39 PM
    Code:
    "email_from = root@hostname"
    is correct.

    Code:
    system_name = 
    You can set system_name to anything you want, and it gets put in the email subject lines.

    I hope you can add this info to the Automatic nightly YUM updates with yum-cron guide.

    I think it's also essential to add info to the various guides regarding postfix randomly sending from either your IPv4 or IPv6 IPs, and thus you have to set up IPv6 SPF settings.