i´ve got an error on sending email to our Mailgun-service on some Email-providers.
we have an subdomain with an mx record that routes to mailgun, to receive emails as http-post.
if i send a message to our mail address ...#msg.artwizz.com with icloud or gmx everything works fine.
but some email provider will get an error called "X-Postfix; Host or domain name not found. Name service error for name=msg.artwizz.com type=A: Host not found" and i cant find an error.
i checked all DNS settings, they are all correct:
May somebody has the same problem and has an solution :D
thx a lot.
1) Create new MX records for your TLD (artwizz.com) that contain the same values as msg.artwizz.com.
2) Create an A record for artwizz.com and msg.artwizz.com and point it to some valid web server. It is considered strange for a domain name to not have an A record for the apex. This may be triggering SPAM rules.
3) Since you already have SPF and DKIM enabled, setup DMARC. This will sign your emails and most well designed email servers will respect your emails as not being SPAM.
Related
I am setting up the custom MAIL FROM domain based on this link: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/mail-from.html
I have primary domain verified and I have added the MX record to the DNS settings, which I can see on the mxtoolbox.com. However, the Custom MAIL FROM domain is still in the status of "pending verification".
Does amazon check it in batch(maybe once per hour) or those changes should be visible immediately? Or is there any place where there could be misconfiguration from my side, when I see the MX record visible? What can I do to successfully configure the Custom MAIL FROM domain?
Dig command has been verified with the MX record to the amazonses.
Spf record allow specifically designed ip's, without the -all option. Could that be the reason?
If anyone is struggling with the same problem, this few things help:
1) Remove Your custom MAIL FROM domain from SES
2) Add it one more time
That was the steps, that support gave us which also worked.
Simple "Turn off - Turn on" and everything works :)
When I try to access my AWS console using my account name in the URL, I get this error (in Firefox):
Your connection is not secure
The owner of mycompanyname.tech.signin.aws.amazon.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Why is this happening and what can I do about it?
Short answer: the problem is that there is a period in the company name/alias (mycompanyname.tech). I modified this to remove the period and the error no longer occurred.
Longer answer: I guess the way the wildcard security certificate works is that it only applies to names with 1 subdomain level (before signin.aws.amazon.com), and with the period, it broke it up into 2 ['mycompanyname', 'tech'].
I have a problem, I am using the SES AWS service, for the delivery of my email; this works without problems; the problem arises when I want to send forwarding mail from one mailbox to another destination account, receive the following error:
Mailfromuser_sernder#domain.tld
(ultimately generated from usermail_forwarder#domain.tld)
host ses-smtp-us-west-xxxxxxx.xxxxx.us-west-2.elb.amazonaws.com
SMTP error of the remote mail server after the end of the data:
554 Message rejected: the email address is not verified. The following identities could not be verified in the US-WEST-2 region:
Mailfromuser_sernder#domain.tld
Investigate the issue and the reason is that the SRS (Service Rewrite Scheme) is not compatible with SES AWS. reference here.
I asked Cpanel for support because I use the Cpanel on my server, not even a drop of help, they answered that it was a technical problem.
The only solution that think, is forwarder mail by any local user and size is more than 10 mb is sending by another router.
He there my problem, as I define it; in the router section use these lines and it serves only for one domain, he researched and you can read the headers of the email, but I do not know how
sender_redirect:
driver = dnslookup
domains = domain.tld
transport = remote_smtp
no more
I know it's wrong, but I do not know how to declare the functions to do nex requeriments:
That, if is forwarding mail by any mailbox, I sent it by this
router and not by amazon ses
The message is greater than 10 mb, sending by this router and not by
amazon ses
I want to be able to send from foo#*.mydomain.com AND receive responses without needing to manually setup MX records for each subdomain I'm interested in (bar.mydomain.com, baz.mydomain.com, etc.mydomain.com , ...)
Mailgun docs show a setting on a domain called wildcard labeled "Mailgun allows you to receive email at multiple subdomains of a single domain without actually adding them. You still need to add the appropriate MX records for your subdomain(s) at your DNS provider" in the web ui.
A comment on this ServerFault answer seems to hint that a new MX record would have to be made for each subdomain. I'd prefer not to have to do that and just keep it dynamic with something like this:
# IN MX 10 mxa.mailgun.org.
# IN MX 10 mxb.mailgun.org.
*.mydomain.com. IN MX 10 mxa.mailgun.org.
*.mydomain.com. IN MX 10 mxb.mailgun.org.
Does Mailgun support sending AND receiving from wildcard subdomains? and if so, what DNS records should be added (MX & SPF/DKIM)?
(This somewhat related question doesn't list out the specifics.)
Just got a response from MG support
We do not support sending from wildcard domain. We require each domain
you wish to send with be added and verified to our system with the
explicitly SMTP credentials or API endpoint used for sending.
Setup
Our company hosts their emails with GoDaddy along with the domain entry.
We host EC2 instances in AWS that send emails on behalf of that domain
DNS Configuration is handled via AWS Route 53
Info
We are working towards getting our production server fully up and running and as such we were implementing SPF and DKIM email signing. We didn't have an issue setting these up until it came to the application sending emails as no-reply#test-domain.com. Our emails were being signed with DKIM and we couldn't put our finger on why SPF verification was failing.
Example TXT record for SPF verification
"MS=ms12312312 v=spf1.1.1.1 ip4:2.2.2.2 include:spf.protection.outlook.com ~all"
As you can see we have a valid SPF record allowing 2 ip-addresses explicitly and one domain. We are using a soft-fail as per the schema. The "include" and "MS" portions are from GoDaddy with regards to pointing your domain to AWS and not GoDaddy.
Question
What the heck is the MS portion for? We have identified that this is the root cause of our messages not being SPF verified. As soon as we removed this portion, our site was accessible, we could manually send and receive emails, the app could send emails and the server itself could send emails, all passing SPF.
I am not comfortable just removing something without knowing its purpose so I am hoping someone here is aware of it.
Thanks,
The MS=ms123456 TXT record is something used by Office 365 to validate your ownership of the domain (O365 gives you the record to create so you can prove you are the rightful owner of the domain).
The MS and SPF records can certainly coexist in the DNS, but they need to be put in separate TXT records. You can have multiple TXT records and whatever system that are looking for a certain TXT record must examine each one until it finds the one in the correct format, i.e. starts with MS=, v=spf1 or whatever.
Just make two separate TXT records:
TXT "MS=ms123456"
TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 include:spf.protection.outlook.com ~all"
and everything should work fine!