Virtualmin hostname dns record

Hello,

Example server hostname: sv.mydomain.com Virtualmin Wizard -> default dns entries of the server: ns1.mydomain.com & ns2.mydomain.com

Problem: When I add mydomain.com to virtualmin, it automatically adds A records for dns entries but don't add any one for the hostname.

Status: 
Closed (fixed)

Comments

Wait, so are you creating a Virtualmin domain that matches the domain name your system's hostname is already in?

Mostafa's picture
Submitted by Mostafa on Tue, 07/08/2014 - 01:25

Yes, It doesn't automatically add A record for the hostname.

That's kind of expected - normally you should already have a manually created or existing domain that your hostname is in, perhaps provided by your ISP or hosting company.

Mostafa's picture
Submitted by Mostafa on Wed, 07/09/2014 - 04:38

That's right for dedicated servers. But most of newly created VPS servers doesn't have a valid existed hostname. This is upon to the customer to add his domain and change the hostname to a valid one.

Anyway, It doesn't hurt if Virtualmin checks for it. It checks if the domain which is creating matches hostname domain, if it did, adds an extra A record for the hostname.

Ok, since this is pretty easy to implement, I will add it in the next Virtualmin release.

Mostafa's picture
Submitted by Mostafa on Fri, 07/11/2014 - 17:55

Thanks!

Also as the FQDN hostname is used in postfix as 'return-path' domain, it's needed to add a TXT DNS record for the SPF Record of the domain.

The following record is already created before: mydomain.com. IN TXT "v=spf1 a mx a:$mydomain ip4:$IP ?all"

The following new record is needed to be created for the hostname: $hostname IN TXT "v=spf1 a mx a:$hostname ip4:$IP ?all"

$hostname is something like "sv.mydomain.com"

Are you sure that is needed? Since email is presumably sent from address@domain.com , there only needs to be an SPF for domain.com .

Mostafa's picture
Submitted by Mostafa on Sat, 07/12/2014 - 06:16

I tested multiple servers running virtualmin and confirm that there's a problem here.

You're right, emails are sent from address@userdomain.com. So the 'From:" header is set to address@userdomain.com and there's no problem here.

BUT

Postfix sets Return-Path to $hostname (e.g. sv.hostname.com). So the final headers will look like this:

From: address@userdomain.com

Return-Path: sv.hostname.com

Google and yahoo check SPF-Records based on Return-Path.

I think the correct case is when Return-path matches the domain in $from header and postfix should be configured in a way to do this (maybe by setting sender_canonical_maps and using cleanup feature of postfix).

What program are you using to send email? Because in my tests with a standard Virtualmin install, the return-path is set to the domain of the from address?

Mostafa's picture
Submitted by Mostafa on Sat, 07/12/2014 - 15:14

I'm using the following simple script:

<div class="codeblock"><pre><code><span style="color: #000000"><span style="color: #0000BB"><?php<br /></span><span style="color: #007700">&</span><span style="color: #FF8000">#10;echo mail(&quot;myemail@gmail.com&quot;,&quot;subject&quot;,&quot;message&quot;,&quot;FROM: info@mydomain.com&quot;);&#10;<br /></span><span style="color: #0000BB">?></span></span></code></pre></div>

I tested with a third server running centos 6 / virtualmin and same problem exists. ( I sent a sample email to you, check that)

Mostafa's picture
Submitted by Mostafa on Sat, 07/12/2014 - 15:20

I guess it's OK that Return-Path differs from domain name in the "FROM: " header as I tested this on cPanel and same thing existed there. The mails are sending from userdomain.com while the return-path is cPanelUsername@hostname of that server.

So if this is OK, SPF TXT record is needed to be added for the hostname of the server in addition to the A record.

I'm still having trouble believing that an SPF record for the return-path is needed, as the vast majority of Virtualmin users have their hostnames set to something in a domain that isn't even managed by Virtualmin, or doesn't resolve at all.

Mostafa's picture
Submitted by Mostafa on Sat, 07/12/2014 - 19:33

Well, You can check if you've a Google or Yahoo email account.

I've tested BOTH Yahoo mail and Google Mail, They BOTH check SPF-Record based on the domain of 'Return-Path' header, and NOT the domain of 'FROM' header.

This sounds strange for me too. Different persons have reported this, e.g.:

https://productforums.google.com/forum/#!topic/apps/mKJIPUU5gU8

I'm willing to believe that google and yahoo check the Return-path: header. However, what I can't re-produce is the return-path being set to the system's hostname, not the sending domain.

Does the same thing happen if you try sending email via some other method, such as a separate mail client like Outlook or Thunderbird?

Mostafa's picture
Submitted by Mostafa on Sun, 07/13/2014 - 05:47

I tested roundcube and return-path is set correctly to "From:" header.

Joomla works correctly too.

We know that it's possible to set Return-Path using additional parameters of php mail function.

So the following script will not generate correct Return-Path :

<div class="codeblock"><pre><code><span style="color: #000000"><span style="color: #0000BB"><?php<br /></span><span style="color: #007700">&</span><span style="color: #FF8000">#10;echo mail(&quot;myemail@gmail.com&quot;,&quot;subject&quot;,&quot;message&quot;,&quot;FROM: info@mydomain.com&quot;);&#10;<br /></span><span style="color: #0000BB">?></span></span></code></pre></div>

And scripts which send mail like above.

In this case Return-Path will be set to hostname, and SPF Record of hostname is needed in this case.

Is php in your system configured to send email via an SMTP connection to the local mail server, or using the sendmail command? That could make a difference.

Mostafa's picture
Submitted by Mostafa on Sun, 07/13/2014 - 13:18

On linux, it's set to use /usr/sbin/sendmail -t -i

Try changing the PHP config so that it uses an SMTP connection to localhost instead.

Mostafa's picture
Submitted by Mostafa on Mon, 07/14/2014 - 13:17

http://ir1.php.net/manual/en/mail.configuration.php#ini.smtp

 SMTP string
    Used under Windows only: host name or IP address of the SMTP server PHP should use for mail sent with the mail() function.
 
 
smtp_port int
    Used under Windows only: Number of the port to connect to the server specified with the SMTP setting when sending mail with mail(); defaults to 25. Only available since PHP 4.3.0.

Those should still work on Linux though - it would be interesting to see if the return-path header changes.

Mostafa's picture
Submitted by Mostafa on Mon, 07/14/2014 - 19:55

But Jamie, there's no way to activate core smtp mail feature of php on Linux.

One needs to install a third-party software like mini_sendmail and sets it to receive mails as sendmail_path from php script and forwards them to smtp server!

The question is clear, If you send mails with current virtualmin / cpanel configured php, the return-path is set to hostname. The question is if it needs a SPF records or not.

That's unfortunate ... my suggestion would be to make sure all PHP scripts set the return-path properly when calling the mail() function. Even if Virtualmin does add an SPF record for the hostname, this won't work in the majority of cases where the hostname isn't in a domain controlled by Virtualmin.

Mostafa's picture
Submitted by Mostafa on Tue, 07/15/2014 - 02:56

Please see the following link: http://slopjong.de/2013/02/05/setting-return-path-in-php-mail/

At the end of the above article, there's a script to set return-path by using additional parameters. But if someone doesn't set it, it will be set to the hostname. If the hostname is not controlled by virtualmin, then it's not virtualmin failure that SPF records of that domain are not set!

Anyway I don't see this as a bug. This is a very small issue which can be fixed or not.

Thank you for your time Jamie.

Automatically closed -- issue fixed for 2 weeks with no activity.