Hello,
Example server hostname: sv.mydomain.com Virtualmin Wizard -> default dns entries of the server: ns1.mydomain.com & ns2.mydomain.com
Problem: When I add mydomain.com to virtualmin, it automatically adds A records for dns entries but don't add any one for the hostname.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Mon, 07/07/2014 - 16:20 Comment #1
Wait, so are you creating a Virtualmin domain that matches the domain name your system's hostname is already in?
Yes, It doesn't automatically add A record for the hostname.
Submitted by JamieCameron on Tue, 07/08/2014 - 19:34 Comment #3
That's kind of expected - normally you should already have a manually created or existing domain that your hostname is in, perhaps provided by your ISP or hosting company.
That's right for dedicated servers. But most of newly created VPS servers doesn't have a valid existed hostname. This is upon to the customer to add his domain and change the hostname to a valid one.
Anyway, It doesn't hurt if Virtualmin checks for it. It checks if the domain which is creating matches hostname domain, if it did, adds an extra A record for the hostname.
Submitted by JamieCameron on Wed, 07/09/2014 - 23:25 Comment #5
Ok, since this is pretty easy to implement, I will add it in the next Virtualmin release.
Thanks!
Also as the FQDN hostname is used in postfix as 'return-path' domain, it's needed to add a TXT DNS record for the SPF Record of the domain.
The following record is already created before: mydomain.com. IN TXT "v=spf1 a mx a:$mydomain ip4:$IP ?all"
The following new record is needed to be created for the hostname: $hostname IN TXT "v=spf1 a mx a:$hostname ip4:$IP ?all"
$hostname is something like "sv.mydomain.com"
Submitted by JamieCameron on Sat, 07/12/2014 - 01:13 Comment #7
Are you sure that is needed? Since email is presumably sent from address@domain.com , there only needs to be an SPF for domain.com .
I tested multiple servers running virtualmin and confirm that there's a problem here.
You're right, emails are sent from address@userdomain.com. So the 'From:" header is set to address@userdomain.com and there's no problem here.
BUT
Postfix sets Return-Path to $hostname (e.g. sv.hostname.com). So the final headers will look like this:
From: address@userdomain.com
Return-Path: sv.hostname.com
Google and yahoo check SPF-Records based on Return-Path.
I think the correct case is when Return-path matches the domain in $from header and postfix should be configured in a way to do this (maybe by setting sender_canonical_maps and using cleanup feature of postfix).
Submitted by JamieCameron on Sat, 07/12/2014 - 14:39 Comment #9
What program are you using to send email? Because in my tests with a standard Virtualmin install, the return-path is set to the domain of the from address?
I'm using the following simple script:
I tested with a third server running centos 6 / virtualmin and same problem exists. ( I sent a sample email to you, check that)
I guess it's OK that Return-Path differs from domain name in the "FROM: " header as I tested this on cPanel and same thing existed there. The mails are sending from userdomain.com while the return-path is cPanelUsername@hostname of that server.
So if this is OK, SPF TXT record is needed to be added for the hostname of the server in addition to the A record.
Submitted by JamieCameron on Sat, 07/12/2014 - 16:24 Comment #12
I'm still having trouble believing that an SPF record for the return-path is needed, as the vast majority of Virtualmin users have their hostnames set to something in a domain that isn't even managed by Virtualmin, or doesn't resolve at all.
Well, You can check if you've a Google or Yahoo email account.
I've tested BOTH Yahoo mail and Google Mail, They BOTH check SPF-Record based on the domain of 'Return-Path' header, and NOT the domain of 'FROM' header.
This sounds strange for me too. Different persons have reported this, e.g.:
https://productforums.google.com/forum/#!topic/apps/mKJIPUU5gU8
Submitted by JamieCameron on Sat, 07/12/2014 - 20:40 Comment #14
I'm willing to believe that google and yahoo check the Return-path: header. However, what I can't re-produce is the return-path being set to the system's hostname, not the sending domain.
Does the same thing happen if you try sending email via some other method, such as a separate mail client like Outlook or Thunderbird?
I tested roundcube and return-path is set correctly to "From:" header.
Joomla works correctly too.
We know that it's possible to set Return-Path using additional parameters of php mail function.
So the following script will not generate correct Return-Path :
And scripts which send mail like above.
In this case Return-Path will be set to hostname, and SPF Record of hostname is needed in this case.
Submitted by JamieCameron on Sun, 07/13/2014 - 11:34 Comment #16
Is php in your system configured to send email via an SMTP connection to the local mail server, or using the sendmail command? That could make a difference.
On linux, it's set to use /usr/sbin/sendmail -t -i
Submitted by JamieCameron on Mon, 07/14/2014 - 12:52 Comment #18
Try changing the PHP config so that it uses an SMTP connection to localhost instead.
http://ir1.php.net/manual/en/mail.configuration.php#ini.smtp
Submitted by JamieCameron on Mon, 07/14/2014 - 18:10 Comment #20
Those should still work on Linux though - it would be interesting to see if the return-path header changes.
But Jamie, there's no way to activate core smtp mail feature of php on Linux.
One needs to install a third-party software like mini_sendmail and sets it to receive mails as sendmail_path from php script and forwards them to smtp server!
The question is clear, If you send mails with current virtualmin / cpanel configured php, the return-path is set to hostname. The question is if it needs a SPF records or not.
Submitted by JamieCameron on Tue, 07/15/2014 - 01:59 Comment #22
That's unfortunate ... my suggestion would be to make sure all PHP scripts set the return-path properly when calling the mail() function. Even if Virtualmin does add an SPF record for the hostname, this won't work in the majority of cases where the hostname isn't in a domain controlled by Virtualmin.
Please see the following link: http://slopjong.de/2013/02/05/setting-return-path-in-php-mail/
At the end of the above article, there's a script to set return-path by using additional parameters. But if someone doesn't set it, it will be set to the hostname. If the hostname is not controlled by virtualmin, then it's not virtualmin failure that SPF records of that domain are not set!
Anyway I don't see this as a bug. This is a very small issue which can be fixed or not.
Thank you for your time Jamie.
Submitted by Issues on Tue, 07/29/2014 - 02:57 Comment #24
Automatically closed -- issue fixed for 2 weeks with no activity.