D
D
Delfinov2017-06-10 17:47:34
Domain Name System
Delfinov, 2017-06-10 17:47:34

What DKIM record should I make in DNS if DKIM is from another domain on the same VPS?

Domains on one VPS ( ISPmanager 5, CentOS 7 64)
When sending emails c from the site XXX.TLD, the address of the YYY.TLD domain, to which the PTR is registered
(and, accordingly, DNS records), is used:
Domain xxx.tld: Host xxx.tld. Type: MX Value: mail.yyy.tld
Domain yyy.tld: Host yyy.tld Type: MX Value:
mail.yyy.tld
indicating:
SPF: SOFTFAIL, IP address 2a03:ax00:1:7502:5054:xf:fe00:b0f1 Read more...
DKIM: PASS, domain YYY.TLD Read more...
DMARC: FAIL More...(...To authenticate mail sent by third parties, provide them with your DKIM key to add to your messages, or arrange for these messages to be forwarded through your network)
Question: What DNS records do I need to make (selector rsmail) so that mail arrives at Googlemail with DMARC: PASS?
The full record in the letter when a subscription letter is received in Gmail:
Delivered-To: ххх@gmail.com
Received: by 10.83.21.17 with SMTP id 17csp10675yxv;
Fri, 9 Jun 2017 17:58:18 -0700 (PDT)
X-Received: by 10.46.83.1 with SMTP id h1mr13528458ljb.102.1497056298853;
Fri, 09 Jun 2017 17:58:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1497056298; cv=none;
d=google.com; s=arc-20160816;
x3Bg = b / Jq1dptTaEvi3UcklKO9TteRl1x5fzhWOlJkL4hOfWxthRgZdbC0hIz / 2gtDXF
LWVUCk3FemCVdAL7l + v + / + lQkWW9xHBeIDb B4UkfsojMrN / zPjb8hBd6m2ZFCNyRDJU9
J / 66NgV18BwOPlFpvfXTJv0ni / lOgth3HWVEdeOR + OwiSzofN8DD7h6GOI4ZMvqwe0YO
fm1tC0hGmb8z / iqX1yURDxdTm4BvwwF4qeKWbcJsRgoqatDJXQfE + akJhr4kYRmcbGQY
hb4sfZmBV8OYZhokpH6yl7dtyZIKG4SVCmAWIwaMjNXI28p6yfSN9a2YztyGrBjsNbDg
NVBA ==
ARC-Message-Signature: i = 1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:message-id:reply-to:from
:date:subject:to:dkim-signature:arc-authentication-results;
bh=R7GEqiijAdrtSKJIw3RRY2WfhW02hx8kqS131URN/Rw=;
wKNOQXhDHJchFZD6AEGNZHI = b / GGeddN5SgjyQ1uXgd81fYxTRbvPKfmhNLrO3TEBIUm
0N4qD1hYqo5WcEskCOfEZ88 + LueevwgAso4LjZqKz0bufpHoMj8OTcdQFKdATzDppODa
MEish68rnIH6NLC9xRLC8i5a3vB xdvGHozSZCo + q + / + FPm3ELD hc8wTIlD1N2vGWCaCj
botZudRVAC + zwcBIhlAIiljjg79xO7gpUsboQmUwcv6kscJ0AbxNQbVnDua5reICw7NR
xARtb5Dhu1aC / OZie4zN4FjFwCswotMjJy8SyjkBfAyJRxA4JjhtX57KWklA16Y54uoS
lVhA ==
ARC-Authentication-Results: i = 1; mx.google.com
dkim=pass [email protected];
spf=softfail (google.com: domain of transitioning [email protected] does not designate 2a04:ac00:1:7502:5054:ff:fe00:b0f1 as permitted sender) [email protected] tld;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xxx.tld
Return-Path:
Received: from yyy.tld (63241.simplecloud.club. [2a04:ac00:1:7502:5054:ff :fe00:b0f1])
by mx.google.com with ESMTPS id g76si1555621lji.108.2017.06.09.17.58.18
for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 09 Jun 2017 17:58:18 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 2a04:ac00:1:7502:5054:ff: fe00:b0f1 as permitted sender) client-ip=2a04:ac00:1:7502:5054:ff:fe00:b0f1;
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=softfail (google.com: domain of transitioning [email protected] does not designate 2a04:ac00:1:7502:5054:ff:fe00:b0f1 as permitted sender) [email protected] tld;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xxx.tld
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=yyy.tld; s=dkim; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Reply-To:From:Date:Subject:To; bh=R7GEqiijAdrtSKJIw3RRY2WfhW02hx8kqS131URN/Rw=; b=Gauqz9kqUl/eoONy1VD9gIPFD3+ROCuC4QMvX9VivB4UKrUnCMm/ijnKXTEuFiBt7iB16J6Cw05VS0gbYg8O/YOV/nIWfk0Iecbn6ukly4ZW6epvGYj6nhnnBq+6MFDr8oAMosOQBBtMmJ0Q6Epk4;
Received: from www-root by yyy.tld with local (Exim 4.84_2) (envelope-from ) id 1dJUjK-0001fO-8e for [email protected]; Sat, 10 Jun 2017 03:58:18 +0300
To: [email protected]
Subject: You are subscribed to Site News XXX.TLD
X-PHP-Originating-Script: 500:class.phpmailer.php
Date: Sat, 10 Jun 2017 03:58:18 +0300
From: "Victor XXX | XXX.TLD"
Reply-To: "Victor XXX"
Message-ID:
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

PS:
SPF, DKIM, DMARC are specified for both XXX.TLD and YYY.TLD. Mail through the Outlook client on a PC reaches GMail without comment. All OK.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
Max Kostikov, 2017-06-10
@mxms

Something is jumbled up in your head.
The PTR must match the hostname of the broadcaster. This is usually the MX of the domain.
This very host must appear in SPF in one form or another.
DKIM is written for your domain zone, which may not have anything to do with MX.
Finally, DMARC defines the behavior of the recipient to comply with the SPF policy and have a DKIM signature for the domain. In your case, the letter does not go through due to the quarantine policy in DMARC due to a mismatch between the sending host and the one declared in SPF with a DKIM signature.
Fix your SPF. You can do none in DMARC to ignore this (but you'll have to check how the receiver handles this).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question