0

I have an instance on AWS and fighting with sending emails through cPanel.

All records are OK (checked on MX toolbox): SPF, DKIM, DMARC at the cPanel level and the WHM level (hostname). Even rDNS is OK. Server IP is not flagged or blacklisted (checked on MX toolbox). Email deliverability is OK both on WHM and cPanel.

The header that I received actually says some interesting things. But how to resolve this rDNS problem? It looks to me that this is the default AWS setup for an instance. See in 2.6 RDNS_DYNAMIC and HELO_DYNAMIC_IPADDR below:

Content analysis details:   (6.8 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.7 HTML_IMAGE_ONLY_20     BODY: HTML: images with 1600-2000 bytes of
                             words
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
  0.5 KAM_NUMSUBJECT         Subject ends in numbers excluding current years
  **2.6 RDNS_DYNAMIC           Delivered to internal network by host with
                             dynamic-looking rDNS**
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
  **3.2 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP
                             addr 1)**
  0.0 T_REMOTE_IMAGE         Message contains an external image
X-Spam-Flag: YES

How to deal with rDNS with AWS. On WHM I have this but this is normal. "The system uses an alternate HELO of “ec2-1-1-1-2.ca-central-1.compute.amazonaws.com” when sending mail from the “hotname_here” domain."

Adrian P.
  • 101
  • 2
  • Administration Panel are offtopic – djdomi Sep 10 '22 at 16:33
  • How do you fix your helo name? Undo whatever you did to override it in the first place, the default is to use the hostname, which is almost always what you want. – anx Sep 10 '22 at 17:36
  • Being an AWS instance they use ec2-1-1-1-1.us-east-2.compute.amazonaws.com for rDNS. I suppose I have to ask to change the PTR record to my hostname or change the hostname to ec2-1-1-1-1.us-east-2.compute.amazonaws.com? – Adrian P. Sep 11 '22 at 14:18
  • @djdomi It's related to the AWS instance and their PTR record more than cPanel. Mentioning cPanel is for context. – Adrian P. Sep 11 '22 at 17:43

1 Answers1

0

AWS is the only one who gave me an answer and I will post the solution here for future reference.

  1. If your domain isn’t managed by AWS in any capacity, then you will need to consult with the company that manages your domain and ask them to set up a PTR record for your mail server that points towards the correct FQDN instead of the standard AWS DNS for your AWS resource. Meaning your domain registrar or who manages your domain

  2. With regards to the HELO name, as best practice this should reference your FQDN. cPanel provides the functionality to change HELOs, information on which can be found here https://support.cpanel.net/hc/en-us/articles/4405084705559-How-to-enable-custom-mail-HELOs

Actually just fixing the HELO diminish my SPAM score by 3.2 which result in NO SPAM email.

I hope this will save somebody from the struggle of 3 days.

Adrian P.
  • 101
  • 2
  • 1
    an `PTR` is not bound to a domain, it's ip bound, but it must match the `in A` – djdomi Sep 12 '22 at 17:07
  • That's obvious. You didn't get it. They said to point the IP of the AWS instance to a fully qualified domain, which is the hostname on WHM. And of course, to have the A record of the hostname pointed to the AWS instance IP. – Adrian P. Sep 12 '22 at 21:08
  • I think you did not understand the way where to set the PTR and where the a record. The PTR can only be set by the owner of the subnet. this is when you use nslookup 1.2.3.4. it will tell sub.foo.bar in case of an example and the same has to be set as an A record, but this time from the owner of the domain which set a pair of name servers. and in that zone (Foo.bar) must be a in a sub 1.2.3.4 created. if both match, it's a good indicator that the server is legitimate – djdomi Sep 13 '22 at 04:45