« Getting Started: LiteSpeedGeekStorage Updates - September 2012 »

Take the Headache Out of Sending Email

October 1, 2012 at 4:37 PM

Email is one of the oldest internet services still around today, and many of us rely on it to do our work, keep in touch with our friends, and get our daily news. Unfortunately, email is also one of the most often misconfigured services running on servers today.  A number of factors are at play when email is sent & received, sometimes causing email transaction problems to be difficult to debug. Luckily, there are just five quick steps to get your email functioning more reliably with your VPS or Shared Hosting service.

Five Quick Steps for Email Sanity

It might sound absurd, but you can really go a long way with just five quick steps. For cPanel users, these steps can be completed in a matter of minutes. It really is something everyone should do, and we encourage these steps for all of our users reporting email problems. Nine times out of ten, we find that these five steps could have prevented problems before they made it to the support desk.

Step 1 - SPF Records

SPF records have been around for a long time now, and many recipients rely on SPF records to be valid for purposes of spam prevention. SPF records are essentially a DNS record associated with your domain name that inform other systems about which servers can legitimately send mail on behalf of your domain. If a recipient is sent an email from a server in Canada but your valid sending IP is associated with a server in the United States, the mail will not get delivered. On the other hand, legitimate emails from the allowed sending IP will not be blocked. Many email providers will now go so far as to reject mail if an SPF record is not present.

With cPanel, it is a very simple process to enable SPF records for your domains. We have documented this process in our knowledgebase at the link below.

Enabling SPF in cPanel

Step 2 - DKIM

DomainKeys Identified Mail, or DKIM, is a relatively new system for enhancing email sender verification, but is being quickly adopted around the world by many email service providers. In short, DKIM will automatically sign all outgoing messages with a DKIM signature, allowing the recipient to verify that the email was actually sent from a valid mail system for your domain. This is another tool that mail recipients use for spam prevention.

The cPanel control panel makes DKIM integration very easy. The process is documented in our knowledgebase at the link below.

Enabling DKIM in cPanel

Step 3 - Port 25

Many ISPs block port 25 completely on their networks, forcing you to use their email service for sending email. They do this in an attempt to limit problems that may arise should a customer PC be infected with a virus or trojan that tries to send email from their network. Unfortunately, this restricts legitimate access to many email services such as our own SMTP service for outbound email. Luckily, we also have port 26, and even SSL port 465 open for outbound SMTP. We recommend users always configure their email applications with port 26, or SSL port 465 to avoid this possible problem.

Step 4 - (VPS & Dedicated) Server Hostname

For VPS & Dedicated users, it is also important to set your server hostname properly. Basically this just means that you need to use a valid server hostname that is setup to resolve to your primary IP address. For example, if your servers primary IP address is 192.168.1.100 and your server hostname is server.mydomain.com, then pinging server.mydomain.com should pull up the same IP: 192.168.1.100. If it does not, then you are likely to see some troubles with email. To ensure this is configured correctly, just go to WHM as the 'root' user, select Edit DNS Zone on the left hand side, and choose the domain name associated with your server hostname (in our case: mydomain.com). Make sure this domain has an "A" entry pointing to your primary server IP address (in our case: 192.168.1.100). Now you are all done with Step 4.

Step 5 - (VPS & Dedicated) PTR Entry

In most cases, PTR entries are configured upon setup of your VPS or dedicated server. But, sometimes you change your hostname or perhaps the hostname wasn't provided during setup. It is very important that PTR entries match up with your server hostname. A PTR entry is commonly referred to as a reverse DNS or RDNS record. RDNS records are a very common cause for outbound mail to bounce back. To ensure your RDNS record matches up with your hostname, use a tool such as "host" under Linux, or "nslookup" with Windows Command Prompt. Running the command "nslookup 192.168.1.100" in our example from Step 4 should print out "server.mydomain.com" as the returned "Name" field for a valid configuration. If your RDNS record does not match, simply submit a support ticket requesting an RDNS update to your server hostname.

Pinpointing Email Problems

On occasion we receive complaints about email services not operating properly. We do our best to troubleshoot these issues in a timely manner, but it can be downright frustrating at times. The reason for this is because there are a varying number of factors at play for each email transaction: the sending server, the receiving server, the servers supplying email blacklists, whitelists, and greylists, and in many cases multiple layers of software on each machine for use with spam prevention or other services. It is sometimes difficult to pinpoint which system is declining the email, and why. Our Head Geeks here at GeekStorage are well versed in this complicated art form, but most website administrators & VPS administrators will need tips in this regard.

Is the problem on my end or theirs?

Often times it is confusing to look at an email error or bounce message, and the confusion often times leads users to think "My email is broken!" before thinking "Where and why did this problem arise?" It is important when dealing with email issues to pinpoint the source of an error message, and then determine why that error message was generated. The easiest way to make a determination in this matter is to read through the full error message.

Most email error messages are quite descriptive and will give a nearly clear indication of what has happened. Take this example:

Delivery to the following recipient failed permanently: 
[email protected]
Technical details of permanent failure: 
Message rejected by Google Groups. Please visit http://mail.google.com/support/bin/answer.py?hl=en&answer=188131 to review our Bulk Email Senders Guidelines.

The email bounce message clearly indicates that the recipient did not get your email due to the Bulk Email Senders Guidelines at Google. It is important in this case to click the provided link in the error message to figure out why this occurred and prevent it from occurring in the future.

A little more difficult example involves the following email bounce message:

You have been blocked from sending to the Comcast network because we have determined that you are sending email from dynamic/residential IP space. Comcast does not allow residential / dynamic IP addresses to directly connect to our email servers. In most cases, Comcast will classify your email server's IP address as dynamic if the reverse DNS does not comply with standard static naming conventions.

At first the error messages indicates a problem with the IP space being used for sending the email. Luckily, it goes on to indicate the reverse DNS may not match up with the hostname. Going back to Step 5 above, we can quickly resolve this issue with a support ticket or via the GeekStorage account portal with supported services.

Many providers do not provide such in depth error messages, sometimes you will get an error code and short description. In those cases, a quick trip to Google with the information will provide a more detailed description of the error. It is also important to check the IP address mentioned as the sender in your email bounces. If you see an IP address that doesn't match up with your server, it is likely you are sending your emails through another system, perhaps by intent, but in such case the error will need to be investigated on that system. In some cases you will receive an error message that is local to the recipient of your email and cannot be resolved by you or our support staff. In these cases, it is typically necessary to contact our support team to make this determination.

I hope to have at least helped a little bit with the management of your email services. If you do run in to any problems with email on our services, feel free to contact our support team, available 24/7.