Cyberpanel forward email – IP Address sending this message does not have a PTR record setup 550-5.7.25

550-5.7.25  The IP address sending this message does not have a PTR record setup, or the corresponding forward DNS entry does not point to the sending IP. As a policy, Gmail does not accept messages from IPs with missing PTR records. Please visit 550-5.7.25

TLDR:  you need to make sure your DNS settings are correct with the proper DKIM public code.  Once I got the DNS txt fields as described below, forwarded emails were being received. (see updated post – ultimately gmail was just too strict with forwarded emails)

I realized that some of my emails were not being forwarded to my gmail account.  I thought I had everything working properly, but apparently not.  Or something changed during a cyberpanel update.  Either way, it looks like I’ll need to sort this one out.  I found that I can view the emails in rainloop, but the forwarded emails were not going through.  I went into cyberpanel to view the email logs and found the above message.

Interestingly, searching for a solution leads to my earlier post on the topic of forwarded emails not working.  Unfortunately, what I thought was a solution does not actually work – or at least it doesn’t work anymore.  I still have this error message and I have no link anymore saying “click to fix”.  So I’ll take a deeper dive.

Now when logging into email, I see they are linking to the following page for debugging help:

https://community.cyberpanel.net/t/9-how-to-debug-and-reset-email-settings-using-cyberpanel-cloud/106

And they have these 4 steps:

  1. Check required ports status.
  2. Check Email DNS records.
  3. Login/Signup to CyberPanel cloud
  4. Connect your server with CyberPanel cloud

I’m pretty sure my port status is okay – if not, that’ll take some more learning on my part.  I do have concerns that my DNS records may be part of the problem.  They provide a link to this page for recommendations on setting up email DNS records.

And I came across the first problem – they say their automated solution only works if cyberpanel is managing the DNS settings.  I am using cloudflare to manage my DNS settings – perhaps that is now causing some conflicts.  They do seem to have suggestions if you are not hosting your DNS with cyberpanel.  

They give example DNS records to use when hosting externally.:

Type	Name	Value
TXT	mydomain.com 20	v=spf1 a mx ip4:myIPaddress ~all
TXT	_dmarc.mydomain.com	v=DMARC1; p=none
TXT	_domainkey.mydomain.com	t=y; o=~;
TXT	default._domainkey.mydomain.com	v=DKIM1; k=rsa; p=<paste generated public key here>

I went into cloudflare and I’m finding the txt field I setup for the SPF information is causing an error. Here is the error message:

The number of lookups on your SPF record exceed the allowed limit of 10. This will result in emails failing SPF authentication.

I did make another post to address the cloudlfare error that my SPF record exceeded the limit of 10 lookups – you can view that here.

While that got rid of the error message in cloudflare, my emails were still not being forwarded.  Back to setting up the rest of the DNS records.

So I added the other DNS records and when I went to add the DKIM public key, the DKIM manager gave me what maybe is the complete txt field, but it includes quotation marks that I haven’t seen in other examples.  And more confusing is that the actual key looks to be split up into two sets, each with its own set of quotation marks and a space between.  To start, I’ll just cut and paste the whole thing as is, including the quotation marks.  It also added an additional field.  Here is what it is (removed part of actual public code):

"v=DKIM1; h=sha256; k=rsa; "
      "p=removed"
      "removed"

I went to https://www.mail-tester.com/

and it shows my DKIM is invalid.  I’ll try removing the quotes and see if that fixes it.

And that now shows that DKIM is valid!  I literally just removed all the quotation marks, but left the rest of the formatting for the public key as it was – with both blocks after the p= as separate.

The mail-tester does show a drop in value related to the reverse dns not matching the domain.  I’m not sure if there is a way to address that given it is essentially a “shared” server with all of my various domains.  Another thing for me to lookup in my spare time.

And it now seems my emails are forwarding properly.  I still think the reverse DNS lookup may eventually be an issue I need to address.  I also noticed my email shows as having been forwarded by the one domain that does come up when you do a reverse DNS lookup for the server.  That’s not ideal, especially if I am hosting other people’s sites on my server.

Update 9/14/2022:  I did find that the reverse DNS issue was a problem related to IPv6 lookups.  I know just enough to be dangerous, but I ultimately seem to have things working much better after I implemented the somewhat complicated fix I described in this post.  

 

 

Leave a Reply