Adding HostName domain = email problems

//edit

I failed to mention that adding the domain that is used as my hostname, prevents ALL other domains hosted on the VPS from sending or receiving mail. The only exception is that any contact form on any of the hosted domains do work and send the message to the WordPress admin.

On a WHM/cPanel VPS.

My hostname is something like: secure.example.com. After adding example.com to Cloudflare, I’m unable to send or receive in Outlook365. Settings in Outlook are imap - incoming and outgoing server “secure.example.com” 993/465. Also, if I try to signup at a domain that requires email verification, I never receive the email.

After removing the domain from CF, email works fine.

Is there some setting in CF for DNS/MX that would allow me to add my hostname domain to CF?

All email related hostnames must be :grey: DNS Only. This includes the target of your MX record, and any DNS entries used for POP, IMAP, SMTP etc.

Also, if your SPF record relies on something like v=spf1 a -all, then the a will not usually authorise hosts to send email from that particular hostname. The SPF record should not rely on any hostnames that are :orange:, as the IP addresses associated with :orange: hostnames will never send email, and your email server will have a different IP address.

Thanks Michael.

I need some clairification but I have some errands to run and will post back later today.

Michael,

The attached image shows what any one of my CF domains DNS settings look like. So are you saying the the “mail” entry (red arrows) should not be proxied? If I turn off the proxy CF says “This record exposes the IP behind “example”.com which you have proxied through Cloudflare. To fix this, change its proxy status.”

Or should I remove that “mail” entry entirely?

You indicated earlier that you use the hostname secure for IMAP And SMTPS. Your MX record seems to point to the same hostname. In the screenshot I do not see an A record for secure. Is something missing?

If you have non-http applications on the same IP address as your webserver, this is something you cannot avoid.

Just to be clear in my above. The screenshot is from a domain on CF. It’s not from the domain name used for my hostname; which I removed from CF.

And no, there are no A records for "secure.“example.net” in any of my CF domains. Should there be?

These are WordPress sites. Not even sure what a non-http app would be.

As for the SPF, they look like v=spf1 +mx +a +ip4:50.28.xxx.xx ~all
So, trying to interpret the below, I may very well be way in over my head configuring DNS :frowning:

I do want to say that I very much appreciate the time you’ve taken to educate me about this.

If your MX record is pointing at secure.example.net then you need an A record for secure.example.net, and it needs to be :grey:.

Email, so protocols like SMTP, IMAP etc.

In your SPF, the +a tells receiving servers to look up the A record for example.com and if the IP address matches the IP that an email was received from, then SPF will pass. As the A record for example.com is :orange:, this will never match. If you previously relied on +a to authorise your sending server (i.e. if the sending server does not match the mx or ip4 values) then you will need to update the SPF.

2 Likes

OK Michael,

I’m going to review your replies, try to “Grok” them and then implement.

I also checked to see if I could message you to see if you were available for consulting. I don’t want to wear out my welcome. But it looks like you’ve got messaging disabled.

Anyway, thanks for being a true Netizen!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.