Mail DNS and 403 error

Hello there,
Thanks in advance for your help.
Actually in last couple days ago until yet search the community about my issues but can’t find the right way to fix.
I’ve got 2 questions about mail and 403 error (You don’t have permission to access this resource.Server unable to read htaccess file, denying access to be safe) which is I tried all ways but still didn’t fix.
I set my mail DNS but revived any emails but can’t send even can’t use on server side. When I used without the Cloudflare, everything worked properly but when it’s connected nothing works.

If the 403 error arrived after moving to Cloudflare, it could eventually be because your web server is blocking access to certain IP addresses (or, based on e.g. GeoIP databases, to countries or continents).

I would suggest you to dig in to your web server’s log files to troubleshoot this one further.

Make sure to set the Proxy status of mail related DNS records to Unproxied (:grey:) / DNS-only.

Other than that, further troubleshooting would require more information, such as e.g.:

  1. What domain?

  2. What exact records have you set, that you refer to with “mail DNS”?
    And how does your Cloudflare Dashboard look, in regards to these specific record(s)?

  3. What error(s) do you see?

  4. Perhaps a screenshot of what is happening?

3 Likes

Hi there,
Thanks for your quick response.
Please find attached screenshot.
About the subdomain please check this link
Really appreciate that

admin.tikotak.uk

Re. 403:

The 403 Forbidden error you see on that admin page, is coming directly from the Hetzner server you’re pointing your DNS records to.

You should therefore look in the log files located on the Hetzner server, in order to troubleshoot that issue further.

Re. mail:

In regards to your attached screenshot, I do however see that you have two MX records, pointing to the exact same target, but with different priorities. I suggest deleting one of them.

There is for example a misaligned name: There is an Exim mail server on the machine that claims to be named server-A-B-C-D.da.direct, however, the Reverse DNS (PTR) for the IP address is Hetzner’s default with the format static.D.C.B.A.clients.your-server.de (the A/B/C/D’s being your IP address/IP address in reverse).

Those dynamic/generic/auto-generated looking host names will cause you issues, if you’re trying to send emails from that Hetzner machine. So if you really intend to do that, you should have this configuration changed to something that first of all ends with your own domain name.

If it actually sends mails directly to third parties, I would also suggest you to start the host name with something like “mail”, to indicate that it is actually an (outbound) mail server, and obviously, keep that name consistent across all configurations.

In addition to that, you should also need to look in to setting up things such as e.g. DKIM and SPF authentication, if you’re sending mails that appear to be from the mentioned .UK domain.

That being said, -

I’m wondering, what is your connection to da.direct?

And is that Hetzner server one that you maintain on your own?

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.