Struggling getting cpanel mail to work with cloudflare dns

Hello this is my cpanel’s mail info:

So my mail server is exactly my domain, I don’t know why, we have not configured it this way, is it like this for everybody?

The not secure version uses mail.domain.com, I can’t post a picture of it because it says I’m new, but I don’t want to use the unsecure version anyways.

I set

A , mail, my ip, DNS only
MX, my domain, my domain, DNS only

now if I use mail.domain.com as my mail server it works, I don’t have any idea if that’s the right way to do this! It works yes if I test it myself it works, but I have no idea why it works, it was just a random test, it also doesn’t work on some only smtp test tools!

that’s the main reason I want to make sure I’ve done things right.

I meant some online smtp test tools not (only), weird I can’t find an edit button here.

Here’s cpanel’s not secured config:

Greetings,

Thank you for asking.

I am sorry to hear you are experiencing an issue with receiving and/or sending e-mails while using Coudflare for your domain name.

Kindly, see below suggestions and tips for troubleshooting.

Usually, the MX record should point to a hostname such as mail (your case) , and the A (or CNAME ) type record for that hostname mail should be set to :grey: (DNS Only) at the DNS tab of Cloudflare dashboard.

Furthermore, in your email client, you should use mail.domain.com for POP3/IMAP/SMTP.

If you recently moved your domain to your Cloudflare account, I could try to troubleshoot at first sight without knowing anything other as it could be related to either:

  1. Wrongly setup e-mail related DNS records at the DNS tab of Cloudflare dashboard for your domain name
  2. Possibly missing some TXT /CNAME records (for SPF , DKIM, DMARC if so?)
  3. You are using a hostname like yourdomain.com which is :orange: (proxied) rather than the unproxied :grey: (DNS-only) like mail.yourdomain.com (possible this one not existing or is :orange: instead of being :grey:) at the DNS tab of Cloudflare dashboard, in your e-mail client for sending/receiving server (MS Outlook, Mozilla Thunderbird, etc.)

May I suggest checking below article if your e-mail records (usually the A mail and the MX record) are configured properly while you are using Cloudflare for your domain name:

I would also recommend looking into the below article due to further prevention of your e-mails being marked as a SPAM at the recipient’s side:

Nevertheless, using online tools on the links below you could test and troubleshoot more what is going on with your e-mails:

Thanks for your support!
Here’s the test result: https://www.mail-tester.com/test-vh7loslhu
Could you guide me to the right direction for these errors:
HELO_DYNAMIC_IPADDR , SPF_HELO_NONE, CK_HELO_GENERIC, Your message is not signed with DKIM

Thank you for feedback information.

  1. Navigate to the cPanel → Email Deliverability.
  2. Wait for a few seconds, then click on the button “Manage” near your domain name.
  3. Scroll down a bit and find DKIM section.
  4. There you’ll find a configuration for DNS to add DKIM TXT record to the DNS tab of Cloudflare dashboard for your domain name.
  5. Copy the “name” from cPanel, go to CF dashboard, click on “Add record”, select type “TXT” and then paste into the “name”.
  6. Copy the “value” from cPanel and paste it into the “value” at Cloudflare. Click Save on Cloudflare.
  7. Repeat the steps for the SPF.
  8. Give it a few minutes or reply back here so we could double-check online.

Except, if your cPanel hosting provider doesn’t offer you “Email Deliverability” and doesn’t have DKIM :thinking:

UPDATE: I can see two DKIMs being returned, one is being stripped or wrong:

default._domainkey.yourdomain.com. 300 IN TXT "3+hjZ/k58h36aAKdpQptDxRdxDzo13v3fN4YpM1Tg4NKUY3j+JlKVOxPfU+w5kF1zZp3LexRr4q/U+/tYiClOHQg3fj9KG3/Wk/RHYxdfgBbs0wkugSHyhvn71V5sVHBuI4zYa3oU1qoMq1I5267wIDAQAB;"

default._domainkey.yourdomain.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeR0tcyOMRvuM+ExnBI4cgU9tAFWqmNUp1fjPhoIj93djAzOg9eUWG/8g5QIPunac3lUTeUXymCwHlqfNhq50EqwvWc0UMI30YRGTGIHTGSNZV9iZqupCm+V0TbjAkTffDgcMDLoYV9ttTn9/d8Mp7REJE1lEwlTjMr+AdWhkfwxd/b5HEzosAdTssy4YTjSD" "3+hjZ/k58h36aAKdpQptDxRdxDzo13v3fN4YpM1Tg4NKUY3j+JlKVOxPfU+w5kF1zZp3LexRr4q/U+/tYiClOHQg3fj9KG3/Wk/RHYxdfgBbs0wkugSHyhvn71V5sVHBuI4zYa3oU1qoMq1I5267wIDAQAB;"

SPF looks good so far:

yourdomain.com. 190 IN TXT "v=spf1 +mx +a +ip4:ip.v4.addr.here ~all"
1 Like

Thank you so much your help means a lot to me!
I did now put only one DKIM and it is the one from the guide you provided.
Previously I had to DKIMs which I got from WHM dns zone management, maybe there were outdated or wrong, since I changed the dns to Cloudflare? I’m not sure.

And here’s the result:
https://dnschecker.org/dkim-record-checker.php?query=dreamworldestate.com&selector=default

But I still get the same error :frowning:
https://www.mail-tester.com/test-6ijb1wi9d&reloaded=2

Update:
Looks like I had to press a button in cpanel so the mailer on cpanel would use the DKIM sorry totally my fault!

Here’s the new results:

Still one issue with DKIM: DKIM_SIGNED but I don’t think that matters.
HELO_DYNAMIC_IPADDR, SPF_HELO_NONE, CK_HELO_GENERIC are all about HELO and overall they take 3 points off, cpanel on the same page you sent me to get DKIM info tells me:

and here’s the output of hostname in the ssh:

$ hostname
static.252.198.9.5.clients.your-server.de

Are you on dedicated or shared hosting?

Thank you so much for responding, this is a VPS I have full access to its root user in ssh and WHM if they’re needed.

Congratulations on finding the option ot enable DKIM signing. I was going to suggest that, but didn’t know where to send you in cPanel for that setting. I’m glad you found it.

With the host being a VPS, you should be able to update the email server HELO hostname and set a PTR record for the IP.

1 Like

Thank you so much just wanted to mention PTR record is not set which I can see in the same previous page of cpanel:

I can’t seem to be able to set it up correctly on Cloudflare, it gives me an error, I can’t put two images in the same post because I’m new so I have to put it in the next one sorry!

Sorry I had to put it here:

That is because you cannot set up that PTR record in your Cloudflare account. The entries in your Cloudflare accouint have to be in your DNS zone, which is your domain name. PTR records are in the in-addr.arpa. zone and will be managed by the network operator that has been allocated the IP space assigned to your server.

You will need to set this up using your hosting provider’s management tools.

Thank you again for responding I really needed your help to clarify that! But I’m not still sure how the issue could be solved, by the way here’s HELO settings from WHM would be great if you would confirm they are correct.

About the in-addr.arpa. I don’t have access to it in hosting provider’s management tools could you please confirm if I got this right? so I can ask the VPS provider to set it up correctly,.

So this PTR record name : 252.198.9.5.in-addr.arpa. value : static.252.198.9.5.clients.your-server.de. needs to be set on in-addr.arpa. zone, and that’s it?

That already is the current value for the PTR record. You want one that isn’t generic, such as mail.example.com. (only for your domain).

From your screenshot, the Domains and IPs section s what is relevant to your current endeavor. If you update the PTR with your hosting provider (which should have been covered in a link I shared earlier), You should be able to click on the blue Rebuild DNS button once you see the new PTR record.

Alternately, you could turn off Use the reverse DNS entry for the mail HELO/EHLO if available and enable the Reference /etc/mailhelo for custom outgoing SMTP HELO instead. That would get you your non-generic HELO, but would still leave you with a mismatched and generic PTR.

We are getting pretty far off-topic for the Cloudflare Community, as none of this has anything to do with Cloudflare at this point. As much as I do enjoy helping you figure this out, it probably is better suited to either a cPanel forum or your provider’s own community.

2 Likes

Oh I missed the second link!
You are completely right we are getting off topic but you helped a lot, thank you so much!!! I mark your reply as the answer, you’re the best!

1 Like

After you have added it to DNS tab of CF dashboard, have you navigated back to cPanel home, therefore clicked to the “Email Deliverability”? :thinking:

I remember, cPanel sometimes doesn’t activate DKIM at all and it’s not a :white_check_mark: until it scans and figures it out on the “external DNS provider” (Cloudflare) that it’s existing one, until them it’s :warning: displayed :thinking:

If it’s recognized and correct, you’d get a blue notification at the top right corner of the cPanel saying that DKIM is enabled and active, therefore on the domain list under the “Email Deliverability” you’d have :white_check_mark: near your domain name.

Maybe some time needed to process this, like 1hour or more for other MTA’s like Gmail.

1 Like

Thank you so much, you guys helped a lot! I can’t thank you enough!
Not only my problem got solved, I got a perfect score 10/10 :slight_smile:
https://www.mail-tester.com/test-ybqy5uj79

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.