MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Bugs and Requests => Topic started by: Spacedust on 2015-04-22, 19:35:34
-
Please see: http://www.dnsinspect.com/forum.mratwork.com
"NOTICE: Domain doesn't have DMARC record. DMARC (Domain-based Message Authentication, Reporting & Conformance) helps reducing potential of email-based abuse such as spam and phishing e-mails."
I'm using pdns and also the same ;(
This is my entry:
v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=mailto:d@rua.agari.com; fo=1
-
It seems DMARC is being messed up with SPF:
Identical TXT records
FAIL: Your name servers returned different TXT records:
37.187.123.56 ? v=spf1 a mx ~all v=spf1 a mx -all v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=mailto:d@rua.agari.com; fo=1
78.46.85.86 ? v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=mailto:d@rua.agari.com; fo=1 v=spf1 a mx -all v=spf1 a mx ~all
78.46.85.90 ? v=spf1 a mx -all v=spf1 a mx ~all v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=mailto:d@rua.agari.com; fo=1
Only SPF records are compared, all name servers should return identical SPF records.
Identical SPF records
FAIL: Your name servers returned different SPF records:
37.187.123.56 ? v=spf1 a mx -all v=spf1 a mx ~all
78.46.85.86 ? v=spf1 a mx ~all v=spf1 a mx -all
78.46.85.90 ? v=spf1 a mx ~all v=spf1 a mx -all
All name servers should return identical SPF records.
-
Try:
dig hostspectra.com TXT @ns1.hostspectra.com
dig hostspectra.com TXT @ns2.hostspectra.com
dig hostspectra.com TXT @ns3.hostspectra.com
-
See:
https://dmarcian.com/dmarc-inspector/hostspectra.com
http://www.dnsinspect.com/hostspectra.com#mail
-
No it's work.
Previous problem because using 'domain.com TXT "v=DMARC1;..."' instead '_dmarc.domain.com TXT "v=DMARC1;..."'
Will be update in next upload. Thanks.
-
No it's work.
Previous problem because using 'domain.com TXT "v=DMARC1;..."' instead '_dmarc.domain.com TXT "v=DMARC1;..."'
Will be update in next upload. Thanks.
Nice found ! Yes we were using just domain instead of _dmarc ;)
-
After readding DMARC now I got two records on all of my domains:
__base__ TXT - v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=...
_dmarc TXT - v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=...
How to remove the upper one from all domains ?
-
Use dmarc via 'email auth' only (new default rui using 'admin@__base__') with click 'update all'.
-
Use dmarc via 'email auth' only (new default rui using 'admin@__base__') with click 'update all'.
I got my own entries in DNS template. Rebuild the template does not remove these records ;(
-
Use dmarc via 'email auth' only (new default rui using 'admin@__base__') with click 'update all'.
I got my own entries in DNS template. Rebuild the template does not remove these records ;(
Check dmarc for google.com. Their dmarc is more simple than Kloxo-MR do.
-
I know, DMARC is working fine for me.
Now I only want to remove these entries for all domains (about 1300 domains):
__base__ TXT - v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=...
Also please make DNS fields a bit longer... ;)
-
Create/modified template without entry for 'dmarc' and then rebuild in 'manage dns' with this template.
-
Create/modified template without entry for 'dmarc' and then rebuild in 'manage dns' with this template.
The wrong TXT entry remains - only new or the same entires are being modifed.
__base__ TXT - v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=...
-
That's weird all other entries which does not exists in a new template (A, NS, FCNAME etc.) are removed but this wrong TXT is still untouched :(
-
I will try to emulate your setting.
-
I will try to emulate your setting.
Yes. Just add TXT record to the template with __base__ at the beginning:
v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=mailto:d@rua.agari.com; fo=1
Rebuild the DNS for domain.
Then remove the entry in DNS template and add correct TXT record with _dmarc:
v=DMARC1; p=none; ruf=mailto:d@ruf.agari.com; rua=mailto:d@rua.agari.com; fo=1
Then rebuild again.
You will have two records then:
one with __base__ and one with _dmarc which is incorrect.
-
I am not sure but possible in dns table of kloxo database, 'dmac' and '_dmarc' save in the same variable (where variable is 'dmarc'). And it's make Kloxo-MR panel confuse with this situation.
By default, Kloxo not accept variable like '_dmarc' (include '_' in front). In Kloxo-MR, '_dmarc' still accept but need to convert '_dmarc' to 'dmarc' and then save as 'hostname'.
-
I am not sure but possible in dns table of kloxo database, 'dmac' and '_dmarc' save in the same variable (where variable is 'dmarc'). And it's make Kloxo-MR panel confuse with this situation.
By default, Kloxo not accept variable like '_dmarc' (include '_' in front). In Kloxo-MR, '_dmarc' still accept but need to convert '_dmarc' to 'dmarc' and then save as 'hostname'.
Latest update to kloxo/httpdocs/driver/dns/dnsbaselib.php does not fix it.
Just add simple entry where reloading DNS template removes all old TXT records with __base__
-
Maybe first remove all DNS records before reloading the domain:
sh /script/update --class=dns --name=$DOMAIN --subaction=general --action=delete
It kills domainkeys too ;(
-
How to add action delete to this:
https://domain.com:7777/display.php?frm_action=updateform&frm_subaction=edit&frm_o_o[0][class]=client&frm_o_o[0][nname]=agona2&frm_o_o[1][class]=domain&frm_o_o[1][nname]=3dgsm.pl&frm_o_o[2][class]=dns&frm_o_o[3][class]=dns_record_a&frm_o_o[3][nname]=txt_base
-
Any ideas ?
-
I don't testing this codes but you can try in your testing server.
Try to copy fixdnsremoverecord to /usr/local/lxlabs/kloxo/pscript and fixdnsremoverecord.php to /usr/local/lxlabs/kloxo/bin/misc
-
Something is wrong:
sh /script/fixdnsremoverecord --ttype=TXT --hostname=localhost
/script/fixdnsremoverecord: line 29: [: missing `]'
Remove DNS record for 'localhost' hostname in 'TXT' ttype
- For 'test.xxx.pl' ('admin') at 'localhost'
-
Wait for next update (also introduce for thehostingtool).
-
Wait for next update (also introduce for thehostingtool).
OK. So far tested again on 7.0.0.b-2015042502
No errors, but no action were made:
sh /script/fixdnsremoverecord --ttype=TXT --hostname=localhost
Remove DNS record for 'localhost' hostname in 'TXT' ttype
- For 'test.xxx.pl' ('admin') at 'localhost'
-
Does it work now ?
-
I am not testing fixdnsremoverecord intensively.
-
I am not testing fixdnsremoverecord intensively.
It doesn't work at all. Please test it. I really need to have it working.
-
Replace content of fixdnsremoverecord.php with:
<?php
include_once "lib/html/include.php";
initProgram('admin');
$login->loadAllObjects('client');
$list = $login->getList('client');
$par = parse_opt($argv);
if (isset($par['ttype'])) {
$ttype = $par['ttype'];
}
if (isset($par['hostname'])) {
$hostname = $par['hostname'];
}
$nolog = false;
log_cleanup("Remove DNS record for '{$hostname}' hostname in '{$ttype}' ttype", $nolog);
foreach($list as $c) {
$dlist = $c->getList('domain');
foreach($dlist as $l) {
$dns = $l->getObject('dns');
$dns->setUpdateSubaction('full_update');
print("- For '{$dns->nname}' ('{$c->nname}') at '{$c->syncserver}'\n");
foreach($dns->dns_record_a as $drec) {
if (($drec->ttype === $ttype) && ($drec->hostname === $hostname)) {
print("-- remove '{$drec->hostname}' hostname in '{$drec->ttype}'\n");
} else {
$x[] = $drec;
}
}
$dns->dns_record_a = $x;
$dns->was();
}
}
-
Done, but nothing has changed. All TXT records are untouched.
sh /script/fixdnsremoverecord --ttype=TXT --hostname=localhost
Remove DNS record for 'localhost' hostname in 'TXT' ttype
- For 'test.xxx.pl' ('admin') at 'localhost'
-
Wrong input. It's must like 'sh /script/fixdnsremoverecord --ttype=txt --hostname=dmarc'.
-
My fixdnsremoverecord is blank...
-
Restored and it worked !
sh /script/fixdnsremoverecord --ttype=txt --hostname=__base__
Remove DNS record for '__base__' hostname in 'txt' ttype
- For 'tester.pl' ('admin') at 'localhost'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-- remove '__base__' hostname in 'txt'
-
It's very slow (1-2 domains per minute) but it works ;) Removing in progress...
I will have to rebuild it anyway, because it also removes my SPF records.
-
It's slow but it works ;) Removing in progress...
I will have to rebuild it anyway, because it also removes my SPF records.
Yes, because remove with 2 variables. You are lucky because all default 'txt record' (spf, dkim, dmarc and domainkeys) not insert directly to dns setting.
-
Sometimes it gets faster, then it's about 3-5 domains per minute. I'm leaving this on "screen" ;)
-
I have to restart my Kloxo because of new SSL cert and it stopped on letter "B" and not moving.
How to resolve this ?
-
Some users tell that nginx and hiawatha (that mean including their proxy) have a problem with ssl from comodo. I don't know what's a problem is.
-
Some users tell that nginx and hiawatha (that mean including their proxy) have a problem with ssl from comodo. I don't know what's a problem is.
No troubles with SSL. I mean your fixdnsremoverecord is not working properly. It's way too slow with many domains. It will take ages to complete in master-slave environment where DNS is also on slave.
-
Fixdnsremoverecord just remove record from dns table of kloxo database and don't care for master or slave.
After remove need fixdns dan restart-dns.
Yes, this script is slow because reading object instead read database directly where object tend to more need process and memory.
-
Fixdnsremoverecord just remove record from dns table of kloxo database and don't care for master or slave.
After remove need fixdns dan restart-dns.
Yes, this script is slow because reading object instead read database directly where object tend to more need process and memory.
Now even reloading DNS template takes ages to complete. It wasn't that slow before !
-
After upgrade to latest Kloxo-MR. It stopped working again:
sh /script/fixdnsremoverecord --ttype=txt --hostname=__base__
Remove DNS record for '' key in '' type
- For 'infotryb.pl' domain ('adi2577' client) at 'localhost' server
-- NO exists of '' key in '' type
-
change parameter, from 'hostname' to 'key' and 'ttype' to 'type'. Try execute 'sh /script/fixdnsremoverecord' and the you see what's you want.
-
change parameter, from 'hostname' to 'key' and 'ttype' to 'type'. Try execute 'sh /script/fixdnsremoverecord' and the you see what's you want.
It works again, but ultra slow. Can we skip clients which are already fixed ? Maybe add --client switch ?
-
Try replace fixdnsremoverecord.php with:
<?php
include_once "lib/html/include.php";
initProgram('admin');
$login->loadAllObjects('client');
$list = $login->getList('client');
$par = parse_opt($argv);
if (isset($par['type'])) {
$ttype = strtolower($par['type']);
}
if (isset($par['key'])) {
$hostname = strtolower($par['key']);
}
$client = (isset($list['client'])) ? $list['client'] : null;
$clist = array();
$nolog = false;
log_cleanup("Remove DNS record for '{$hostname}' key in '{$ttype}' type", $nolog);
foreach($list as $c) {
if ($client) {
$ca = explode(",", $client);
if (!in_array($c->nname, $ca)) { continue; }
}
$dlist = $c->getList('domain');
foreach($dlist as $l) {
$dns = $l->getObject('dns');
$dns->setUpdateSubaction('full_update');
print("- For '{$dns->nname}' domain ('{$c->nname}' client) at '{$c->syncserver}' server\n");
$removed = false;
foreach($dns->dns_record_a as $drec) {
if (($drec->ttype === $ttype) && ($drec->hostname === $hostname)) {
print("-- remove '{$drec->hostname}' key in '{$drec->ttype}' type\n");
$removed = true;
} else {
$x[] = $drec;
}
}
if ($removed === false) {
print("-- NO exists of '{$hostname}' key in '{$ttype}' type\n");
}
$dns->dns_record_a = $x;
$dns->was();
}
}
You can set like '--client=clientA,clientB'
-
It does not work ;(
-
Try this:
<?php
include_once "lib/html/include.php";
initProgram('admin');
$login->loadAllObjects('client');
$list = $login->getList('client');
$par = parse_opt($argv);
if (isset($par['type'])) {
$ttype = strtolower($par['type']);
}
if (isset($par['key'])) {
$hostname = strtolower($par['key']);
}
$client = (isset($par['client'])) ? $par['client'] : null;
$clist = array();
$nolog = false;
log_cleanup("Remove DNS record for '{$hostname}' key in '{$ttype}' type", $nolog);
foreach($list as $c) {
if ($client) {
$ca = explode(",", $client);
if (!in_array($c->nname, $ca)) { continue; }
}
$dlist = $c->getList('domain');
foreach($dlist as $l) {
$dns = $l->getObject('dns');
$dns->setUpdateSubaction('full_update');
print("- For '{$dns->nname}' domain ('{$c->nname}' client) at '{$c->syncserver}' server\n");
$removed = false;
foreach($dns->dns_record_a as $drec) {
if (($drec->ttype === $ttype) && ($drec->hostname === $hostname)) {
print("-- remove '{$drec->hostname}' key in '{$drec->ttype}' type\n");
$removed = true;
} else {
$x[] = $drec;
}
}
if ($removed === false) {
print("-- NO exists of '{$hostname}' key in '{$ttype}' type\n");
}
$dns->dns_record_a = $x;
$dns->was();
}
}
-
Ok. First I need to investigate why Kloxo is such slow and it wasn't before.
-
Try restart mysql and kloxo itself.