From where do I get the correct syntax to create a proper SPF record for EC2 amazon server? I understand how to create a dns entry but I have no idea what to put in place for the SPF record.
This is very easy to do:
Provision an Elastic IP for your server
Setup an "A" record for the server which will be sending mail with your favorite registrar- a good practice to follow is to include "svr" somewhere in the hostname, as in, app-svr-01.youdomain.com
Click here to contact amazon and ask for a reverse dns record for the IP
add the following somewhere in your SPF record and you should be good to go:
a:app-svr-01.youdomain.com
Note: if you need to relay mail through this server from your other AWS servers, or communicate between servers in any other way, you shoukd not use this new FQDN, but rather the AWS FQDN from the AWS console (it will look like ec2-xxx-xxx-xx-xx.compute-1.amazonaws.com).
Using your custom domain name will route through the "WAN" and incur bandwidth charges.
You can use the Amazon Simple Email Service (SES). If you only use this service (and not directly), then your SPF can be as simple as described in the FAQ:
http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SPF.html
maybe changing it to a definite fail on mismatch:
v=spf1 include:amazonses.com -all
Creating an SPF record for an EC2 instance is a waste of time. Every major ISP and blacklist will blackhole mail from an EC2 IP no matter what you do. Since anyone can spin up an instance, get a new IP, send spam and disappear, nobody trusts their mail.
Use an external mail server, like SendGrid.
Related
Anybody here has experience with configuration SMTP on Cpanel host by AWS EC2.
After I have done configurations, DKIM is valid, SPF is valid, but PTR is not valid (reverse DNS). Then when I sent a test email to mail-tester.com, it was 3/10. Here is the error message
We didn't find a server (A Record) behind your hostname ip-172-31-1-135.ap-southeast-1.compute.internal.
You may want to publish a DNS record (A type) for the hostname
ip-172-31-1-135.ap-southeast-1.compute.internal or use a different hostname in your mail software.
I'm a newbie for DNS stuff, if you need more information, please give me a comment.
You should configure your mail server software to use your custom hostname (for example mail.example.com), not the AWS assigned default (such as ip-172-31-1-135.ap-southeast-1.compute.internal)
You need to contact AWS support to have PTR record configured https://aws.amazon.com/blogs/aws/reverse-dns-for-ec2s-elastic-ip-addresses/
Keep in mind that Amazon EC2 throttles traffic on port 25 of all EC2 instances by default, but you can request for this throttle to be removed: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/
If you want to receive emails on this server you can't change port number from 25 to something else as other servers will try to connect on this port to deliver emails. You also have to ask AWS to remove throttle on port 25 as stated before.
If you haven't already, create A DNS record for cpanel.mydomain.com pointing to your elastic IP (it is important that you have elastic IP not automatically assigned public IP)
Finally, I got 9.8/10 after tweaking some configuration and waiting for AWS Support to map Elastic IP to my domain name, then I can get 10/10
Most importantly, have to make sure hostname has to your my domain
1. set hostname
sudo hostname cpanel.mydomain.com
Set it automatically
cd /etc/dhcp/dhclient-exit-hooks.d/
sudo nano set-hostname.sh
file set-hostname.sh
#!/bin/sh
hostname cpanel.mydomain.com
/scripts/fixetchosts
For more detail, please free to reference here
I have a test application running at
http://ec2-34-215-196-193.us-west-2.compute.amazonaws.com/
(This is a Test application, it wont be live for long. When I try to add a CNAME to this, like the screenshot below
. is added by the DNS system.
However, my app seems to be accessible only via us-west-2.compute.amazonaws.com or us-west-2.compute.amazonaws.com.
I can make it to resolve it either one of them.
But adding anything, does not seem to resolve with a CNAME. It gives 503 Service Unavailable.
I am using AWS EC2 to host the app with a HAProxy Load Balancer.
Using Google Domains for DNS Name.
Any suggestions for troubleshooting this problem?
All dns entries have a dot in the end like subdomain.domain.com.
It's not suggested to create CNAMEs to your ec2 instance because that IP may vary in time and it's not reassignable, that's what elastic ip's are made for, just create an elastic IP, assign it to your ec2 instance and assign it as an A record on your DNS provider.
Amazon AWS documentation
First create elastic IP and assign to your instance. Then create A record and point IP. Your site should work normal.
I am using AWS EC2 to host my internal CRM. The server has started getting spam hits and consuming quite a bit of server resource. I know that we can configure CIDRs in the security groups. When I put comma separated values and try to save it, it throws an error stating "The source needs to be a CIDR block or a Security Group ID.". Is it like I can provide only one CIDR? If yes, then how will I address this?
Each rule handles only one CIDR. You can add many rules.
i have created new instance in amazon ec2, and assigned the elastic ip for instance. But i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
I have installed whm in amazon instance. Only domain cannot point to the correct name server. That is because ip cannot load.
Now, my problem is that how i get new ip. Can i add another two elastic ip in amazon? But i configured two elastic ip for name server in dns zone within whm. The name server is not working. And i cannot open the elastic ip in browser. I am confuse for it. Please anyone help me.
There are lots of things that can go wrong here. I'll try to troubleshoot step by-step:
I'll assume the goal is "You want to type 'whm.foo.com' and see your WHM"
1) Go to your domain registrar and make an entry that points "whm.foo.com" to your EIP. (Depending on what you want, maybe you should setup a "*.foo.com" wildcard for that EIP.
2) Test that step #1 worked by typing "ping whm.foo.com" or "dig whm.foo.com" (one linux/mac, not sure about Windows). This should return your EIP. If not, go back to step 1.
3) Check that WMH is acually running. Read the docs to find what port it's running on. (Usually 2083, or 2082 for insecure access)
On your instance, run "curl -v localhost:2083" (or whatever port. It should return a login screen. If it says "couldn't connect to host", then you have the wrong port or it's not running.
4) run "netstat -na | grep :2083" (or whatever port). It should say "0.0.0.0:*". If it says "127.0.0.1:*", then you need to configure it to allow outside access.
5) Make sure your WHM port is enabled in the AWS firewall. Go to the AWS control panel and find the security group for your box. Make sure that port is allowed. Ideally, you'd only add your personal IP instead of opening it up to the world. (If there is a bug in WHM, people will scan all IPs trying to exploit it. They can't exploit your server if the AWS firewall denies them access.)
6) Now type "https://whm.foo.com:2083" (or whatever port) in your browser. (or http://whm.foo.com:2082 for insecure access). It should work!
i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
As rdrey said, you need to go to your DNS provider (most registrars also do DNS) and tell them what boxes should point to your EIP.
That is because ip cannot load.
There is no such thing as "ip cannot load". Either "DNS is giving the wrong IP" or "some IP operations (TCP ports) were blocked by a firewall somewhere".
Now, my problem is that how i get new ip
I don't think that should be your goal. You can easily change EIPs, but it won't fix the problem. Nothing works unless everything in between is set up correctly. The goal should be understanding all the steps in the process and verifying that each step was done correctly.
OK, you have two options here:
Use the DNS servers provided by your Domain Registrar OR
Use AWS Route53 to let Amazon provide DNS services for you.
Option 1:
You bought your domain name from a registrar, like one of these: http://lifehacker.com/5683682/five-best-domain-name-registrars
Most, if not all, registrars run a free DNS service for their customers. You should be able to log into some kind of management console and set your domain's DNS zone entries to point at your AWS EIP. (I am using gandi.net and used to use godaddy. You simply leave the DNS Servers as they are and set your AWS EIP as the 'A' record.)
Option 2:
Go to https://console.aws.amazon.com/route53/home and follow instructions. I haven't read up on Route53's pricing, so this option might not be free.
---- EDIT:
Some more help:
The site you've linked to (http://www.intodns.com/xantec.com.sg) states that you've used your EIP (54.251.169.7) as the nameserver for the domain. You don't want that. You're running a cPanel installation, NOT a DNS nameserver.
Put 54.251.169.7 as your site's A record. (Sometimes called the www field.) Remove it from the NS fields and put ns3.thesimpledns.com & ns4.thesimpledns.com into those.
I have an scalable environment on amazon cloud. I want to send emails (transactional, mailing) from EC2 instances.
I am using one elastic Ip for my load balancer. I have installed postfix on all my instances.
Now, I got mail from amazon saying this
"You recently reached a limit on the volume of email you were able to send out of SMTP port 25 on your instance:"
1) Do I have to use any mail service provider to send mails (eg: http://aws.amazon.com/ses/)?
2) I googled it, people suggesting to send request to amazon through this link
https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request
If I have go with 2nd option, Do I have to take another elastic ip?
Could somebody explain me the proper way to send request.
I sent request to Amazon. They have removed the limit.