I recently found that my server's IP was underneath a prefix that was blacklisted, so I wanted to move my server to one whose Prefix was NOT blacklisted. I took the following steps (all on Digital Ocean btw) 1. Backed up a snapshot of my server, then renamed and disabled it 2. Setup a new server (droplet) at a new IP and restored my backup snapshot to it 3. Changed my DNS entry for the server name 4. Logged into new server and checked DNS against each of my domains and mailcow showed they were all perfect RESULTS: - although I could receive mail on the new server, sending was blocked my most receiving domains with variations of '550, "5.7.1" The IP you're using to send email is not authorized...' - I verified all records as being correct, including PTR, so I don't know why this would happen. Thinking perhaps it was a propagation error I waited a couple of hours, but it still happened. Luckily I had not deleted the original server (with it's IP intact) to I deleted the new one, renamed the old one back to my domain name, verified all records and restored to it. Now I can mostly send again, except for the few that are rejected because my prefix (though not my IP) is on some block list. My question is: IS there something else I was supposed to do in mailcow to make this work? Regenerate DKIM keys or something else?

migrate to new server issues

moostephen

I recently found that my server’s IP was underneath a prefix that was blacklisted, so I wanted to move my server to one whose Prefix was NOT blacklisted. I took the following steps (all on Digital Ocean btw)

Backed up a snapshot of my server, then renamed and disabled it
Setup a new server (droplet) at a new IP and restored my backup snapshot to it
Changed my DNS entry for the server name
Logged into new server and checked DNS against each of my domains and mailcow showed they were all perfect

RESULTS:

although I could receive mail on the new server, sending was blocked my most receiving domains with variations of ’550, “5.7.1” The IP you’re using to send email is not authorized…'
I verified all records as being correct, including PTR, so I don’t know why this would happen. Thinking perhaps it was a propagation error I waited a couple of hours, but it still happened.

Luckily I had not deleted the original server (with it’s IP intact) to I deleted the new one, renamed the old one back to my domain name, verified all records and restored to it. Now I can mostly send again, except for the few that are rejected because my prefix (though not my IP) is on some block list.

My question is: IS there something else I was supposed to do in mailcow to make this work? Regenerate DKIM keys or something else?

HDS-Admin

Im not 100% this is your problem, but did you change the SPF dns entry? It should be updated for the new ip address. I would make new DKIM keys as well.

moostephen

my SPF dns points to the domain (which is the same as before) not the IP. All domain records (including PTR) that pointed to the previous IP addresses (both IPv4 and IPv6) were changed properly. So I don’t know why all these domains started refusing mail.

moostephen

And how do I even make new DKIM keys? I can’t find anything in the interface that allows me to regenerate them.

accolon

Configuration –> ARC/DKIM Keys.

Just a guess: Maybe the receivers are still getting the old IP from DNS caches. You could perhaps disable SPF, DKIM etc. for the new server and wait one or two days until the new DNS settings have propagated before you enable it again.

moostephen

Oh I was aware of that config panel, but I didn’t see a regen button. Now I guess I understand I have to remove one, then might be able to create a new one. Thanks. As for waiting a couple of days, I would worry about a lot of mail being rejected in that time. And if it didn’t work after two days, I would really be screwed. Not sure how I can test/verify this.