https://discord.cloudflare.com logo
Join Discord
Powered by
Can't create DKIM Records
# general-help
t
Hi guys, I'm using ovh OVH mail service, but i use cloudflare's DNS servers. So, i'm trying to create a DKIM and SPF record but cloudflare gives me an error: "cannot create a non-glue record that is beneath a delegated child zone." Can someone help me?
c
Thanks for creating your own post. You're most likely getting that error because you already have NS Records created within Cloudflare that cover that subdomain. Did you create some by accident, or just forget to delete them?
ex. If you're trying to create a record a txt record on mail.example.com, and there is NS Records for mail.example.com, that's why. You need to delete the NS records first, or create these records at the nameserver you've delegated the subdomain to
t
when i created my cloudflare website, it created a lot of records like these (from the 5th)

https://cdn.discordapp.com/attachments/1111726035533307934/1111727028429926451/image.png

I'm trying to create a TXT record for dkim
c
ahh interesting, it tries to autodiscover existing DNS Records and it looks like it got a bit confused by your old DNS
Delete all of the NS Records pointing at parkingx.ovh.net Once you delete those, you should have no issue creating the DNS Records you want
t
using Sendgrid
about SPF, is that right?

https://cdn.discordapp.com/attachments/1111726035533307934/1111727696645476462/image.png

c
If you're using sendgrid and you want to send mail from your domain, you're missing an include: part of it. That would block all email from your domain
t
So, what can i do?
c
looks like for Sendgrid, you would want 
v=spf1 include:sendgrid.net -all
, I would follow the steps in sendgrid it they give any
t

https://cdn.discordapp.com/attachments/1111726035533307934/1111728517319770142/image.png

So, ok?

https://cdn.discordapp.com/attachments/1111726035533307934/1111728607262416927/image.png

in this way DKIM and SPF are set fine?
these settings will fix this problem? This is the mail system at host mo559.mail-out.ovh.net. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host gmail-smtp-in.l.google.com[142.250.13.27] said: 550-5.7.26 This mail is unauthenticated, which poses a security risk to the 550-5.7.26 sender and Gmail users, and has been blocked. The sender must 550-5.7.26 authenticate with at least one of SPF or DKIM. For this message, 550-5.7.26 DKIM checks did not pass and SPF check for [savagerealms.it] did not 550-5.7.26 pass with ip: [178.32.114.3]. The sender should visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for 550 5.7.26 instructions on setting up authentication. g7-20020a5d46c7000000b0030ad47e4b68si980056wrs.591 - gsmtp (in reply to end of DATA command)
c
Looks ok. That's the sending side set
This is from you trying to send an email out of your OVH email?
If so, unless OVH uses Sendgrid, you'd have to whitelist their own outgoing stuff
t
how can i do?
I'm using a web host of OVH with MX plan... but i use cloudflare as shield
c
That's an OVH question, depends on their setup. I would look at your old OVH DNS for the SPF & DKIM records they created for you
t
wait

https://cdn.discordapp.com/attachments/1111726035533307934/1111729876152635422/image.png

c
It may be worth mentioning: CF tries to autodiscover your old records and import them, but it's just an attempt. It's worth double checking all of the records you had at OVH and making sure CF imported them all right as well
t

https://cdn.discordapp.com/attachments/1111726035533307934/1111729941042704394/image.png

c
add include:mx.ovh.com next to your existing include rule in your existing spf record @ cloudflare
t
and sendgrid?
c
yea, you can have them both like 
v=spf1 include:sendgrid.net include:mx.ovh.com -all
t
and what about DKIM?

https://cdn.discordapp.com/attachments/1111726035533307934/1111730664925040700/image.png

Now the mail has not the "insecure message" title
c
I'd wager that's what the autoconfig and autodiscover records where for, but it also might not be enabled by default
t
and the image is not an interrogative symbol
c
click on the three dots on the far right side, and then click "Show original"
check for DKIM pass
t

https://cdn.discordapp.com/attachments/1111726035533307934/1111731092681134100/image.png

c
looks like OVH doesn't have DKIM, or it's not enabled by default
t
so, what can i do?
D:
if it's possible
c
That's a question for OVH
t
oh...
ok
c
I would explore their admin panel/help desk/support/etc about that
t
wait
c
It looks like they are not signing the messages with DKIM at all
t
can u help me reading this?
c
I don't speak Italian
t
in english wait
c
That looks like very generic email advice though, you need something specific to their email service
t
in english
but these are options for ovh dns zone
and not for cs DNS zone
IDK
c
You need a guide/information on how you would turn on DKIM for their email service. They need to generate the keys, and start signing email with them, and you add the required dns records. That is just a generic guide on the various steps you might do (spf, dkim, dmarc, reverse ips)
t
ok
Thank you @Chaika
😄
2 Views
PreviousNext
Powered by