1Feb/180

Our own tutorials section provides many helpful hints and tricks

Not only are we constantly improving and expanding our data centers, as reported recently. At the same time, we are publishing useful tutorials, which offer you solutions and short cuts for common issues and hopefully simplify the administration of your virtual or dedicated server.

Did you know that we have created a special section on our website for that? There you can find all the articles we have published so far - and in the future, many more tutorials will be added!

Just take a look at our own knowledge base, and please do not forget to bookmark it for future reference 😉

Is there anything missing, or do you have a special question in mind which we could deal with? Just let us know and our technical department will further check its feasibility.

As usual, we are available for all other inquiries every day of the year: Just contact our customer service department!

Posted by: Markus | Tagged as: , , , , No Comments
10Jun/162

DomainKeys and DKIM in Plesk and cPanel

DomainKeys and DKIM can help you to increase the reputation of your e-mail server and preventing others to manipulate or fake your e-mails. In this tutorial, we want to show you how you can activate this feature in cPanel and Plesk. Firstly, we have to clarify that Plesk allows you to activate DomainKeys in the web interface and that cPanel is using the newer version called DKIM. Those are both quite similar in many points, but we will use those terms separately. All the images in this tutorial can be shown in a bigger version with all the details, by clicking on them. We will often use the example domain "yourdomain.com". It has to replaced with your own one, whenever it appears.

DKIM in cPanel

After you logged into your cPanel account, please search for "Authentication" in the search bar. The matching tool will now get shown in the e-mail section. After opening it, you might see that DKIM has not been activated so far. In this case, please click on the button "Activate". The notification should now look like this, possibly with an error message:

new

If you have your own server with cPanel and you are using it as a name serrver, the configuration of DKIM might be finished already. In this case, the notification will look like in this picture.

If there is, as already mentioned, an error shown, you will have to translate the raw DKIM record into the final record with the correct syntax and insert it into your DNS zone manually. So please mark and copy the whole raw DKIM record. cPanel offers the code in a form we cannot use directly.  Before we can use it, we have to remove all wrong special characters. For this purpose, we can use Notepad, which is available in every basic Windows installation.

 Please insert the string into the editor:

editor raw

The following has to be removed: everything that stands before "v=DKIM1".  Also all the double quotation marks before,  in the middle or at the end of the key. Furthermore, we have to delete the \ in front of the last ";". Please check that there are no line breaks. Now we have to analyse the part after: "p=". In this part, all whitespaces have to be removed. If you had to remove a " in the middle of the key, there will be such a white space right afterwards. If there are none of the mentioned special characters, it is absolutely okay. The result should look like this:

DKIM fin

Now you have to create a TXT record on your DNS server in the DNS zone for the subdomain "default._domainkey.yourdomain.com". The character string created in the previous step, beginning with: "v=DKIM1...", has to be put into the data part of the record. "your domain.com" has to be replaced with your own domain. If you are using our Contabo nameservers for your domain, please log into the Customer Control Panel, navigate to: DNS Zone Management and edit your domain. Please fill in the fields below "create a new entry" like in the following example:

newnew

When you now reload the tool "Authentication" in cPanel with the key F5 on your keyboard, the following should be shown:

success

If you can see the same message, DKIM has been activated successfully.

If there is still an error shown, you should recheck all the points so far. Are you using the nameservers from Contabo or different ones? Did you change the raw DKIM record correctly?  If you have any questions, you can ask our support. We are reachable over the e-mail address support@contabo.com. It would be a pleasure to help you in this matter

Add-on Domain in cPanel

cPanel uses a new key pair for add-on domains. Therefore you can not use the DKIM record from your main domain for the add-on domains too. You have to extract it from the DNS zone management in WHM first, if you are not using your cPanel as DNS server. Webspace customers do not have access to the administrative WHM panel. So please just ask us for the required key. Customers with their own server have to log into WHM.  There, please open the option "Edit DNS Zone" and choose your domain from the list. You should now see several records of different types. You need the one with the name: "default._domainkey". It should be there, if DKIM authentication got activated in cPanel previously. The needed key is added as TXT record on the right side. Please edit it as explained in the chapter "DKIM in cPanel". Finally, please add it in the DNS zone Management of your really used nameserver, for example the Contabo Customer Control Panel.

DomainKeys in Plesk

Please search in the search bar for: "Mail Server settings" and open the tool. At the point : "DomainKeys spam protection", please check the Box "Allow signing outgoing mail". Afterwards, you have to change to the "Mail Settings" of your domain and activate "Use DomainKeys spam protection system to sign outgoing email messages " there, like in the following screenshot:

newnewnew

Then you can open the "DNS Settings" for the affected Domain. An additional TXT entry for the subdomain: "default._domainkey.yourdomain.com" should have appeared.

neeeeew

If it is missing, please repeat all the steps so far, but firstly delete the tick at "Allow signing outgoing mail" in the Mail Server Settings and set it again after saving. If you are using your Plesk as nameserver, the configuration should be finished now. You should now test the configuration. More about this step in the later point: How to test DomainKeys and DKIM.

If you are using other nameservers for your domain, for example the ones provided by Contabo, you have to copy the data part completely and add an identical record in the zone there. To do so, please log into the Customer Control Panel of Contabo, go to the DNS Zone Management and edit the Domain. Please add, like in the following example, a TXT record for the subdomain "default._domainkey.yourdomain.com" with the data part generated by Plesk.

finnew

As you can see in the picture, a second record has to be added. This one defines the policy, that every e-mail has to have a DomainKeys signature. Please add the subdomain "_domainkes.yourdomain.com" with the TXT record: "o=-". With this last step, the configuration of DomainKeys has been finished. To ensure that everything is working perfectly, you should do a test now!

 How to test DomainKeys and DKIM

A good way to test a DKIM or DomainKey configuration, is the DKIMValidator.

After opening the site, you can see a randomly generated e-mail address. Please write an e-mail from your server to this address and, after a few seconds of waiting, open the analysis report with the button "view results". With Strg + F, you can search the site, which gives you a lot information. To check if DomainKeys and DKIM are working, search for: "result =". If it reads "pass", everything is working fine. If there is a "fail" you should start a search for the cause. If you are stuck at some point, you can contact us anytime under the e-mail address support@contabo.com. Our team of experts will stand by your side to get it working!

Posted by: Johannes | Tagged as: , , , , , , , 2 Comments
17May/160

How can I prevent my e-mails getting marked as spam?

You have your own e-mail server, but your e-mails are landing in the spam folder or do not even arrive? This can have several reasons. This tutorial will show you the most important tricks and often overseen configuration mistakes. If you have a webspace package, you will only need the point SPF of this tutorial. In this tutorial we will often use the fictional domain mail.yourdomain.com and the IP address 1.2.3.4. Please replace them with your own ones when you are doing the tests or configuration.

SMTP banner

The SMTP banner is the label of your e-mail server. When it connects to a different e-mail server, it is introducing itself with it. If you have a server from us, it will, at the beginning, answer with something like this:

m1234.contabo.net

A lot of e-mail providers will not accept such a label and send your e-mail directly into the spam folder. So it is better to choose a less generic one like:

mail.yourdomain.com

Please notice, that is has to  be a fully qualified domain name ( FQDN) . That means there has to stand a subdomain like "mail" in front of yourdomain.com. You can request the current SMTP banner by connecting to your server with Telnet over port 25. You can do this in Windows by entering the following command into the Windows  command prompt:

telnet 1.2.3.4 25

Please use your own server IP here. If you are using Windows, you will have to activate Telnet first! (Start --> Control Panel --> Programs and Features --> Turn Windows features on or off--> wait a moment, then check the Telnet Client check box and finish with clicking on OK)
The output might look like this:

220 m1234.contabo.net ESMTP Postfix (Debian/GNU)

"m1234.contabo.net" is the important information in this line. You can leave the session by entering "quit" and hitting enter. In cPanel and Plesk, the mailserver's name in the SMTP banner is equal to the hostname. So you can alter it by changing the hostname in the administration panel.
If you are using Plesk on a Windows server, it is not so easy to change the banner. Please log into your server over RDP, open the tool "MailEnable" and go to: MailEnable Management --> Servers --> localhost --> Connectors. Then choose in the opening list SMTP, click on it with you right mouse key and open "Properties". In the opening window, there are four fields you have to fill in:

Local Domain Name

Here you have to enter you main domain. For example: yourdomain.com.

Default mail domain name

This is your e-mail server name in the SMTP banner. For example: mail.yourdomain.com

DNS Addresses

Here you have to enter the DNS servers. If you have your server in one of our datacenters, the following addresses would work perfectly:

for Nuremberg:
213.136.95.10 213.136.95.11

for Munich:
79.143.183.251 79.143.183.252

Notification email address

Please enter an existing e-mail address.

If you are using Postfix instead of an administration panel, you can change the SMTP banner by using this command in the terminal:

postconf -e "myhostname = mail.yourdomain.com" && postfix reload

Please replace "mail.yourdomain.com" with the new domain name of the e-mail server.

PTR

The PTR, or also called reverse DNS record, is the counterpart of the A-record in a DNS zone.

A-record:

mail.yourdomain.com --> 1.2.3.4

PTR:

1.2.3.4 --> mail.yourdomain.com

Most e-mail servers only accept an e-mail, if the PTR is exactly the same as the name of the mailserver in the SMTP-Banner! If you have for example the following SMTP-Banner:

220 mail.yourdomain.com  ESMTP Postfix (Debian/GNU)

You have to change your PTR like in the upper example, what can be done easily in the Customer Control Panel. Please notice, that you have to change the PTR of the IPv6 address too, if you are using IPv6 additionally to IPv4. It will not harm to do it anyway, if you are not sure.

SPF

With the SPF record you determine that it is only allowed to send e-mails from specific IP addresses. Many e-mail servers are considering e-mails from domains without SPF record as spam. You can add an SPF record in the Customer Control Panel with the DNS Zone Management. The following one should work in most cases:

86400 in TXT "v=spf1 +a +mx ~all"

It will allow the IP named in the A-record and the one of the mailserver, named in the MX-record.

If you use one of our webspace packages, please use the following one:

86400 in TXT "v=spf1 +a +mx +a:mail-relay.contabo.net ~all"

If you have a special configuration, you can use a tool like this to generate an individual SPF:

SPF-Wizard

Blacklists

We always do test our IP addresses, before we give them to our customers. But it is not impossible, that your IP is currently on a blacklist. This will cause your sending attempts to fail despite all your tries to achieve a perfect configuration. If you assume that your IP might be on such a list, you can test for the most important ones on this site:

MX-Toolbox Blacklist Check

Please enter the IP address of your server and wait some seconds for the test! If the IP is listed somewhere (marked in red), you should contact the owners of this list. They will offer a removal form on their home page. The IP should be removed in a few days. Some e-mail providers have their own lists, that can not be reviewed so easily. They normally will send you a bounce e-mail to signal, that the sending attempt failed, with the reason included in it. If they mention an internal blacklist, you can find below some links to the removal forms of such providers:

Microsoft
Yahoo
Google

If you have problems getting your IP removed from such a list, please write an e-mail with the error message and the IP to support@contabo.com. We will help you solving this problem.

Additional points

If you have paid attention to all the points so far, and your e-mails have still problems with reaching the recipient or are landing in the spam folder, it is time to look for the reason in close detail. Have you got a reply when the e-mail was not accepted? Read this e-mail carefully. Often there stands the reason for this behaviour! If you have found such a message, but it does not help you, you are free to sent it with the complete header to our support. Our team of experts at support@contabo.com has a lot of experience with solving such problems!

If the e-mail is arriving but landing in spam, the header of the received e-mail will often contain useful hints. Especially Google makes it easy for the owners of small e-mail servers and often adds a link to its e-mail guidelines. Therefore, it might be useful to send a test e-mail to a Gmail address too, for a further analysis!

Please also take a look on the free MX-Toolbox SMTP Check. Here you have to enter the domain of your e-mail address. The site will test your configuration for common problems!

If nothing helped

If you have worked through the whole tutorial, and there are still problems with sending e-mails, or you need help at some point, you can contact our support. We are there for you everyday from 8:00 to 23:00 (German time) at support@contabo.com.

14Jan/163

Edit Windows Updates in Windows 2012

The following tutorial will show you how you can check and administrate the Windows updates for your Windows Server 2012 system:

1. Please connect to your server using RDP. Please open the control panel of the server and select the option 'System and Security':

Windows Updates 1

2. You will be forwarded to the following site:

Windows Updates 2

Please open the option 'Windows Update'

3. Subsequently you will be forwarded:

Windows Updates 3

You have the choice between 'Check for updates', 'Change settings', 'View update history', and 'Restore hidden updates'. By selecting the option „Check for updates“, an immediate search for updates will be started

4.1. If you choose the option „Check for updates“, Windows will automatically check whether there are updates which need to be installed on your server. If you want to change the settings of the Windows updates, please click the „Change settings“ button:

Windows Updates 4

4.2. If you click on the dropdown field „Install updates automatically (recommended)“ these options will appear:

Windows Updates 5

In general, it is always recommended to install updates automatically (first option), since the security of your server could be endangered if you do not keep the Windows version updated. If you want to select the updates manually, you need to choose the option „Download updates but let me choose whether to install them“. A similar option will be „Check for updates but let me choose whether to download and install them“, where you will have an overview of available updates and you can choose then if you want to download and install them“. On the other hand „Never check for updates (not recommended)“ is not recommended, since this could be dangerous for the security of your system if you do not keep it updated.

4.3. By clicking the link „Updates will be automatically installed during the maintenance windows.“, you will be able to choose a time when you want to perform the maintenance. In the checkbox below the field where you can insert the time, you will have the option "Allow scheduled maintenance to wake up my computer at the scheduled time". If you leave this box selected, your server will be started automatically in order to perform the maintenance/update. If you uncheck the box, the update will be performed as soon as you start the server yourself.

Maintenance

4.4. With the options „Recommended updates“ and „Microsoft Update“ you will additionally have the possibility to get informed about any updates.

5. If you choose the option „View update history“ you will get a list of all updates which have been intstalled on the server already.

Windows Updates 6

If you wish to uninstall an update, you can choose the link „Installed Updates“. You will be forwarded to a list with installed updates and you can uninstall the updates.

If you ever experienced issues with updates, kindly choose the option „Troubleshoot problems with installing updates“. It will be automatically checked whether there are issues related to updates.

6. In the option „Restore hidden updates“ you will get the following:

Windows Updates 7

Updates, which you did not install and which were hidden, will be shown in this list and you can decide whether you want to install them.

18Dec/150

Edit Windows Updates in Windows 2008

The following tutorial will show you how you can check and administrate the Windows updates for your Windows Server 2008 system:

1. Please connect to your server using RDP and open the control panel, where you need to choose the section „System and Security“

WS Updates 2008 EN Bild 1

2. You will be forwarded to the following site, where you need to choose the option „Windows Update“:

WS Updates 2008 EN Bild 2

3. Subsequently you will be forwarded:

WS Updates 2008 EN Bild 3

You will have the choice between 'Check for updates', 'Change settings', 'View update history' and 'Restore hidden updates'. Additionally you have the option „Updates: frequently asked questions“, a help box will be opened if you select this one. By selecting the option „Check for updates“, an immediate search for new updates will be started.

4.1. If you choose the option „Check for updates“ Windows will automatically check whether there are updates which need to be installed on your server. If you want to change the settings of the Windows updates, please click the „Change settings“ button:

WS Updates 2008 EN Bild 4

4.2. If you click on the dropdown field „Install updates automatically (recommended)“ these options will appear:

WS Updates 2008 EN Bild 5

In general it is always recommended to install updates automatically (first option), since the security could be endangered otherwise, if you do not keep the Windows version updated. If you want to select the updates manually you need to choose the option „Download updates but let me choose whether to install them“. A similar option will be „Check for updates but let me choose whether to download and install them“, where you will have an overview of available updates and you can choose then if you want to download and install them“. On the other hand „Never check for updates (not recommended)“ is not recommended, since this could be dangerous for the security of your system if you do not keep it updated.

4.3. With the options „Recommended updates“ and „Who can install updates“ you will additionally have the possibility to get informed about any updates and which user can install the updates, if the account differs from the Administrator account.

5. If you choose the option „View update history“ you will get a list of all updates which have been intstalled on the server already:

 WS Updates 2008 EN Bild 6

If you wish to uninstall an update, you can choose the link „Installed Updates“. You will be forwarded to a list with installed updates and you can uninstall the updates.

If you ever experienced issues with updates, kindly choose the option „Troubleshoot problems with installing updates“. It will be automatically checked whether there are issues related to updates.

6. In the option „Restore hidden updates“ you will get the following:

 WS Updates 2008 EN Bild 7

Updates, which you did not install and which were hidden, will be shown in this list and you can decide whether you want to install them.

9Nov/150

Data transfer with WinSCP

WinSCP is a very useful tool for transferring data to a server. WinSCP is a graphical open source SFTP and FTP client for Windows which supports the old SCP protocol. The client offers a protected data and file transfer between different computers and allows the use of protected "tunnels".

WinSCP can be downloaded from the following page:

Please click here!

WinSCP1ENG

Once you have installed WinSCP and opened the program, you are ready to start.

The file protocol is a very important factor in the data transfer. In the following you will see the advantages and disadvantages of the respective protocols.

SFTP (SSH File Transfer Protocol):

  • Advantages: The connection is encrypted and is established via the SSH port, which means there must be no FTP server installed to transfer data.
  • Disadvantages: Due to the encrypted connection the data transmission is slower then with FTP.

FTP (File Transfer Protocol):

  • Advantages: The data transmission is much faster than with SFTP, since no encryption takes place.
  • Disadvantages: The connection is not encrypted and requires the installation of an FTP server.

SCP (Secure Copy):

  • Advantages: The connection is also like SFTP encrypted and uses the SSH port.
  • Disadvantages: Because of the encrypted connection the data transmission is slower than with FTP.

WebDAV (Web-based Distributed Authoring and Versioning):

  • Advantages: The connection is made over the HTTP port, which is not blocked by a firewall with default settings.
  • Disadvantages: The connection is not encrypted but it can be encrypted by using SSL.

The host name has to be either the IP address of your server or the domain name which is pointing to the corresponding IP address.

The port number depends on the selected file protocol.

In the following you can see the standard ports for these file protocols.

  • Standard SFTP Port: 22
  • Standard FTP Port: 20 and 21
  • Standard SCP Port: 22
  • Standard WebDAV Port: 80

IMPORTANT: The file protocols SFTP and FTP are using the default SSH port number 22. In case this port number has been changed, you will have to use the configured custom port number to connect.

The user name is the user which has the permissions to connect to your server.

For example: root

ATTENTION:

The user root has full permissions on the server and if important system data is altered or deleted, the operating system may become unbootable.

A connection possibility over the file protocol SFTP could be looking like this:

Click on "Login" to connect to your server.

WinSCP2ENG

You have to accept the security warning now.

WinSCP3ENG

After accepting the security warning you are successfully connected via the SFTP file protocol to your server. In the following picture you can see your local computer on the left hand side and your remotely connected server on the right.

WinSCP4ENG

If you want to transfer a single file or a full folder, you can easily move it via drag and drop from your local computer on the left side to your server on the right side. This copies the file to the server and it is available now on the local computer and on the remote server.

WinSCP7ENG

In order to connect to your server using an SSH key, you will have to click on "Advanced..." and go to the menu point "Authentication". You are able to specifiy your private key file there.

WinSCP6ENG

You can close the window once your data transfer has been finished and your connection will be closed.

Posted by: Mike | Tagged as: , , , , No Comments