• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Issue Delivery Status Notifications put into spam by DMARC

J

Jens Johansson

Basic Pleskian
Server operating system version
CloudLinux 8.10
Plesk version and microupdate number
18.0.72 #2
Hi,

we got a problem with mail Delivery Status Notifications (DSN) sent from MAILER-DAEMON@<hostname>. Those reports are classified as spam by DMARC rules.

This problem arises when a customer sends an email to another customer on the same server and requests a Delivery Status Notification for said email. The server then creats the notification and fails to look up the SPF with message "SPF record was not found in Authentication-Results". But there is a valid SPF record for the hostname domain. The hostname domain is acualiy a subdomain with "v=spf1 a -all" and the parrent domain has a DMARC with policy quarantine. So the Delivery Status Notification is put into the spam folder by the server, because of the DMARC rule. But this should not happen for two reasons. First there is a vaild SPF which permits the server/hostname as sender. And second I added the hostname domain to be ignored by DMACR checking in the file /etc/psa/dmarc.conf

Am I missing something or could this be a bug?
 
You need to add an SPF record for the hostname, as well as the domain.
If your hostname is mail.domain.tld you need to create a new SPF record for mail subdomain. So you end up with two SPF records. Eg...

domain.tld v=spf1 a mx -all
mail.domain.tld v=spf1 a mx -all
Click to expand...

I hope that helps.
 
@Jens Johansson , we have a registered bug with ID PPPM-7190 regarding the issue. However, adding the domain to IgnoreMailFrom should be a viable workaround. Could you please try running:

Bash: 
postconf myhostname

and add the value it returns into IgnoreMailFrom, if not already?
 
@Sebahat.hadzhi Thank you for registering this as a bug. The domain which is in postconf myhostname is allready added to IgnoreMailFrom, but the problem remains. Those Delivery Status Notifications are still defered by dmarc controll.
 
Thank you for the update. The second workaround suggested is to modify the DMARC record of the recipient domain: Change "p=quarantine" or "p=reject" to "p=none" at Domains > example.com > DNS Settings. I hope that helps.
 
You must log in or register to reply here.

Similar threads

E
Issue DMARC p=reject causes locally generated DSNs (MAILER-DAEMON) to be silently discarded
Replies
2
Views
2K
enduser
E
TorbHo
Issue IONOS emails rejected with "dmarc: stderr: REJECT" although DMARC check is disabled
Replies
2
Views
2K
hschramm
hschramm
E
Question DMARC p=reject not rejecting spoofed inbound mail (MAILER-DAEMON sender)
Replies
3
Views
2K
enduser
E
nethubonline
Forwarded to devs Possible DMARC Bypass - Spoofed MAILER-DAEMON Return-Path Not Rejected
Replies
10
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
B
Question Couple adjustments for local sending, templates bouncing, and preventing local to spam
Replies
2
Views
996
Bossman
B
Back
Top