• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Issue DKIM and mailer daemon emails

QWeb Ric

QWeb Ric

Regular Pleskian
Server operating system version
CentOS Linux 7.9.2009
Plesk version and microupdate number
Plesk Obsidian Version 18.0.44 Update #3
We recently added DKIM to main domain, to combat some spam issues and get our sender reputation back up, but our server hostname is a subdomain of this domain and it looks like this is resulting in mailer daemon bounce emails being rejected because they're not sent with the appropriate DKIM signature.

i.e. the server is hosting3.[domain].co.uk and one of the domains it hosts is [domain].co.uk, which has DKIM enabled, and now in the mail logs when the server tries to generate a mailer daemon email from hosting3.[domain].co.uk, I'm seeing "550 Sender's policy prohibits this message: Reject (in reply to end of DATA command))" because these emails don't contain the DKIM for [domain].co.uk

Similarly, the usual Plesk generated emails for things like resource usage notifications don't seem to include this DKIM signature either.

Not sure what the resolve is for this one?
 
I am afraid that currently DKIM for the hostname is unsupported. We have a feature request for it, but it did not get many votes, so it is not a priority. Maybe you would like to add your vote to it?

Until then, maybe you can change the hostname so that it becomes independent of your domain's DKIM settings.
docs.plesk.com

Changing Your Server’s Host Name

You specify your server’s host name during your very first login to Plesk. If you want to change the host name later,...
docs.plesk.com docs.plesk.com
 
Voted.

For anybody else stumbling on to this, until it's properly resolved we just adopted a DMARC policy of p=quarantine;sp=none; which seems to work well enough. It offers basically zero protection against mail spoofing but means your legitimate emails with DKIM signatures at least make it through the spam filters.

We really do need a proper fix though.
 
Any news on this or recommendations? I also stumbled across this. Setting a different fully qualified hostname seems to create other problems.
 
Hi, @hobala . Please try creating hostname.com domain (or subdomain) on the corresponding Plesk servers, and enable DKIM signing feature in Domains > example.com > Mail > Mail Settings menu. If you have the DNS managed externally "How to configure external DNS" will show you what record needs to be added at the DNS zone.
 
You must log in or register to reply here.

Similar threads

E
Question DMARC p=reject not rejecting spoofed inbound mail (MAILER-DAEMON sender)
Replies
3
Views
2K
enduser
E
M
Issue Postfix: how to set DKIM to send email from another domain on the same server
Replies
0
Views
973
MHC_1
M
E
Issue DMARC p=reject causes locally generated DSNs (MAILER-DAEMON) to be silently discarded
Replies
2
Views
1K
enduser
E
nethubonline
Forwarded to devs Possible DMARC Bypass - Spoofed MAILER-DAEMON Return-Path Not Rejected
Replies
10
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
J
Issue Delivery Status Notifications put into spam by DMARC
Replies
5
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top