• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue DKIM and mailer daemon emails

QWeb Ric

QWeb Ric

Basic Pleskian
Server operating system version
CentOS Linux 7.9.2009
Plesk version and microupdate number
Plesk Obsidian Version 18.0.44 Update #3
We recently added DKIM to main domain, to combat some spam issues and get our sender reputation back up, but our server hostname is a subdomain of this domain and it looks like this is resulting in mailer daemon bounce emails being rejected because they're not sent with the appropriate DKIM signature.

i.e. the server is hosting3.[domain].co.uk and one of the domains it hosts is [domain].co.uk, which has DKIM enabled, and now in the mail logs when the server tries to generate a mailer daemon email from hosting3.[domain].co.uk, I'm seeing "550 Sender's policy prohibits this message: Reject (in reply to end of DATA command))" because these emails don't contain the DKIM for [domain].co.uk

Similarly, the usual Plesk generated emails for things like resource usage notifications don't seem to include this DKIM signature either.

Not sure what the resolve is for this one?
 
I am afraid that currently DKIM for the hostname is unsupported. We have a feature request for it, but it did not get many votes, so it is not a priority. Maybe you would like to add your vote to it?
plesk.uservoice.com

Allow DKIM/DMARC/SPF records for the server's hostname domain

This thing that Plesk does not present DKIM public key, referred to server's hostname, is quite annoying. cPanel does, for example. And I'm not going to mess things up with changing hostname, so to match it with a newly created domain (whose purpose would be just having a DKIM in place).
plesk.uservoice.com

Until then, maybe you can change the hostname so that it becomes independent of your domain's DKIM settings.
docs.plesk.com

Changing Your Server’s Host Name

You specify your server’s host name during your very first login to Plesk. If you want to change the host name later,...
docs.plesk.com docs.plesk.com
 
Voted.

For anybody else stumbling on to this, until it's properly resolved we just adopted a DMARC policy of p=quarantine;sp=none; which seems to work well enough. It offers basically zero protection against mail spoofing but means your legitimate emails with DKIM signatures at least make it through the spam filters.

We really do need a proper fix though.
 
You must log in or register to reply here.

Similar threads

E
Issue Mails from MAILER-DAEMON go to spam
Replies
0
Views
1K
empty
E
I
Issue Mails sent by MAILER-DAEMON to spam
Replies
6
Views
2K
Bobbbb
B
F
Resolved System mails (MAILER-DAEMON) Undelivered Mail Returned to Sender
Replies
6
Views
2K
fvrk4n
F
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
2K
cmartinez127
C
C
Resolved DKIM is valid but signature fails
Replies
6
Views
4K
cmartinez127
C
Back
Top