• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue DKIM and mailer daemon emails

QWeb Ric

Basic Pleskian
Server operating system version
CentOS Linux 7.9.2009
Plesk version and microupdate number
Plesk Obsidian Version 18.0.44 Update #3
We recently added DKIM to main domain, to combat some spam issues and get our sender reputation back up, but our server hostname is a subdomain of this domain and it looks like this is resulting in mailer daemon bounce emails being rejected because they're not sent with the appropriate DKIM signature.

i.e. the server is hosting3.[domain].co.uk and one of the domains it hosts is [domain].co.uk, which has DKIM enabled, and now in the mail logs when the server tries to generate a mailer daemon email from hosting3.[domain].co.uk, I'm seeing "550 Sender's policy prohibits this message: Reject (in reply to end of DATA command))" because these emails don't contain the DKIM for [domain].co.uk

Similarly, the usual Plesk generated emails for things like resource usage notifications don't seem to include this DKIM signature either.

Not sure what the resolve is for this one?
 
I am afraid that currently DKIM for the hostname is unsupported. We have a feature request for it, but it did not get many votes, so it is not a priority. Maybe you would like to add your vote to it?

Until then, maybe you can change the hostname so that it becomes independent of your domain's DKIM settings.
 
Voted.

For anybody else stumbling on to this, until it's properly resolved we just adopted a DMARC policy of p=quarantine;sp=none; which seems to work well enough. It offers basically zero protection against mail spoofing but means your legitimate emails with DKIM signatures at least make it through the spam filters.

We really do need a proper fix though.
 
Back
Top