• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question DKIM / SPF does not work on my server

O

onki

Regular Pleskian
Server operating system version
Ubuntu 20.04
Plesk version and microupdate number
18.0.49
Hi,

Since I can't send mails to Google mailservers due to missing DKIM/SPF I had activated the option in the mailserver settings (global and domain).
I have seen updated DKIM default domain keys in my domain DNS enties as shown on the popup window after activating DKIM signature.
But when I run the Mailserver configuration test I get a red sign at SPF and DKIM so it is not working properly.
Is there something I have missed that needs to be done in addition?

Best regards
Onki
 
I've had an issue with the DKIM failing after a server move. It should be easy enough to fix by going to the domain, going into mail settings, and toggling off DKIM, apply, then toggling it back on and apply the changes again.

If you're not using the DNS service within plesk but a third party DNS service (like CloudFlare), then you'll need to manually copy the new DKIM settings over to the third party DNS service. DKIM mismatch should be no more.

As for SPF, just make sure your server info (like IPv4 addresses) of all servers that would be utilizing your domain is listed in your SFP record.
 
Hi,

Thank you for your feedback.
I have tried that but with no success.
When I disable the DKIM feature in the mail setting the domain_key entries are deleted as well and after enebling they will show up.
So this should be no problem. SPF TXT records (v=spf1 +a +mx -all) also show up in the DNS settings.
I am not using an external DNS.
When I open the configuration test page there is still a red label at SPF, DKIM and DMARC. It is mentioned that DNS-caching is disabled.
Could this be a problem?

Any other idea?

Best regards
Onki
 
Hi again,

Maybe my problems are based on different domains used with the server.
My server is available under the domain example.net . This is the server name in Plesk.
Mails are sent through a domain that is hosted on this server as well (example.de).
When I check the mail headers the mails are sent through example.net but the mail adress is [email protected]
This might cause the problems with DKIM/SPF.

How do I have to set my DNS settings in example.net / example.de so that I get no problems sending maisl to GMail servers.

Best regards
Onki
 
I am not understanding what you are saying. If you have the email service enabled on a specific domain it should be using that specific domain's setting for everything and only mention of example.net (which would but the full host name of your server) would be the Received From part since it's your server that did the sending but all the verifications would be done at the sending domain part. Do you not have the "Fix incorrectly set sender for outgoing mail" enabled in the server wide mail settings?
 
onki said:
When I check the mail headers the mails are sent through example.net but the mail adress is [email protected]
This might cause the problems with DKIM/SPF.
Click to expand...
No, that is not a problem as long as the SPF for example.de includes any entry that resolves to the IP you're actually connecting from. SPF only cares about IPs, not names.
Where do you run the Mailserver configuration test?
 
Hi again,

I think I have some additional information based on some experiments.
I have Plesk Premium Mail installed since I need the Exchange Active Sync feature.
When I send an email from my xxxx.de account to my Gmail account I do get this info in the mail head:

Received: from xxxxx.net (xxxx.net. [xx.1xx.1xx.4x])
Click to expand...

When using the Webmail feature I do get this line:
Received: from lvpsxx-1xx-1xx-4x.dedicated.hosteurope.de (localhost.localdomain [127.0.0.1]) by xxxx.net (Postfix) with ESMTP
Click to expand...
Could this cause the problem?

In both cases I don't get an undelivered mail from google as this mail adress has been used for a longer period.


Best regards
Onki
 
onki said:
Could this cause the problem?
Click to expand...
No. SPF only checks the currently connecting host against the allowed list because all earlier Received: lines can be totally made up. (That's also why it doesn't go well with forwarding.)
 
I have tried sending a mail through the webmail interface of the .de domain to gopoglemail.
This was working without any problem.
Doing the same through my outlook mail client I still get a undelivered mail. In outlook (EAS) my server is also the .de domain but it seems that webmail is using a different configuration.
Can I add the SPF configuration to my .net server settings to avoid problems?
 
You must log in or register to reply here.

Similar threads

C
Resolved DKIM is valid but signature fails
Replies
6
Views
2K
cmartinez127
C
LinqLOL
Issue Exclude DKIM verification for incoming mail. Plesk solution not working
Replies
1
Views
681
Peter Debik
P
Ehud
Question Could it be DKIM be set for domain example.com, would not work for mail-server mail.example.com?
Replies
0
Views
659
Ehud
Ehud
Kulturmensch
Resolved DKIM fails
Replies
4
Views
1K
Kulturmensch
Kulturmensch
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
2K
Alex Presland
Alex Presland
Back
Top