• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Emails from php are waiting but not send...

Heinrich

Basic Pleskian
Hi,

for some reason the mails send by php scripts (which are the only ones that should be send by the server) are all showing up in plesks overview of pending email, but aren't send.

Is there any idea why this could happen ?

If I start postfix, I get a warning:
postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdrop

But it doesn't really help me...
 
Well, I searched the forums, and the internet, but came up empty.

I, obviously, run postfix. I'm not entirely sure about the version of PLESK (it is 12.x - hence the forum) and some version of ubuntu...
 
how would I check that?

telnet localhost 25 returns

220 werwolf-live.de ESMTPS Postfix (Ubuntu)

with werwolf-live.de being my server...
 
Hi Heinrich,

you have several issues on your server:
  1. DMARC issue: Missing or Invalid Record = no DMARC record is found.
  2. Reverse DNS does not match SMTP Banner ( Mail-server reports being named "werwolf-live.de", but a reverse check for your IP "85.214.138.227" reports the PTR record "h2289992.stratoserver.net"
  3. SPF issue: No records found = no SPF record, or TXT record was found, defining possible rules for SPF
  4. No valid DKIM and/or DomainKeys record is defined
  5. Mail - server certificate is a self-signed certificate ( ... but you have an existing, valid certificate from COMODO for werwolf-live.de and www.werwolf-live.de )

For 1.: Consider to add a DMARC record at your primary nameserver ( login over your domain - provider Strato ), as for example:

Domain Type TTL Answer
_dmarc.werwolf-live.de TXT 3600 v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=none
( the eMail - adress "[email protected]" should be existent and mails should be polled periodically from this address )
( Test your configuration after some hours - new DNS records may take up to 48-72 hours, to be synced with all world-wide nameservers - at for example: https://dmarcian.com/dmarc-inspector/werwolf-live.de )
( Configure your very own possible DMARC definitions at: http://www.kitterman.com/dmarc/assistant.html )


For 2.:
Consider to change your reverse record for the IP "85.214.138.227" to "werwolf-live.de"

Some server hosting companies don't allow customers to change the PTR record for the rented IP, or charge something extra per month, if you desire a change. Please contact your server - hosting provider for decent informations about its unique policy.
To resolve possible mail - delivery issues from or to your mail - server, you should consider to add a matching reverse record for your IP, according to your MX - record and the defined server hostname.
( Test your possible new configuration after some hours - new DNS records may take up to 48-72 hours, to be synced with all world-wide nameservers - at for example: http://mxtoolbox.com/subnet/?filter=85.214.138.227/29&source=findmonitors&domain=85.214.138.227 )


For 3.:
Actually, there is no SPF record ( or TXT record, with SPF definitions ). Consider to add one at your primary nameserver ( login over your domain - provider Strato )

A standart SPF record can be set as "SPF" or "TXT" record on your nameserver to avoid delivery issues from or to your mail - server. A possible example would look like:​

Example for a valid TXT record:
Domain Type TTL Answer
werwolf-live.de TXT 3600 "v=spf1 +a +mx +a:servername.werwolf-live.de +ip4:85.214.138.227 ?all"
( the entry "+a:servername.werwolf-live.de" should match your setting at "/etc/hostname" )
( Please see a very nice documentation ( written for Plesk 11.5, but still valid ) at: http://blog.matoski.com/articles/spf-dk-dkim-plesk-debian/ <= external link, please inform me, if the link goes dead, so I can replace the link with a valid URL to a decent documentation ).
( Test your configuration after some hours - new DNS records may take up to 48-72 hours, to be synced with all world-wide nameservers - at for example: http://mxtoolbox.com/domain/werwolf-live.de/ or http://www.mail-tester.com/ )

Example for a valid SPF record:
Domain Type TTL Answer
werwolf-live.de SPF 3600 "v=spf1 +a +mx +a:servername.werwolf-live.de +ip4:85.214.138.227 ?all"
( the entry "+a:servername.werwolf-live.de" should match your setting at "/etc/hostname" )
( Please see a very nice documentation ( written for Plesk 11.5, but still valid ) at: http://blog.matoski.com/articles/spf-dk-dkim-plesk-debian/ <= external link, please inform me, if the link goes dead, so I can replace the link with a valid URL to a decent documentation ).
( Test your configuration after some hours - new DNS records may take up to 48-72 hours, to be synced with all world-wide nameservers - at for example: http://mxtoolbox.com/domain/werwolf-live.de/ or http://www.mail-tester.com/ )


For 4.: Actually, there is no DKIM and/or DomainKeys record ( a TXT record, for DKIM and/or DomainKeys - validation ). Consider to add these records at your primary nameserver ( login over your domain - provider Strato )

A standart DKIM and/or DomainKeys record can be set as "TXT" record on your nameserver to avoid delivery issues from or to your mail - server. A possible example would look like:​

Example for a valid DKIM - TXT record:
Domain Type TTL Answer
_adsp._domainkey.werwolf-live.de TXT 3600 dkim=all
mail._domainkey.werwolf-live.de TXT 3600 v=DKIM1; k=rsa; t=s; p=DKIM_KEY_WHICH_WAS_GENERATED_FOR_YOUR_SELECTOR_mail._domainkey_AND_THE_CORRESPONDING_DOMAIN
_domainkey.werwolf-live.de TXT 3600 o=-; r=abuse@werwolf-live.de;

( the eMail - adress "[email protected]" should be existent and mails should be polled periodically from this address )
( Please see a very nice documentation ( written for Plesk 11.5, but still valid ) at: http://blog.matoski.com/articles/spf-dk-dkim-plesk-debian/ <= external link, please inform me, if the link goes dead, so I can replace the link with a valid URL to a decent documentation ).
( Test your configuration after some hours - new DNS records may take up to 48-72 hours, to be synced with all world-wide nameservers - at for example: http://dkimcore.org/tools/keycheck.html )

Example for a valid DomainKeys - TXT record:
Domain Type TTL Answer
default._domainkey.werwolf-live.de TXT 3600 p=DomainKeys_KEY_WHICH_WAS_GENERATED_BY_PLESK_FOR_YOUR_DOMAIN_PLEASE_SEE_THE_ENTRY_AT_YOUR_PLESK-DNS-SETTINGS_AT_YOUR_DOMAIN
_domainkey.werwolf-live.de TXT 3600 o=-; r=abuse@werwolf-live.de;

( the eMail - adress "[email protected]" should be existent and mails should be polled periodically from this address )
( Please see a very nice documentation ( written for Plesk 11.5, but still valid ) at: http://blog.matoski.com/articles/spf-dk-dkim-plesk-debian/ <= external link, please inform me, if the link goes dead, so I can replace the link with a valid URL to a decent documentation ).
( Test your configuration after some hours - new DNS records may take up to 48-72 hours, to be synced with all world-wide nameservers - at for example: http://dkimcore.org/tools/keycheck.html )


For 5.: Consider to replace the self-signed certificate for your mail - server with the valid one from COMODO ( valid for werwolf-live.de and www.werwolf-live.de )

If you don't change the MX - record and don't change the myhostname - settings in your mail - configuration, then you can use the existent valid COMODO certificate as well for your mail - server, to secure it. At the moment you use postfix and added a self-signed certificate, so I assume that you don't need any further suggestion, how to do that. :D



For your previous reported issue in this thread, please consider to have a closer look at the mentioned search
 
Hi, thank you for the analysis. Unfortunately I have no idea what most of it means.
For now I have told PLESK to deinstall postfix, then reinstall it, and it seemt so work, even though I lost the mail queue.

So far, h2289992.stratoserver.net is the name the provider assinged to the server. werwolf-live.de and other domain names were assinged by me. I thought PLESK would handle setting up the rest.

I'm not sure how to change DNS records in the webtools my provider offers. And I'm to worried about changing anything that should not be changed...
 
Back
Top