• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How To Bypass SPF/DKIM/DMARC Checks For Local Mail

IanScott

New Pleskian
For various reasons, I have very strict SPF & DMARC dns records. I would like to keep them that way but has created a problem with local mail - for example, a form being filled out that should then send a notification to an email address on the same server.

What is happening is that Postfix picks up the mail from localhost IP :11 and ultimate the message is rejected. Logfile looks like this:

Oct 30 15:42:41 argo postfix/pickup[17071]: 1956868BA: uid=10027 from=<[email protected]>
Oct 30 15:42:41 argo postfix/cleanup[31067]: 1956868BA: message-id=<[email protected]>
Oct 30 15:42:41 argo postfix/qmgr[28869]: 1956868BA: from=<[email protected]>, size=9374, nrcpt=1 (queue active)
Oct 30 15:42:41 argo postfix-local[31070]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Oct 30 15:42:41 argo spamassassin[31071]: Starting the spamassassin filter...
Oct 30 15:42:41 argo spamd[2091]: spamd: connection from localhost [::1]:53830 to port 783, fd 6
Oct 30 15:42:41 argo spamd[2091]: spamd: using default config for [email protected]: /var/qmail/mailnames/MYDOMAIN.com/ian/.spamassassin/user_prefs
Oct 30 15:42:41 argo spamd[2091]: spamd: processing message <[email protected]> for [email protected]:30
Oct 30 15:42:41 argo spamd[2091]: spamd: clean message (0.2/6.0) for [email protected]:30 in 0.2 seconds, 9342 bytes.
Oct 30 15:42:41 argo spamd[2091]: spamd: result: . 0 - BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,NO_RELAYS,TO_NO_BRKTS_HTML_ONLY,URIBL_BLOCKED scantime=0.2,size=9342,[email protected],uid=30,required_score=6.0,rhost=localhos\
t,raddr=::1,rport=53830,mid=<[email protected]>,bayes=0.000079,autolearn=no autolearn_force=no
Oct 30 15:42:41 argo dk_check[31073]: Starting the dk_check filter...
Oct 30 15:42:41 argo dk_check[31073]: DKIM verify result: DKIM Feed: No signature
Oct 30 15:42:41 argo dmarc[31074]: Starting the dmarc filter...
Oct 30 15:42:41 argo dmarc[31074]: SPF record was not found in Authentication-Results:
Oct 30 15:42:41 argo spamd[22146]: prefork: child states: II
Oct 30 15:42:41 argo dmarc[31074]: DMARC: REJECT message for [email protected]
Oct 30 15:42:41 argo postfix-local[31070]: message discarded by a mail handler

+++++++++++++++

I am trying to figure out the best way to deal with this - something in spamassassin rules somewhere? In Postfix?
 
Last edited:
I had this problem. I had to set the form to add a custom header to its email output: "X-Custom-User-Agent: MY_CUSTOM_FORM" in whatever form software you're using. Wordpress forms usually have a field you can customize for this, or you can code one yourself if you have a custom form script.

Then I configured a global dovecot sieve rule that would recognize my custom header and bypass the quarantine.

Here are instructions for creating a global sieve:
Resolved - Global Dovecot Sieve Rule?

And this is what the sieve should contain:
Code:
require ["body","fileinto"];

if anyof (header :contains "X-Custom-User-Agent" "MY_CUSTOM_FORM")
{
   fileinto "INBOX";
   stop;
}
 
Back
Top