• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Mail Delivery System (MAILER-DAEMON) is sending from wrong ipv6 address

F

Frostbolt

Basic Pleskian
We sent an email to an address, but an error occured. Now we receive this email from our own domain:

Code: 
Mail Delivery System <MAILER-DAEMON@[domain]>

This is the mail system at host [domain]

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

This email shows:
SPF: FAIL with IP-adres ...:2

This is strange, because we have configured the domain in Plesk with IP ...:1

How can we make sure that the Mail Delivery System also uses the correct IP address?
 
You can add IP address in the white list using the following method:
  1. Go to Tools & Settings > Mail Server Settings.
  2. Add ip4:203.0.113.2 to the SPF local rules field. More than one entry should be separated by spaces.
  3. Click OK .
 
IgorG said:
You can add IP address in the white list using the following method:
  1. Go to Tools & Settings > Mail Server Settings.
  2. Add ip4:203.0.113.2 to the SPF local rules field. More than one entry should be separated by spaces.
  3. Click OK .
Click to expand...

Sorry maybe I wasn't elaborate enough:

We host multiple domains on our server and use multiple IP's. The ip ...:2 belongs to another domain, so I don't really want to add that to SPF.
Also, we don't use Plesk DNS.
 
Frostbolt said:
Sorry maybe I wasn't elaborate enough:

We host multiple domains on our server and use multiple IP's. The ip ...:2 belongs to another domain, so I don't really want to add that to SPF.
Also, we don't use Plesk DNS.
Click to expand...

It is not a bug.

In essence, each domain has it's own "mail server" (in the form of mail.domain.tld, this is a brief explanation of the system behind it).

The solution suggested by @IgorG is correct: just add the IP to SPF rules in the (general) mail server settings (which apply to all "mail servers" for each domain).

This solution simply results in SPF saying "when IP is belonging to one of your server's IPs, then do [action]" with the action being "allow".

This is exactly in line with what SPF intends to do: a line like

"v=spf1 +a +mx -all"

implies that the (in chronological order, since SPF evaluates mechanisms in order of presence within the SPF line)

- current domains are passed via the +a mechanism,
- domain's MXes are passed via the +mx mechamism,
- all others are prohibited via the -all mechanism.

Note that you do not necessarily have to specify the "+", but it is highly recommended to be explicit in every SPF rule.

Also note that you actually do not need any ip4:<ip4-address>, ip4:<ip4-network>/<prefix-length>, ip6:<ip6-address> or ip6:<ip6-network>/<prefix-length> mechanism in the SPF rule entered in the (general) mail server settings in Plesk: they can be replaced with the more neutral a and mx mechanisms.

However, there is another solution if you do not want to add too much flexibility in SPF rules on a Plesk instance.

This solution simply requires that you have access to DNS management at your registrar (!) and that you add custom TXT records to the domains in question.

The latter solution is recommended, since it will enable you to do some fine-tuning for individual domains.

A small tip when using the latter solution (using custom TXT records for SPF rules): apply a general SPF rule in the (general) mail server settings of Plesk.

Those general SPF rules in Plesk would be: v=spf1 +a/24 +mx/24 +ptr ?all include:spf.trusted-forwarder.org (for both SPF local rules and SPF guess rules)

You can then be more specific in the TXT records containing the SPF rules for a specific domain.

The general idea behind this small tip is that the customized SPF rules in the TXT records can do no harm, when not being strict enough.

Hope the above helps a tiny bit.

Regards.........
 
Dear trialotto,

Thank you for your detailed answer, and sorry for the late reply.
We have DNS management at our registrar, and we have SPF there. Our rule is:
v=spf1 mx ptr ip4:188.165.221.81 ip6:2001:41d0:2:a851::1 mx:mx1.domain.com -all

I don't understand how local SPF rules and SPF rules in the DNS at the registrar work together.

The problem is, that our mail server sends bounces that occur on domain A via the ipv6 from domain B.
 
You must log in or register to reply here.

Similar threads

I
Issue Mails sent by MAILER-DAEMON to spam
Replies
3
Views
1K
Bobbbb
B
E
Issue Mails from MAILER-DAEMON go to spam
Replies
0
Views
371
empty
E
A
Issue DKIM and DMARC issue, emails not sending
Replies
4
Views
377
danami
danami
F
Question Mail delivery status notifications not forwarded
Replies
2
Views
347
fcnjd
F
A
Question Disable local mail delivery
Replies
3
Views
170
Kaspar
K
Back
Top