Question Plesk notification emails SMTP

[dvcllama]

Hey, I just set up a Plesk.

My plesk is running on plesk.example.com and my 'send-from-email-address' / the system-email-address is [email protected].
I have 2 questions.

Can I send system / notification emails from plesk via a SMTP server / via my Plesk SMTP server? I just can't find the option, but this seems like a basic function. I wan't to add dkim and proper security options to such emails.

Let's assume there is a domain derp.com, poiting to the same IP address like example.com does (they are both installed on my plesk), and now if I add a spf record for example.com like this: v=spf1 +a +mx +alesk.dvc.gmbh -all, would this mean that derp.com is now also allowed to send mails from derp.com, since it is the same IP-address?

 

[Ales]

Apparently notification emails can't be sent through a SMTP nor can the from address be changed specifically for this purpose. Refer to Plesk Help Center: How to change 'from' field in Plesk email notifications sent to clients?

Quite an omission, if you ask me... hopefully this will be added in the future.

To answer your last question: no, because a SPF record in the example.com's DNS will have no effect on the behavior of derp.com. You need to add a SPF record to the derp.com's DNS.

 

[Ehud]

This should be enabled, as the way the emails are sent, doe NOT enable adding DKIM signature, which leads them to spam, which might be a security issue.

IMHO, Plesk should take more seriously ANY security exposure arising from its product, and QUICKLY enable sending srever alert emails with a DKIM signature, in one way or another.

 

[Peter Debik]

@Ehud What is your "way the emails are sent"?

 

[Ehud]

Hi Peter Debik,

I mean the way the Plesk server generates the notification emails it creates and sends, is out of admin's control.

I could find no way / server location to manually configure the generation of those emails to.


What I would wish is the ability as an admin, to:

1) include enforcing a DKIM signature.
2) Assure the FROM DOMAIN is the one configured, which I select, as mail.example.com
3) Assure the e-mail addresses of: sender, from, reply_to are identical and are ALL INCLUDED in the mail header
4) Assure the e-mail addresses use the same DOMAIN as in the FROM DOMAIN

All of the above, might cause DMARC to fail.


Not to talk of, manually replacing the created by Plesk DKIM private key (which I could only for the same selector named 'default' and at the same directory where the precious private_key was in, or protecting that directory via .htaccess (Plesk WordPress ToolKit including in the nginx conf file it currently manipulates?), or setting a protecting password for the content of private_key while enabling it to sign dkim.

 

[Peter Debik]

What I would wish is the ability as an admin, to:

1) include enforcing a DKIM signature.

Implement support of SPF, DMARC and DKIM anti-spam methods for Plesk email notifications

Plesk email notifications to the administrator's email address get into Spam folder at public email providers because they are not protected by SPF, DMARC or DKIM anti-spam methods. It is required to enhance the Plesk notification system so that Plesk email notifications are treated as...

plesk.uservoice.com

Please vote for it and the following mentions if you believe this is a feature that should be added.

2) Assure the FROM DOMAIN is the one configured, which I select, as mail.example.com

https://support.plesk.com/hc/en-us/articles/12377514497175-How-to-change-from-field-in-Plesk-email-notifications-sent-to-clients-

Not to talk of, manually replacing the created by Plesk DKIM private key

DKIM - needed to import own keys

DKIM - needed to import own keys It is not fair solution that Plesk generate a private key, and i cannot extract and date them in a seperate Backup Please let us import our own DKIM keys

plesk.uservoice.com

(which I could only for the same selector named 'default'

custom dkim selector name

It's a shame you are obliged to have a DKIM selector (key) name of 'default', and there is no ability to rotate keys as once you update the 'dafault' key will change value, meaning messages sent under the prior key, also called 'default', will fail. GMail offers a nice option where you specify...

plesk.uservoice.com

and at the same directory where the precious private_key was in, or protecting that directory via .htaccess (Plesk WordPress ToolKit including in the nginx conf file it currently manipulates?),

Keys are not stored in web server accessible directories, hence such a protection is not needed.

or setting a protecting password for the content of private_key while enabling it to sign dkim.

Makes no sense, because admins who can access these files could also access password files. Encrypted keys (and files in general) cannot be used to verify signatures either.

 

[Ehud]

Regarding:

2) Assure the FROM DOMAIN is the one configured, which I select, as mail.example.com

https://support.plesk.com/hc/en-us/...in-Plesk-email-notifications-sent-to-clients-

FROM_DOMAIN is not the email address. This is coming to have the originating domain being reported as FROM DOMAIN when using an external email service as AWS SES, instead of their AWS domain being reported.