Issue Plesk outgoing emails show local device & ISP Public IP in email header

[craigjamesanderson]

Server operating system version

Debian 10.13

Plesk version and microupdate number

Plesk Obsidian 18.0.54

Hello,

Please can someone assist.

I am using Outlook to access and send email from my Plesk server using IMAP/SMTP.

However all the emails I send are showing my ISP's IP in the header so its failing on SPF as the ISP header is not listed in SPF. The ISP IP will always change as its dynamic and users will obviously move around.

How can I prevent it from showing my device name and ISP that I am sending from in the header? In my experience with cPanel this doenst happen.

Any assistance would be great.

Thank you

 

[Peter Debik]

It's common that all hops between sender and recipient are listed in the header. Example from an old-fashioned email transport from a local Thunderbird client through a Debian-based Postfix mailserver to an Outlook recipient:

Return-Path: <service@<mta-domain>>
X-Original-To: test@<somedomain.tld>
Delivered-To: test@<somedomain.tld>
Received: from <mta-domain> (mulde.<mta-domain> [234.234.234.234])
    by <somedomain.tld> (Postfix) with ESMTPS id 576475EE1F63
    for <test@<somedomain.tld>>; Sun, 20 Aug 2023 12:58:03 +0200 (CEST)
Authentication-Results: <somedomain.tld>;
    dmarc=none (p=NONE sp=NONE) smtp.from=<mta-domain> header.from=<sender-domain>;
    dkim=pass header.d=<sender-domain>;
    spf=none (sender IP is 234.234.234.234) smtp.mailfrom=service@<mta-domain> smtp.helo=<mta-domain>
Received-SPF: none (<somedomain.tld>: no valid SPF record)
Received: from [10.0.3.2] (dslb-123-123-123-123.084.057.pools.<some-provider-domain>-ip.de [123.123.123.123])
    (authenticated bits=0)
    by <mta-domain> (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 37KAw21b003835
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO)
    for <test@<somedomain.tld>>; Sun, 20 Aug 2023 12:58:03 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=<sender-domain>;
    s=mulde; t=1692529083;
    bh=DGcnseLWN31g+BnfTrCaGR8Vjp0thIOem52iLi04ONs=;
    h=Date:To:From:Subject;
    b=Kzf+hB1g5UcsVkc8HB/evG8ZI10T+h/77QTY7TjxAAeBU6cwr1stRWAGNd/yYzJ6U
     YMGcz0h476MoOOXDvGZ5WNG7Wzx+H/LqhfGcKBZDSvJ/Z182x+jzLtrsauqGTlTLg1
     fc4i1sCCpmyXnrkYfJYcUu0m3aSK2cHZTU/fqx1Q=
Message-ID: <f060c0e1-f71d-493e-a2d1-63b281603ad0@<sender-domain>>
Date: Sun, 20 Aug 2023 12:58:02 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: test@<somedomain.tld>
From: =?UTF-8?Q?Sendername?= <service@<sender-domain>>
Subject: Test 1257
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Test 1257

Highlighted part, first hop:

Received: from [10.0.3.2] (dslb-123-123-123-123.084.057.pools.<some-provider-domain>-ip.de [123.123.123.123])
    (authenticated bits=0)
    by <mta-domain> (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 37KAw21b003835
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO)
    for <test@<somedomain.tld>>; Sun, 20 Aug 2023 12:58:03 +0200

No Plesk involved.

The client logs in to the SMTP server on the host directly, still the source information of the landline ADSL provider is logged and the local IP address of the machine in the local sender network is logged. I doubt that cPanel can avoid it and as this is the industry standard for email why would anyone want to remove that part anyway?

There is no setting in Plesk by which you can remove it.

 

[craigjamesanderson]

Hi Mark,

thank you for your reply.

Maybe I am missing something.
How can I avoid my emailing failing SPF when the public IP of the internet connection my laptop is connected to is showing as the sending IP, this is an IP that will consistently change and there for SPF will always fail.

Example header below.

It shows my laptop name and current ISP IP whichi is not listed SPF so SPF fails.

 

[Peter Debik]

Are you actually sending mail through your server's SMTP server? Meaning that you login to your server, submit the mail so that the server connects to the recipient server to transmit it?

 

[craigjamesanderson]

Yes so, my outlook client is set to use my server as its outgoing SMTP server. If you check the screenshot my actual server is the second hop in the diagram which has the correct IP for my SPF record.

 

[Peter Debik]

I am not sure what the cause is in your setup, but most of the world is doing it this way and does not experience the same issue. Let us think about your local mail client configuration. I'd first ask to make sure that when you submit a mail from your server, e.g. from Roundcube webmail, it goes through without the same issue. Have you tried that?

Is the "myhostname" parameter in /etc/postfix/main.cf set to your server's hostname, e.g.
myhostname = <your server name here>
?

Then I'd ask what your outgoing mail configuration is. It should be SMTP on port 465 with SSL/TLS. Which mail client are you using?

 

[craigjamesanderson]

Hi Peter,

Thanks for your reply.

As this is my first time setting up Plesk I wouldn't be surprised if it is something I have done wrong in my setup.

Below is my config from /etc/postfix/main.cf and hostname is set correctly, maybe something else isnt?

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = plesk.aicloud.africa
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.aicloud.africa, localhost, localhost.localdomain
relayhost =
mynetworks =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual

Below is a screenshot of the header after sending directly from webmail, it now shows webmail.domain as the sending server with 127.0.0.1 as the sending IP. While this IP doesnt get a red stamp cause its not listed, it still fails SPF auth cause that IP is not listed on SPF.

Email Header Analyzer, RFC822 Parser - MxToolbox



Below is also the config of my outlook client

 

[Peter Debik]

While this IP doesnt get a red stamp cause its not listed, it still fails SPF auth cause that IP is not listed on SPF.

It cannot do that when myhostname is set to your hostname. According to the excerpt above you have set myhostname, so that cannot be the root cause.

I think the problem is rather that your hostname is missing an A entry route for its MX record or the MX record itself (rather likely). The subdomain resolves, but it does not have an MX entry as far as I can check it. The aicloud.africa has, but not plesk.aicloud.africa. That is more likely the cause while SPF checks fail. Could you please first add an MX entry to your servername and route that to the IP address of your server? You can set it to mail.aicloud.africa, because that can be resolved.

 

[Dave W]

Hello,

The hostname on the server is spudify.co.za
This domain resolves to 102.130.121.135 not 65.108.254.56

Mail requires that Hostname >> IP >> Hostname

You could do this;
Set up the server with the hostname srv.spudify.co.za
Create the A record for srv.spudify.co.za in the DNS for spudify.co.za and point it to 65.108.254.56.
Request from your host that they configure an rDNS for 65.108.254.56 to srv.spudify.co.za
Add SSLs for Plesk and Mail services using the hostname srv.spudify.co.za.

You can then use srv.spudify.co.za as the server name in your Outlook/Mail client and https://srv.spudify.co.za to connect to Plesk

Alternatively, you could set the hostname of the server to plesk.aicloud.africa which seems to be correctly configured for your IP address.