Issue Problems with Mailserver?

[Azurel]

Server operating system version

AlmaLinux 8.10 (Cerulean Leopard)

Plesk version and microupdate number

Plesk Obsidian 18.0.67 Update #2

I am receiving spoofing mails from my own server, so I wanted to see if there is anything wrong with my mailserver configuration. There are several error messages in /var/log/maillog, here are some examples:

postfix-local[852542]: 9E3A125A131F: Could not change Return-Path in message envelope(SRS): No at sign in sender address

add-from[852582]: S852542: Cannot get hostname FQDN from /etc/mailname
plesk-sendmail[852581]: S852542: add-from: stderr: Unable to open file /etc/mailname: No such file or directory
add-from[852582]: S852542: Could not construct 'From:' address, do nothing
plesk-sendmail[852581]: S852542: add-from: stderr: System error 2: No such file or directory
plesk-sendmail[852581]: S852542: check-quota: stderr: SKIP

dk_check[852591]: 17D7825A1382: DKIM Feed: No signature

dmarc[852592]: 17D7825A1382: Unable to store SPF result into DMARC library: 'Function called with nothing to parse'
dmarc[852592]: 17D7825A1382: Unable to store SPF/DKIM results into DMARC library

This is a purely private server and I'm not very familiar with the subject. Is this a problem or a bug in the Plesk configuration?

 

[Yaroslav_T]

Hi! First, let's sort out the logs. Based on the IDs, there are 3 emails in the logs: 9E3A125A131F, S852542, 17D7825A1382.

The first one has only one line in the logs:
postfix-local[852542]: 9E3A125A131F: Could not change Return-Path in message envelope(SRS): No at sign in sender address
So the message basically tells us, that the symbol "@" is missing in the sender email address. Thus, this email won't de delivered.

The 2nd one is more interesting:
add-from[852582]: S852542: Cannot get hostname FQDN from /etc/mailname
plesk-sendmail[852581]: S852542: add-from: stderr: Unable to open file /etc/mailname: No such file or directory
add-from[852582]: S852542: Could not construct 'From:' address, do nothing
plesk-sendmail[852581]: S852542: add-from: stderr: System error 2: No such file or directory
plesk-sendmail[852581]: S852542: check-quota: stderr: SKIP
The main issue here is "Unable to open file /etc/mailname: No such file or directory", so I'd suggest checking if the file is indeed present on the server. Note that this file is used by the Deb-based OSes (while you specified Alma8), while RHEL-based OSes don't have it naturally. Here is an example from my test server(deb12):
# ls -lah /etc/mailname
-rw-r--r-- 1 root root 26 Feb 16 14:05 /etc/mailname
Likely, this is the main issue - the other operations fail because they need to get a domain name from /etc/mailname to "do their job". The content is just a hostname of the mail server (usually the same as for the whole server and can be found at Tools & Setting > Server Settings).

The 3rd message:
dk_check[852591]: 17D7825A1382: DKIM Feed: No signature
dmarc[852592]: 17D7825A1382: Unable to store SPF result into DMARC library: 'Function called with nothing to parse'
dmarc[852592]: 17D7825A1382: Unable to store SPF/DKIM results into DMARC library
SPF/DKIM/DMARC mechanisms (used to provide better email security) fail cause either they were not set up, or the checks themselves fail.
All these mechanisms can be enabled via Plesk GUI (either in Tools & Settings > Mail or in the mail settings of the domain). Here is also an article to get yourself familiar with the basics. These are the same mechanisms to protect the server against mail spoofing too and you may configure them as so - https://support.plesk.com/hc/en-us/articles/12377380746903

 

[Azurel]

first one, because of from=<MAILER-DAEMON> there is no "@"

postfix-local[852542]: 9E3A125A131F: arc-sign: stderr: PASS
postfix-local[852542]: 9E3A125A131F: Could not change Return-Path in message envelope(SRS): No at sign in sender address
postfix-local[852542]: 9E3A125A131F: send message: id=S852542 from=<MAILER-DAEMON> to=<[email protected]>

2nd
I have AlmaLinux8 not deb-based OS. So why I get this?

# ls -lah /etc/mailname
ls: cannot access '/etc/mailname': No such file or directory

Is this a bug in plesk?

3rd
All this mechanisms are enabled since years and all tests passed in every tool like Newsletters spam test by mail-tester.com see screenshot.

These are the same mechanisms to protect the server against mail spoofing too and you may configure them as so - https://support.plesk.com/hc/en-us/articles/12377380746903

Thank you, I will have a look at it.

 

[Azurel]

For 2nd; I have created it with:

# hostname -f | sudo tee /etc/mailname

The command hostname -f outputs the same value as the "Full hostname" field in the Plesk Server Settings.

 

[Azurel]

These are the same mechanisms to protect the server against mail spoofing too and you may configure them as so - https://support.plesk.com/hc/en-us/articles/12377380746903

Unfortunately, this has the drawback of blocking completely legitimate senders who have not yet implemented SPF. This configuration only makes sense if you require 100% security and assume that all valid senders use SPF.
Such a warning should be included in the article. It is quite possible that not everyone is aware of this or thinks about it.

Sorry for the mass posting, but it's not possible to edit my previous posts.