• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

SMTP for outgoing System messages.

enerspace

enerspace

Basic Pleskian
Username:

TITLE

SMTP for outgoing System messages.

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Alma 8.9
Obsidian 18.0.61 #5

PROBLEM DESCRIPTION

System emails, such as notifications to customers, are partially or completely rejected by free email services. Since Gmail and similar providers require SPF and DKIM, emails sent via Plesk can no longer be reliably delivered.

This issue could be resolved by configuring an SMTP server for sending the emails.

STEPS TO REPRODUCE

-

ACTUAL RESULT

Currently, emails are sent as no-reply@servername, so they still partially get delivered.

EXPECTED RESULT

E-mails should ideally be sent via SMTP using the company e-mail address that every customer knows and trusts.

ANY ADDITIONAL INFORMATION

-

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
To my knowledge DKIM isn't a requirement, but a valid SPF record and DMARC record are. Do you have both records added to match the DNS of the hostname of your server?
 
SPF or DKIM for private Senders. More than 5000 mails or AMP = SPF and DKIM Signature.

It would be better to send all emails via an SMTP account instead of authenticating each individual server via SPF. The DKIM signature is not even generated without SMTP.
 
I am afraid I don't quite follow what you are saying. Can you rephrase you question perhaps?
 
You write: To my knowledge DKIM isn't a requirement

And I respond: SPF or DKIM is mandatory for private senders (to GMAIL) and for more than 5000 emails or AMP emails, SPF and a DKIM signature are required. This can be found in Google's help for delivery to GMAIL.

Therefore, sending should generally be done via an SMTP connection, as otherwise the DKIM signature will be missing in outgoing emails.

Best regards
 
I got you now, thank you for clarifying :)

Out of curiosity do you hit the 5000 email threshold with Gmail already? If I am not mistaken the Gmail sending threshold is per sending domain (envelope sender), not per host. That would mean sending a lot of daily notifications before the threshold gets reached. Correct me if I am wrong here.

However as a workaround to get notifications DKIM singed you can specify a specific sender in the panel.ini file with the following configuration. If you specify a sender address who's domain you've added to Plesk server too and enabled DKIM singing for, Plesk notifications will be DKIM signed too. This only applies to Plesk notifications.
Code: 
[notification]
[email protected]

Alternatively you could configure postfix to route any email from a domain (for example the hostname of the server) trough a mail relay server. This of course is a beter harder and requires a separate mail server as a relay. On which you can enabled DKIM signing. (Which is closer to the SMTP suggestion you mentioned). For this you can use the sender_dependent_relayhost_maps option in postfix by creating a file in which you specify the domain sending domain and the relay host. An example configuration would be like this:

Let call this file sender_relay for example.
Code: 
@<SENDER DOMAIN> <RELAY HOST>:<PORT>
Which you'd then postmap whith postmap /ect/postfox/sender_relay

If the mail relay is password protected you'd create a separate file with the credentials. Let call this file sasl_passwd
Code: 
<RELAY HOST> <USERNAME>:<PASSWORD>
And postmap this file to postmap /ect/postfox/sasl_passwd

In the you postfix configuration file main.cf you would add:
Code: 
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
And reload the postfix configuration afterwards (postfix reload).

There also is a feature request on our UserVoice page for having notifications DKIM signed by default, which you can vote for:
plesk.uservoice.com

Implement support of SPF, DMARC and DKIM anti-spam methods for Plesk email notifications

Plesk email notifications to the administrator's email address get into Spam folder at public email providers because they are not protected by SPF, DMARC or DKIM anti-spam methods. It is required to enhance the Plesk notification system so that Plesk email notifications are treated as...
plesk.uservoice.com
 
You must log in or register to reply here.

Similar threads

M
Resolved Plesk monitoring does not work aafter 18.0.61 update
Replies
1
Views
661
Kaspar@Plesk
Kaspar@Plesk
J
Resolved DOMAIN ALIAS - Emails not being forwarded
Replies
1
Views
425
Sebahat.hadzhi
Sebahat.hadzhi
P
Outgoing Mail Control permission denied on CentOS
Replies
8
Views
555
Sebahat.hadzhi
Sebahat.hadzhi
nethubonline
Forwarded to devs "plesk bin certificate -u" change SMTP port setting unexpectedly
Replies
1
Views
214
Sebahat.hadzhi
Sebahat.hadzhi
Jan Bludau
Resolved Patch: Postfix - 37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide
Replies
5
Views
2K
Peter Debik
P
Back
Top