• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Undelivered Mail Returned to Sender SPF problem

EnriqueR

EnriqueR

Regular Pleskian
I have a VPS linux server with 3 IPs. When I send a message to some domains, if sender server have activated the SPF system, it returned messages saying that the sender IP does not match the domain. This of course is true because a VPS server, domains share IP.

Currently I have a domain DNS TXT record set as follows with the 3 server IPs: v=spf1 a mx ip4:x.x.x.x ip4:y.y.y.y ip4:z.z.z.z -all

Can there be something wrong with the DNS configuration? Being a server that shares the IPs with domains, would there be a solution to this problem?

Response undelivered mail returned sample:

host cph-tecon-mx01.customprofessionalhosting.com[185.22.92.54] said:
550-5.7.1 <u[email protected]>: Recipient address rejected: Message rejected due
to: domain owner discourages use of this host. Please see
http://www.openspf.net/Why?s=helo;id=domain.com;ip=x.x.x.x;[email protected]
550 5.7.1 For assistance, see http://www.customprofessionalhosting.com or
contact +34966104748. Please provide the following information in your
problem report: Time: (Feb 18 10:05:10), Client: (x.x.x.x),
Server: (cph-tecon-mx01.interagreisa.es). (in reply to RCPT TO command)
 
Hi EnriqueR,

EnriqueR said:
Can there be something wrong with the DNS configuration? Being a server that shares the IPs with domains, would there be a solution to this problem?
Click to expand...

You have the choice to define the SMTP - greeting at:

Home > Tools & Settings > Server-Wide Mail Settings

Go to: Outgoing mail mode and choose "Send from domain IP addresses and use domain names in SMTP greeting".


Please note as well, that the string "-all" is very strict and doesn't allow temp errors or insufficient configurations. In your example, you should currently use:

For "interagreisa.es":
v=spf1 +a +mx +a:cph-tecon-mx01.customprofessionalhosting.com +ip4:x.x.x.x +ip4:y.y.y.y +ip4:z.z.z.z ?all

For "customprofessionalhosting.com"
v=spf1 +a +mx +a:mail.customprofessionalhosting.com +ip4:x.x.x.x +ip4:y.y.y.y +ip4:z.z.z.z ?all
 
I have used this option with SMTP greeting in Plesk configuration, but in 2 days the server IP have been listed in Spamhaus XBL list. This is the address with the reason:

http://www.abuseat.org/PleskAvoid.html

I had to return to the initial configuration without SMTP greeting. According to the link, this seems to be an error in Plesk.
 
Hi EnriqueR,

I'm now using Plesk since 2009 and never got listed on any spam - list, with over 5000 domains on all my servers... and I cerntainly don't have 5000 IPs. If you setup your DNS correctly and use the option as described, there is absolutely nothing wrong with it, which you should as well see, when you inspect your mail - configuration files.

Pls. consider to add your configuration files and as well the corresponding DNS - entries of each domain, for further investigations and pls. consider to look for solutions / suggestions at the right place and not at "abuseat.org". :rolleyes:
 
So if I enable the option SMTP greeting, what parameters have I to put in TXT DNS for the Spamhaus systems do not block my IP?

Currently I have:
v=spf1 include:spf.mailjet.com a mx ip4:x.x.x.x ip4:y.y.y.y -all

Do you recommend me remove "-all" tag?

Y look for solutions at "abuseat.org" because is the response address from www.spamhaus.org error in XBL.
 
Hi EnriqueR,

is there a reason, why...

1. ... you don't include your hostname ( as defined at "/etc/hostname" ) ?
2. ... you don't use the suggestion, which I already recommended?
3. ... you want to use the strict "-all" - string, even that you may use "?all" as suggested? ( NO!, you should NOT remove the string completely, because this will result in a FAIL - state for your SPF - check )

If you don't want to use the suggestions, pls. READ and follow:

http://www.openspf.org/SPF_Record_Syntax

https://www.ietf.org/rfc/rfc4408.txt


... and last, but not least, please, please, please, use as well the FORUM SEARCH ( with for example the keyword "spf1" ) - you will find dozens of posts with recommendations and suggestions and as well explanations for SPF - entries.
 
You must log in or register to reply here.

Similar threads

F
Resolved System mails (MAILER-DAEMON) Undelivered Mail Returned to Sender
Replies
6
Views
2K
fvrk4n
F
J
Resolved Non delivery mails notifications
Replies
1
Views
534
JuanCar
J
carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
3K
rkbonatto
rkbonatto
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
599
drdna
D
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
503
Change Maker
C
Back
Top