Jump to content

[Solved] Email configuration

DmC

By DmC
in Escalated Requests

 Share

Recommended Posts

DmC Explorer

DmC

Posted
Posted

So I just got an automatic message from Tommy regarding let's encrypt. I assume from Plesk?

Point is that your DMARC failed it:

Authentication-Results: tommy.heliohost.org;

dmarc=fail (p=QUARANTINE sp=NONE) smtp.from=heliohost.org header.from=heliohost.org

Furthermore, the reply to is also wrong as I got an automatic message that's unmonitored when I replied:

Reply-To: =?UTF-8?Q?HelioHost?= <admin@heliohost.org>

I guess it should be support@ ?

wolstech Grand Master

wolstech

Posted
Posted

This is because the SPF record is stale at heliohost.org...it references old IPs from before the Tommy/Johnny rebuilds. Thanks for pointing it out. :) 

Also, admin@heliohost.org is a real email address, it's just not one that's monitored. Not sure if it these alerts can be easily changed to support or not, though it would make sense so people can reply to submit a ticket if they have questions.

Escalating...

  • wolstech changed the title to [Krydos] Email configuration
DmC Explorer

DmC

Posted
  • Author
Posted
4 minutes ago, wolstech said:

This is because the SPF record is stale at heliohost.org...it references old IPs from before the Tommy/Johnny rebuilds. Thanks for pointing it out. :) 

Also, admin@heliohost.org is a real email address, it's just not one that's monitored. Not sure if it these alerts can be easily changed to support or not, though it would make sense so people can reply to submit a ticket if they have questions.

Escalating...

Well I got this as a response sooo 😅

Screenshot_2024-11-27-14-51-41-59_208213728eb6a732b32bf625e881f060.jpg

Krydos Grand Master

Krydos

Posted
Posted
3 hours ago, wolstech said:

Not sure if it these alerts can be easily changed to support or not

We used to have the contact email address set to support@heliohost.org, but unfortunately Plesk sends all sorts of notifications to that email address as well, and the forum ends up getting flooded with random server status stuff. If anyone emails admin@heliohost.org it tells them to email support@heliohost.org instead, because nobody reads admin@heliohost.org.

3 hours ago, wolstech said:

This is because the SPF record is stale at heliohost.org...it references old IPs from before the Tommy/Johnny rebuilds.

Fixed.

  • Krydos changed the title to [Solved] Email configuration
DmC Explorer

DmC

Posted
  • Author
Posted

@Krydos it seems it's not fixed.

I got another one (I'm opening another topic for this):

Message-Id: <20241127214237.3FFA260064B2@tommy.heliohost.org

 

 

Screenshot_2024-11-28-05-58-52-78_208213728eb6a732b32bf625e881f060.jpg

wolstech Grand Master

wolstech

Posted
Posted

DNS is now showing this SPF, which is correct. Plesk does not support DKIM signatures on system emails, so that shouldn't be failing (DKIM signature should be absent). 

"v=spf1 ip4:65.19.141.66 ip6:2001:470:1:1ee::3 ip4:66.220.18.186 ip6:2001:470:1:1ee::2004 ip4:65.19.154.90 ip6:2001:470:1:1ee::1002 ip4:64.62.151.106 ip6:2001:470:1:1ee::2009 include:_spf.google.com ~all"

Would you be able to post the entire email header?

DmC Explorer

DmC

Posted
  • Author
Posted
46 minutes ago, wolstech said:

DNS is now showing this SPF, which is correct. Plesk does not support DKIM signatures on system emails, so that shouldn't be failing (DKIM signature should be absent). 

"v=spf1 ip4:65.19.141.66 ip6:2001:470:1:1ee::3 ip4:66.220.18.186 ip6:2001:470:1:1ee::2004 ip4:65.19.154.90 ip6:2001:470:1:1ee::1002 ip4:64.62.151.106 ip6:2001:470:1:1ee::2009 include:_spf.google.com ~all"

Would you be able to post the entire email header?

https://pastebin.com/YrCzpEYE

wolstech Grand Master

wolstech

Posted
Posted

Not much detail in that one. I was hoping to see the results of the SPF check and DKIM check. Not sure about your client, but in Gmail you can see it by selecting "Show Original" on the menu in the upper right of the email.

I'm looking for a section of the header that looks like the example below (this email was sent by a domain on Lily to a Gmail account, so IPs and domains are different): 

Received-SPF: pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) client-ip=65.19.141.70;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@raxsoft.com header.s=dkim header.b=NUmfdGLe;
       spf=pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) smtp.mailfrom=no-reply@raxsoft.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=raxsoft.com
dkim-signature: v=1; a=rsa-sha256; d=raxsoft.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:Content-Type; bh=b9UyF5AzNjAOx3cmnC4c/vBhOcjVjR1QtMOm7KUSqtY=; b=NUmfdGLeKPUCt77s0mxb01xWCUKKiOnVz/WKukgMxDad9mQyFfXbCfGHBw+he50I+1IMbocKFtfTjVYfQsMdGlR2evln+H0T95cKlcwE/kH2k5mtihDlM2Xz4hTR7/GF2h/OKjoDKBACTNhfaUvU9al/wgzzMl4gFYGpwyzwWWs=

 

DmC Explorer

DmC

Posted
  • Author
Posted
3 minutes ago, wolstech said:

Not much detail in that one. I was hoping to see the results of the SPF check and DKIM check. Not sure about your client, but in Gmail you can see it by selecting "Show Original" on the menu in the upper right of the email.

I'm looking for a section of the header that looks like the example below (this email was sent by a domain on Lily to a Gmail account, so IPs and domains are different): 

Received-SPF: pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) client-ip=65.19.141.70;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@raxsoft.com header.s=dkim header.b=NUmfdGLe;
       spf=pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) smtp.mailfrom=no-reply@raxsoft.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=raxsoft.com
dkim-signature: v=1; a=rsa-sha256; d=raxsoft.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:Content-Type; bh=b9UyF5AzNjAOx3cmnC4c/vBhOcjVjR1QtMOm7KUSqtY=; b=NUmfdGLeKPUCt77s0mxb01xWCUKKiOnVz/WKukgMxDad9mQyFfXbCfGHBw+he50I+1IMbocKFtfTjVYfQsMdGlR2evln+H0T95cKlcwE/kH2k5mtihDlM2Xz4hTR7/GF2h/OKjoDKBACTNhfaUvU9al/wgzzMl4gFYGpwyzwWWs=

 

That's about it, there aren't any more headers.

Not on my Desktop client not on Roundcube webmail either.

I know, I check headers every know an then, but in this particular case that's all it is. Maybe because the recipient is a local account? Technically my e-mail is a local one as far as tommy is concerned. 

DmC Explorer

DmC

Posted
  • Author
Posted (edited)
15 hours ago, Krydos said:

If you think emails sent from Plesk should be able to be signed with DKIM you can vote here https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/45576862-allow-dkim-dmarc-spf-records-for-the-server-s-host

Well I definitely think and the guy who commented on the request (attached), perfectly described what happened here.

Wow though, I mean sure, Plesk isn't cP but there should be a limit, this one is kinda lol 😅

PS: Unfortunately, based on the number of votes, this won't happen.

Screenshot_2024-11-29-16-54-33-89_16c8430dcd18ddacf572a6564ace0150.jpg

Edited by DmC
DmC Explorer

DmC

Posted
  • Author
Posted (edited)

I fixed the issue locally with this simple rule.

Tested it and it works just fine.Screenshot2024-12-01182933.png.b0a0f886740c4dee1e0d980a5536f1fd.png

Edited by DmC

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...