DmC Posted Wednesday at 09:36 AM Posted Wednesday at 09:36 AM So I just got an automatic message from Tommy regarding let's encrypt. I assume from Plesk? Point is that your DMARC failed it: Authentication-Results: tommy.heliohost.org; dmarc=fail (p=QUARANTINE sp=NONE) smtp.from=heliohost.org header.from=heliohost.org Furthermore, the reply to is also wrong as I got an automatic message that's unmonitored when I replied: Reply-To: =?UTF-8?Q?HelioHost?= <admin@heliohost.org> I guess it should be support@ ?
wolstech Posted Wednesday at 12:47 PM Posted Wednesday at 12:47 PM This is because the SPF record is stale at heliohost.org...it references old IPs from before the Tommy/Johnny rebuilds. Thanks for pointing it out. Also, admin@heliohost.org is a real email address, it's just not one that's monitored. Not sure if it these alerts can be easily changed to support or not, though it would make sense so people can reply to submit a ticket if they have questions. Escalating...
DmC Posted Wednesday at 12:52 PM Author Posted Wednesday at 12:52 PM 4 minutes ago, wolstech said: This is because the SPF record is stale at heliohost.org...it references old IPs from before the Tommy/Johnny rebuilds. Thanks for pointing it out. Also, admin@heliohost.org is a real email address, it's just not one that's monitored. Not sure if it these alerts can be easily changed to support or not, though it would make sense so people can reply to submit a ticket if they have questions. Escalating... Well I got this as a response sooo 😅
Krydos Posted Wednesday at 04:37 PM Posted Wednesday at 04:37 PM 3 hours ago, wolstech said: Not sure if it these alerts can be easily changed to support or not We used to have the contact email address set to support@heliohost.org, but unfortunately Plesk sends all sorts of notifications to that email address as well, and the forum ends up getting flooded with random server status stuff. If anyone emails admin@heliohost.org it tells them to email support@heliohost.org instead, because nobody reads admin@heliohost.org. 3 hours ago, wolstech said: This is because the SPF record is stale at heliohost.org...it references old IPs from before the Tommy/Johnny rebuilds. Fixed.
DmC Posted Thursday at 03:59 AM Author Posted Thursday at 03:59 AM @Krydos it seems it's not fixed. I got another one (I'm opening another topic for this): Message-Id: <20241127214237.3FFA260064B2@tommy.heliohost.org
wolstech Posted Thursday at 05:03 AM Posted Thursday at 05:03 AM DNS is now showing this SPF, which is correct. Plesk does not support DKIM signatures on system emails, so that shouldn't be failing (DKIM signature should be absent). "v=spf1 ip4:65.19.141.66 ip6:2001:470:1:1ee::3 ip4:66.220.18.186 ip6:2001:470:1:1ee::2004 ip4:65.19.154.90 ip6:2001:470:1:1ee::1002 ip4:64.62.151.106 ip6:2001:470:1:1ee::2009 include:_spf.google.com ~all" Would you be able to post the entire email header?
DmC Posted Thursday at 05:53 AM Author Posted Thursday at 05:53 AM 46 minutes ago, wolstech said: DNS is now showing this SPF, which is correct. Plesk does not support DKIM signatures on system emails, so that shouldn't be failing (DKIM signature should be absent). "v=spf1 ip4:65.19.141.66 ip6:2001:470:1:1ee::3 ip4:66.220.18.186 ip6:2001:470:1:1ee::2004 ip4:65.19.154.90 ip6:2001:470:1:1ee::1002 ip4:64.62.151.106 ip6:2001:470:1:1ee::2009 include:_spf.google.com ~all" Would you be able to post the entire email header? https://pastebin.com/YrCzpEYE
wolstech Posted Thursday at 03:43 PM Posted Thursday at 03:43 PM Not much detail in that one. I was hoping to see the results of the SPF check and DKIM check. Not sure about your client, but in Gmail you can see it by selecting "Show Original" on the menu in the upper right of the email. I'm looking for a section of the header that looks like the example below (this email was sent by a domain on Lily to a Gmail account, so IPs and domains are different): Received-SPF: pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) client-ip=65.19.141.70; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@raxsoft.com header.s=dkim header.b=NUmfdGLe; spf=pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) smtp.mailfrom=no-reply@raxsoft.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=raxsoft.com dkim-signature: v=1; a=rsa-sha256; d=raxsoft.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:Content-Type; bh=b9UyF5AzNjAOx3cmnC4c/vBhOcjVjR1QtMOm7KUSqtY=; b=NUmfdGLeKPUCt77s0mxb01xWCUKKiOnVz/WKukgMxDad9mQyFfXbCfGHBw+he50I+1IMbocKFtfTjVYfQsMdGlR2evln+H0T95cKlcwE/kH2k5mtihDlM2Xz4hTR7/GF2h/OKjoDKBACTNhfaUvU9al/wgzzMl4gFYGpwyzwWWs=
DmC Posted Thursday at 03:49 PM Author Posted Thursday at 03:49 PM 3 minutes ago, wolstech said: Not much detail in that one. I was hoping to see the results of the SPF check and DKIM check. Not sure about your client, but in Gmail you can see it by selecting "Show Original" on the menu in the upper right of the email. I'm looking for a section of the header that looks like the example below (this email was sent by a domain on Lily to a Gmail account, so IPs and domains are different): Received-SPF: pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) client-ip=65.19.141.70; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@raxsoft.com header.s=dkim header.b=NUmfdGLe; spf=pass (google.com: domain of no-reply@raxsoft.com designates 65.19.141.70 as permitted sender) smtp.mailfrom=no-reply@raxsoft.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=raxsoft.com dkim-signature: v=1; a=rsa-sha256; d=raxsoft.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:Content-Type; bh=b9UyF5AzNjAOx3cmnC4c/vBhOcjVjR1QtMOm7KUSqtY=; b=NUmfdGLeKPUCt77s0mxb01xWCUKKiOnVz/WKukgMxDad9mQyFfXbCfGHBw+he50I+1IMbocKFtfTjVYfQsMdGlR2evln+H0T95cKlcwE/kH2k5mtihDlM2Xz4hTR7/GF2h/OKjoDKBACTNhfaUvU9al/wgzzMl4gFYGpwyzwWWs= That's about it, there aren't any more headers. Not on my Desktop client not on Roundcube webmail either. I know, I check headers every know an then, but in this particular case that's all it is. Maybe because the recipient is a local account? Technically my e-mail is a local one as far as tommy is concerned.
Krydos Posted Thursday at 11:41 PM Posted Thursday at 11:41 PM If you think emails sent from Plesk should be able to be signed with DKIM you can vote here https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/45576862-allow-dkim-dmarc-spf-records-for-the-server-s-host
DmC Posted Friday at 02:56 PM Author Posted Friday at 02:56 PM (edited) 15 hours ago, Krydos said: If you think emails sent from Plesk should be able to be signed with DKIM you can vote here https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/45576862-allow-dkim-dmarc-spf-records-for-the-server-s-host Well I definitely think and the guy who commented on the request (attached), perfectly described what happened here. Wow though, I mean sure, Plesk isn't cP but there should be a limit, this one is kinda lol 😅 PS: Unfortunately, based on the number of votes, this won't happen. Edited Friday at 02:58 PM by DmC
DmC Posted 18 hours ago Author Posted 18 hours ago (edited) I fixed the issue locally with this simple rule. Tested it and it works just fine. Edited 17 hours ago by DmC
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now