Applicable to:
- Plesk for Linux
Symptoms
-
Emails that are sent locally inside the server (emails from Plesk administrator, local domains or web forms) are rejected or moved to the spam folder with the following records in
/var/log/maillog:CONFIG_TEXT: dmarc[15768]: Starting the dmarc filter...
dmarc[15768]: DMARC: REJECT message for john_doe@example.com
postfix-local[15764]: message discarded by a mail handler
CONFIG_TEXT: dk_check[15713]: Starting the dk_check filter...
dk_check[15713]: DKIM verify result: DKIM Feed: No signature
dmarc[15714]: Starting the dmarc filter...
dmarc[15714]: SPF record was not found in Authentication-Results:
dovecot: service=lda, user=john_doe@example.com, ip=[]. msgid=[20191029070309.A4B6925F@ns1.example.com]: saved mail to INBOX.Spam
dmarc[15714]: DMARC: message moved to QUARANTINE for john_doe@example.com
postfix-local[15648]: message discarded by a mail handler -
The DMARC policy is set as "p=quarantine" (treat with suspicion) or "p=reject" (block outright) in Plesk at Domains > example.com > DNS Settings.
PLESK_INFO: _dmarc.example.com. TXT v=DMARC1; p=quarantine
Cause
This is a Plesk bug with ID PPPM-7190, which is planned to be fixed in future product updates.
Resolution
Apply one of the following workarounds:
Workaround I
-
Check the "Return-Path" value from the email header which was moved to spam:
CONFIG_TEXT: Return-Path: <mail@example.com>
-
Connect to the Plesk server via SSH.
-
Whitelist the domain from "Return-Path" by adding its name to the "IgnoreMailFrom" string in the file
/etc/psa/dmarc.conf:3.1. Create the file
/etc/psa/dmarc.conf:# touch /etc/psa/dmarc.conf
3.2. Open the file in a text editor. In this example, we are using the vi editor:
# vi /etc/psa/dmarc.conf
3.3. Add the required domains as a line after 'IgnoreMailFrom':
Note: Replace example.com with actual domain name(s).
CONFIG_TEXT: IgnoreMailFrom example.com, example.net, example.org
In some unclear cases, the domain name should be added in uppercase letters, see #3094853.4. Save the changes and close the file.
Workaround II
Modify the DMARC record of the recipient domain: Change "p=quarantine" or "p=reject" to "p=none" at Domains > example.com > DNS Settings.
Comments
15 comments
Using Plesk Onyx Version 17.5.3 Update #43 under ubuntu 16.04 there is no dmarc.conf where I can add the domain
@Jürgen Fröhler if it the file is absent just create it. I updated the article with instructions.
Somebody knows if using this temporary solution, will it recognize and stop the spoofing attacks? or it will skip the DKIM and SPF analysis?
Hi, @Antuan Chavez,
As far as I know, it should not skip SPF and DKIM.
When can we expect a fix for this issue?
Hello @Antal,
Right now there is no exact ETA for this bug to be fixed, stay tuned for this article updates.
Until a fix becomes available, use the provided workaround.
2 month old bug that is effecting mailflow. when is this going to get fixed?
Hello @Nucleus Inc. NOC
The ticket was created to check it in more details.
Please, expect this update there.
Hello,
Has this been addressed/fixed in Plesk Obsidian?
@Dr. Koontz
Hi, not fixed yet; there is no ETA for it so far, either. However, it's being worked on.
We are also having this problem. Please have this fixed.
If I modify to "p=none" it is the same. Message is rejected:
If I create dmarc.conf and put there domain which has problem (but there are a lot of domains), then everything is ok:
This is not solution. Any other suggestion? I have latest Obsidian.
Hello,
The solution p=none does not work under Plesk Obsidian 18.0.27 and Debian 8
It is possible to add /etc/psa/dmarc.conf this line to fix it?
IgnoreMailFrom *.*
To whitelist all the domains?
Toujours pas de news là dessus?? no news again??
This bug seems to exist since at least October 2017. Now we have 2023 and it's still present. Is there really a plan to fix it? Today my DMARC filter rejected all mails from the "PMMCli-Daemon".
Please sign in to leave a comment.