Applicable to:
- Plesk for Linux
Symptoms
-
Emails that are sent locally inside the server (emails from Plesk administrator, local domains or web forms) are rejected or moved to the spam folder with the following records in
/var/log/maillog:CONFIG_TEXT: dmarc[15768]: Starting the dmarc filter...
dmarc[15768]: DMARC: REJECT message for john_doe@example.com
postfix-local[15764]: message discarded by a mail handler
CONFIG_TEXT: dk_check[15713]: Starting the dk_check filter...
dk_check[15713]: DKIM verify result: DKIM Feed: No signature
dmarc[15714]: Starting the dmarc filter...
dmarc[15714]: SPF record was not found in Authentication-Results:
dovecot: service=lda, user=john_doe@example.com, ip=[]. msgid=[20191029070309.A4B6925F@ns1.example.com]: saved mail to INBOX.Spam
dmarc[15714]: DMARC: message moved to QUARANTINE for john_doe@example.com
postfix-local[15648]: message discarded by a mail handler -
The DMARC policy is set as "p=quarantine" (treat with suspicion) or "p=reject" (block outright) in Plesk at Domains > example.com > DNS Settings.
PLESK_INFO: _dmarc.example.com. TXT v=DMARC1; p=quarantine
Cause
This is a Plesk bug with ID PPPM-7190, which is planned to be fixed in future product updates.
Resolution
Apply one of the following workarounds:
Workaround I
-
Check the "Return-Path" value from the email header which was moved to spam:
CONFIG_TEXT: Return-Path: <mail@example.com>
-
Connect to the Plesk server via SSH.
-
Whitelist the domain from "Return-Path" by adding its name to the "IgnoreMailFrom" string in the file
/etc/psa/dmarc.conf:3.1. Create the file
/etc/psa/dmarc.conf:# touch /etc/psa/dmarc.conf
3.2. Open the file in a text editor. In this example, we are using the vi editor:
# vi /etc/psa/dmarc.conf
3.3. Add the required domains as a line after 'IgnoreMailFrom':
Note: Replace example.com with actual domain name(s).
CONFIG_TEXT: IgnoreMailFrom example.com, example.net, example.org
In some unclear cases, the domain name should be added in uppercase letters, see #3094853.4. Save the changes and close the file.
Workaround II
Modify the DMARC record of the recipient domain: Change "p=quarantine" or "p=reject" to "p=none" at Domains > example.com > DNS Settings.
Comments
14 comments
Using Plesk Onyx Version 17.5.3 Update #43 under ubuntu 16.04 there is no dmarc.conf where I can add the domain
@Jürgen Fröhler if it the file is absent just create it. I updated the article with instructions.
Somebody knows if using this temporary solution, will it recognize and stop the spoofing attacks? or it will skip the DKIM and SPF analysis?
Hi, @Antuan Chavez,
As far as I know, it should not skip SPF and DKIM.
When can we expect a fix for this issue?
Hello @Antal,
Right now there is no exact ETA for this bug to be fixed, stay tuned for this article updates.
Until a fix becomes available, use the provided workaround.
2 month old bug that is effecting mailflow. when is this going to get fixed?
Hello @Nucleus Inc. NOC
The ticket was created to check it in more details.
Please, expect this update there.
Hello,
Has this been addressed/fixed in Plesk Obsidian?
@Dr. Koontz
Hi, not fixed yet; there is no ETA for it so far, either. However, it's being worked on.
We are also having this problem. Please have this fixed.
If I modify to "p=none" it is the same. Message is rejected:
If I create dmarc.conf and put there domain which has problem (but there are a lot of domains), then everything is ok:
This is not solution. Any other suggestion? I have latest Obsidian.
Hello,
The solution p=none does not work under Plesk Obsidian 18.0.27 and Debian 8
It is possible to add /etc/psa/dmarc.conf this line to fix it?
IgnoreMailFrom *.*
To whitelist all the domains?
Toujours pas de news là dessus?? no news again??
Please sign in to leave a comment.