skip to Main Content

I am using Plesk (Onyx) in combination with external DNS.
I configured mail and everything seems to be ok, but I am not sure if my mail configuration is correct, because sometimes a DMARC-report states, that a SPF / DKIM verification did not pass.

My configs:

DNS-Records for domain – mydomain.com AND mail.mydomain.com (created the same dns entries twice, for mydomain.com and subdomain mail.mydomain.com, except MX-entry, which is only configured for mydomain.com):

  • Reverse DNS: 123.456.1.1 -> mail.mydomain.com

  • MX: mail.mydomain.com

  • SPF: v=spf1 +a +mx -all

  • _dmarc: v=DMARC1; p=none; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=s; aspf=r

  • domainkey: o=-

  • default._domainkey: v=DKIM1; p=SIGNATUREHERE;

PLESK/Server related:

  • Hostname: zeus.mydomain.com
  • Mailname: mail.mydomain.com

Mail-headers of test mail:

Delivered-To: [email protected]
Received: by 10.31.48.86 with SMTP id w83csp1454833vkw;
        Fri, 6 Oct 2017 01:39:44 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QAKFeawe3fGhxawUkAdVvaqjrBGMTZvJ466CoQNxwFGRk6xInOapHBRt14rI+zpCQmcl4z4
X-Received: by 10.223.184.246 with SMTP id c51mr1352887wrg.250.1507279184077;
        Fri, 06 Oct 2017 01:39:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507279184; cv=none;
        d=google.com; s=arc-20160816;
        b=SignatureHERE
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:subject:to:from:date
         :dkim-signature:message-id:arc-authentication-results;
        bh=4lLj3bndoJBX1fsz99dGcUZLZyWwVlQLXwB3uGl3sKs=;
        b=SignatureHERE
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=default header.b=RUVEDlBN;
       spf=pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Return-Path: <[email protected]>
Received: from mail.mydomain.com (mail.mydomain.com. [123.456.1.1])
        by mx.google.com with ESMTPS id k10si874730wrg.550.2017.10.06.01.39.43
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 06 Oct 2017 01:39:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) client-ip=123.456.1.1;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=default header.b=RUVEDlBN;
       spf=pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Message-Id: <[email protected]>
Received: from mydomain.com (unknown [188.93.221.133]) by mail.mydomain.com (Postfix) with ESMTPSA id 6821B3C00CF for <[email protected]>; Fri,
  6 Oct 2017 10:39:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=default; t=1507279183; bh=4lLj3bndoJBX1fsz99dGcUZLZyWwVlQLXwB3uGl3sKs=; l=26539; h=From:To:Subject; b=RUVEDlBNkO7PgHEEmuAlCSgG+batl5Ple/8O94GKLu7StZJLLa01k4rbjlnKX+3R9
     mWt8+kOAPthM6lro4Z23B7LMk2ueWDpkFJZX3zRnOUC9E7LiIIQXNz83s8N640T6e7
     7a4nFVAWgS9bIu/+TyyInPHOsnbe0/IKZKAyJw9k=
Authentication-Results: zeus.mydomain.com;
        spf=pass (sender IP is 188.93.221.133) [email protected] smtp.helo=mydomain.com
Received-SPF: pass (zeus.mydomain.com: connection is authenticated)
Date: Fri, 06 Oct 2017 10:39:43 +0200
From: MyDomain <[email protected]>
To: [email protected]
Subject: mydomain.com: Test Subject
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

What do I have to change, if I want to use f. e. “[email protected]” as from-address/sender address? Do I need to change the mailname to”mydomain.com”? Can I safely delete DNS entries for mail.mydomain.com, if I change mailname to “mydomain.com”? Is there a way to configure the mailname in PLESK/make sure PLESK does not overwrite it, if a new update/upgrade is made?

EDIT: Test of unlocktheinbox: https://www.unlocktheinbox.com/mail-tester/9YBYhi8wpqo=/

2

Answers


  1. @mfuesslin,

    You should run your email through this email tester, it’s recognized as the #1 email authentication and configuration testing platform. All you have to do is send an email to [email protected] and it will auto-respond in minutes.

    Once you get the results and if you need help fixing any of the items it points you, everyone will be able to help you more because it’s more specific.

    Login or Signup to reply.
  2. mydomain.com is the from domain you’re using, right? You should make sure to have SPF, DKIM, and perhaps DMARC with domain alignment with the envelope from.

    As a side note, is this all that’s in your SPF record? What services do you want to be able to send email out on your behalf? Why not get more specific?
    v=spf1 +a +mx -all

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search