• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved DMARC function failure

B

Bobb

New Pleskian
I am running Plesk Obsidian 18.0.34 Update #2 on Centos 7.9. It has two domains installed.
I noticed that I had a problem with my mailserver when a couple of users complained about not being able to send mails to other mailboxes within the same domain and to mailboxes in the other domain on the same server. Emails are being received from external domain and sending out emails to external domains also works.

The mail server is setup with the DMARC, DKIM and SPF protection options and that has been working fine for a cpuple of years.
When checking the MAILLOG I noticed a couple of lines which indicated that DMARC process was dropping email originated within one domain and send to the same domain. If I switch off the DMARC setting for the mailserver mails are send successfully within the domain and to the second domain on the same server.

Apr 2 08:44:51 centos7 dmarc[4734]: Starting the dmarc filter...
Apr 2 08:44:51 centos7 dmarc[4734]: Store DKIM result for 'domain1.net' into DMARC library.
Apr 2 08:44:51 centos7 dmarc[4734]: Wrong the essential DMARC policy parameters for 'domain1.net': 'Found DMARC record containd a bad token value'
Apr 2 08:44:51 centos7 dmarc[4734]: DMARC: smtpdomain=domain1.net maildomain=domain1.net mailfrom=user@domain1.net stamp=1617345891 ip=127.0.0.1 adkim=unspecified aspf=unspecified p=UNSPECIFIED sp=UNSPECIFIED pct=100 align_dkim=fail align_spf=fail spfres=pass dkimres=pass dmarccheck=DMARC_POLICY_REJECT dmarcstatus=STOP
Apr 2 08:44:51 centos7 dmarc[4734]: DMARC: REJECT message for user@domain1.net

The DMARC DNS record is standard and hasn't changed for months; v=DMARC1; p=quarantaine; sp=quarantaine; rua=mailto:abuse@domain1.net; ruf=mailto:abuse@domain1.net

I have tried recreating the the DNS record and changing the policy to the default v=DMARC1; p=none. But that didn't change anything.

any suggestion where to look firther?
 
Additional.
If I check the authentication result when sendin a message to Google I get the results:
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=domain1.net
 
Yes, did and it showed no errors. It validated. But as I wrote the DMARC policy has been working for more then a year and I haven't changed the policy setting (defined in the DNS record) for a long time.
 
Bobb said:
Yes, did and it showed no errors. It validated. But as I wrote the DMARC policy has been working for more then a year and I haven't changed the policy setting (defined in the DNS record) for a long time.
Click to expand...
Correction, there was a typo mentioned but after correction it that didn't change the outcome.
 
Digging further I came to the conclusion that what is shown in the Plesk panel as DNS records is not the same what I recover via the commandline.
The Plesk screen shows: v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:abuse@domain1.net; ruf=mailto:abuse@domain1.net
The 'dig TXT _dmarc.domain1.net' command shows:
;; ANSWER SECTION:
_dmarc.domain1.net. 69731 IN TXT "v=DMARC1; p=quarantaine; sp=quarantaine; rua=mailto:abuse@domain1.net; ruf=mailto:abuse@domain1.net"

This has the type 'quarantaine' in it. But the update of the record doesn't seem to trickle down.
 
Issue resolved.
The issue was with a server from the supplier which gave mixed responses on the _dmarc request; one respose with "v=DMARC1; p=quarantaine; ..." and next with "v=DMARC1; p=quarantine;...."
 
As I wrote the DMARC policy has been working for more then a year and I haven't changed the policy setting (defined in the DNS record) for a long time.

You are right, it was working fine until recently. But this is not the kind of issue I would expect from mail delivery. It looks like a problem with my MX records or something like that.

I also tried to set up DMARC on my domain's main domain name as well but didn't receive any email from Google, Outlook or other providers either.
 
You must log in or register to reply here.

Similar threads

TorbHo
Resolved Lots of DKIM/DMARC errors - mails are rejected
Replies
5
Views
447
TorbHo
TorbHo
enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
202
enerspace
enerspace
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
498
W4ru
W
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
985
EnriqueR
EnriqueR
S
Resolved Incoming mail problem from certain domains only
Replies
2
Views
671
SK01
S
Back
Top