• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Incorrect email headers for authenticated sessions (ESMTPA)

N

nforde

Basic Pleskian
The problem : Spam Assassin is marking all internal emails (sent via authenticated SMTP sessions by our customers to another email address on our server) as spam.

This is because qmail isn't RFC 3848 compliant. It isn't marking the 'Recieved' header as ESMTPA instead of ESMTP.

Here is an example of how it SHOULD be shown (this is from http://www.fehcom.de/qmail/smtpauth.html) -

Received: from xdsl-81-173-228-159.netcologne.de (HELO mail.fehnet.de) (erwin@fehcom.de@81.173.228.159)
by hamburg134 with ESMTPA; 23 Jan 2005 13:32:13 -0000

As a result, Spam Assassin can't tell it's an authenticated email, and it performs tests on the email that it shouldn't, so the email gets marked as spam (it is treated as an UN-authenticated email from a dynamic IP address).

Is anyone else having this problem? Does anyone know of a solution?

Why doesn't Parallels/Plesk provide a patched version of Qmail that is RFC 3848 compliant? If anyone from Parallels is reading this, here are the patches... http://www.fehcom.de/qmail/smtpauth.html#PATCHES

There is discussion of this issue at the following url. It shows that Postfix now has native support for RFC 3848, but doesn't mention Qmail - http://wiki.apache.org/spamassassin/DynablockIssues
 
What is stopping your dynablock (dynamic IP) rules from being triggered? (when you connect to the smtp server from a typical dynamic IP address).

Here are the typical headers for emails sent from our customers to other customers on the same server -
X-Spam-Level: ******
X-Spam-Status: No, score=6.5 required=7.0 tests=AWL,BAYES_00,DOS_OUTLOOK_TO_MX,
RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC autolearn=no version=3.2.5

ps. On this occassion it didn't get marked as spam, but it would have if the spam threshold was set below 6.5.
 
Do you use submission (port 587) to connect to your SMTP server? That may make a difference, I'm not sure. You could always change the scores for the dynamic IP rules to your liking. Note that we're not using psa-spamassassin, but ART's qmail-scanner with his SpamAssassin package.
 
We use the standard smtp port (25). I don't think changing the port would make a difference to email headers, as it's still using the same qmail server.

Does anyone know when this will be implemented in Plesk?

Surely others are having the same problem?
 
nforde said:
We use the standard smtp port (25). I don't think changing the port would make a difference to email headers, as it's still using the same qmail server.
Click to expand...

It's the same software, but not the same configuration. See the /etc/xinetd.d/s*_psa files. They're not identical.
 
ESMTPA Qmail Plesk Issue

I've tested by sending via port 587 also.

It bypasses the 'stage 1' spam blocking (MAPS, set in Plesk), but the emails still then go via the 'stage 2' spam filter (Spam Assassin) which triggers the dynamic IP rules (and 'no reverse dns' rules etc.).

Back to the original question -
1) When is Plesk going to include an RFC 3848 compliant version of Qmail with Plesk so it shows ESMTPA for authenticated emails instead of always showing ESMTP? I have upgraded to Plesk 9.0.0 and it's STILL not been rectified.

Maybe in Plesk 9.0.1 it will FINALLY be sorted out!?!?
 
No, I haven't tried it yet as I host around 300 domains and I'm concerned it could possibly break during the changeover, especially in relation to Spam Assassin or ClamAV.

Does Postfix put "ESMTPA" in the Received headers for authenticated sessions?
 
You must log in or register to reply here.

Similar threads

enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
203
enerspace
enerspace
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
L
Issue Spam-/Mailproblems
Replies
1
Views
1K
Peter Debik
P
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
6K
Alex Presland
Alex Presland
D
Question receiving phishing emails
Replies
2
Views
2K
Kaspar
K
Back
Top