Symptoms
-
The option Enable DMARC to check incoming mail is enabled in Plesk at Tools & Settings > Mail Server Settings.
-
Emails sent from external mail services are rejected by DMARC checker, because SPF/DKIM record (or both) was not found. The following entries appear in
/var/log/maillog
:dmarc[16748]: Starting the dmarc filter...
dmarc[16748]: SPF record was not found in Authentication-Results:
dmarc[16748]: DKIM record was not found in Authentication-Results:
dmarc[16748]: DMARC: REJECT message for [email protected]
postfix-local[16746]: message discarded by a mail handler
Cause
The Postfix before-queue mail filter is either not defined:
# grep smtpd_milters /etc/postfix/main.cf
smtpd_milters =
or disabled:
# grep smtpd_milters /etc/postfix/main.cf
#smtpd_milters = , inet:127.0.0.1:12768
As a result, SPF/DKIM checks are not performed and the email is rejected by DMARC policy of the sender.
Resolution
Configure the Postfix before-queue mail filter:
-
Connect to the server via SSH.
-
Create a backup of the original /etc/postfix/main.cf file:
# cp /etc/postfix/main.cf /etc/postfix/main.cf_orig
-
Open the /etc/postfix/main.cf in a text editor. In this example, we are using the vi editor:
# vi /etc/postfix/main.cf
-
Change the
smtpd_milters
value as follows:smtpd_milters = , inet:127.0.0.1:12768
-
If the
non_smtpd_milters
option exists, make its value empty:non_smtpd_milters =
-
Save the changes and close the file.
-
Verify the changes:
# grep -ir milt /etc/postfix/main.cf
smtpd_milters = , inet:127.0.0.1:12768
non_smtpd_milters = -
Restart the Postfix service to apply the changes:
# service postfix restart