Article ID: 6039, created on Feb 17, 2009, last review on Aug 12, 2014

  • Applies to:
  • Plesk 9.x for Linux/Unix

Symptoms

You are using Parallels Plesk Panel 9.0 with QMail MTA.

DomainKeys and SPF spam protection are enabled on server-wide {Home -> Mail Server Settings} and domain {Domains -> DOMAIN.TLD -> Mail Accounts -> Mail Settings -> Use DomainKeys spam protection system to sign outgoing e-mail messages} mail settings.

Messages sent to Gmail via @Mail webmail contain a DomainKeys signature that cannot be verified by Gmail as valid and are marked as "bad." Received messages contain the "DomainKey-Status: bad" header. For example:

Received-SPF: pass (google.com: domain of mail@domain.tld designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123;
DomainKey-Status: bad              <- this header
Authentication-Results: mx.google.com; spf=pass (google.com: domain of mail@domain.tld designates 123.123.123.123 as permitted sender) smtp.mail=mail@domain.tld; domainkeys=hardfail header.From=mail@domain.tld
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
 s=default; d=domain.tld;
 b=CbJg2RyUo94u3zW0aTOGd96lz/feVtBYhY7PJasXEdxr1ucpzgTIn6NtH7c/kLXm8mPd1DJnD8OeuyS2i+Q/7JAhRteW54KcBmsFxJHIfH++xRlsGHjYVcjZVvbzF/vK;
 h=Received:Received-SPF:Received:MIME-Version:X-Priority:X-Mailer:Message-ID:To:Reply-To:Content-Type:X-Origin:X-Atmail-Account:Date:Subject:From:Content-Transfer-Encoding;
Received: (qmail 6426 invoked from network); 16 Feb 2009 07:09:07 +0000
Received-SPF: pass (plesk.full.name: domain of domain.tld designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123; envelope-from=mail@domain.tld; helo=localhost;
Received: from plesk.full.name (HELO localhost) (123.123.123.123)
 by localhost with SMTP; 16 Feb 2009 07:09:07 +0000


However, messages that are sent via Horde webmail contain the header "DomainKey-Status: good." Why is this?

Cause

The difference between Horde and @Mail webmail is that messages are sent via sendmail and localhost SMTP accordingly.

If SPF spam protection is enabled in server-wide preferences {Home -> Mail Server Settings -> Switch on SPF spam protection} and the message is sent via localhost SMTP, the following part is added to the header of outgoing messages:

Received-SPF: pass (google.com: domain of mail@domain.tld designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123;
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
 s=default; d=domain.tld;
 b=CbJg2RyUo94u3zW0aTOGd96lz/feVtBYhY7PJasXEdxr1ucpzgTIn6NtH7c/kLXm8mPd1DJnD8OeuyS2i+Q/7JAhRteW54KcBmsFxJHIfH++xRlsGHjYVcjZVvbzF/vK;
 h=Received:Received-SPF:Received:MIME-Version:X-Priority:X-Mailer:Message-ID:To:Reply-To:Content-Type:X-Origin:X-Atmail-Account:Date:Subject:From:Content-Transfer-Encoding;
Received-SPF: pass (plesk.full.name: domain of domain.tld designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123; envelope-from=mail@domain.tld; helo=localhost;


Gmail adds the header "DomainKey-Status: bad" to messages that have the part above.

Resolution

The issue is specific to Gmail: messages that contain "Received-SPF" in DomainKey-Signature cannot be verified as "good" by DomainKey. To resolve the issue, disable SPF spam protection in server-wide mail settings {Home -> Mail Server Settings -> Switch on SPF spam protection} or switch to Postfix MTA.

Messages sent to any mail service except Gmail have the "DomainKey-Status: good" header.

Refer to this article for details about how to switch to Postfix: http://kb.sp.parallels.com/en/5801

6ef0db7f1685482449634a455d77d3f4 a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF