The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AOL Now rejecting all emails without DMARC record matching the sending domain!!

Discussion in 'E-mail Discussions' started by WebJIVE, Jun 23, 2014.

  1. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Ok, don't know how to fix this one but, I have to ask. We're getting lots of calls about email not making it to AOL.com users. After looking at the logs, we noticed that AOL is now using DMARC for verification. This presents a big problem because AOL is also rejecting email not coming from the users domain. All emails are still coming from the servers.myserver.com domain instead of the .usersdomain.com.

    How can we change EXIM to do a domain looking for each users from email address and have all outgoing email form that domain be from that @domain? We use PHPMail function mostly since these are Joomla and Wordpress sites.

    Thanks
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Perhaps consider using DKIM, which authenticates a sender for a specific domain:

    Email Authentication

    However, sending from the server hostname on behalf of the user's domain is spammy, in the eyes of email providers. Time to start using SMTP.
     
  3. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    We already use DKIM and has to affect on AOL's new policies. cPanel by default has the sender domain as the server which is what I need to change. Can't seem to find a definitive answer on how to accomplish that. This is only going to get worse so, the send from domain has to have an answer.
     
  4. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    It's not cpanel that's doing this though. Your scripts are using php mail() to send, rather than SMTP. So it's the fact that you are sending as user@server.hostname rather than user@domain that is the problem. Without some complex ACL f*ckery within Exim, you're not going to get it to change the origin sender on the fly when in fact your applications are sending through mail() rather than any other currently-accepted method.

    My mention of DKIM is due to the fact that a lot of other providers use DMARC now, including gmail, and DKIM is typically listed as a solution to authenticate other hostnames to be allowed to send email in behalf of a domain.
     
  5. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    The only other solution I can think of would be Sendmail, would that accomplish the goal or just flat out SMTP? This is going to become and issue and something has to be figured out on a server wide basis versus telling every client to login all their apps via SMTP?
     
  6. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Using a smarthost like Sendgrid to route all your outgoing mail through a single host that can authenticate for all your domains is possible, but if you have a lot of email traffic, can also be $$$. Especially if one of your clients encounters a spam outbreak, which isn't unusual considering the software they are running.

    Sendmail won't do this for you. Your applications need to use SMTP to send mail, using a valid email address and password for authentication. The authentication details would have to be unique for each site, so not sure how you think this can be server-wide without using a smarthost or external SMTP server.
     
  7. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Regarding Gmail, they are way more progressive than AOHe// btw, Gmail gives us no problems with SPF pass and DKIM as good but, AOL in their infinite wisdom is skipping DMIM apparently.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I just wanted to note that most common scripts (e.g. Joomla, Wordpress) have options available to send email via SMTP authentication. It might seem like a large task, but ultimately it's the best way to resolve the issue going forward.

    Thank you.
     
  9. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Thanks and yes, SMTP will be the final way to solve this. I just seems as though with all this great tech that we could have all emails coming from the sender domain vs the server domain. This is eventually going to become a bigger headache for people when more companies adopt DMARC and not DKIM. :(
     
  10. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Won't the following solve the php mail() problem?

    mail($to, $subject, $body, $headers, '-fuser@domain.com' );

    I know most major CMS packages should support this. There is also a way to force enable this and fail if someone doesn't pass the '-f' parameter. I've been doing this for a good 2 years now in all my code. It also makes for easier sent mail tracking via exim logs.

    Also for all Cpanel accounts on their own dedicated IP, I have enabled Send mail from account’s dedicated IP address under Service Config > Exim Config > Domains and IPs
     
  11. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    @rezman: that sometimes addresses the problem, but the OP stated that he's using CMS's - in either of our solutions, it requires the users making changes with the way they are sending their email.
     
  12. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Downside to tall this is troubleshooting after the fact. Right now, AOL isn't even allowing SMTP authentication via Joomla 1.5.
     
  13. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Perhaps a bounceback or other error specifically referencing DMARC might help. I fail to see how SMTP auth in Joomla 1.5 is any different than it is in other applications, so it's possible you're just barking up the wrong tree.
     
  14. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    here's what we're seeing in the exim_mainlog
    Code:
    68023:2014-06-23 14:03:46 1Wz9Ws-0003NR-7U <= user @ server3.domain.net U=user P=local S=634 id=bfa290a9971d0fc0eb60219f8f1599b6@domaintoo.com T="Test email" for otheruser @ aol.com
    68025:2014-06-23 14:03:46 1Wz9Ws-0003NR-7U SMTP connection outbound 1403550226 1Wz9Ws-0003NR-7U domaintoo.com otheruser @ aol.com
    68030:2014-06-23 14:03:46 1Wz9Ws-0003NR-7U ** otheuser @ aol.com R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mailin-03.mx.aol.com [64.12.88.164]: 521 5.2.1 :  (DMARC) This message failed DMARC Evaluation for an AOL Domain. For more information please visit [url=http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/]AOL Mail updates DMARC policy to 'reject' - AOL Postmaster Blog[/url]
     
  15. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    So based on their own explanation of their DMARC policies, this should only affect situations where the user is sending from an @aol.com address off of your server. In which case, having then send from an email address off of their domain should resolve the problem.
     
  16. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Exactly except their own policy stops you from sending email from a valid off server AOL email address with DKIM and SPF records
     
  17. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Then have them send from an on-server email address.
     
  18. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    vanessa, great solution! I used an email forwarder instead of an account and had the local form send to the local forwarder and bingo. Mail received on the AOL account.

    BTW, been reading your blog for a long time!
     
    #18 WebJIVE, Jun 24, 2014
    Last edited: Jun 24, 2014
  19. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Running into this issue again.. argh.. asking for advice on this. I have another client thats using Google biz mail for their email and when sending from their website (Joomla). I have correct SPF and DKIM records so, I'm really lost on this. It seems as though COX.net and others are really starting to crack down on SPF and DKIM.

    Any thoughts?

    X-Apparently-To: ecxstar@yahoo.com via 98.138.85.222; Thu, 26 Jun 2014 17:12:08 +0000
    Return-Path: <smokebbq@server3.web-jive.net>
    Received-SPF: none (domain of server3.web-jive.net does not designate permitted sender hosts)
    X-YMailISG: DqgBHfEWLDtVj68rc4sJEkH7LmHFokbxulElIqB4dgP1Jcy1
    F1h_EJX_3oH7eCBDTe0uj0BdmkO2QnAgbHszrh3G0CiH76ABCvFzsX5xKjKe
    Y9ZMVkCO6ABNQmSnMZP2YNrQKkPZbPOSWSKlNZueZ60UplejlTThzguE1C70
    PuWO1D5dnbBPMiWBXlIRKLTmHL4iclIvG5iP4G4QRs3eGnQXMSb_RPgeJP_k
    8uoqGM1aqM4.KHrzoIAvQYpYbGe6du73p3bEkhWMGUp_.qa7WP19AiRTvWfe
    4XOQyr8yUu.55t7ophP_zcEA0H9jfXLBUGugAAcsFznLOpE_jTmNMqQva9Ka
    Io2APXUSRFzrMDiCAJM_L2o1CQkZ3FWpYLlyjVSuqvcnAtKmXAURJ9Q6JYji
    ot0TXV_ef72vzrDkUF9YGzW82fntcgeF3bbruPZE9LVsANFPs9VSUcnU5NrD
    UCTDV40ZJcHgjV4_7qi2DP8ZK81PGKUz.C5uq6jFjkIu8xCvkuwYAn94DXPn
    ebD8mK3DpBm4llBo4pKLuvJjffuH1oViVDyCLsLm33wqd7ewnK_X7StidXb.
    pK8jh_ZtwjR0W4tuZse3VhO4hI1YXakA05UbEVzAPBSQbvL6sbbUuPr2IXCF
    k9pj3iXBWDlSjOUCrCzp0Ji.wwTlXtOOlrs5UyuUbT.9zzOqIRALF5ZeYyyf
    VWCnjNdZxOAiQgrdLZdxk7wWBOS1kf8gse1uKMoafeO_jVzACXj6UN9DfG6P
    I.98O32fWQljevwNmfqLNL6OGbts9TxiSfEgwP3jfB1kQ9C60FGwRgWh8wKa
    59vE2EbF_I2GJyRo6AT1Z5dcmRDmsLl4mqmvXSHEvdHzSE6b1AmDXaDdILYN
    p8t8BjdL8SmAP3X5K4Vi3rkpgXsg9HvGZj2WGmt9wwzPwrs40AoAogghFhJA
    H0C9Wdf1pO1o5HRFIaUIxvNVqBITrLeWHAJD4DVEaGROfEAit67jTR.sChNP
    ZBfZ4qFO1D02n6bRFmVmexlGxaPPfpYIxF2rrsq97o6iF85IhD4htQYKf.Qv
    PysfNJZSQ_gYWW4Fc3kQLCdUXYSMTCYqXhR0Vm.wx5WFdNxCakWgqhATX4xy
    kU7ufAxZfx_HcNmvn4pvKz5eNsTqili7qXcWyYMRm2aGrVXM5f5rkEJMasCt
    RQySunYEwOdTPRL9ydcUyqubfZ0n7CW7ITtwyqFf9crG6okLaJiXb1Prat.G
    eCX6JX.R0QXZtuwTuWztL7tgVq.sySQn5hXQhrbQ9n0YsVt4qJMSM6jOP3.v
    38et4DJorrrDUcwg5PPmv4_Xg4_2ECdKzc8AUQ--
    X-Originating-IP: [173.193.19.50]
    Authentication-Results: mta1367.mail.gq1.yahoo.com from=server3.web-jive.net; domainkeys=neutral (no sig); from=smokeonthewaterbbq.com; dkim=neutral (no sig)
    Received: from 127.0.0.1 (EHLO server3.web-jive.net) (173.193.19.50)
    by mta1367.mail.gq1.yahoo.com with SMTPS; Thu, 26 Jun 2014 17:12:08 +0000
    Received: from smokebbq by server3.web-jive.net with local (Exim 4.82)
    (envelope-from <smokebbq@server3.web-jive.net>)
    id 1X0DDT-0005H2-Uh
    for ecxstar@yahoo.com; Thu, 26 Jun 2014 12:12:07 -0500
     
  20. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    OK, figured this one out too. Have to dump PHPMail() and stick with SMTP and localhost for sending all mail now. Just add forwarders or actual email accounts and SPF/DKIM starts passing again. Looks like its time to sundown PHPMail for Joomla sites.
     
Loading...

Share This Page