DMARC not aligned for only some users

[Christophe1]

Hi

I have a DirectAdmin server with user accounts that host identical software with identical configuration, all managed by me. Users have no access to technical settings or DirectAdmin. The software sends e-mail via a PHP script.

For most of the users, everything is perfectly fine; 10/10 from mail-tester without any additional comments, so SPF, DKIM and DMARC is as it should be.

For only some users, I get also a 10/10 from mail-tester but with the comment that DMARC is not aligned, and some e-mail providers don't like that of course...

Headers in e-mails from user accounts that are perfectly fine:
Return-Path: username@user-domain.ext
envelope-from: <username@user-domain.ext>
From: Name of the sender <something@user-domain.ext>

Headers in e-mails from user accounts with the DMARC align problem:
Return-Path: username@server-domain.ext
envelope-from: <username@server-domain.ext>
From: Name of the sender <something@user-domain.ext>

I can't find any differences in configuration.

The only thing I can think of, is that I once changed the username of at least one of the users that has the problem. (Maybe all, but I don't remember if I also changed the other usernames that have the problem also on that server.)

Any clues please?

Best regards
Christophe

 

[zEitEr]

Hello,

Check and make sure SPF, DKIM, rDNS, DMARC are set correctly for server-domain.ext

 

[Christophe1]

Hi Alex

Thank you for your tip. These records are fine. Note that most user account don't have any problem. As far as I know only 2 have. However they host the exact same software with the exact same settings.

A discrepancy appeared in the logs:
For the accounts without a problem: /usr/sbin/sendmail -t -i -f [email protected]
For the accounts with the DMARC align problem: /usr/sbin/sendmail -t -i

Could there be a difference in hidden PHP settings between the user accounts? Possibly a remnant from the past when there were multiple PHP versions active on the server, or a different PHP engine was used? In the interface of directadmin I can't find any difference in config.

Best regards
Christophe

 

[zEitEr]

Hello Christophe,

What has PHP to do with DMARC? I don't think it's related.

If you need any further assistance on the matter we need to see real email headers. Without seeing email headers is just a guess game. I don't see how to help you more without requested details. Probably somebody else have ideas.

If you ready to share email headers you might send me 2 links in PM with results from mail-tester.com with two emails: good and bad DMARC.

 

[Christophe1]

Thank you for the offer!

Why I think it's related to PHP, or another setting in directadmin: the mails are sent with the PHP mail function and although the software and settings (in the interface) are the same for all users, there seems to be a difference in the logs.

The mails sent without the DMARC align problem where sent with "/usr/sbin/sendmail -t -i -f [email protected]", and the mails sent with a DMARC align problem are sent with only "/usr/sbin/sendmail -t -i"

There shouldn't be any difference there. There must be something I overlooked of a hidden setting somewhere.

At this moment the server has only PHP 7.4 (php-fpm). In the past there were multiple PHP options.

Best regards
Christophe

 

[zEitEr]

What has PHP to do with DMARC? The fact emails are sent from a hostname should matter, but not that emails were generated by PHP.

 

[Christophe1]

I know, but the fact that the mails with the DMARC align problem were sent from the server hostname instead of the user domain is related to the difference between "/usr/sbin/sendmail -t -i -f [email protected]" and "/usr/sbin/sendmail -t -i". And the software and visible settings are the same. So I'm trying to find out why some mails are sent with "/usr/sbin/sendmail -t -i -f [email protected]" and others with only "/usr/sbin/sendmail -t -i"...

 

[zEitEr]

As far as I can see you'v got 2 issues:

1. Misconfigured SPF, DKIM, DMARC for a hostname. It can be easily checked in SSH/CLI session with mail without PHP
2. Calls from PHP without -f [email protected] flag.

While I was referring to the first issue, you insisted on fixing the second one.

Check /usr/local/directadmin/data/users/<USERNAME>/php/php-fpm74.conf for affected users and match content. You should see

php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]

So you might update the files and make sure

1. templates are up to date
2. you don't have customized PHP-FPM settings on per user bases:

ls -la /usr/local/directadmin/data/users/*/php/*cust*

ls -la /usr/local/directadmin/data/templates/php-fpm.conf /usr/local/directadmin/data/templates/custom/php-fpm.conf