Incorrect FROM Header in DirectAdmin messages

[sparek]

From what I can tell, DirectAdmin is incorrectly setting a From Header address in it's system outgoing email messages.

Specifically I am seeing this in the messages when a new account is created, i.e. the ones with subjects of:

Your account for example.tld is now ready for use.

and

Creator Duplicate: Your account for example.tld is now ready for use.

But I suspect this applies to all outgoing messages being sent by the DirectAdmin panel.

The From Header is being set to whatever the contact email address is for that reseller. The problem arises with DMARC validation at the recipient's end.

If the reseller has their contact email address set to an @yahoo.com email address, then our server (and any other DirectAdmin server) is not authorized to send email from the yahoo.com domain name. This results in the message not being delivered to some recipients.

The From Header should be set to a specific server-only email address. I would propose the same email address that the envelope-sender is set to: diradmin@%the_server_hostname%.

The message does include a Reply-To header which can be set to the reseller's contact email address as that does not play a role in DMARC and SPF validation.

If this is configurable some where in DirectAdmin - I don't know where that is, and if someone can clue me in on where this can be configured - such as a template file - it'd be much appreciated.

I also suspect that this same issue affects other messages that are sent out from DirectAdmin but I don't have an exhaustive list (account suspensions and unsuspensions? Account deletions?)

 

[DrWizzle]

All the templates are located in /usr/local/directadmin/data/templates.

 

[sparek]

I don't think those are message templates. Those look to be more configuration templates (i.e. what actually gets added as a VirtualHost when you create a new account).

Nothing comes up when I search specifically for this new account message:

# grep -lr 'is now ready for use' /usr/local/directadmin/data/templates | wc -l
0

Still, if I'm overlooking something in there, I'm opened to having that pointed out to me.

I suspect this message is set internally in DirectAdmin and would require DirectAdmin to have the system adjusted. But that's just my suspicion.

 

[DrWizzle]

I don't think those are message templates. Those look to be more configuration templates (i.e. what actually gets added as a VirtualHost when you create a new account).

Nothing comes up when I search specifically for this new account message:

# grep -lr 'is now ready for use' /usr/local/directadmin/data/templates | wc -l
0

Still, if I'm overlooking something in there, I'm opened to having that pointed out to me.

I suspect this message is set internally in DirectAdmin and would require DirectAdmin to have the system adjusted. But that's just my suspicion.

User, Admin & Reseller email templates are in:

/usr/local/directadmin/data/users/[admin-username]/u_welcome.txt
/usr/local/directadmin/data/admin/a_welcome.txt
/usr/local/directadmin/data/admin/r_welcome.txt

root@v9 /usr/local/directadmin # cat ./data/users/[admin-username]/u_welcome.txt
Dear Customer,

        Thank you for choosing our service to meet your web hosting needs.

Your account has been created with the following details:

Username:       |username|
Password:       |password|
Domain:         |domain|

To log in immediately, follow this link, using your username and password:

http://|ip|:|PORT|

Once your domain resolves, you will be able to follow this link:

http://www.|domain|:|PORT|

Bandwidth:      |bandwidth| Megabytes
Disk Space:     |quota| Megabytes

Virtual Domains:        |vdomains|
Subdomains:     |nsubdomains|

POP Email Accounts:     |nemails|
Email Forwarders:       |nemailf|
Email Autoresponders:   |nemailr|
Email Mailing Lists:    |nemailml|
POP Server:     mail.|domain|
SMTP Server:    mail.|domain|
Login:  |username|
Password:       |password|

FTP accounts:   |ftp|
Anonymous FTP:  |aftp|
FTP Server:     ftp.|domain|
Login:  |username|
Password:       |password|

IP:     |ip|
Use |ip||*if OWNED!="yes"|/~|username||*endif| to access it until the domain resolves.

You must use these dns servers for your domain. They can be changed through your domain registrar.

NS1:    |ns1|
NS1 IP: |ns1ip|
NS2:    |ns2|
NS2 IP: |ns2ip|

MySQL Databases:        |mysql|
Domain Pointers:        |domainptr|
SSH Access:     |ssh|
Secure Socket Layer:    |ssl|
CGI:    |cgi|
PHP:    |php|
DNS control:    |dnscontrol|

Once again, thank you for choosing our hosting service
Please don't hesitate to contact us if you have any questions

Not sure where the conf file is for the nuts and bolts of mail sending from DA are

 

[sparek]

That appears to be the template for the message. But it doesn't include any of the header information, which is what needs to be modified.

That's why I don't think the header information is customizable. And this would need to be fixed by the actual DirectAdmin developers.

But I'm also a little shocked that this hasn't been brought up before. And that's what gives me pause into thinking there's a setting some where that I'm just overlooking.

 

[Richard G]

Yes it causes also other issues like this one.

It needs to be adressed by DA.

 

[sparek]

This would seem to ultimately be the issue you are having from the post you linked to.

For the longest time, sender spoofing was allowed. And technically there's nothing in the SMTP RFCs that prevent sender spoofing.

When using SMTP, you can use a From address (envelope-sender or header from) of anything. The SMTP server will accept it (save for DirectAdmin's recent "fix" to prevent this). But the validation of From addressing is being done outside of SMTP with SPF, DMARC, and to some extent DKIM.

What this means is that there are A LOT of systems that allow any From address to be used. I've run into this issue with various WordPress plugins that are doing this. It's taken a lot of the major email players - such as Gmail and Yahoo - to enforce strict validation to catch these instances.

No longer can you just use whatever email address as your From address when sending an email. The server your sending the mail out through has to be authorized to send out mail from the domain name used in your From address (again, envelope-sender or header from). No DirectAdmin server or any shared hosting server is going to be authorized to send out mail from a yahoo or gmail email address.

Too many times these applications or plugins are using the user's contact email address as the From address and sending it To the same email address. That's definitely not going to work if you are using an off-server email address.

Unfortunately... best I can tell... we're just forced to wait on the developers (DirectAdmin / WordPress plugin developers) to come to their senses and fix these issues.

 

[DrWizzle]

What would be nice is if the welcome message could be sent out and a proper name be on the email, like the emails sent out by WHMCS. Doesn't show a professional look if an email drops into your junk box from "[admin-account-name]" with login data.

What would also be nice is if you could create some HTML emails.

 

[sparek]

Meh, I'd just settle for the correct usage of the From header right now.

If a reseller doesn't like the From header being from a generic name, then they can uncheck the checkbox that sends an email.

The problem right now is that resellers are oblivious to the fact that this From header is being used incorrectly. And don't understand that their messages aren't going out or that it's causing the server to be treated as a spam source.

 

[sparek]

You can hackify your way to a solution to this by using the sendmail_pre custom hook.

Create the file /usr/local/directadmin/scripts/custom/sendmail_pre.sh with the contents:

#!/bin/bash

full_message=$(echo "${full_message}" | sed -E "s/^[[:space:]]*[Ff][Rr][Oo][Mm][[:space:]]*:[[:space:]]*.*$/From: <diradmin@${HOSTNAME}>/")

echo "${full_message}" | /usr/sbin/sendmail -t -i -f diradmin

This effectively replaces the DirectAdmin system for sending emails (emails sent from within the DirectAdmin panel).

The From: header is completely replaced with From: <diradmin@${HOSTNAME}>

The new ${full_message} with the updated From header is then echo'd and pipe to /usr/sbin/sendmail -t -i -f diradmin

The -t flag tells sendmail to read the message as if it includes headers.

The -i flag tells it to ignore periods (.) on a line by themselves.

And the -f diradmin tells sendmail to use an envelope sender of diradmin - which will automatically get the server's hostname attached to it... diradmin@${HOSTNAME}

Not saying I love this solution. Mainly because I don't know what all messages sendmail_pre refers to. My preference would still be for DirectAdmin to fix the system within their code. But if you are desperate for a solution, glean from this what you will.