Sender of automated emails when setting up a new virtual server

When I create a new virtual server in Virtualmin and assign it to a reseller, the welcome email is sent from the reseller's email address. This is a good idea, but with SPF and other anti-spam obstacles, this is now a more serious issue than previously. In fact, if a reseller has a Gmail address (gag), these messages don't even get put in their spam folder; they just disappear.

I should make an intelligent suggestion to improve this, but Virtualmin shouldn't be "impersonating" the reseller's email address. There must be a better way. Perhaps the return path can be a sub-domain directly under the control of the server admin.

Craig

Status: 
Active
Virtualmin version: 
6.15
Webmin version: 
1.973

Comments

So perhaps we could add a feature for each reseller to set the From: address for these emails? Or just have an option to use the system's global From: address, assuming you don't expect users to reply to it.

Hi Jamie,

Thanks for your reply. Well, currently I, as the root user, set the reseller's email address when I set them up as a reseller. I haven't recently checked to see whether or not a reseller can set their own email address, but I assume they can. But if they can set a different "from" address, then your suggestion seems to be that they will carefully consider what address they use; assuming that anyone will carefully consider anything -- in IT or anywhere else -- is a never a good idea in my opinion.

Actually, something else I have just been reminded of, after setting up a new virtual server today, is that if I set up a reseller with two email addresses -- e.g., sue@example.com, bob@example.com -- so that both parties will receive relevant emails, then emails from the reseller's account in Virtualmin will look like this:

From: sue@example.com, bob@example.com
To: vsowner@example.net
Subject: example.net Web Hosting Account Created on Server

Not that Gmail is the be all and end all of everything, but an email like that also won't even make it to the spam folder, never mind the recipient's in box.

As for your second suggestion ("have an option to use the system's global From: address"), that would negate what I assume is the reasoning behind using the reseller's email address. Emails to that address on my servers are seen by me, but I can't speak on behalf of anyone who might see thousands of emails a day to that address.

I think it's up to you as the organisation that codes Virtualmin to determine the most feasible approach, using whatever feedback mechanisms you have to help determine what that should look like.

Thanks.

Craig

Thanks for pointing out that a reseller might have multiple addresses set - I'll add a fix to handle that case.

The real problem though is that sending an email from a virtualmin system with a From: address that isn't actually from a local domain is going to be classified as spam. The only thing we can potentially do is fall back to the "global" from address in this case (like root@yoursystem.com) , but that means that replies will fail.

Maybe the real right answer is to set a Reply-To: header?

I'm not going to claim to be an expert on all of the ways in which email can run afoul of anti-spam systems, but a third-party relay service I use for some outgoing email (see my last ticket: https://www.virtualmin.com/node/70834 ) rewrites the "envelope from" (return path, bounce address, etc.) header to use a sub-domain of the domain in the "from" field, e.g.:

Return-Path: <hash@account-number.example.net>
From: me@example.net

Perhaps you could do something similar:

Return-Path: <hash@account-number.example.net>
From: reseller@theirdomain.com
To: resellersclient@whatever.com
Subject: example.net Web Hosting Account Created on Server

Here's their explanation:

https://support.smtp2go.com/hc/en-gb/articles/115004408567

They then handle SPF and DKIM on the sub-domain in their own DNS via CNAMEs that I have to set up on my own domain, example.net.

So in the example above we would handle the SPF and DKIM on account-number.example.net, where example.net is our own domain. (Hash and account-number don't really have to be a hash and an account number; they can be anything, like info@resellerID.example.net.) Unless I have myself confused, I believe that would work. I don't believe example.net has to be the same as theirdomain.com.

I'll look into this. It could be simplified as using a return-path that's an address at a domain on the virtualmin system..

Well, for those that also host their email on the same Virtualmin server is Virtualmin. None of our hosting clients do that. (As I've made known before, we host our users' email on another server with a different control panel.) And of the resellers, some use Gmail or other free webmail addresses, so if you do that we'd have to somehow force our resellers to use a system we don't even use. That's not going to work.