How do I fix my DigitalOcean LAMP server to send php email from multiple domains?

June 3, 2018 465 views
Email LAMP Stack PHP Ubuntu 16.04

In PHP, I'm using mail($to, $subject, $content, $headers, '-f user1@domain2.com') and I successfully receive the email at yahoo_user@yahoo.com. However, the "from" return address (in Yahoo! Mail) shows as "user1@domain1.com" instead "user1@domain2.com". My /var/logs/mail.log looks like:

Jun  2 18:30:39 domain1 sendmail[2872]: w531Udbv002872: from=
user1@domain2.com, size=6059, class=0, nrcpts=1, msgid=<20180
6030130.w531Udbv002872@domain1.com>, relay=www-data@localhost
Jun  2 18:30:39 domain1 sm-mta[2873]: w531UdPW002873: from=<u
ser1@domain1.com>, size=6279, class=0, nrcpts=1, msgid=<20180
6030130.w531Udbv002872@domain1.com>, proto=ESMTP, daemon=MTA-
v4, relay=localhost [127.0.0.1]
Jun  2 18:30:39 domain1 sendmail[2872]: w531Udbv002872: to=ya
hoo_user@yahoo.com, delay=00:00:00, xdelay=00:00:00, mailer=r
elay, pri=36059, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, st
at=Sent (w531UdPW002873 Message accepted for delivery)
Jun  2 18:30:40 domain1 sm-mta[2875]: STARTTLS=client, relay=
mta6.am0.yahoodns.net., version=TLSv1.2, verify=FAIL, cipher=
ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Jun  2 18:30:41 domain1 sm-mta[2875]: w531UdPW002873: to=<yah
oo_user@yahoo.com>, delay=00:00:02, xdelay=00:00:02, mailer=e
smtp, pri=126279, relay=mta6.am0.yahoodns.net. [98.136.101.11
7], dsn=2.0.0, stat=Sent (ok dirdel)

As you can see, I'm using sendmail (8.15.2) and I'm looking only to send mail out from multiple domains (domain1.com, domain2.com, domain3.com, etc). I've tried all kinds of sendmail files, features and commands: sendmail.mc, submit.mc, use_ct_file, use_cw_file, mailertable, virtusertable, genericstable, local-host-names, trusted-users, GENERICS_DOMAIN(), RELAY_DOMAIN(), sendmailconfig. SMART_HOST seemed to break everything.

The configuration always uses the line from /etc/hosts that looks like:

127.0.0.1 localhost domain1.com localhost.localdomain

I've tried messing around with MX and TXT (SPF) records but I don't know what I'm doing:

MX domain2.com 165.227.43.34 10 14400
TXT domain2.com v=spf1 ip4:165.227.43.34 a mx -all 3600

sm-mta seems to be converting user1@domain2.com to user1@domain1.com. Also, verify=FAIL looks suspicious.

Can you help me interpret what is going on here and what I can do to fix it? Can I fix sendmail to pass through the "from" address rather than always changing it to what is in /etc/hosts?

I don't need to receive email but I'm willing to set it up if it helps with verification. I'm also willing to switch from sendmail to exim4 or something else if that will help.

1 Answer
movietrekker August 30, 2018
Accepted Answer

After months of blood, sweat and tears and the invaluable assistance of Cachoid Joe, the problem was solved. The necessary parts were:

Add FEATURE(nocanonify) to sendmail.mc
Add define(`confDIRECT_SUBMISSION_MODIFIERS', `C') to submit.mc
Add FEATURE(`use_ct_file') to submit.mc
Create /etc/mail/trusted-users and add one line with "www-data"
Run sendmailconfig

These features allow you to force arbitrary user name and arbitrary domain in the "From:" line and/or ' -f '.$from extra parameter in PHP mail() instead of being canonicalized (rewritten) by sendmail. The "nocanonify" and "confDIRECT_SUBMISSION_MODIFIERS" forces whatever domain you send instead of having the domain rewritten. The "use_ct_file" and "trusted-users" forces whatever user you send instead of having your user rewritten (as root or www-data). Both are needed or either your username or domain will be rewritten to your Apache user or your "main" domain.

Choose one (eg domain1.com) as your "main" domain. Your "main" domain will be what both your droplet and the rest of the Internet believes handles your email. Your other virtual hosts (eg domain2.com, domain3.com) will be configured to say, "domain1.com is allowed to send and receive email for domain2.com, domain3.com". To set your "main" domain, rename your droplet's name to "domain1.com", not "domain1", not "domain-sfo". By naming your droplet to your exact domain name, a DNS PTR record will be created to map your IP to your domain. This is the only way to create this PTR record (right now). If you don't do this, many mail systems will take the IP from your emails, do a DNS reverse lookup on your IP, FAIL to find your droplet and reject your email as spam (and sendmail will drop it in /var/lib/sendmail/dead.letter).

To help avoid your emails from being labeled as spam, the "use_ct_file" and "trusted-users" will quash the "X-Authentication-Warning: domain.com: www-data set sender to user2@domain2.com using -f" in your sent emails.

To further help avoid your emails being labeled as spam, go to your domain registrar (eg NameCheap) and change your domains to use DigitalOcean's DNS (eg ns1.digitalocean.com, ns2.digitalocean.com, n3.digitalocean.com) instead of your registrar's DNS. Then, go to DigitalOcean, add DNS for each domain and set up your (DigitalOcean) DNS for each domain to have MX and TXT (SPF) records. Outside mail systems will be reassured by your proper MX and SPF settings.

For every domain (both "main" and others), this is the complete DNS record:

MX domain2.com domain1.com 3600 (mark domain1 as legitimate receiver of domain2 email)
TXT domain2.com v=spf1 mx a:domain1.com -all 3600 (mark domain1 as legitimate sender of domain2 email)
A www.domain2.com 165.223.52.122 3600 (165.223.52.122 is droplet's IP)
A domain2.com 165.223.52.122 3600 (165.223.52.122 is droplet's IP)
NS domain2.com ns1.digitalocean.com. 1800 (trailing dot is required)
NS domain2.com ns2.digitalocean.com. 1800 (trailing dot is required)
NS domain2.com ns3.digitalocean.com. 1800 (trailing dot is required)

For sendmail debugging, try:

# sendmail -d0.4 -bv root
... sendmail settings ...
# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0 user2@domain2.com
... shows brief parsing debugging ...
> -d21.12
> canonify user2@domain2.com
... shows moderate parsing debugging ...
# sendmail -d user2@domain2.com
... shows tons of parsing debugging ...
# cat /var/log/mail.log
... shows your recent sendmail activity at the end ...

Have another answer? Share your knowledge.