How do I fix my DigitalOcean LAMP server to send php email from multiple domains?

June 3, 2018 278 views
Email LAMP Stack PHP Ubuntu 16.04

In PHP, I'm using mail($to, $subject, $content, $headers, '-f') and I successfully receive the email at However, the "from" return address (in Yahoo! Mail) shows as "" instead "". My /var/logs/mail.log looks like:

Jun  2 18:30:39 domain1 sendmail[2872]: w531Udbv002872: from=, size=6059, class=0, nrcpts=1, msgid=<20180>, relay=www-data@localhost
Jun  2 18:30:39 domain1 sm-mta[2873]: w531UdPW002873: from=<u>, size=6279, class=0, nrcpts=1, msgid=<20180>, proto=ESMTP, daemon=MTA-
v4, relay=localhost []
Jun  2 18:30:39 domain1 sendmail[2872]: w531Udbv002872: to=ya, delay=00:00:00, xdelay=00:00:00, mailer=r
elay, pri=36059, relay=[] [], dsn=2.0.0, st
at=Sent (w531UdPW002873 Message accepted for delivery)
Jun  2 18:30:40 domain1 sm-mta[2875]: STARTTLS=client, relay=, version=TLSv1.2, verify=FAIL, cipher=
ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Jun  2 18:30:41 domain1 sm-mta[2875]: w531UdPW002873: to=<yah>, delay=00:00:02, xdelay=00:00:02, mailer=e
smtp, pri=126279, [
7], dsn=2.0.0, stat=Sent (ok dirdel)

As you can see, I'm using sendmail (8.15.2) and I'm looking only to send mail out from multiple domains (,,, etc). I've tried all kinds of sendmail files, features and commands:,, use_ct_file, use_cw_file, mailertable, virtusertable, genericstable, local-host-names, trusted-users, GENERICS_DOMAIN(), RELAY_DOMAIN(), sendmailconfig. SMART_HOST seemed to break everything.

The configuration always uses the line from /etc/hosts that looks like: localhost localhost.localdomain

I've tried messing around with MX and TXT (SPF) records but I don't know what I'm doing:

MX 10 14400
TXT v=spf1 ip4: a mx -all 3600

sm-mta seems to be converting to Also, verify=FAIL looks suspicious.

Can you help me interpret what is going on here and what I can do to fix it? Can I fix sendmail to pass through the "from" address rather than always changing it to what is in /etc/hosts?

I don't need to receive email but I'm willing to set it up if it helps with verification. I'm also willing to switch from sendmail to exim4 or something else if that will help.

1 Answer
movietrekker August 30, 2018
Accepted Answer

After months of blood, sweat and tears and the invaluable assistance of Cachoid Joe, the problem was solved. The necessary parts were:

Add FEATURE(nocanonify) to
Add FEATURE(`use_ct_file') to
Create /etc/mail/trusted-users and add one line with "www-data"
Run sendmailconfig

These features allow you to force arbitrary user name and arbitrary domain in the "From:" line and/or ' -f '.$from extra parameter in PHP mail() instead of being canonicalized (rewritten) by sendmail. The "nocanonify" and "confDIRECT_SUBMISSION_MODIFIERS" forces whatever domain you send instead of having the domain rewritten. The "use_ct_file" and "trusted-users" forces whatever user you send instead of having your user rewritten (as root or www-data). Both are needed or either your username or domain will be rewritten to your Apache user or your "main" domain.

Choose one (eg as your "main" domain. Your "main" domain will be what both your droplet and the rest of the Internet believes handles your email. Your other virtual hosts (eg, will be configured to say, " is allowed to send and receive email for,". To set your "main" domain, rename your droplet's name to "", not "domain1", not "domain-sfo". By naming your droplet to your exact domain name, a DNS PTR record will be created to map your IP to your domain. This is the only way to create this PTR record (right now). If you don't do this, many mail systems will take the IP from your emails, do a DNS reverse lookup on your IP, FAIL to find your droplet and reject your email as spam (and sendmail will drop it in /var/lib/sendmail/dead.letter).

To help avoid your emails from being labeled as spam, the "use_ct_file" and "trusted-users" will quash the "X-Authentication-Warning: www-data set sender to using -f" in your sent emails.

To further help avoid your emails being labeled as spam, go to your domain registrar (eg NameCheap) and change your domains to use DigitalOcean's DNS (eg,, instead of your registrar's DNS. Then, go to DigitalOcean, add DNS for each domain and set up your (DigitalOcean) DNS for each domain to have MX and TXT (SPF) records. Outside mail systems will be reassured by your proper MX and SPF settings.

For every domain (both "main" and others), this is the complete DNS record:

MX 3600 (mark domain1 as legitimate receiver of domain2 email)
TXT v=spf1 mx -all 3600 (mark domain1 as legitimate sender of domain2 email)
A 3600 ( is droplet's IP)
A 3600 ( is droplet's IP)
NS 1800 (trailing dot is required)
NS 1800 (trailing dot is required)
NS 1800 (trailing dot is required)

For sendmail debugging, try:

# sendmail -d0.4 -bv root
... sendmail settings ...
# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0
... shows brief parsing debugging ...
> -d21.12
> canonify
... shows moderate parsing debugging ...
# sendmail -d
... shows tons of parsing debugging ...
# cat /var/log/mail.log
... shows your recent sendmail activity at the end ...

Have another answer? Share your knowledge.