As far as i know ISPConfig sends admin mails with the admin email address in the FROM Header. Let's assume it's admin@ example.com. If there's an SPF and DMARC Record for example.com that prevents sending mails from non authorized IPs, then the mail would not be deliviered. You would have to add every server ip to the SPF Record in order to allow sending mails, which would be a bad workaround (?). Is there a way to configure the sender email-adress of the admin mails to something like hostmaster@ hostname.com ?
That is a common practice, you just create an spf record for the hosting service which covers all the server ip's (or hostnames), then include that in spf records of customer domains. Try: System > Main Config > Mail > Administrator's e-mail
This would imply that every server would be allowed to send from our companies main mail domain, which we definitely don't want to allow. Just a single website has to be breached to be allowed to send fake mails from our main domain. The problem is, that I need to use a different sender and reciepient adress. (The setting sets both addresses)
Yes, but the alternative is to add specific server ip's to the SPF record, which I believe was one aspect of your complaint/issue in your original post? Yes, though for most hosting setups that's about a non-issue, as spam sent from compromised sites usually has a sender address from the website domain itself, which typically is already in the SPF record. You may have stricter requirements in your environment, but most do not (as attested by _spf.google.com, spf.protection.outlook.com, etc). Curious, I didn't realize it would use a different sender/recipient if you don't specify an address there. You could put in a feature request, but I don't believe it's possible to do what you want in ISPConfig right now. You might be able to work around it at the postfix level and re-write the sender address (see http://www.postfix.org/postconf.5.html#sender_canonical_maps).
You pointed me to the right direction. First I tried to use sender_canonical_maps, which were working fine. But I would have to modify every postfix main.cf .. Then I had a look in our /etc/aliases, where all root mails are forwarded to a single mail account. The crucial line was "root: [email protected]". If you set the Admin Mail address to just "root", then postfix sends the mail from root@hostname to our mail account [email protected]. This should be the perfect solution for our case, without changing any SPF/Dmarc Policies or whitelisting the server Thank you for your input
