Webmin backup email alerts failing DKIM/SPF authentication

Madrix · October 9, 2025, 12:00pm

SYSTEM INFORMATION
Version Webmin	2.520
Version Usermin	2.420
Version Virtualmin	7.40.1.gpl-1
Version Apache	2.4.65

Hi

Since the Webmin update earlier this month, and only with the sender address “webmin-noreply@ns.domain.com”, I no longer receive emails at the end of the backups.
Here is a log error from /var/log/mail.log:

Oct  9 12:54:48 ns postfix/smtp[2518747]: 55FFD24A0192: to=<micxxxxx@yahoo.fr>, relay=mx-eu.mail.am0.yahoodns.net[188.125.72.73]:25, delay=0.53, delays=0.13/0.01/0.19/0.2, dsn=5.7.9, status=bounced (host mx-eu.mail.am0.yahoodns.net[188.125.72.73] said: 550 5.7.9 This mail has been blocked because the sender is unauthenticated. Yahoo requires all senders to authenticate with either SPF or DKIM. Authentication results: DKIM = FAILURE - SPF ns.xxx.com with ip 51.91.xx.xx = FAILURE. See https://senders.yahooinc.com/smtp-error-codes/#authentication-failures for more information. (in reply to end of DATA command))
Oct  9 12:58:31 ns postfix/smtp[2520993]: 97B8A24A0192: to=<mixxxxx@yahoo.fr>, relay=mx-eu.mail.am0.yahoodns.net[188.125.72.73]:25, delay=0.53, delays=0.09/0.01/0.17/0.26, dsn=2.0.0, status=sent (250 ok dirdel)

I sent an email from an account using port 20000, and the email was sent successfully. It’s only through webmin that it’s not visibly sent.

The email was sent to the same Yahoo email address. Result headers:

Received-SPF: pass (domain of xxx.com designates 51.91.xx.xx as permitted sender)
Authentication-Results: atlas-canary-production.v2-mail-prod1-ir2.omega.yahoo.com;
 dkim=pass header.i=@xxx.com header.s=202311 arc_overridden_status=NOT_OVERRIDDEN;
 spf=pass smtp.mailfrom=xxxx.com arc_overridden_status=NOT_OVERRIDDEN;
 dmarc=unknown header.from=xxxx.com arc_overridden_status=NOT_OVERRIDDEN;

dimitrist · October 9, 2025, 2:37pm

mail is rejected because you’ve sent it unauthenticated. so, use some authenticated email user to send it..

Webmin → Webmin Configuration → Sending email.
add some Mail server with proper authentication to send.

Usermin (port 20000) emails are always authenticated since you login as email user to send them.
webmin by default sends directly from localhost (unauthenticated). not long ago, yahoo/gmail/outlook didn’t care about authentication.. but now, they reject unauthenticated messages.

Madrix · October 9, 2025, 4:52pm

Ah yes, I just tested sending a simulated email with the current configuration — I didn’t receive the email. Then I restored the same address by copying the default one, but I replaced “@ns.” with “@”, and after simulating an email send, it was successfully received.
Thank you. I’ll see tomorrow morning if it works after the scheduled backup.

Madrix · October 11, 2025, 12:27pm

@dimitrist It works, thanks!

system · October 19, 2025, 12:28pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.