Reduce the risk of email rejection by making WordPress send emails via SMTP if DKIM is configured

Originally published on the Bytemark forum

I recently migrated yet another WordPress site from a Turnkey Linux install to join my others on Bytemark Symbiosis. As I’ve briefly mentioned elsewhere, this went without major problems.

I also decided to configure SPF and DKIM as part of my plan to finish migrating mail services over. However, I didn’t consider the fact that this has an impact on the deliverability of emails sent from WordPress and presumably other similar PHP-based web applications.

I’ve been using a catch-all forwarding rule and spotted a rejected email from Yahoo! Mail. The rejected email was a blog post that was shared by email using WordPress JetPack sharing. The rejection notice quoted 554 5.7.9: Message not accepted for policy reasons. The explanatory URL clarifies:

Your email failed one or more of the following industry-wide authentication checks that Yahoo uses to verify emails are truly sent from the domains they claim to originate from.

It goes on to briefly explain DKIM, SPF and DMARC (not currently implemented in Symbiosis).

Thankfully, this is a solvable problem – in fact, it’s not even really a problem, as Yahoo! Mail is just doing its job by checking for correct DKIM headers.

However, WordPress doesn’t make solving it obvious. Chad Butler has done a ton of investigation into WordPress’s email woes, pointing the finger at the wp_mail function – a “wrapper” for phpmailer. The solution is to force WordPress to use SMTP via phpmailer. Here are two suggested approaches:

  1. Edit your theme’s functions.php to include an extra code snippet that configures WordPress to use SMTP to send email.
  2. Use an extra plugin to bring this functionality to all themes and WordPress email functions. Chad recommends WP Mail SMTP which I’ve just deployed and tested briefly with WordPress 4.0.1 (this may useful for multi-site setups too).

With both approaches, there are some Symbiosis-specific things you should be aware of (I’ll use the standard Symbiosis examples here):

  • You need to create a mailbox first, if that isn’t obvious, e.g. blog.
  • The SMTP host is mail.my-brilliant-site.com (on default port 25).
  • The username must follow the example blog@my-brilliant-site.com. Obvious, perhaps, but I always forget this.
  • SMTP requires authentication.
  • I used TLS encryption successfully.

If you’ve tweaked your Symbiosis install to be non-standard, then you’ll have to reflect that here but otherwise it’s pretty much the same as setting up a mail client to send mail.

If you’re using the WP Mail SMTP plugin, then you can send a test email. I recommend trying to send it to a Gmail or Yahoo! Mail address. The result you’re looking for is bool(true) – in addition to the test email of course, which you can examine to ensure it includes the right DKIM-Signature header.

I hope this helps with any head-scratching you might have also been doing!

This SSL-secured server is now powered by Bytemark Symbiosis!

EDIT: This server is now SSL-secured, thanks again to Symbiosis and free SSL certificates from StartCom!

I’ve finally got my act together and migrated technicalfault.net’s WordPress installation to a Bytemark BigV server that’s running Symbiosis.

Ever since I started working at Bytemark, I’ve hosted this blog on BigV, but I used the convenience of Turnkey Linux to rapidly create a working WordPress installation.

But many of the things that Turnkey took care of for me were easily available on Symbiosis, with the added convenience of it being fully documented to help with the occasional fumbles. My Symbiosis server now happily manages a few different website installations on just one box and setup for email is taken care of automatically.

So too are backups, pretty much. Following my colleague Nathan’s blog post, I finally have a backup approach, though I am missing an offsite component. But since Symbiosis is free/libre open source software, I can even install it on my home server and use it to manage backups. One of Bytemark’s clients has even done a write-up for this use case.

Moving away from Turnkey has also meant I can stop using Webmin and offering a remote web shell. Both of these things were convenient when I was newer to administering a server, but now I personally see them as unnecessary when Symbiosis handles most tasks. I also use SSH without passwords. That said, it was definitely a convenient way to get going quickly and I have another WordPress installation using it that doesn’t need to move anytime soon.

I’m glad that I’ve finally moved across and I’ll be documenting it fully in due course. But for now, it’s safe to say that the migration was surprisingly easy as I was able to copy my entire blog between servers and import the database straight into MySQL. A bit of fiddling with wp-config.php, resetting permissions and I had a working installation.

To conclude, I’ll quote my former colleague Steve: Symbiosis is wonderful. For me, it’s unlocked the power of Linux to achieve complex tasks with just a few terminal commands. I look forward to talking more about it with the wider web community at MozFest later this month.