Hi Gerald.
I'm sorry that I may have been a bit unclear of my issue.
I'm not confused about receiving the report, but the content of it.
And what to change in my config so that I do not see fail records
regarding mail coming from my own server.
I think I have got what I need from Wietse and are testing now.
Thank you for your time!
:-)
Danjel
PS: Sorry to Wietse for replying directly to you, my K-9 is doing that I
cannot find out how to change it and often forget to manually correct it.
On 21-09-2024 21:59, Gerald Galster via Postfix-users wrote:
My server is still rather new, so I have a not so tight policy set up.
And I ask for reports at the dmarc record.
You have set the following dmarc record:
$ host -t txt _dmarc.jungersen.dk
_dmarc.jungersen.dk descriptive text "v=DMARC1; p=none; pct=100;
rua=mailto:postmas...@jungersen.dk";
For an explanation see:
https://en.wikipedia.org/wiki/DMARC#DNS_record
Especially "rua=" sets the email address where aggregate
reports are sent to. That means if e.g. GMail cannot
verify an incoming email from jungersen.dk it will send
a report so that you know there is a problem.
postconf -n
Postfix does not know about dkim or spf.
Therefore all that matters is your rspamd milter:
non_smtpd_milters = inet:127.0.0.1:11332
smtpd_milters = inet:127.0.0.1:11332
Rspamd is able to sign and check dkim/spf.
I see 3 things that worry me about this record:
*****
<record>
<row>
<source_ip>212.27.12.12</source_ip>
<count>2</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
[...]
I suspect that it is NOT a normal e-mail, but some sort of automatic error /
information sent back to the sender.
This is a report of the kind mentioned above.
It tells you that your email could not be verified
by dkim (fail) or spf (fail).
Dkim might fail because it is not signed at all,
the signature might be wrong, the public key is not
available via dns and so on.
<auth_results>
<spf>
<domain>mail.jungersen.dk</domain>
<scope>helo</scope>
<result>none</result>
</spf>
</auth_results>
$ host -t txt jungersen.dk
jungersen.dk descriptive text "v=spf1 mx:jungersen.dk ip4:89.22.119.90 -all"
BUT this report assumes the domain is mail.jungersen.dk,
which provides no such information:
$ host -t txt mail.jungersen.dk
mail.jungersen.dk has no TXT record
1)
The reason for my suspicion is that I do not send e-mail from "mail.jungersen.dk" only
"jungersen.dk"
So where do I change that, without breaking anything.
I still want my server to be called "mail.jungersen.dk" so that rDNS will be
compliant.
I have searched online, but am still confused about what to change.
You could publish a spf record for mail.jungersen.dk
and dkim sign emails sent by @mail.jungersen.dk.
Unless explicitly configured, dmarc is valid for a domain
including subdomains whereas spf needs an entry for every
subdomain.
Best regards,
Gerald
_______________________________________________
Postfix-users mailing list --postfix-users@postfix.org
To unsubscribe send an email topostfix-users-le...@postfix.org
--
Med venlig hilsen
Danjel Jungersen
Jungersen Grafisk ApS
www.jungersen.dk <https://www.jungersen.dk>
Holsbjergvej 39
2620 Albertslund
Tel: 43 64 10 00
Mobil: 20 42 20 11
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
