Danjel Jungersen via Postfix-users:
>
> On 24-09-2024 20:28, Wietse Venema via Postfix-users wrote:
> > Danjel Jungersen via Postfix-users:
> >> On 23-09-2024 00:11, Gerald Galster via Postfix-users wrote:
> >>>> I'm sorry that I may have been a bit unclear of my issue.
> >>>> I'm not confused about receiving the report, but the content of it.
> >>>> And what to change in my config so that I do not see fail records
> >>>> regarding mail coming from my own server.
> >>>> I think I have got what I need from Wietse and are testing now.
> >>> In case it doesn't work as intended consider this:
> >>>
> >>> >From the aggregate report:
> >>> <envelope_from><></envelope_from>
> >>>
> >>> < and > are a way of encoding (XML)
> >>> - < / less than / <
> >>> - > / greater than / >
> >>>
> >>> In other words this evaluates to "<>", the null sender.
> >>>
> >>> For DMARC to succeed either DKIM verification or SPF
> >>> check must pass.
> >>>
> >>> The aggregate report tells you SPF failed. As the
> >>> envelope sender is the null sender there is no domain
> >>> that could be checked. In this case the HELO name will
> >>> be used as a fallback but as I wrote in my previous
> >>> email there is no SPF information for mail.jungersen.dk:
> >>>
> >>> $ host -t txt mail.jungersen.dk
> >>> mail.jungersen.dk has no TXT record
> >>>
> >>> Seehttps://datatracker.ietf.org/doc/html/rfc7208#section-10.1.2
> >> After Wietse's mail, I changed myorigin to jungersen.dk
> >>
> >> Will that give me a HELO as jungersen.dk or is that still
> >> mail.jungersen.dk?
> > See my earlier reply. I already explained the different impacts or
> > myorigin and myhostname on SPF, DKIM and so on.
>
> Sorry.
> All this is new to me.
> I re-read your mail, and I think that I understand that the answer is
> HELO = myhostname.
>
> Which is still mail.jungersen.dk, so I probably should take the advice
> to create an additional spf for mail.jungersen.dk and simply forget
> about the dkim signing of the bounces(?)
I think it is a good idea to have an SPF policy for the HELO/EHLO
hostname. DKIM signing would help when your delivery status
notifications are forwarded.
> Or is there a "better" way than the advised against
> "internal_mail_filter_classes" for the dkim part ?
>
> :-)
One just has to be careful. Each time a mail system generates a new
message in response to some other message, there is a possibility
of going into a loop where the last response triggers another
response. Worse, there is a risk of an explosion explosion when
one message becomes two messages (message multiplication).
Just don't generate new messages in the code path that signs DKIM
messages.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
