Hello,
I'm looked in every corner of the internet for a solution to this
seemingly simple problem I'm having.
Last week, I started signing mail with opendkim, and hope to have DMARC
fully implemented for all of my domains.
I host dozens of domains, and send all of their mail through a single
outward-facing postfix server (we'll call it mymailserver.com).
At this point, everything works with DKIM, but DMARC fails because
Postfix's "MAIL FROM" envelope does not match the domain name from the
numerous hosted domains. I believe "MAIL FROM" uses the $mydomain, which
in this case is "mymailserver.com".
The DMARC reports come back with:
<record>
<row>
<source_ip>11.22.33.44</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>somedomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>somedomain.com</domain>
<result>pass</result>
</dkim>
<spf>
<domain>mymailserver.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
As you can see, although DKIM and SPF pass individually, the DMARC
policy still marks SPF as "fail" simply because the 5322.From is
"somedomain.com" and 5321.MailFrom is "mymailserver.com".
Is there a simple directive to give Postfix so that it always passes
"MAIL FROM" matching the "From" for trusted hosts?
Thanks a million,
--Pat
