On 27 December 2017 at 13:31, Selcuk Yazar <selcuk.ya...@gmail.com> wrote: > Hi, > > We have Postfix 2.6.6 on Redhat. I installed open-spf , open-dmarc , and > dkim. I think everything is fine, but we have e-mail spoofing :( > > how can i correct this ? > > thanks in advance > > Received-SPF: pass (spf2.spf.guru: Sender is authorized to use > 'bounces+3150432-2a15-user=dom...@spf2.spf.guru' in 'mfrom' identity > (mechanism 'include:sendgrid.net' matched)) receiver=domain; > identity=mailfrom; > envelope-from="bounces+3150432-2a15-user=dom...@spf2.spf.guru"; > helo=o1.7nf.fshared.sendgrid.net; client-ip=167.89.55.67 > DMARC-Filter: OpenDMARC Filter v1.3.2 mail.domain 261CB7BB9CD > Received: from o1.7nf.fshared.sendgrid.net (o1.7nf.fshared.sendgrid.net > [167.89.55.67]) > (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) > (No client certificate requested) > by domain (Postfix) with ESMTPS id 261CB7BB9CD > for <user@domain>; Wed, 27 Dec 2017 16:16:31 +0300 (+03) > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=spf.guru; > h=subject:from:to:mime-version:content-type; s=s1; > bh=G4EhwYTkXUk041GBBhrYcd5Q5Vw=; b=Lq29h//IIcNVD8yK8GtjU6Cg2U9Tf > DE8dC6/iuLLnFZdOmaqTYWsiVk1Z+k+EVAlz1CVXVashDtbDtiBHsNWJRnoKAgTd > ETeeoHGxlbisFwGbinLbKFXrTow1CRPkBujdIWgTgL2d2ok5MRzfo0UdAuMO1xlM > z8AIf6VCo8EnOs= > Received: by filter0025p3mdw1.sendgrid.net with SMTP id > filter0025p3mdw1-23352-5A439D2C-6 > 2017-12-27 13:16:28.133251847 +0000 UTC > Received: from spf.guru (192.239.195.35.bc.googleusercontent.com > [35.195.239.192]) > by ismtpd0006p1lon1.sendgrid.net (SG) with ESMTP id Zh96E147TxWVqAnTFGlWbA > for <user@domain>; Wed, 27 Dec 2017 13:16:27.975 +0000 (UTC) > Message-ID: <abe484310927f41aa49b84a2eb41f...@spf.guru> > Date: Wed, 27 Dec 2017 13:16:28 +0000 (UTC) > Subject: my emails > From: po...@whatsapp.com
This question might be better directed to the opendmarc mailing list - http://www.trusteddomain.org/mailman/listinfo/opendmarc-users. I guess opendmarc and/or opendkim is not configured correctly. Since the internal 'From:' is @whatsapp.com I would expect opendmarc to have rejected the email. Check in /etc/opendmarc.conf for: RejectFailures true Without this opendmarc runs in 'test' mode and won't reject anything. I am also puzzled not to see any header from opendkim, this is required by opendmarc (which cannot perform its own dkim checks). So check if opendkim is working correctly, it should be heading a header to emails before they are passed to opendmarc. The AuthServID used by opendkim in this header should set in /etc/opendmarc.conf at 'TrustedAuthServIDs' so that this header info (and not any other dkim headers) can be trusted by opendmarc. BTW, since you have openDMARC 1.3.2 I suggest you use in /etc/opendmarc.conf: SPFIgnoreResults True SPFSelfValidate True This would mean you no longer have to worry about (and can remove from your setup) the separate spf checking - openDMARC will do its own (which was unreliable in earlier versions).
