On 10/21/20 11:13 AM, Wietse Venema wrote:
If your XCLIENT arguments match Postfix logging, including the name
and IP address info
they do
and you used HELO or EHLO depending on Postfix's proto= logging
proto=ESMTP, so I used EHLO
then I think that the Postfix SMTP daemon cannot distinguish between a real
intuit.com connection and one made with XCLIENT.
useful to know.
so likely downstream, NOT xclient.
That leaves the possibility of
- Some Postfix configuration affects intuit.com mail but not other mail.
For example a false match with an inaccurate regular expression!
nothing intuit-specific, and also ripped out all regex matching to test.
same
- Copy and paste problem with message header or body content
double checked.
same
- Sender's DMARC etc. configuration problem
If so, online checks I've used aren't finding it.
I understand they're not necessarily exhaustive.
- Local DMARC etc. configuration problem
The DMARC logging shouod give an idea of what the problem is.
I still haven't managed to get opendmarc to cough up more than the reported
unhelpful one-liner in logs.
Which, in addition to the lack of maintenance of the software, makes me
increasingly suspicious.
I can do some debug with my own builds; see how far that gets me.
Two questions:
(1) my postfix config includes,
strict_rfc821_envelopes = yes
the FROM: & RCPT TO: addressed i inject, as well as those in the originally
sent mail, appear to be compliant.
is there _more_ that strict restriction that might be relevant?
(2) currently, the opendmarc milter here is launched as a 'simple'
non-forking/foreground systemd service
[Service]
Type=simple
ExecStart=/usr/sbin/opendmarc \
-f \
-c /etc/opendmarc/opendmarc.conf \
-u opendmarc
been that way for ages. and obviously works, generally.
checking newer implementations online, i've switched to a forking service,
[Service]
Type=forking
ExecStart=/usr/sbin/opendmarc \
-c /etc/opendmarc/opendmarc.conf \
-u opendmarc
Initially, I see no difference. At least not with the XCLIENT injection tests.
For milter use, in postfix, is there any preference/requirement for the milters
to exec in forked vs. un-forked mode?
