SPF still fails; Was: Echange virtual and local domain

Sun, 04 Jul 2021 05:38:23 -0700 

Hello!
A goooood while ago, I asked for help about how to switch a virtual with a local domain: 


Dnia 21.03.2021 o godz. 15:44:06 Markus Grunwald pisze:

So I'd like to have maennerchor-kirchseeon.de as local domain 
and

the-grue.de as virtual domain.

It's not so simple.



Thanks to your help, that seems to have worked now. Unfortunately, 
my ultimate goal was to be able to use mailman for a mailinglist 
on on maennerchor-kirchseeon.de with no failures in spam checks, 
and that still fails. I added p...@tools.mxtoolbox.com as the only 
(other) member of the mailing list and this is the result:


https://mxtoolbox.com/deliverability/c9eb0691-c378-4958-9276-e3db255c2bb1

Some details from there:
--------------------
Email Deliverability:
Testing 'the-grue.de' against '95.129.55.232'
--------------------


That has to fail somehow. 95.129.55.232 is 
maennerchor-kirchseeon.de, not the-grue.de (which now is a virtual 
domain).


The spf rule that it checks is:

--------------------
v=spf1 a mx ip4:95.129.55.232  -all
--------------------

And the error:
--------------------
SPF Alignment:  Domain not found in SPF
--------------------


And besides that: DKIM is checked against the-grue.de, as well 
(and passes...).



As a rookie, I am completely lost now and hope for your help. I'll 
repeat what it is that I would like to have:



- Serve E-Mail for the three domains the-grue.de (95.129.55.226), 
 maennerchor-kirchseeon.de (95.129.55.232) and 
 goldschmiede-grunwald.de (95.129.55.223) on the same host, 
 without being classified as spam. This alone seems to work 
 pretty well, currently.



- Have a Mailinglist for maennerchor-kirchseeon.de, where the 
 mails don't end up in the spam folder. This doesn't work :(



This is the mail that I sent to p...@tools.mxtoolbox.com via the 
mailing list:


================================================================================

From ankuendigungen-boun...@maennerchor-kirchseeon.de  Sun Jul  4 

12:05:20 2021
Return-Path: <ankuendigungen-boun...@maennerchor-kirchseeon.de>
X-Original-To: p...@tools.mxtoolbox.com
Delivered-To: to...@tools.mxtoolbox.com

Received: from mail.maennerchor-kirchseeon.de 
(mail.maennerchor-kirchseeon.de [95.129.55.232])

        by tools.mxtoolbox.com (Postfix) with ESMTP id 5309EB5F29

	for <p...@tools.mxtoolbox.com>; Sun,  4 Jul 2021 12:05:19 
	+0000 (UTC)

Received: from www.the-grue.de (localhost [127.0.0.1])
        by localhost (Postfix) with ESMTP id 5FD1810C900

	for <p...@tools.mxtoolbox.com>; Sun,  4 Jul 2021 14:05:18 
	+0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; 
d=the-grue.de; s=mail;

        t=1625400318; bh=sKJQ8NRQcxD+9meMhDkHLz3pjfXzf5nCXSH5vmYoSRs=;
        h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
         List-Post:List-Help:List-Subscribe:From;
        b=NWfdYLlDkz7LwN8e+qO5TYbGe8UeZDf1QkjrxHN5s7kGULTH8TqZJOA4iHJH1RnIy
         05KbuaPgzXp5REir7swcj0WzJqux7zeO++XzVwkKUwu9OIX43j2qPugj1bzUHi215Q
         rB2v43CxycNYwpQEUgviCImsw2YCBk9BqmDIdDDXlNFgt/7w2a86YYrCWhV1COoA0/
         YXQ8mJF5+MUhahhi1F9Pc1ym9rqS2sAGHiyz0utjLYKu7lXVmMb+xsMFZDTPLhfmHg
         ZSICUH/Dv96h9ZXOuJSeZ6rqEKdsPYb/PKIkaSVMoehJ/Ajfuoi+W++Od6anpP4caT
         eD5nEAMHUPbuw==
X-Original-To: ankuendigun...@maennerchor-kirchseeon.de
Delivered-To: ankuendigun...@maennerchor-kirchseeon.de

Received: from bob.the-grue.de 
(ip5f5bec03.dynamic.kabel-deutschland.de

[95.91.236.3])

(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 
bits))

(No client certificate requested)
by mail.the-grue.de (Postfix) with ESMTPSA id 521AD10C900
for <ankuendigun...@maennerchor-kirchseeon.de>;
Sun,  4 Jul 2021 14:05:16 +0200 (CEST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; 
d=the-grue.de; s=mail;

t=1625400316; bh=7QtoSz6ME+JAEKgvNimieipS/MBONrF5kpHLFomvyO4=;
h=From:To:Subject:Date:From;
b=aojwnm15a/8246K5Rvc7ODCyTAfTysHESVvWF/H+/ELlP/UYCOMbC7igC1DUdBoTt
FyLaiXhXkdSMvijda4a2M6pok39ddxv1fFiiwE+4MP7cFMQWOUL8XN/TpSoMxzapqv
IVAJNUGTc/yoq2B2FzCJNPjb4NVwKAHeBJTWP9PmCi+Y8d6Ju6LetPTxEJlwa+/u//
YETHODSq3/8v1B9PL3bLt1NeZl1UjVOtgBUc1w4tRU06TlovAjnDc7Eogga6zkbp/U
4SJPNtSyNTy1OB41nr0Fr9INKvUmp76J1SujRTEmodzyV4XhNu7ME4S8JNpClk1NlD
L8dzLlQbb45dQ==
User-agent: mu4e 1.4.15; emacs 27.1
From: Markus Grunwald <mar...@the-grue.de>
To: ankuendigun...@maennerchor-kirchseeon.de
Message-ID: <87h7hauvwk....@bob.galaxy.home>
MIME-Version: 1.0
Subject: =?utf-8?b?W0Fua8O8bmRpZ3VuZ2VuXSA=?= Test 02
X-BeenThere: ankuendigun...@maennerchor-kirchseeon.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: =?iso-8859-1?q?Ank=FCndigungen?=
<ankuendigungen.maennerchor-kirchseeon.de>

List-Unsubscribe: 
<https://maennerchor-kirchseeon.de/cgi-bin/mailman/options/ankuendigungen>,

<mailto:ankuendigungen-requ...@maennerchor-kirchseeon.de?subject=unsubscribe>

List-Archive: 
<https://maennerchor-kirchseeon.de/cgi-bin/mailman/private/ankuendigungen/>

List-Post: <mailto:ankuendigun...@maennerchor-kirchseeon.de>

List-Help: 
<mailto:ankuendigungen-requ...@maennerchor-kirchseeon.de?subject=help>
List-Subscribe: 
<https://maennerchor-kirchseeon.de/cgi-bin/mailman/listinfo/ankuendigungen>,

<mailto:ankuendigungen-requ...@maennerchor-kirchseeon.de?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: ankuendigungen-boun...@maennerchor-kirchseeon.de

Sender: "Ankuendigungen" 
<ankuendigungen-boun...@maennerchor-kirchseeon.de>



Noch ein Test...

--
Markus Grunwald
https://www.the-grue.de/~markus/markus_grunwald.gpg
--
Ankuendigungen mailing list
ankuendigun...@maennerchor-kirchseeon.de
https://maennerchor-kirchseeon.de/cgi-bin/mailman/listinfo/ankuendigungen

================================================================================


This is my current configuration with maennerchor-kirchseeon.de 
(hopefully) being the local domain:


================================================================================
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
default_transport = smtp
dovecot-sa_destination_recipient_limit = 1
dovecot_destination_recipient_limit = 1
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 51200000
mailbox_transport = dovecot-sa
message_size_limit = 20480000
milter_default_action = accept
milter_protocol = 2
mydestination = localhost, $mydomain
mydomain = maennerchor-kirchseeon.de
myhostname = maennerchor-kirchseeon.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = maennerchor-kirchseeon.de
non_smtpd_milters = unix:/run/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relay_transport = smtp
relayhost =

sender_dependent_default_transport_maps = 
hash:/etc/postfix/sender_transport
smtp_tls_session_cache_database = 
btree:${data_directory}/smtp_scache

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

smtpd_client_restrictions = check_sender_access 
hash:/etc/postfix/sender_access, permit_mynetworks, 
permit_sasl_authenticated, reject_invalid_hostname, 
reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org

smtpd_milters = unix:/run/opendkim/opendkim.sock
smtpd_recipient_limit = 250

smtpd_recipient_restrictions = check_sender_access 
hash:/etc/postfix/sender_access, permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot

smtpd_sender_restrictions = permit_mynetworks, 
reject_unknown_address, reject_unknown_sender_domain, 
reject_non_fqdn_sender

smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_security_level = may

smtpd_tls_session_cache_database = 
btree:${data_directory}/smtpd_scache

smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

virtual_alias_maps = hash:/etc/postfix/virtual_alias, 
hash:/var/lib/mailman/data/virtual-mailman

virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot-sa
virtual_uid_maps = static:5000
================================================================================

================================================================================
# cat virtual_domains
the-grue.de
goldschmiede-grunwald.de
================================================================================

================================================================================
# cat /etc/mailname
maennerchor-kirchseeon.de
================================================================================


I'll share whatever other config you need, but nothing else has 
changed since my original post.



I'd be so happy if you could help me with this problem. Maybe, 
since all the domains do have their own IP, it would be easier to 
have three instances of postfix, each bound to only one IP?


Hope to hear from you

--
Markus Grunwald
https://www.the-grue.de/~markus/markus_grunwald.gpg






















					Reply via email to