Re: Conditional milter_header_checks?

Thu, 15 Jul 2021 05:42:54 -0700 

post...@ptld.com:

After hearing all sides, i decided to try using policy settings recommended by 
Viktor. Since then I've had two emails from this list rejected by DMARC which 
now confuses me. The email didn't fail SPF or DKIM.


postfix/smtpd[226953]: connect from camomile.cloud9.net[168.100.1.3]
policyd-spf[226970]: prepend Received-SPF: None (mailfrom) identity=mailfrom; 
client-ip=168.100.1.3; helo=camomile.cloud9.net; 
envelope-from=owner-postfix-us...@postfix.org; receiver=<UNKNOWN>
postfix/smtpd[226953]: 4GQLM7378Wz4l3hN: client=camomile.cloud9.net[168.100.1.3]
postfix/cleanup[226977]: 4GQLM7378Wz4l3hN: info: header Subject: Re: Conditional 
milter_header_checks? from camomile.cloud9.net[168.100.1.3]; 
from=<owner-postfix-us...@postfix.org> to=<post...@ptld.com> proto=ESMTP 
helo=<camomile.cloud9.net>
postfix/cleanup[226977]: 4GQLM7378Wz4l3hN: 
message-id=<20210715040216.ga27...@raf.org>
opendkim[221168]: 4GQLM7378Wz4l3hN: camomile.cloud9.net [168.100.1.3] not 
internal
opendkim[221168]: 4GQLM7378Wz4l3hN: not authenticated
opendkim[221168]: 4GQLM7378Wz4l3hN: no signature data
opendmarc[221165]: 4GQLM7378Wz4l3hN: raf.org fail
postfix/cleanup[226977]: 4GQLM7378Wz4l3hN: milter-reject: END-OF-MESSAGE from 
camomile.cloud9.net[168.100.1.3]: 5.7.1 rejected by DMARC policy for raf.org; 
from=<owner-postfix-us...@postfix.org> to=<post...@ptld.com> proto=ESMTP 
helo=<camomile.cloud9.net>
postfix/smtpd[226953]: disconnect from camomile.cloud9.net[168.100.1.3] ehlo=2 
starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7


Was SPF looking up records for raf.org or for cloud9.net? I see both of those domains 
have published SPF records so why was SPF "None"?
Why did DMARC reject this even though it didn't fail either check?


The header ‘From:’ domain is raf.org.

SPF: The MAIL FROM domain is postfix.org with SPF result ‘none’, but
this is irrelevant since the domain doesn’t align with raf.org.

DKIM: There is no DKIM signature.

DMARC: fails because there is no positive result for either SPF or DKIM.

This is basic stuff, I recommend reading an intro to DMARC.

Reply via email to