SPF still fails; Was: Echange virtual and local domain

2021-07-04 Thread Markus Grunwald 

Hello!

A god while ago, I asked for help about how to switch a 
virtual with a local domain:



Dnia 21.03.2021 o godz. 15:44:06 Markus Grunwald pisze:
So I'd like to have maennerchor-kirchseeon.de as local domain 
and

the-grue.de as virtual domain.

It's not so simple.


Thanks to your help, that seems to have worked now. Unfortunately, 
my ultimate goal was to be able to use mailman for a mailinglist 
on on maennerchor-kirchseeon.de with no failures in spam checks, 
and that still fails. I added p...@tools.mxtoolbox.com as the only 
(other) member of the mailing list and this is the result:


https://mxtoolbox.com/deliverability/c9eb0691-c378-4958-9276-e3db255c2bb1

Some details from there:

Email Deliverability:
Testing 'the-grue.de' against '95.129.55.232'


That has to fail somehow. 95.129.55.232 is 
maennerchor-kirchseeon.de, not the-grue.de (which now is a virtual 
domain).


The spf rule that it checks is:


v=spf1 a mx ip4:95.129.55.232  -all


And the error:

SPF Alignment:  Domain not found in SPF


And besides that: DKIM is checked against the-grue.de, as well 
(and passes...).


As a rookie, I am completely lost now and hope for your help. I'll 
repeat what it is that I would like to have:


- Serve E-Mail for the three domains the-grue.de (95.129.55.226), 
 maennerchor-kirchseeon.de (95.129.55.232) and 
 goldschmiede-grunwald.de (95.129.55.223) on the same host, 
 without being classified as spam. This alone seems to work 
 pretty well, currently.


- Have a Mailinglist for maennerchor-kirchseeon.de, where the 
 mails don't end up in the spam folder. This doesn't work :(


This is the mail that I sent to p...@tools.mxtoolbox.com via the 
mailing list:



From ankuendigungen-boun...@maennerchor-kirchseeon.de  Sun Jul  4 

12:05:20 2021
Return-Path: 
X-Original-To: p...@tools.mxtoolbox.com
Delivered-To: to...@tools.mxtoolbox.com
Received: from mail.maennerchor-kirchseeon.de 
(mail.maennerchor-kirchseeon.de [95.129.55.232])

by tools.mxtoolbox.com (Postfix) with ESMTP id 5309EB5F29
	for ; Sun,  4 Jul 2021 12:05:19 
	+ (UTC)

Received: from www.the-grue.de (localhost [127.0.0.1])
by localhost (Postfix) with ESMTP id 5FD1810C900
	for ; Sun,  4 Jul 2021 14:05:18 
	+0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; 
d=the-grue.de; s=mail;

t=1625400318; bh=sKJQ8NRQcxD+9meMhDkHLz3pjfXzf5nCXSH5vmYoSRs=;
h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
 List-Post:List-Help:List-Subscribe:From;
b=NWfdYLlDkz7LwN8e+qO5TYbGe8UeZDf1QkjrxHN5s7kGULTH8TqZJOA4iHJH1RnIy
 05KbuaPgzXp5REir7swcj0WzJqux7zeO++XzVwkKUwu9OIX43j2qPugj1bzUHi215Q
 rB2v43CxycNYwpQEUgviCImsw2YCBk9BqmDIdDDXlNFgt/7w2a86YYrCWhV1COoA0/
 YXQ8mJF5+MUhahhi1F9Pc1ym9rqS2sAGHiyz0utjLYKu7lXVmMb+xsMFZDTPLhfmHg
 ZSICUH/Dv96h9ZXOuJSeZ6rqEKdsPYb/PKIkaSVMoehJ/Ajfuoi+W++Od6anpP4caT
 eD5nEAMHUPbuw==
X-Original-To: ankuendigun...@maennerchor-kirchseeon.de
Delivered-To: ankuendigun...@maennerchor-kirchseeon.de
Received: from bob.the-grue.de 
(ip5f5bec03.dynamic.kabel-deutschland.de

[95.91.236.3])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 
bits))

(No client certificate requested)
by mail.the-grue.de (Postfix) with ESMTPSA id 521AD10C900
for ;
Sun,  4 Jul 2021 14:05:16 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; 
d=the-grue.de; s=mail;

t=1625400316; bh=7QtoSz6ME+JAEKgvNimieipS/MBONrF5kpHLFomvyO4=;
h=From:To:Subject:Date:From;
b=aojwnm15a/8246K5Rvc7ODCyTAfTysHESVvWF/H+/ELlP/UYCOMbC7igC1DUdBoTt
FyLaiXhXkdSMvijda4a2M6pok39ddxv1fFiiwE+4MP7cFMQWOUL8XN/TpSoMxzapqv
IVAJNUGTc/yoq2B2FzCJNPjb4NVwKAHeBJTWP9PmCi+Y8d6Ju6LetPTxEJlwa+/u//
YETHODSq3/8v1B9PL3bLt1NeZl1UjVOtgBUc1w4tRU06TlovAjnDc7Eogga6zkbp/U
4SJPNtSyNTy1OB41nr0Fr9INKvUmp76J1SujRTEmodzyV4XhNu7ME4S8JNpClk1NlD
L8dzLlQbb45dQ==
User-agent: mu4e 1.4.15; emacs 27.1
From: Markus Grunwald 
To: ankuendigun...@maennerchor-kirchseeon.de
Message-ID: <87h7hauvwk@bob.galaxy.home>
MIME-Version: 1.0
Subject: =?utf-8?b?W0Fua8O8bmRpZ3VuZ2VuXSA=?= Test 02
X-BeenThere: ankuendigun...@maennerchor-kirchseeon.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: =?iso-8859-1?q?Ank=FCndigungen?=

List-Unsubscribe: 
,


List-Archive: 


List-Post: 
List-Help: 

List-Subscribe: 
,

Re: "Authentication-Results" header order

2021-07-04 Thread Juri Haberland 
On 03/07/2021 13:29, Markus E. wrote:

> By the way, I like the way Google merges the headers into one, like:
> 
> Authentication-Results: mx.google.com;
>  dkim=pass header.i=@example.net header.s=example header.b=lXmpAXoJ;
>  spf=pass (google.com: domain of u...@example.net designates X.X.X.X as 
> permitted sender) smtp.mailfrom=u...@example.net;
>  dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.net

Then have a look at CombineAR: https://gitlab.com/RunasSudo/combineAR


  Juri

Re: "Authentication-Results" header order

2021-07-04 Thread PGNet Dev 

On 7/4/21 4:10 PM, Juri Haberland wrote:

On 03/07/2021 13:29, Markus E. wrote:


By the way, I like the way Google merges the headers into one, like:


an additional option is:

https://github.com/fastmail/authentication_milter

very config'able, a typical header appears as:

Authentication-Results: auth-milter.example.com;
arc=none (no signatures found);
dkim=pass (1024-bit rsa key sha256) header.d=example.net
  header.i=@example.net header.b=l1y+dUDe header.a=rsa-sha256
  header.s=may2015;
dmarc=pass policy.published-domain-policy=none
  policy.applied-disposition=none policy.evaluated-disposition=none
  (p=none,d=none,d.eval=none) policy.policy-from=p
  header.from=example.net;
iprev=pass smtp.remote-ip=yyy.yyy.yyy.yyy (subd.example.net);
spf=pass
  smtp.mailfrom=
  "bounces+213868-70ac-p.t=example@sg.example.net"
  smtp.helo=subd.example.net;
x-ptr=pass smtp.helo=subd.example.net policy.ptr=subd.example.net;
x-return-mx=pass header.domain=example.net policy.is_org=yes
  (MX Records found: mx0a-xxx.pphosted.com,mx0b-xxx.pphosted.com);
x-return-mx=warn smtp.domain=sg.example.net
  policy.org_domain=example.net policy.is_org=no
  (A Records found: xxx.xxx.xxx.xxx);
x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_CHACHA20_POLY1305_SHA256
  smtp.bits=256/256


it's a trivial install with cpan ... and plays nicely with postfix.