[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

| |this is still not a job for dkim to reject, if you want to reject its |better done in dmarc This hopefully changes with the iteration of DKIM. I am still hoping for the better a bit, and that would mean that DMARC, ARC and that Google darn= thing get iterated out. SPF may not. Dependen

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

Dnia 10.03.2025 o godz. 10:02:50 Petko Manolov via Postfix-users pisze: > For example, if all checks fail at the same time - spf, dkim and dmarc (in an > AND logic relation), there's a good chance that this is spam. You are still mistaken with regard to what these checks do. Most a

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

Hellow Petko, Petko Manolov via Postfix-users writes: > (...) > For example, if all checks fail at the same time - spf, dkim and dmarc (in an > AND logic relation), there's a good chance that this is spam. > How about this? It is very weird screenshot: https://gitlab.com/so

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

> On 10. 3. 2025., at 09:02, Petko Manolov wrote: > > I was thinking about something similar. However, this filtering rule would > reject all mail that comes from postfix.org mailing > lists, which isn't an > option. Maybe this one combined with another rule, but i need

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

s fail at the same time - spf, dkim and dmarc (in an AND logic relation), there's a good chance that this is spam. > milter_header_checks (default: empty) > Optional lookup tables for content inspection of message headers that are > produced by Milter applications. See the header_chec

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

> On 6. 3. 2025., at 09:28, Petko Manolov via Postfix-users > wrote: > > The goal was to have my dmarc config as tight as possible. Namely: > > SPFSelfValidate true > SPFIgnoreResults true > RejectFailures true > > Quoting dmarc documentation re the latter: " If set, messages will be > rej

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 25-03-09 09:42:46, Jaroslaw Rafa via Postfix-users wrote: > Dnia 9.03.2025 o godz. 09:23:48 Petko Manolov via Postfix-users pisze: > > Well, one very important property of authenticity is trust. > > > > If a message falsely claim it originates from certain domain and then DKIM > > fail, i very

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

Dnia 9.03.2025 o godz. 09:23:48 Petko Manolov via Postfix-users pisze: > Well, one very important property of authenticity is trust. > > If a message falsely claim it originates from certain domain and then DKIM > fail, > i very much don't want to receive, let alone read, this message. Right?

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

this message. > > Right? > > this is still not a job for dkim to reject, if you want to reject its better > done in dmarc Yeah, this is where i'm doing it. > where your dmarc only trust results from your dkim pass or fail results > > its safe to reject on spf results, b

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

etter done in dmarc where your dmarc only trust results from your dkim pass or fail results its safe to reject on spf results, but not on dkim, since so many maillist breaks dkim sadly Again, i'm not pointing a finger here, just want to know what i can expect from those two milters and

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

Dnia 9.03.2025 o godz. 08:50:17 Petko Manolov via Postfix-users pisze: > Well, i maybe seeing only in black and white, but if somebody is careless > enough > to not set SPF and DKIM, they pretty much asked for it. These mechanisms are > in > place to help fighting spam, afte

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

is careless enough to not set SPF > > and DKIM, they pretty much asked for it. These mechanisms are in place to > > help fighting spam, after all. So yeah, i hear what you say and it looks > > that i'll have to adapt my anti-spam strategy based on the feedback i get > >

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On Sun, Mar 09, 2025 at 08:50:17AM +0200, Petko Manolov via Postfix-users wrote: > On 25-03-08 13:05:42, Peter via Postfix-users wrote: > Well, i maybe seeing only in black and white, but if somebody is careless > enough > to not set SPF and DKIM, they pretty much asked for it. Thes

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 25-03-08 13:05:42, Peter via Postfix-users wrote: > > I would not recommend dropping messages that are missing SPF or DKIM, you will > end up dropping a lot fo legitimate mail if you do this. If you want a better > idea might be to have it affect the SPAM score in a system such

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

original message because it was rejected. This explains why the SPF result mentions the HELO domain but not the envelope sender domain (because the latter was the null sender and thus did not have a domain). I was hoping that i've configured the milters in a way that failing spf or dkim

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 7/3/25 04:28, Petko Manolov via Postfix-users wrote: Thanks for the detailed explanation, Bill. I ended up registering with spamhaus.org and followed their guide here: https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/MTAs/020-Postfix.html However, i'm considering postscree

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 2025-03-06 at 04:56:03 UTC-0500 (Thu, 6 Mar 2025 10:56:03 +0100) Petko Manolov via Postfix-users is rumored to have said: On 25-03-06 10:38:54, Danjel Jungersen via Postfix-users wrote: On 06-03-2025 09:28, Petko Manolov via Postfix-users wrote: Hmm, zen.spamhaus.org doesn't resolve anymore

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

te: > > > On 2025-03-05 at 11:43:07 UTC-0500 (Wed, 5 Mar 2025 18:43:07 +0200) > > > Petko Manolov via Postfix-users > > > is rumored to have said: > > > > > > > I thought spf, dkim and dmarc checks (at least one of them, if > > > > no

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 25-03-06 18:02:13, Matus UHLAR - fantomas via Postfix-users wrote: > On 06.03.25 09:28, Petko Manolov via Postfix-users wrote: > > The goal was to have my dmarc config as tight as possible. Namely: > > > > SPFSelfValidate true > > SPFIgnoreResults true > > RejectFailures true > > > > Quoting

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

to have said: I thought spf, dkim and dmarc checks (at least one of them, if not all) will stop the message, but this didn't happen. That's a matter of how you configure your system, specifically OpenDMARC. Postfix asks OpenDMARC to decide what to do. I'm unsure if OpenDMAR

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 25-03-06 10:38:54, Danjel Jungersen via Postfix-users wrote: > On 06-03-2025 09:28, Petko Manolov via Postfix-users wrote: > > Hmm, zen.spamhaus.org doesn't resolve anymore. I wonder what would be the > > correct/contemporary version of: > > > > reject_rbl_client zen.spamhaus.org=127.0.0.[

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 06-03-2025 09:28, Petko Manolov via Postfix-users wrote: Hmm, zen.spamhaus.org doesn't resolve anymore. I wonder what would be the correct/contemporary version of: reject_rbl_client zen.spamhaus.org=127.0.0.[2..11] Mine also stopped working some time ago, resolved by setting up my ow

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 06-03-2025 09:29, Petko Manolov via Postfix-users wrote: On 25-03-06 07:45:35, Danjel Jungersen via Postfix-users wrote: On 05-03-2025 21:23, Bill Cole via Postfix-users wrote: You can use the Spamhaus DNSBLs for free if your query volume is low and your DNS resolver isn't public. DROP is al

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 25-03-06 07:45:35, Danjel Jungersen via Postfix-users wrote: > On 05-03-2025 21:23, Bill Cole via Postfix-users wrote: > > You can use the Spamhaus DNSBLs for free if your query volume is low and > > your DNS resolver isn't public. DROP is also available free as a JSON file > > which gets change

[pfx] Re: dmarc, dkim & spf failed but that message was delivered anyway

On 05-03-2025 21:23, Bill Cole via Postfix-users wrote: You can use the Spamhaus DNSBLs for free if your query volume is low and your DNS resolver isn't public. DROP is also available free as a JSON file which gets changes every few days. As of this morning it had just 1359 entries, so your sp

[pfx] Using owner-aliases to avoid SPF failure.

s have DKIM signatures, it works reasonably well since the > signatures > stay valid. But if they don't, mail systems like Gmail reject them becahse > there > is no DKIM and SPF fails. So I would like to change the bounce address on > those > messages to something here li

[pfx] Re: timeout after BDAT and SPF?

Viktor Dukhovni via Postfix-users: > I rather expect the problem was at the TCP layer, perhaps a bug > similar to: > > https://bugzilla.redhat.com/show_bug.cgi?id=191336 > > https://engineering.skroutz.gr/blog/uncovering-a-24-year-old-bug-in-the-linux-kernel/ > ... A session hang/dro

[pfx] Re: timeout after BDAT and SPF?

On Fri, Aug 30, 2024 at 03:49:33PM -0400, Wietse Venema via Postfix-users wrote: > BDAT is different than other SMTP commands: the client sends a byte > count for the amount of data that follows the command, and Postfix > will not reply until it has received the number of bytes in the > BDAT comma

[pfx] Re: timeout after BDAT and SPF?

t and before decryption in the SMTP server (TLS has stronger integrity guarantees than TCP checksums). It could however be a problem in data compression before encryption or decompression after decryption. One could work around that with "tls_ssl_options = NO_COMPRESSION". Wietse

[pfx] Re: timeout after BDAT and SPF?

generally seeing these messages did make me think of a possible local network problem, and after updating the kernel and apparently some other packages, the problem appears to have resolved itself. Curious that it really only revealed itself with Microsoft 365 systems. For completeness, I th

[pfx] Re: timeout after BDAT and SPF?

Alex via Postfix-users: > Hi, > > I'm using postfix-3.8.5 on fedora40 with pypolicyd-spf-3.0.4 and some > senders are experiencing weird timeout issues when trying to send to > us: > > 8/22/2024 2:08:25 PM - Server at > SA1PR22MB4256.namprd22.prod.outlook.com

[pfx] timeout after BDAT and SPF?

Hi, I'm using postfix-3.8.5 on fedora40 with pypolicyd-spf-3.0.4 and some senders are experiencing weird timeout issues when trying to send to us: 8/22/2024 2:08:25 PM - Server at SA1PR22MB4256.namprd22.prod.outlook.com returned '550 5.4.300 Message expired -> 451 4.4.400 Error

[pfx] Re: spf

rejecting mail with spf=fail, both spf=fail and spf=softfail, or reject any mail where spf is nof pass or DKIM is not valid as Google set since new year. so far I have used sailsafe options to use SPF at SA level: HELO_reject = False Mail_From_reject = False PermError_reject = False TempError_Defer

[pfx] Re: spf

rejecting mail with spf=fail, both spf=fail and spf=softfail, or reject any mail where spf is nof pass or DKIM is not valid as Google set since new year. so far I have used sailsafe options to use SPF at SA level: HELO_reject = False Mail_From_reject = False PermError_reject = False TempError_Defer

[pfx] Re: spf

On 08.07.24 11:42, natan via Postfix-users wrote: What you propose use ? Maybe instead of not accepting such mail will better is change score in SA ? This is a policy issue. You can choose your policy to be rejecting mail with spf=fail, both spf=fail and spf=softfail, or reject any mail

[pfx] Re: spf and Permerror

Did you read the error message: No valid SPF record for included domain: _spf.cyberfolks.pl: include:_spf.cyberfolks.pl. In fact, _spf.cyberfolks.pl does not have an SPF record. Either it needs to have one published or you need to remove the include. Scott K On July 8, 2024 2:47:54 PM UTC

[pfx] Re: spf and Permerror

Hi I try onother Permerror but I dont known why Jul  8 14:28:29 MX postfix/smtpd[48372]: NOQUEUE: reject: RCPT from s10b.cyber-folks.pl[193.17.184.42]: 550 5.7.24 : Recipient address rejected: Message rejected due to: SPF Permanent Error: No valid SPF record for included domain

[pfx] Re: spf

Hi What you propose use ? Maybe instead of not accepting such mail will better is change score in SA ? W dniu 8.07.2024 o 11:36, natan via Postfix-users pisze: Hi What value do you use in postfix-policyd-spf in PermError_reject ? HELO_reject = Fail Mail_From_reject = Fail #update 20240706

[pfx] Re: spf

I am using the default value: PermError_reject = True But it totally depends by you. On 2024-07-08 17:36, natan via Postfix-users wrote: Hi What value do you use in postfix-policyd-spf in PermError_reject ? HELO_reject = Fail Mail_From_reject = Fail #update 20240706 #PermError_reject

[pfx] spf

Hi What value do you use in postfix-policyd-spf in PermError_reject ? HELO_reject = Fail Mail_From_reject = Fail #update 20240706 #PermError_reject = False PermError_reject = True TempError_Defer = False I don't know if that's maybe too restrictive PermError_reject But on the other

[pfx] Re: spf and Permerror

natan via Postfix-users escribió el 27/06/2024 a las 15:48: W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: Hi Scott Jun 27 15:39:06 MX policyd-spf[3729]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=200.28.23.150; helo=200-28-23-150

[pfx] Re: spf and Permerror

On 27.06.24 15:30, natan via Postfix-users wrote: I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; clie

[pfx] Re: spf and Permerror

W dniu 27.06.2024 o 15:48, natan via Postfix-users pisze: W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What

[pfx] Re: spf and Permerror

W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX po

[pfx] Re: spf and Permerror

On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: >Hi >I have a strange problem with SPF and I honestly don't know what to pay >attention to > >What is a Permerror in SPF >In log i get: > >Jun 27 15:09:11 MX policyd-spf[57158]: prepend Receiv

[pfx] spf and Permerror

Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=84.205.190.72; helo=h2.3hosting.pl; envelope

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users: > On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: > > Bounces are sent with the null envelope.from address which has no > > domain. Therefore, SPF applies policy to a surrogate: the hostname > > in the SMTP client's HELO/EHLO comman

[pfx] Re: SPF hostname and domainname

On 21/06/24 23:10, Matus UHLAR - fantomas via Postfix-users wrote: Peter via Postfix-users skrev den 2024-06-21 08:45: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1.  HELO banner should pass SPF. 2.  Envelope Sender should pass SPF. 3.  Envelope

[pfx] Re: SPF hostname and domainname

On 21/06/24 21:49, Jaroslaw Rafa via Postfix-users wrote: Dnia 21.06.2024 o godz. 18:45:15 Peter via Postfix-users pisze: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1. HELO banner should pass SPF. 2. Envelope Sender should pass SPF. 3. Envelope

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users skrev den 2024-06-21 08:45: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1. HELO banner should pass SPF. 2. Envelope Sender should pass SPF. 3. Envelope Sender domain should align with the From: header domain. 4. Message

[pfx] Re: SPF hostname and domainname

Dnia 21.06.2024 o godz. 18:45:15 Peter via Postfix-users pisze: > SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your > mail to be accepted: > > 1. HELO banner should pass SPF. > > 2. Envelope Sender should pass SPF. > > 3. Envelope Sender domain sh

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users skrev den 2024-06-21 08:45: On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1. HELO banner should pass SPF. 2. Envelope Sender should pass SPF. 3. Envelope Sender

[pfx] Re: SPF hostname and domainname

On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster@helo-arg

[pfx] Re: SPF hostname and domainname

Le 21/06/2024 à 00:13, John Levine a écrit : It appears that Emmanuel Fusté via Postfix-users said: In the general case (not null sender), HELO SPF validation does not interfere with DMARC as DMARC only use the MAIL FROM identity. There was historically a bug in some DMARC implementation witch

[pfx] Re: SPF hostname and domainname

It appears that Emmanuel Fusté via Postfix-users said: >In the general case (not null sender), HELO SPF validation does not >interfere with DMARC as DMARC only use the MAIL FROM identity. >There was historically a bug in some DMARC implementation witch evaluate >whatever SPF identit

[pfx] Re: SPF hostname and domainname

Le 20/06/2024 à 21:13, Wietse Venema via Postfix-users a écrit : Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster

[pfx] Re: SPF hostname and domainname

Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster@helo-argument). This helo-argument is by default the value of the Po

[pfx] Re: SPF hostname and domainname

So there's a confusion between the hostname of the mailer and the doamin to be used for the SPF check. Is anybody else seeing this ? Yes, I had to recently add an "a:" record to an SPF (for the sending hostname) as I was seeing some of these I think. Im confused by the lang

[pfx] Re: SPF hostname and domainname

On Thu, 20 Jun 2024, 2:01 pm Emmanuel Seyman via Postfix-users, < postfix-users@postfix.org> wrote: > > So there's a confusion between the hostname of the mailer and the > doamin to be used for the SPF check. Is anybody else seeing this ? > Yes, I had to recently add a

[pfx] Re: SPF hostname and domainname

On 2024-06-20 at 09:00:35 UTC-0400 (Thu, 20 Jun 2024 15:00:35 +0200) Emmanuel Seyman via Postfix-users is rumored to have said: Hello, all. Since yesterday, I've started seeing email from my servers getting rejected due to SPF problems. 550 5.7.23 : Sender address rejected: Message rej

[pfx] SPF hostname and domainname

Hello, all. Since yesterday, I've started seeing email from my servers getting rejected due to SPF problems. 550 5.7.23 : Sender address rejected: Message rejected due to: SPF fail - not authorized. Please see http://spf.libraesva.com/Why?s=helo;id=mail01.my-company.com;ip=192.168.52.

[pfx] Re: SPF format question

On June 9, 2024 12:17:38 PM UTC, Jeff Peng via Postfix-users wrote: >Hello > >If I have a mx server: mx.host.com whose ip is 1.2.3.4. > >The domain.com who use this mx server may have the following SPF. > >v=spf1 mx ~all >v=spf1 ip4:1.2.3.4 ~all >v=spf1

[pfx] SPF format question

Hello If I have a mx server: mx.host.com whose ip is 1.2.3.4. The domain.com who use this mx server may have the following SPF. v=spf1 mx ~all v=spf1 ip4:1.2.3.4 ~all v=spf1 a:mx.host.com ~all v=spf1 mx:domain.com ~all May i know if they mean the same stuff for SPF? Thanks

[pfx] Re: hmm spf is missing :)

y complains that the list server does not verify SPF, or at least doesn't put spf info into Authentication-Results: This applies for all mail to the list. dmarc can't be aligned with this missing, This is just plain wrong. DMARC will align just fine with SPF missing if DKIM is cor

[pfx] Re: hmm spf is missing :)

he heck are you talking about?". from authres perspective maillists can not be dmarc aligned, we all have to live with unalined maillist members postfix.org appears to be missing a _dmarc record. This is the only reason why it's not DMARC aligned and is not actually a failure. Bot

[pfx] Re: hmm spf is missing :)

h unalined maillist members why is spf missing from you here ?, either sys4 desided to not pass spf results to authres header or it did not exits in the first place why would i care of missing alined dmarc ? dmarc can't be aligned with this missing, This is just plain wrong. DMARC will align

[pfx] Re: hmm spf is missing :)

, or even the Postfix mailing list? You're posting headers coming from Wietse's personal email, not the list itself. dmarc can't be aligned with this missing, This is just plain wrong. DMARC will align just fine with SPF missing if DKIM is correct and signed by the From: hea

[pfx] Re: hmm spf is missing :)

? Are you asking why list.sys4.de ignores the porcupine.org SPF policy? yes, dmarc aligned need spf evalution so would make sense rspamd just make unaligned results, but dmarc try to track aligned its not specific to porcupine.org ___ Postfix-users

[pfx] Re: hmm spf is missing :)

sys4.de ignores the porcupine.org SPF policy? Wietse > dmarc can't be aligned with this missing, i just complain for the > authres in spamassassin can't see this detail > > ___ > Postfix-users mailing list -- postfix-us

[pfx] hmm spf is missing :)

Authentication-Results list.sys4.de; dkim=pass header.d=porcupine.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=porcupine.org policy.dmarc=none intended ? dmarc can't be aligned with this missing, i just complain for the authres in spamassassin ca

[pfx] Re: gmail failing SPF/DKIM

Thanks for all your help, guys. Appreciated! ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: gmail failing SPF/DKIM

> GMAIL From: address From and replyto adresses are all based on the sender domain, so not appropriate. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: gmail failing SPF/DKIM

> ... soft_bounce turned on. Thanks, Wietse, I'll look into it. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: gmail failing SPF/DKIM

nge is not that recent, our customers have been requesting fixing SPF records and/or setting up DKIM for some time. If I use a GMAIL From: address and attempt to email another GMAIL account, it bounces back with this error. I don't think you can make your mail servers pass SPF/DKIM chec

[pfx] Re: gmail failing SPF/DKIM

ther GMAIL account, it bounces back with this error. Only, when I use a third-party to relay the message. I think what is happening is that Google has implemented a new anti-spam policy, rejecting any emails that have GMAIL email hosted domain that is failing SPF/DKIM. Only messages relayed via Google

[pfx] Re: gmail failing SPF/DKIM

Linkcheck via Postfix-users: > On 28/11/2023 3:07 pm, Bill Cole via Postfix-users wrote: > > That's not a result, that's part of the DMARC policy > > Oh. Thank you for the correction, Bill. :) > > > That should not be enough... > > Something is wrong. I wonder if there is a DNS-resolving delay

[pfx] Re: gmail failing SPF/DKIM

On 28/11/2023 3:07 pm, Bill Cole via Postfix-users wrote: That's not a result, that's part of the DMARC policy Oh. Thank you for the correction, Bill. :) > That should not be enough... Something is wrong. I wonder if there is a DNS-resolving delay but I guess Im not going to easily discover

[pfx] Re: [ext] gmail failing SPF/DKIM

On 2023-11-28 at 06:21:14 UTC-0500 (Tue, 28 Nov 2023 11:21:14 +) Linkcheck via Postfix-users is rumored to have said: If it's only "largely redundant" I would expect G to possibly ignore it but not fail on it. The expectations of others are known to be poor predictors of GMail behavior.

[pfx] Re: gmail failing SPF/DKIM

re failing. That should not be enough to reject the mail if its SPF is passing and aligns with the From header. = google.com noreply-dmarc-supp...@google.com https://support.google.com/a/answer/2466580 10845692433607357330 1701043200

[pfx] Re: [ext] gmail failing SPF/DKIM

> ipv6 I have... inet_protocols = ipv4 ... with no AAA record But thanks anyway, Peter. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [ext] gmail failing SPF/DKIM

If it's only "largely redundant" I would expect G to possibly ignore it but not fail on it. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: gmail failing SPF/DKIM

The dmarc results are ambiguous: r pass although dkim fails both tests. = google.com noreply-dmarc-supp...@google.com https://support.google.com/a/answer/2466580 10845692433607357330 1701043200 1701129599 bristolweb

[pfx] Re: gmail failing SPF/DKIM

Wietse Venema via Postfix-users writes: > (...) > gmail rejects all messsages with that sender domain name? Some > messages? I have found that Gmail may treat some 'soft' errors (DNS > timeout) as 'hard' errors. My workaround is to retry deliveries. > > /etc/postfix/main.cf: > transport_maps

[pfx] Re: [ext] gmail failing SPF/DKIM

This would result in SPF failing when an IPv6 connection is established. This, of course, is just a WAG. If you want someone to review the issues with google then you'll need to show headers and/or logs from the connection to google. Protonmail headers doesn't really help for this

[pfx] Re: [ext] gmail failing SPF/DKIM

On Mon, Nov 27, 2023 at 04:50:55PM +, Linkcheck via Postfix-users wrote: > Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkcheck.co.uk; > s=mail; > t=1701091213; bh=...; > h=Date:To:From:Reply-To:Subject:From; > b=... Have you tried leaving out the largely redundant "s=" from

[pfx] Re: gmail failing SPF/DKIM

Thanks, Shawn, appreciated. Hadn't thought of the dmarc report; I'll check it out. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: gmail failing SPF/DKIM

    unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with     either SPF or DKIM. 550-5.7.26  Authentication results:     550-5.7.26  DKIM = did not pass     550-5.7.26  SPF = did not pass I also tested the form. My server checks DMARC, and on the message I received, both SPF and

[pfx] Re: [ext] gmail failing SPF/DKIM

sults: mail.protonmail.ch; spf=pass smtp.mailfrom=linkcheck.co.uk Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=185.35.151.121 Authentication-Results: mail.protonmail.ch; dkim=pass (2048-bit key) header.d=linkcheck.co.uk header.i=@linkcheck.co.uk header.b="aME9BZCV"

[pfx] Re: [ext] gmail failing SPF/DKIM

k/ > > under menu option Contact & Enquiries. > > I tried your form: > > Authentication-Results: mail-cbf-ext.charite.de; > dkim=pass header.d=linkcheck.co.uk header.s=mail header.b=LiOUpR1t; > spf=pass (mail-cbf-ext.charite.de: domain > ofenquiryf

[pfx] Re: [ext] gmail failing SPF/DKIM

Thank you, Ralf; I got the form ok. > Looking good if you ask me Thanks. I couldn't fault it, either. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: gmail failing SPF/DKIM

(Sorry, Wietse, I always forget to change the To field) > gmail rejects all messsages Seemingly only from web forms. We are in daily contact with at least one gmail user, with no problem, using the example domain I posted and with which I'm posting this. We do get a small number of genuine b

[pfx] Re: [ext] gmail failing SPF/DKIM

rite.de; dkim=pass header.d=linkcheck.co.uk header.s=mail header.b=LiOUpR1t; spf=pass (mail-cbf-ext.charite.de: domain ofenquiryf...@linkcheck.co.uk designates 185.35.151.121 as permitted sender) smtp.mailfrom=enquiryf...@linkcheck.co.uk; dmarc=pass (policy=reject) header.fro

[pfx] Re: gmail failing SPF/DKIM

ide suitable dkim etc. All domains have > correct SPF, DKIM and DMARC records. No problem with receiving these > forms at relevant clients' and my own mailboxes. > > The forms also send a copy to the sender as confirmation. Most of these, > as far as I know, get delivered but r

[pfx] gmail failing SPF/DKIM

I maintain several web sites containing at least one web form. Forms are sent to my established postfix server to be turned into properly constructed email and sent on. The server is used for many conventional emails per day and set up to provide suitable dkim etc. All domains have correct SPF

[pfx] python-policyd-spf and whitelisting

Hi, I'm using python-policyd-spf with postfix as a check_policy_service and having some trouble with domains very broadly being whitelisted. My policy is to reject on mailfrom fail. However, we have few domains that need to be whitelisted, like mycuservices.com, because they are sending fr

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

x27;t need to go that far down the stack. Try the "Milter" package. There are sample Milters available, just tweak one to your needs. For example: https://pythonhosted.org/pymilter/index.html In fact, the spf-engine project that was mentioned up thread has a milter front end that us

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

he stack. Try the "Milter" package. >There are sample Milters available, just tweak one to your needs. > >For example: > >https://pythonhosted.org/pymilter/index.html In fact, the spf-engine project that was mentioned up thread has a milter front end that uses pym

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

On Mon, Jun 19, 2023 at 09:12:29PM +, Anton Hvornum via Postfix-users wrote: > Yea found libmilter, appears to have some python bindings too. You don't need to go that far down the stack. Try the "Milter" package. There are sample Milters available, just tweak one to your needs. For example

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

On 6/19/23 20:23, Wietse Venema via Postfix-users wrote: Jaroslaw Rafa via Postfix-users: Dnia 19.06.2023 o godz. 16:53:58 Anton Hvornum via Postfix-users pisze: Thank you, yes that one slipped by me entirely. I'll have to re-evaluate how to mark mails as spam with multiple headers when S

[pfx] Re: Is it possible in postfix spf policy to utilize multiple action=prepend to add multiple headers?

Jaroslaw Rafa via Postfix-users: > Dnia 19.06.2023 o godz. 16:53:58 Anton Hvornum via Postfix-users pisze: > > > > Thank you, yes that one slipped by me entirely. > > I'll have to re-evaluate how to mark mails as spam with multiple > > headers when SPF is not pa

  1   2   3   4   5   6   7   8   9   10   >