Hello
I am using a subdomain xxx.eu.org for sending email.
Though I have not set a dmarc for xxx.eu.org, but gmail says DMARC pass.
So i checked that eu.org does have a DMARC record:
_dmarc.eu.org. 7200 IN TXT
"v=DMARC1;p=none;sp=none;pct=10;rua=mailto:dmarc-mas...@eu.org;ruf=mailto:dmarc-mas.
I would like to set a seperated DMARC for xxx.eu.org.
But I have no control over the sender smtp server, so dkim is not
possible to be added.
do you think if it's still right to add a dmarc?
Thanks.
Use DMARC for your own domain to clearly signal that your xxx.eu.org domain
and the parent e
Because - as you have found - Google will anyway apply the DMARC record for
the parent domain eu.org, over which you have no control, I think it is
still better to have the own one.
I just enabled DMARC on cloudflare where I hosted the domain.
_dmarc.stackops.eu.org. 300 IN TXT "v=DMARC1;
Some receiving systems may use a different search algorithm. See, for
example (expired draft):
https://www.ietf.org/archive/id/draft-levine-dmarcwalk-00.html
Thanks Viktor. I will check the doc you mentioned.
___
Postfix-users mailing list
Hello
I have closed sasl auth on port 25.
but users still can use port 587 for login with plain text.
how can I force users to use submission via start-tls only?
I know I can open port 465 for ssl connection. but for history reason
the port 587 must be open.
Thanks.
___
That's great. thanks all.
Belt and suspenders (the first setting implies the second, and the third
should then never be used), in master.cf for the submission entry set:
-o { smtpd_tls_security_level = encrypt }
-o { smtpd_tls_auth_only = yes }
-o { smtpd_sasl_security_options
After postfix and dovecot were installed, there are 4 ports open by default.
port 587
port 25
port 993
port 143
So I have improved them by implementing:
1. close public port 143
2. disable sasl auth on port 25
3. force smtp client to login using tls only on port 587
do you think there is any s
I have already been using postscreen for port 25.
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0
I do use spamhaus, spamcop, sorbs as rbl lists.
So I have to update the postscreen policy.
sorry to hear that and thanks Sorbs.
regards.
Naturally, if you're using SORBS as an RBL in postscreen, smtpd, or a content
filter (amavis, rspamd, ...)
___
