Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: holck on February 20, 2018, 08:47:23 AM
-
I have setup DMARC reporting and it works very well. I do, however, have a small issue. Every night the server sends DMARC reports to the various email servers. But many of these reports are not accepted - here is a typical response
Hi. This is the qmail-send program at ibsgaarden.dk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<isabella@travelmyeurope.com>:
45.55.43.173 does not like recipient.
Remote host said: 550 5.1.1 <isabella@travelmyeurope.com>: Recipient address rejected: User unknown in local recipient table
Giving up on 45.55.43.173.
isabella@travelmyeurope.com is indeed the email reporting address specified in the DMARC record for travelmyeurope.com:
v=DMARC1; p=quarantine; rua=mailto:isabella@travelmyeurope.com; ruf=mailto:isabella@travelmyeurope.com; adkim=s; aspf=s; pct=100; rf=afrf; ri=14400; sp=quarantine
It would be nice to have these bounce-messages handled more or less automatically (deleted?). There is nothing much I can do with them.
-
smeserver-mailsorting could help to do this by making a filter with procmail or dropmail.
-
Old thread - I know.
v=DMARC1; p=quarantine; rua=mailto:isabella@travelmyeurope.com; ruf=mailto:isabella@travelmyeurope.com; adkim=s; aspf=s; pct=100; rf=afrf; ri=14400; sp=quarantine
It would be nice to have these bounce-messages handled more or less automatically (deleted?). There is nothing much I can do with them.
To the DMARC policy I'm wondering what's the output of
- qpsmtpd-print-dns, and
- db configuration show qpsmtpd
It's not clear to me refering to https://wiki.contribs.org/Email#Inbound_DKIM_.2F_SPF_.2F_DMARC if/what/how the settings of DKIM/SPF/DMARC have to be changed.
regards,
stefan
-
Old thread - I know.
To the DMARC policy I'm wondering what's the output of
- qpsmtpd-print-dns, and
- db configuration show qpsmtpd
It's not clear to me refering to https://wiki.contribs.org/Email#Inbound_DKIM_.2F_SPF_.2F_DMARC if/what/how the settings of DKIM/SPF/DMARC have to be changed.
regards,
stefan
# sudo /sbin/e-smith/qpsmtpd-print-dns
Here are sample DNS entries you should add in your public DNS
The DKIM entry can be copied as is, but others will probably need to be adjusted
to your need. For example, you should either change the reporting email adress
for DMARC (or create the needed pseudonym)
default._domainkey IN TXT "v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvESfnPGKsXaRs0yLIrYVQ7P6n079HXBzXx2BDER7su/Fs6//OTC3Gq2nIc0i3hhbk3WTjPADrIcu4EpOmOZ7XhDMOXoBnnki/mS5nv8ZdBY6PzPKHTQmPs1MBxTN2BOIwY6fl6FXc2emMjJrJrslppCmV2OZCE01daHaOsMKzkQIDAQAB;t=y"
@ IN SPF "v=spf1 mx a -all"
@ IN TXT "v=spf1 mx a -all"
_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback@ibsgaarden.dk; pct=100"
qpsmtpd=service
A_Record_RBL=b.barracudacentral.org: Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>
Bcc=disabled
BccMode=cc
BccUser=maillog
DKIMSigning=enabled
DMARCReporting=enabled
DNSBL=enabled
LogLevel=4
MaxScannerSize=50000000
RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,psbl.surriel.com,zen.spamhaus.org,b.barracudacentral.org: Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>
RHSBL=enabled
RelayRequiresAuth=enabled
SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net,dbl.spamhaus.org
TlsBeforeAuth=1
UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
URIBL=enabled
access=public
qplogsumm=disabled
status=enabled