I’m setting up DMARC for my mail server. I tried sending a mail to an account
on the icloud.com domain (which reports DMARC) and there I see:
Received-Spf: pass (mr21p00im-spfmilter004.me.com: domain of
[email protected] designates XXX.XXX.XXX.XXX as permitted sender)
receiver=mr21p00im-spfmilter004.me.com; client-ip=XXX.XXX.XXX.XXX;
helo=mail.mydomain.tld; [email protected]
X-Dmarc-Info: pass=pass; dmarc-policy=none; s=r1; d=r0
X-Dmarc-Policy:
v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:[email protected],mailto:[email protected]
Received: from mr11p00im-smtpin012.mac.com ([17.110.69.200]) by ms20524.mac.com
(Oracle Communications Messaging Server 8.0.1.3.20170906 64bit (built Sep 6
2017)) with ESMTP id <[email protected]> for [email protected];
Fri, 18 May 2018 13:13:25 +0000 (GMT)
Received: from mail.mydomain.tld (mail.mydomain.tld [XXX.XXX.XXX.XXX]) by
mr11p00im-smtpin012.me.com (Oracle Communications Messaging Server
8.0.1.2.20170607 64bit (built Jun 7 2017)) with ESMTPS id
<[email protected]> for [email protected] (ORCPT
[email protected]); Fri, 18 May 2018 13:13:24 +0000 (GMT)
Received: from localhost (localhost [127.0.0.1]) by mail.mydomain.tld
(Postfix) with ESMTP id 57F0B261CB53 for <[email protected]>; Fri, 18 May
2018 15:13:21 +0200 (CEST)
Received: from mail.mydomain.tld ([127.0.0.1]) by localhost
(dumbledore.mydomain.tld [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
b6L6g5ttGPiH for <[email protected]>; Fri, 18 May 2018 15:13:19 +0200 (CEST)
Received: from [192.168.169.103] (d4b27fea.static.ziggozakelijk.nl
[212.178.127.234]) by mail.mydomain.tld (Postfix) with ESMTPSA id
057A3261CB45 for <[email protected]>; Fri, 18 May 2018 15:13:18 +0200 (CEST)
But I also got an aggregate report from Yahoo that suggests something is wrong:
<?xml version="1.0"?>
<feedback>
<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>[email protected]</email>
<report_id>1526605741.475970</report_id>
<date_range>
<begin>1526515200</begin>
<end>1526601599 </end>
</date_range>
</report_metadata>
<policy_published>
<domain>mydomain.tld</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>XXX.XXX.XXX.XXX</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>quarantine</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>dumbledore.mydomain.tld</header_from>
</identifiers>
<auth_results>
<dkim>
<domain></domain>
<result>neutral</result>
</dkim>
<spf>
<domain>mail.mydomain.tld</domain>
<result>none</result>
</spf>
</auth_results>
</record>
</feedback>
This seems to suggest that Yahoo received an email from my MTA at IP address
XXX.XXX.XXX.XXX (which is the correct IP of mail.mydomain.tld) but the header
was dumbledore.mydomain.tld. Is that correct? That is weird, because my mail
server is set to use 'helo mail.mydomain.tld'. So, apparently, it seems some
program on my server is trying to send mail to a yahoo MTA bypassing my mail
server, correct? If so, it is an unexpected catch. But I need to know if it is
correct.
Thanks in advance
Gerben_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
