Hello, most probably, the message received by Yahoo is NDR or DSN message generated by your host. In this case, envelope-from address is empty and SPF is checked against HELO
<spf> <domain>mail.mydomain.tld</domain> <result>none</result> </spf> From: probably has something like From: [email protected]. RFC 7208 requires you to place SPF record for domain used in HELO exectly for this case. Adding mail.mydomain.tld. TXT "v=spf1 a -all" will fix the issue. 18.05.2018 16:39, Gerben Wierda via dmarc-discuss пишет: > I’m setting up DMARC for my mail server. I tried sending a mail to an > account on the icloud.com <http://icloud.com> domain (which reports > DMARC) and there I see: > > Received-Spf: pass (mr21p00im-spfmilter004.me.com > <http://mr21p00im-spfmilter004.me.com>: domain of [email protected] > <mailto:[email protected]> designates XXX.XXX.XXX.XXX as permitted > sender) receiver=mr21p00im-spfmilter004.me.com > <http://mr21p00im-spfmilter004.me.com>; client-ip=XXX.XXX.XXX.XXX; > helo=mail.mydomain.tld; [email protected] > <mailto:[email protected]> > X-Dmarc-Info: pass=pass; dmarc-policy=none; s=r1; d=r0 > X-Dmarc-Policy: > v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:[email protected],mailto:[email protected] > Received: from mr11p00im-smtpin012.mac.com > <http://mr11p00im-smtpin012.mac.com> ([17.110.69.200]) by > ms20524.mac.com <http://ms20524.mac.com> (Oracle Communications > Messaging Server 8.0.1.3.20170906 64bit (built Sep 6 2017)) with > ESMTP id <[email protected] > <mailto:[email protected]>> for [email protected] > <mailto:[email protected]>; Fri, 18 May 2018 13:13:25 +0000 (GMT) > Received: from mail.mydomain.tld (mail.mydomain.tld [XXX.XXX.XXX.XXX]) > by mr11p00im-smtpin012.me.com <http://mr11p00im-smtpin012.me.com> > (Oracle Communications Messaging Server 8.0.1.2.20170607 64bit (built > Jun 7 2017)) with ESMTPS id > <[email protected] > <mailto:[email protected]>> for > [email protected] <mailto:[email protected]> (ORCPT [email protected] > <mailto:[email protected]>); Fri, 18 May 2018 13:13:24 +0000 (GMT) > Received: from localhost (localhost [127.0.0.1])by mail.mydomain.tld > (Postfix) with ESMTP id 57F0B261CB53for <[email protected] > <mailto:[email protected]>>; Fri, 18 May 2018 15:13:21 +0200 (CEST) > Received: from mail.mydomain.tld ([127.0.0.1]) by localhost > (dumbledore.mydomain.tld [127.0.0.1]) (amavisd-new, port 10024) with > ESMTP id b6L6g5ttGPiH for <[email protected] > <mailto:[email protected]>>;Fri, 18 May 2018 15:13:19 +0200 (CEST) > Received: from [192.168.169.103] (d4b27fea.static.ziggozakelijk.nl > <http://d4b27fea.static.ziggozakelijk.nl> [212.178.127.234])by > mail.mydomain.tld (Postfix) with ESMTPSA id 057A3261CB45for > <[email protected] <mailto:[email protected]>>; Fri, 18 May 2018 > 15:13:18 +0200 (CEST) > > But I also got an aggregate report from Yahoo that suggests something > is wrong: > > <?xml version="1.0"?> > <feedback> > <report_metadata> > <org_name>Yahoo! Inc.</org_name> > <email>[email protected] > <mailto:[email protected]></email> > <report_id>1526605741.475970</report_id> > <date_range> > <begin>1526515200</begin> > <end>1526601599 </end> > </date_range> > </report_metadata> > <policy_published> > <domain>mydomain.tld</domain> > <adkim>r</adkim> > <aspf>r</aspf> > <p>none</p> > <pct>100</pct> > </policy_published> > <record> > <row> > <source_ip>XXX.XXX.XXX.XXX</source_ip> > <count>1</count> > <policy_evaluated> > <disposition>quarantine</disposition> > <dkim>fail</dkim> > <spf>fail</spf> > </policy_evaluated> > </row> > <identifiers> > <header_from>dumbledore.mydomain.tld</header_from> > </identifiers> > <auth_results> > <dkim> > <domain></domain> > <result>neutral</result> > </dkim> > <spf> > <domain>mail.mydomain.tld</domain> > <result>none</result> > </spf> > </auth_results> > </record> > </feedback> > > This seems to suggest that Yahoo received an email from my MTA at IP > address XXX.XXX.XXX.XXX (which is the correct IP of mail.mydomain.tld) > but the header was dumbledore.mydomain.tld. Is that correct? That is > weird, because my mail server is set to use 'helo mail.mydomain.tld'. > So, apparently, it seems some program on my server is trying to send > mail to a yahoo MTA bypassing my mail server, correct? If so, it is an > unexpected catch. But I need to know if it is correct. > > Thanks in advance > > Gerben > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
