Hello Tobias,
This tool is a great work thank you.I had tested it a few days/weeks ago but I
used it again today. I worked things to improve my score (signed the ipv6
reverse zone, added the ipv6 rdns for my mail server).
Notes:
- In DMARC Report Deliverability, it's written "To authorize this RUA, add the
following DMARC DNS record:", first it was not obvious to me in which zone I
have to add the record, maybe you can write "To authorize this RUA, add the
following DMARC DNS record in zone xyz.org:"
I guessed it when i read the recordmydomain.fr._report._dmarc.mydomain.com. IN
TXT "v=DMARC1;"
but it was not 100% obvious, because there was mydomain with different
extensions
- Transport Encryption "Your email provider/server does not support transport
encryption."I don't get what I'm doing wrong and what I have to do
Here are my logs
Mar 18 21:10:21 expevelimx711 smtpd[13199]: b0635ce3c4e1801b mta cert-check
result="unverified"
fingerprint="SHA256:38fedffc1f423e85e80bb05d5d4f0570537df597fafee22f6bb6f006edf37bfd"
Mar 18 21:10:21 expevelimx711 smtpd[13199]: b0635ce14999d44a mta delivery
evpid=aa099001e75945c4 from=<[email protected]>
to=<[email protected]> rcpt=<->
source="10.1.2.3" relay="195.191.197.82
(tlsv13.measurement.email-security-scans.org)" delay=2s result="Ok" stat="250
2.0.0 Ok: queued as B50E63F4DA"
Mar 18 21:10:22 expevelimx711 smtpd[13199]: b0635ce0c27e897e mta delivery
evpid=aa0990012b099f8b from=<[email protected]>
to=<measurem...@v4-mail.dnssec-broken.measurement.email-security-scans.org>
rcpt=<-> source="10.1.2.3" relay="195.191.197.86
(mail.measurement.email-security-scans.org)" delay=3s result="Ok" stat="250
2.0.0 Ok: queued as 1339C3F4EF"
Mar 18 21:10:22 expevelimx711 smtpd[13199]: b0635ce3c4e1801b mta delivery
evpid=aa099001ff0c1fff from=<[email protected]>
to=<measurem...@mail-medium-force-tls.measurement.email-security-scans.org>
rcpt=<-> source="10.1.2.3" relay="195.191.197.87
(medium-force-tls.measurement.email-security-scans.org)" delay=3s result="Ok"
stat="250 2.0.0 Ok: queued as 43FE63F503"
Mar 18 21:10:23 expevelimx711 smtpd[13199]: b0635cde85c7359e mta tls
ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Mar 18 21:10:23 expevelimx711 smtpd[13199]: b0635cde85c7359e mta cert-check
result="unverified"
fingerprint="SHA256:04ec5a1f21afe4638022284447af2d8906933e28a6c5180da7557a3efcc3a145"
Mar 18 21:10:24 expevelimx711 smtpd[13199]: b0635c966b5f7eb3 smtp disconnected
reason=quit
Mar 18 21:10:24 expevelimx711 smtpd[13199]: b0635c9538e2ec2c mta disconnected
reason=quit messages=1
Mar 18 21:10:24 expevelimx711 smtpd[13199]: b0635cde85c7359e mta delivery
evpid=aa0990011e39465d from=<[email protected]>
to=<[email protected]> rcpt=<->
source="[fa12:cafe:eff::3]" relay="[2a06:d1c0:dead:3::89]
(tls-force.measurement.email-security-scans.org)" delay=5s result="Ok"
stat="250 2.0.0 Ok: queued as 7B9DA3F4F8"
After a few hours I found what was the problem with my original question: I had
pf running on my system hosting opensmtpd
When I wrote the pf rules, I didn't do anything regarding IPv6.
Thank you very much
Regards
Le vendredi 17 mars 2023 à 14:51:58 UTC+1,
[email protected] <[email protected]> a écrit :
Heho,
Just a followup as this is live now; You can also start a test at
https://email-security-scans.org/ ;
If you select 'store received mails' you can download the messages we got from
you (on various MX configured to have v4 only/v6 only/dual-stack) and check how
they were delivered by the delivered-to headers (v4/v6).
With best regards,
Tobias
