Danjel Jungersen:
>
>
> On 21 September 2024 14:13:49 CEST, Wietse Venema via Postfix-users
> <postfix-users@postfix.org> wrote:
> >Danjel Jungersen via Postfix-users:
> >> I see 3 things that worry me about this record:
> >> *****
> >> <record>
> >> <row>
> >> <source_ip>212.27.12.12</source_ip>
> >> <count>2</count>
> >> <policy_evaluated>
> >> <disposition>none</disposition>
> >> <dkim>fail</dkim>
> >> <spf>fail</spf>
> >> </policy_evaluated>
> >> </row>
> >> <identifiers>
> >> <envelope_to>some-real-receiver.tld</envelope_to>
> >> <envelope_from><></envelope_from>
> >
> >Could that be a delivery status notification, i.e. an email message
> >sent with MAIL FROM:<>, the null sender address?
>
> It could.
We could speciulate, or you could look in your logs.
> Are you saying that this is normal behaviour?
The null sender address is required by the SMTP protocol standard.
> >> <header_from>mail.jungersen.dk</header_from>
> >
> >Postfix sends bounce messages as:
> >
> > From: Mail Delivery System <MAILER-DAEMON@$myorigin>
> >
> >You have:
> >
> > myorigin = /etc/mailname
> >
> >You may want to look there.
> Changing that will not affect the name the server uses when contacting other
> servers?
> And then breaking rDNS compliance?
myorigin specifies the domain in a (header or envelope) (sender or
recipient) address that does not already have a domain. You want
this to be jungersen.dk, i.e. $mydomain.
myhostname specifies how a Postfix MTA identifies itself in SMTP
commands and responses. The default is the name of the host
(as returned by uname). You want this to be mail.jungersen.dk
if that is what meets forward/reverse DNS and SPF requirements.
> >> 3)
> >> It seems like these mails have not been dkim signed, or am I reading it
> >> wrong?
> >> If I'm not wrong, what do I do to correct it?
> >
> >DKIM signing of Postfix-generated mail depends on the settings for
> >non_smtpd_milters and internal_mail_filter_classes. On my mail
> >server, MAILER-DAEMON messasges are DKIM signed. But I have:
> >
> > internal_mail_filter_classes = bounce
> Will try that!
>
> >
> >which is not the default; the default pre-dates message signing,
> >and maybe should be updated, just like the 10MB message size limit
> >which everyone seems to change when they run into it.
> :-)
> I did that also...
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
