> My server is still rather new, so I have a not so tight policy set up. > And I ask for reports at the dmarc record.
You have set the following dmarc record: $ host -t txt _dmarc.jungersen.dk _dmarc.jungersen.dk descriptive text "v=DMARC1; p=none; pct=100; rua=mailto:postmas...@jungersen.dk"; For an explanation see: https://en.wikipedia.org/wiki/DMARC#DNS_record Especially "rua=" sets the email address where aggregate reports are sent to. That means if e.g. GMail cannot verify an incoming email from jungersen.dk it will send a report so that you know there is a problem. > postconf -n Postfix does not know about dkim or spf. Therefore all that matters is your rspamd milter: > non_smtpd_milters = inet:127.0.0.1:11332 > smtpd_milters = inet:127.0.0.1:11332 Rspamd is able to sign and check dkim/spf. > I see 3 things that worry me about this record: > ***** > <record> > <row> > <source_ip>212.27.12.12</source_ip> > <count>2</count> > <policy_evaluated> > <disposition>none</disposition> > <dkim>fail</dkim> > <spf>fail</spf> [...] > I suspect that it is NOT a normal e-mail, but some sort of automatic error / > information sent back to the sender. This is a report of the kind mentioned above. It tells you that your email could not be verified by dkim (fail) or spf (fail). Dkim might fail because it is not signed at all, the signature might be wrong, the public key is not available via dns and so on. > <auth_results> > <spf> > <domain>mail.jungersen.dk</domain> > <scope>helo</scope> > <result>none</result> > </spf> > </auth_results> $ host -t txt jungersen.dk jungersen.dk descriptive text "v=spf1 mx:jungersen.dk ip4:89.22.119.90 -all" BUT this report assumes the domain is mail.jungersen.dk, which provides no such information: $ host -t txt mail.jungersen.dk mail.jungersen.dk has no TXT record > 1) > The reason for my suspicion is that I do not send e-mail from > "mail.jungersen.dk" only "jungersen.dk" > So where do I change that, without breaking anything. > I still want my server to be called "mail.jungersen.dk" so that rDNS will be > compliant. > I have searched online, but am still confused about what to change. You could publish a spf record for mail.jungersen.dk and dkim sign emails sent by @mail.jungersen.dk. Unless explicitly configured, dmarc is valid for a domain including subdomains whereas spf needs an entry for every subdomain. Best regards, Gerald _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
