On 04.07.22 11:14, Scappatura Rocco wrote:
I have one postfix server (say, 'myserver.domain.tld') acting as MX for some
domains and as SMTP relay for the SASL authenticated user from the same domains.
On that server I have enabled DMARC milter (other than I have set up DKIM, and
it works fine):
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301,local:opendmarc/opendmarc.sock
non_smtpd_milters = inet:localhost:12301,local:opendmarc/opendmarc.sock
But after that, all authenticated user that use 'myserver.domain.tld' as
outgoing mail server (Port TCP25 or TCP465 with SSL), can't send messages
because receive messages like this:
Jun 8 16:49:59 av6 postfix/cleanup[3049167]: E7A75D6564: milter-reject:
END-OF-MESSAGE from
host-79-3-222-54.business.telecomitalia.it[79.3.222.54]: 5.7.1 rejected by
DMARC policy for inframail.it; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<DESKTOPT41K2DB>
This is correct because doesn't satisfy for sure SPF policy..
SPF or DKIM - neither of those will pass.
So I think that I have to enable DMARC on for incoming email (email
destined to domain whose value of MX record is 'myserver.domain.tld')..
using backup MX for outgoing e-mail (e-mail from your authenticated clients)
is usually a bad idea, because it's hard to differ betweem authenticated
clients and rogue addresses sending through backup MX intentionally to avoid
spam filtering at primary MX.
If I'm right, how I configure DMARC milter in postfix to get this?
override smtpd_milters setting on ports 465 and 587. you can remove
opendmarc milter on those ports or prepend a milter (opendkim or other) that
will add DKIM signatures before DMARC is checked.
Otherwise, how I have to use DMARC to limit SPAM?
DMARC is not a tool to combat spam, it's a tool to combat forgery.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
