Re: [dmarc-discuss] postfix opendmarc reporting tool needed

Am 09.09.20 um 07:59 schrieb Miroslav Geisselreiter via dmarc-discuss: > I had similar problem for CentOS 7. I downloaded > https://sourceforge.net/projects/opendmarc/ and this package contains > database schema. I use default db MariaDB. openDMARC was moved to GitHub long ago. So you may

Re: [dmarc-discuss] my agg. reports

A. Schulze via dmarc-discuss: the element will be present in tomorrow's reports. lesson learned when running docker containers: fixes inside a container are volatile, rebuild the container at all to make /permanent/ changes... it will take some more days... happy weekend! Andreas

Re: [dmarc-discuss] my agg. reports

Am 19.04.2018 um 08:30 schrieb Juri Haberland via dmarc-discuss: > [btw. the SPF result seems wrong: "none" instead of "pass" for a mail from > the opendmarc-users ML] RFC5321.MailFrom for messages from opendmarc-users is "f...@trusteddomain.org". That generate "spf=pass

Re: [dmarc-discuss] my agg. reports

Am 19.04.2018 um 12:32 schrieb Alessandro Vesely via dmarc-discuss: > I had that. However, I missed the element inside . the element will be present in tomorrow's reports. > Although this is optional, I think that's the reason why I don't "see" your > reports. There is a SHOULD in

[dmarc-discuss] my agg. reports

Hello @all, since some days aggregated reports we generate using an other software: rspamd These reports are invisible at dmarcian.com. I would like to ask the group to review my reports if they are syntactical valid. Thanks! Andreas ___

Re: [dmarc-discuss] Mimecast and Office 365

Am 11.04.2018 um 16:07 schrieb Ivan Kovachev via dmarc-discuss: > Hello guys, > > I have three questions for you that I am unsure about and hoping that someone > at Microsoft will be able to help: > > First two questions are related to Mimecast acting as inbound security > gateway to O365: >

[dmarc-discuss] value of pct=0 ?

Hello, I found messages from the domain "service.com". The DMARC record say p=reject. But these messages pass my MX while OpenDMARC clearly say "dmarc=fail". It took some time until I noticed "pct=0": "apply the policy to 0% of all messages". Why a domainowner do that? Why the spec

Re: [dmarc-discuss] DSN from microsoftonline.com

Terry Zink via dmarc-discuss: I'm not sure I follow what the problem is. AFAIK, we send NDRs from postmaster@ and then use the customer's default domain. Most customers have this set to *.onmicrosoft.com which they get when they sign up for the service, and then some flip it to their

Re: [dmarc-discuss] DSN from microsoftonline.com

Am 21.12.2017 um 02:03 schrieb Roland Turner via dmarc-discuss: Hello Roland, > Have you explored whether the organisations whose DSNs are failing DMARC also > have the rest of their email failing DMARC? at least I didn't have seen messages from those organisations with non empty

Re: [dmarc-discuss] DSN from microsoftonline.com

Am 21.12.2017 um 01:37 schrieb Brandon Long via dmarc-discuss: > For bounces (ie, empty MAIL FROM), the EHLO argument is used for the SPF > lookup, so it is technically possible for there to be a valid SPF record. Hello Brandon, I wasn't aware of that. But

Re: [dmarc-discuss] DSN from microsoftonline.com

Am 20.12.2017 um 18:44 schrieb Roland Turner via dmarc-discuss: > What HELO/EHLO hostname is being presented? I'm out of office for the next days and have no access to that data. >From what I remember it's the hostname of the sending system, a rDNS related >to Microsoft. Why do you think, the

[dmarc-discuss] DSN from microsoftonline.com

Hello, we use to send a portion of messages requesting delivery status notification on success. In general DSN messages tend to not pass DMARC very often, but as we request DSN on success explicit we monitor them. Now I noticed a pattern on DSN sent from Microsoft. RFC5321.MailFrom <>

Re: [dmarc-discuss] Why do I receive RUAs for emails that align?

Am 01.02.2017 um 15:11 schrieb Jim Popovitch via dmarc-discuss: > I'm running postfix and AFAIK it's only sending 7bit. > > postfix postscreen > postfix smtpD > postfix local -> mailman > mailman 8bit -> postfix:587 pickup > postfix cleanup (converts

Re: [dmarc-discuss] Why do I receive RUAs for emails that align?

Jim Popovitch via dmarc-discuss: I'd bet a few beers that the DKIM failures are due to those companies injecting inbound msg headers before processing DMARC checks. an other option: the MX server don't announce 8BITMIME. You send 8-BIT and your sending MTA recode down to 7-BIT. DKIM

Re: [dmarc-discuss] opendkim-atpszone reproducibility and examples

Am 30.01.2017 um 21:40 schrieb SheridanJ West via dmarc-discuss: > I encountered a opendmarc bug that required adsp records don't waste your time with ADSP, forget it. it's deprecated and in fact dead Andreas ___ dmarc-discuss mailing list

Re: [dmarc-discuss] gmail's DMARC check doesn't respect subdomain policy

Petr Novák via dmarc-discuss: data 354 end data with . From: ad...@a.prnk.cz test mail. . looks invalid to me. there should be an empty line between "From" an "test mail"... Andreas ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org

Re: [dmarc-discuss] DMARC where mail is never sent

Mitchell Kuch via dmarc-discuss: Does it make sense to publish a DMARC record to signal that a host should never send email? Can said record be published without an accompanying DKIM record? See http://www.m3aawg.org/documents/en/m3aawg-protecting-parked-domains-best-common-practices

Re: [dmarc-discuss] ARC adoption

Roland Turner via dmarc-discuss: ARC directly addresses (2). Unlike the measures for interoperating with earlier schemes, adding an ARC-* header set does not in any way impede or alter the traditional operation of mailing lists. Consequently: if list operators perceive benefit in

[dmarc-discuss] ARC adoption

Hello, Kurt just mention adoption in his last message. Adoption is a good point, I've two questions: 1) are there implementation available as open source? I'm aware Google has some code. I guess there are other implementers otherwise the inter-op events wouldn't make sense. The protocol is

Re: [dmarc-discuss] DMARC and null path

Am 13.05.2016 um 23:10 schrieb Scott Kitterman via dmarc-discuss: I think RFC 7489, paragraph 3.1.2 is very explicit about this. It is supposed to pass and if it doesn't it's a bug. you mean "RFC5321.HELO identity is not ... used exept when required to "fake" an otherwise null

Re: [dmarc-discuss] DMARC and null path

Am 13.05.2016 um 22:35 schrieb Terry Zink via dmarc-discuss: In Office 365 it would. Others' implementations may vary. "may or may not" - is that really the intention of DMARC? Andreas ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org

Re: [dmarc-discuss] DMARC and null path

Am 09.05.2016 um 22:42 schrieb Franck Martin via dmarc-discuss: RFC7489.MAILFROM is RFC5321.MailFrom if it is not empty, otherwise it is postmaster@ Hello Franck, does that mean a message could pass DMARC if - it's send from a host sending "mail.example.com" as HELO parameter - have an

Re: [dmarc-discuss] submission via google / dmarc fail

Am 29.04.2016 um 11:15 schrieb A. Schulze via dmarc-discuss: I like to point to that open topic without any answer I hoped to get from Google nobody could clarify? Andreas ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org

Re: [dmarc-discuss] submission via google / dmarc fail

A. Schulze via dmarc-discuss: I like to point to that open topic without any answer I hoped to get from Google simple setup: gmail user send with RFC5322.From *@googlemail.com via google using a smartphone. the user authenticate as *@gmail.com for submission. dkim signing domain

[dmarc-discuss] is that *really* valid

Hello, I noticed a message with this RFC5322.From: From: Lastname, Firstname the message was authenticated by SPF and DKIM but opendmarc rejected finally. Is this From really valid? I would quote the displayname. If it's valid, I hit a bug in OpenDMARC. If it's invalid,

Re: [dmarc-discuss] please clarify

Roland Turner via dmarc-discuss: That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem?

Re: [dmarc-discuss] please clarify

Roland Turner via dmarc-discuss: Yes. In all of the cases above, the Organizational Domain for both RFC5322.From and the DKIM/SPF authentication is example.com, consequently they match in relaxed mode. The same would be true for: - RFC5322.From: a.example.com - DKIM or SPF authentication

[dmarc-discuss] please clarify

Hello, I have a question about DMARC alignments. the usual case: - RFC5322.From: sub.example.com - DKIM or SPF authentication identifier: example.com -> this is aligned in relax mode. But: - RFC5322.From: example.com - DKIM or SPF authentication identifier: sub.example.com Is this a

Re: [dmarc-discuss] aggr. reports from qq.com

A. Schulze via dmarc-discuss: maybe someone could give qq.com a tipp: every message MUST include a date header. that's true for dmarc reports too. Also adding message-id header is good practice. sample: https://andreasschulze.de/tmp/dmarc-report_from_qq_dot_com.txt

Re: [dmarc-discuss] rddmarc & comcast reports

Brotman, Alexander: I'm checking with the development group responsible to see if this was an error on our side, or what might have happened. Are you able to share the target domain so they can try to track down what happened? Hi Alexander, the target domain is datev.de. But the

[dmarc-discuss] rddmarc & comcast reports

Hello, I noticed last week rddmarc fail to read aggregated reports from Comcast. They send an unusual Content-Type: application-x-gzip; No idea if that's right or wrong. The attached patch extend rddmarc to import these reports. Andreas Index: tmp/rddmarc

Re: [dmarc-discuss] wanted: rfc number

Alec Peterson via dmarc-discuss: Why force the report generator to do something that could be done when the report is received, if desired? because - the MTA already did the rDNS job - I send the failure reports to myself. I still "see" the Source-IP field which has not so much

[dmarc-discuss] submission via google / dmarc fail

Hello, last days I wrote to a address u...@gmail.com The answer was quarantained as the dmarc check failed. This ist the reply I receved: Authentication-Results: mail.example.org; dmarc=fail header.from=googlemail.com Authentication-Results: mail.example.org; dkim=pass (2048-bit key;

[dmarc-discuss] should I honor your p=reject ?

Hello, in Dublin I asked $subject to numerous people. Yes, if you could whitelist was the common answer. OK, that was my job for the last weeks. Here is a summary. OpenDMARC has the ability to send FailureReports. Usually these Reports are sent to the Domain owner. Franck Martin told me

Re: [dmarc-discuss] what is SPF-DNS?

Tomki Camp via dmarc-discuss: in 7.3.1 there is a required entry ‘SPF-DNS’, for which I can’t find any definition reference. https://datatracker.ietf.org/doc/rfc7489/?include_text=1 I guess, it should say SPF-Domain ... Andreas ___

Re: [dmarc-discuss] amazon.de fail

Hello John, John Levine via dmarc-discuss: It looks fine. in which sense? - RFC5322.From is amazon.DE - SPF pass for bounces.amazon.COM - DKIM pass for amazonses.COM so neither SPF nor DKIM is aligned. according to the published record the message should be quarantined: $ opendmarc-check

[dmarc-discuss] amazon.de fail

Hello, someone from amazon Germany may be interested. Again: I guess it's a legit message from amazon, otherwise let me know ... Authentication-Results: idvmailin13.datevnet.de; dkim=pass (1024-bit key; unprotected) header.d=amazonses.com header.i=@amazonses.com header.b=IGahw/4Y

[dmarc-discuss] service for the dark side? aggregated reports

Hi, like just mentioned in jabber I like to know if and how you handle the situation where inbound message should be reported back to the sender while the sender is clearly not a good guy. Franck martin suggest to not send every dmarc report by - blacklisting - report volume other

Re: [dmarc-discuss] SPF fail, DKIM success, Disposition none

Dorai Ashok S A via dmarc-discuss: In the last few weeks, I have started receiving DMARC reports from google.com with DKIM success for an unauthorized sender. Does this mean my signing keys are compromised (or) is there any other explanation in DMARC for this?

[dmarc-discuss] service for the dark side

Hello, It's never wrong to send all outbound messages through a content filter. since some weeks I do this for my generated aggregated DMARC reports, too. Surprise: some reports are blocked by my own filter! That happen on reports for domains that are listed somewhere. (Spamhaus DBL,

Re: [dmarc-discuss] Amazon email rejected by OpenDMARC but SPF DKIM are OK

Arnaud de Prelle via dmarc-discuss: Received-SPF: Pass (icecube.pnzone.net: domain of bounces.amazon.com designates 54.240.0.150 as permitted sender) client-ip=54.240.0.150; envelope-from=2014092923kdlu8dn...@bounces.amazon.com; helo=a0-150.smtp-out.eu-west-1.amazonses.com;

[dmarc-discuss] spam to the report sender address

Hello, I noticed the second time spam directed to the address I use to use only for sending dmarc reports. It's not the address public availabe as part of my dmarc record but my decicated sender address of reports! Looks like I have to reject anything but empty sender for messages to my report

Re: [dmarc-discuss] suggestion to optimize the website

Andreas Schulze: s/make send/make sense/ :-/ ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms