> On May 18, 2018, at 10:06 AM, Vladimir Dubrovin via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > > Hello, > > most probably, the message received by Yahoo is NDR or DSN message generated > by your host. In this case, envelope-from address is empty and SPF is checked > against HELO > > <spf> > <domain>mail.mydomain.tld</domain> > <result>none</result> > </spf> > > From: probably has something like > > From: mailer-dae...@dumbledore.mydomin.tld > <mailto:mailer-dae...@dumbledore.mydomin.tld>. > > RFC 7208 requires you to place SPF record for domain used in HELO exectly for > this case. Adding > > mail.mydomain.tld. TXT "v=spf1 a -all" > > will fix the issue. > > 18.05.2018 16:39, Gerben Wierda via dmarc-discuss пишет: >> I’m setting up DMARC for my mail server. I tried sending a mail to an >> account on the icloud.com <http://icloud.com/> domain (which reports DMARC) >> and there I see: >> >> Received-Spf: pass (mr21p00im-spfmilter004.me.com >> <http://mr21p00im-spfmilter004.me.com/>: domain of myn...@mydomain.tld >> <mailto:myn...@mydomain.tld> designates XXX.XXX.XXX.XXX as permitted sender) >> receiver=mr21p00im-spfmilter004.me.com >> <http://mr21p00im-spfmilter004.me.com/>; client-ip=XXX.XXX.XXX.XXX; >> helo=mail.mydomain.tld; envelope-from=myn...@mydomain.tld >> <mailto:envelope-from=myn...@mydomain.tld> >> X-Dmarc-Info: pass=pass; dmarc-policy=none; s=r1; d=r0 >> X-Dmarc-Policy: >> v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dm...@mydomain.tld >> <mailto:dm...@mydomain.tld>,mailto:re+vghcolsq...@dmarc.postmarkapp.com >> <mailto:re+vghcolsq...@dmarc.postmarkapp.com> >> Received: from mr11p00im-smtpin012.mac.com >> <http://mr11p00im-smtpin012.mac.com/> ([17.110.69.200]) by ms20524.mac.com >> <http://ms20524.mac.com/> (Oracle Communications Messaging Server >> 8.0.1.3.20170906 64bit (built Sep 6 2017)) with ESMTP id >> <0p8x00kcde2dm...@ms20524.mac.com <mailto:0p8x00kcde2dm...@ms20524.mac.com>> >> for myn...@icloud.com <mailto:myn...@icloud.com>; Fri, 18 May 2018 13:13:25 >> +0000 (GMT) >> Received: from mail.mydomain.tld (mail.mydomain.tld [XXX.XXX.XXX.XXX]) by >> mr11p00im-smtpin012.me.com <http://mr11p00im-smtpin012.me.com/> (Oracle >> Communications Messaging Server 8.0.1.2.20170607 64bit (built Jun 7 2017)) >> with ESMTPS id <0p8x00h3ve2al...@mr11p00im-smtpin012.me.com >> <mailto:0p8x00h3ve2al...@mr11p00im-smtpin012.me.com>> for myn...@icloud.com >> <mailto:myn...@icloud.com> (ORCPT myn...@icloud.com >> <mailto:myn...@icloud.com>); Fri, 18 May 2018 13:13:24 +0000 (GMT) >> Received: from localhost (localhost [127.0.0.1]) by mail.mydomain.tld >> (Postfix) with ESMTP id 57F0B261CB53 for <myn...@icloud.com >> <mailto:myn...@icloud.com>>; Fri, 18 May 2018 15:13:21 +0200 (CEST) >> Received: from mail.mydomain.tld ([127.0.0.1]) by localhost >> (dumbledore.mydomain.tld [127.0.0.1]) (amavisd-new, port 10024) with ESMTP >> id b6L6g5ttGPiH for <myn...@icloud.com <mailto:myn...@icloud.com>>; Fri, >> 18 May 2018 15:13:19 +0200 (CEST) >> Received: from [192.168.169.103] (d4b27fea.static.ziggozakelijk.nl >> <http://d4b27fea.static.ziggozakelijk.nl/> [212.178.127.234]) by >> mail.mydomain.tld (Postfix) with ESMTPSA id 057A3261CB45 for >> <myn...@icloud.com <mailto:myn...@icloud.com>>; Fri, 18 May 2018 15:13:18 >> +0200 (CEST) >> >> But I also got an aggregate report from Yahoo that suggests something is >> wrong: >> >> <?xml version="1.0"?> >> <feedback> >> <report_metadata> >> <org_name>Yahoo! Inc.</org_name> >> <email>postmas...@dmarc.yahoo.com >> <mailto:postmas...@dmarc.yahoo.com></email> >> <report_id>1526605741.475970</report_id> >> <date_range> >> <begin>1526515200</begin> >> <end>1526601599 </end> >> </date_range> >> </report_metadata> >> <policy_published> >> <domain>mydomain.tld</domain> >> <adkim>r</adkim> >> <aspf>r</aspf> >> <p>none</p> >> <pct>100</pct> >> </policy_published> >> <record> >> <row> >> <source_ip>XXX.XXX.XXX.XXX</source_ip> >> <count>1</count> >> <policy_evaluated> >> <disposition>quarantine</disposition> >> <dkim>fail</dkim> >> <spf>fail</spf> >> </policy_evaluated> >> </row> >> <identifiers> >> <header_from>dumbledore.mydomain.tld</header_from> >> </identifiers> >> <auth_results> >> <dkim> >> <domain></domain> >> <result>neutral</result> >> </dkim> >> <spf> >> <domain>mail.mydomain.tld</domain> >> <result>none</result> >> </spf> >> </auth_results> >> </record> >> </feedback> >> >> This seems to suggest that Yahoo received an email from my MTA at IP address >> XXX.XXX.XXX.XXX (which is the correct IP of mail.mydomain.tld) but the >> header was dumbledore.mydomain.tld. Is that correct? That is weird, because >> my mail server is set to use 'helo mail.mydomain.tld'. So, apparently, it >> seems some program on my server is trying to send mail to a yahoo MTA >> bypassing my mail server, correct? If so, it is an unexpected catch. But I >> need to know if it is correct. >> >> Thanks in advance >> >> Gerben >> >> >> _______________________________________________ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org <mailto:dmarc-discuss@dmarc.org> >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> <http://www.dmarc.org/mailman/listinfo/dmarc-discuss> >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html >> <http://www.dmarc.org/note_well.html>) > > -- > Vladimir Dubrovin > @Mail.Ru > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
