Yep, I am in communication with the mail host. ☺ Thanks all.
Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/> Create Wireless Coverage’s with www.towercoverage.com From: Roland Turner <rol...@rolandturner.com> Sent: Monday, November 26, 2018 5:36 PM To: Dennis Burgess <dmburg...@linktechs.net>; Vladimir Dubrovin <dubro...@corp.mail.ru>; dmarc-discuss@dmarc.org Subject: Re: [dmarc-discuss] DMARC oddity Right. This is the envelope sender (5321.MAIL FROM). It doesn't align with linktechs.net, so won't contribute to a DMARC pass. Why does the message have an author/5322.From: address in the linktechs.net domain, but not a valid DKIM signature? This looks like a typical list-breaks-DKIM scenario: * You're a member of the WISPA board * You post to bo...@wispa.org<mailto:bo...@wispa.org> * The list expander sends a copy of the message back to you, with your email address still appearing in 5322.From: * But the list expander has changed the message in a way that breaks DKIM * The list expander does change the 5321.MAIL FROM to board-bounces, but SPF would have failed anyway, so this does not create a new problem * The message reaches linktechs.net, showing a linktechs.net 5322.From, but with an unaligned 5321.MAIL FROM and a broken DKIM signature, so DMARC fails. The published policy requests rejection, so that's what happens. Does this make sense? - Roland On 27/11/18 3:36 am, Dennis Burgess via dmarc-discuss wrote: Nov 26 11:40:44 filter1 opendmarc[21194]: 406A610E1FC: SPF(mailfrom): board-boun...@wispa.org<mailto:board-boun...@wispa.org> none Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/> Create Wireless Coverage’s with www.towercoverage.com From: Vladimir Dubrovin <dubro...@corp.mail.ru><mailto:dubro...@corp.mail.ru> Sent: Monday, November 26, 2018 1:28 PM To: Dennis Burgess <dmburg...@linktechs.net><mailto:dmburg...@linktechs.net>; dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> Subject: Re: [dmarc-discuss] DMARC oddity You see envelope-from (aka RFC 5321.mailfrom) address in logs, while DMARC checks policy against From: header (RFC 5322.From), envelope-from and From: may differ. 26.11.2018 22:17, Dennis Burgess via dmarc-discuss пишет: Got an odd one, getting e-mails from another domain rejected based on the recipients domain policy? Nov 26 11:40:44 filter1 postfix/cleanup[63990]: 406A610E1FC: milter-reject: END-OF-MESSAGE from filter1.linktechs.email[127.0.0.1]: 5.7.1 rejected by DMARC policy for linktechs.net; from=<board-boun...@wispa.org<mailto:board-boun...@wispa.org>> to=<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> proto=ESMTP helo=<spam.techwebhosting.net> Nov 26 11:40:44 filter1 postfix/smtpd[64109]: < inet:127.0.0.1:10020: 550 5.7.1 rejected by DMARC policy for linktechs.net Nov 26 11:40:44 filter1 postfix/smtpd[64109]: > spam.techwebhosting.net[216.146.225.112]: 550 5.7.1 rejected by DMARC policy for linktechs.net Linktechs.net yes says not to accept mail form other mailserver,s but this is a wispa.org domain that don’t have dmarc or even a SPF record? Why does it use the to domain to lookup dmarc policy? Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/> Create Wireless Coverage’s with www.towercoverage.com _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) -- Vladimir Dubrovin @Mail.Ru _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
