On 1/26/22 14:35, Andrew C Aitchison via mailop wrote:
On Wed, 26 Jan 2022, Renaud Allard via mailop wrote:On 1/26/22 13:12, Andrew C Aitchison via mailop wrote:On Wed, 26 Jan 2022, Renaud Allard via mailop wrote:I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain.Is there anyone here from infomaniak who can check this issue?Jan 26 12:28:02 isildur smtpd[8927]: 7d3268f1d44f2cad mta delivery evpid=b037b0d7d3e854e6 from=<********@waucquez.org> to=<*****@avocats-verbruggen.be> rcpt=<-> source="192.168.254.2" relay="83.166.143.58 (mx02.infomaniak.com)" delay=2s result="PermFail" stat="550 5.7.1 rejected by DMARC policy for waucquez.org"# host _dmarc.waucquez.org _dmarc.waucquez.org is an alias for _dmarc.arnor.org. # host -t any _dmarc.arnor.org._dmarc.arnor.org descriptive text "v=DMARC1; p=reject; sp=reject; pct=100;"Looks to me that infomaniak are doing what you/waucquez.org/arnor.org requested.I indeed asked to reject mails when DMARC fails, not when DMARC is OK. So, while it's indeed applying the policy correctly in case of a failure, it doesn't return the correct answer for the checks...You are correct. # host -t txt waucquez.org waucquez.org descriptive text "v=spf1 redirect=arnor.org" # host -t txt arnor.orgarnor.org descriptive text "v=spf1 mx a:isildur.arnor.org a:amandil.arnor.org a:elendil.arnor.org a:elrond.arnor.org a:mail.openbsd.org -all"... which does not include "192.168.254.2" :-)
But it includes the NATted IP from which the server is going out ;)
So 83.166.143.58 (mx02.infomaniak.com) is failing the message on SPF because of the internal route through their system. They are ideed at fault.My apologies.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop