Peter via Postfix-users: > On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: > > Bounces are sent with the null envelope.from address which has no > > domain. Therefore, SPF applies policy to a surrogate: the hostname > > in the SMTP client's HELO/EHLO command (as if the envelope.from > > address was postmaster@helo-argument). > > > > This helo-argument is by default the value of the Postfix myhostname > > parameter, which depending on myorigin setting may appear in the > > header.from address mailer-daemon@whatever. > > > > DMARC wants that the dmain in envelope.from address (or its surrogate > > in the case of <>) in some way align with the domain in the header.from > > address (in this case mailer-daemon@whatever). > > > > If someone can come up with a simple checklist for how to do this > > then that would be great. > > SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail > to be accepted: > > 1. HELO banner should pass SPF. > > 2. Envelope Sender should pass SPF. > > 3. Envelope Sender domain should align with the From: header domain. > > 4. Message should be DKIM signed. > > 5. Domain for the DKIM signature should align with the From: header domain. > > Not all of the able are necessary (e.g. you can get away with SPF > alignment only or DKIM alignment only) but the more of those boxes that > you can successfully tick off the better chance you have for you message > to be accepted when things go wrong, or when a destination doesn't > implement one of the above checks properly.
Thanks. For completeness, in the case of bounce messages, items 2-3 apply as if the sender was postmaster@HELO-argument. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org