Peter via Postfix-users:
> On 21/06/24 07:13, Wietse Venema via Postfix-users wrote:
> > Bounces are sent with the null envelope.from address which has no
> > domain. Therefore, SPF applies policy to a surrogate: the hostname
> > in the SMTP client's HELO/EHLO command (as if the envelope.from
> > address was postmaster@helo-argument).
> >
> > This helo-argument is by default the value of the Postfix myhostname
> > parameter, which depending on myorigin setting may appear in the
> > header.from address mailer-daemon@whatever.
> >
> > DMARC wants that the dmain in envelope.from address (or its surrogate
> > in the case of <>) in some way align with the domain in the header.from
> > address (in this case mailer-daemon@whatever).
> >
> > If someone can come up with a simple checklist for how to do this
> > then that would be great.
>
> SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail
> to be accepted:
>
> 1. HELO banner should pass SPF.
>
> 2. Envelope Sender should pass SPF.
>
> 3. Envelope Sender domain should align with the From: header domain.
>
> 4. Message should be DKIM signed.
>
> 5. Domain for the DKIM signature should align with the From: header domain.
>
> Not all of the able are necessary (e.g. you can get away with SPF
> alignment only or DKIM alignment only) but the more of those boxes that
> you can successfully tick off the better chance you have for you message
> to be accepted when things go wrong, or when a destination doesn't
> implement one of the above checks properly.
Thanks. For completeness, in the case of bounce messages, items 2-3
apply as if the sender was postmaster@HELO-argument.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
