> I'm sorry that I may have been a bit unclear of my issue. > I'm not confused about receiving the report, but the content of it. > And what to change in my config so that I do not see fail records regarding > mail coming from my own server. > I think I have got what I need from Wietse and are testing now.
In case it doesn't work as intended consider this: >From the aggregate report: <envelope_from><></envelope_from> < and > are a way of encoding (XML) - < / less than / < - > / greater than / > In other words this evaluates to "<>", the null sender. For DMARC to succeed either DKIM verification or SPF check must pass. The aggregate report tells you SPF failed. As the envelope sender is the null sender there is no domain that could be checked. In this case the HELO name will be used as a fallback but as I wrote in my previous email there is no SPF information for mail.jungersen.dk: $ host -t txt mail.jungersen.dk mail.jungersen.dk has no TXT record See https://datatracker.ietf.org/doc/html/rfc7208#section-10.1.2 DKIM verification also failed because the email might have been unsigned. As Wietse mentioned you could set internal_mail_filter_classes = bounce to sign messages generated by postfix with the sender mailer-dae...@mail.jungersen.dk. This might work well with signing only (opendkim, ...), but you are using rspamd which is an antispam solution. Bounce messages often contain snippets of the emails received and therefore might contain spam fragments that rspamd recognizes. It will be a matter of time before it learns and blocks your own and external bounce messages. While there may certainly be ways around that problem you should not carelessly ignore the advice given in postconf (5): internal_mail_filter_classes (default: empty) ... NOTE: It's generally not safe to enable content inspection of Postfix-generated email messages. The user is warned. And if I'm not mistaken it's not clear this is about bounces / MAILER-DAEMON messages. Other tools like vacation or out-of-office responders do use the null sender. These are not generated by postfix itself and changing internal_mail_filter_classes would not be necessary. Summarized: you might reconsider just publishing a SPF record for mail.jungersen.dk to pass DMARC checks. Best regards, Gerald _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
