Re: dmarc report faild ?
Le 8/24/2017 à 9:43 PM, Ivan Warren a écrit : And further funny things ... By pasting "message headers" in the message body I got a truckload of forensic reports ! Looks like there something amiss in the DKIM/DMARC realm ! --Ivan Or rather, There is something rotten in the kingdom of DMARC (Sorry couldn't resist.. and my apologies to all for hogging the list). --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: dmarc report faild ?
And further funny things ... By pasting "message headers" in the message body I got a truckload of forensic reports ! Looks like there something amiss in the DKIM/DMARC realm ! --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: dmarc report faild ?
On 24.08.2017 21:05, Ivan Warren wrote: > In the same vein, > > I am receiving forensic DMARC reports from mx01.nausch.org. > It's odd, because the actual report tells me both DKIM and SPF (in the > the of a DMARC report) pass... > > Here is what I am getting : > Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr > Authentication-Results: mx1.nausch.org; > dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr > header.b="oHXeoWbW" > Note that the first part says authentication failed, but the second part > (which is the mail headers for a legit DMARC aggregate report sent to > the published DMARC rua for nausch.org) passes all the tests - both DKIM > and SPF. > > I am also getting forensic reports from this MTA when posting to the list. > > So my guess is some...@nausch.org on this mailing list might have a > misbehaving DMARC responder/filter. Yes, I've seen this, too. I already mailed them, but never got a reaction. Most likely they run an old version of Postfix which has some problems with milters adding headers not seen by later milters... Juri
Re: dmarc report faild ?
In the same vein, I am receiving forensic DMARC reports from mx01.nausch.org. Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report. It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass... Here is what I am getting : This is an authentication failure report for an email message received from IP 163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST). Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.2 Auth-Failure: dmarc Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr Original-Envelope-Id: 7AA88C00088 Original-Mail-From:mrep...@vmfacility.fr Source-IP: 163.172.81.229 (db04.ivansoftware.com) Reported-Domain: vmfacility.fr Authentication-Results: mx1.nausch.org; dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW" Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom= smtp.helo=db04.ivansoftware.com Received: from db04 (localhost [127.0.0.1]) by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870 for; Thu, 24 Aug 2017 19:45:02 +0200 (CEST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.99.2 at db04 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr; s=mail; t=1503596702; bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=; h=To:From:Subject:Date:From; b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv 0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC 902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5 +RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu LePx9Q8z3nALg== To:dmarc-repo...@nausch.org From:mrep...@vmfacility.fr Subject: Report Domain: nausch.org Submitter: Report-ID: nausch.org-1503596702@ X-Mailer: opendmarc-reports v1.3.2 Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST) Message-ID: Auto-Submitted: auto-generated MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="report_section" Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF. I am also getting forensic reports from this MTA when posting to the list. So my guess is some...@nausch.org on this mailing list might have a misbehaving DMARC responder/filter. Note also that this is the only domain/MX I have had so far that responds in that way (that is - one that sends me a failed DMARC forensic report for a message I *KNOW* I sent - validated and through my SPF validated and with headers which are properly DKIM signed). --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: dmarc report faild ?
Le 8/24/2017 à 3:47 PM, A. Schulze a écrit : Maurizio Caloro: Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems. Any from you know this Eror report, what i need to do to fix this issue? I guess, the reports are about messages you sent to the list: https://dovecot.org/pipermail/dovecot/2017-August/109097.html As I explained to Maurizio (off list), he received an aggregate report.. (Actually from one of my mail servers) in the sample he sent... It's an aggregate report, so even if everything was succesful, I (or rather opendmarc-reports since I'm using opendmarc) would still send a report ! So receiving a DMARC aggregate report isn't an indication of a problem ! Any SPF error in the report would be normal when received from a mailing list, but I think DMARC passes if either SPF or DKIM pass (you don't need both). Note this is a bit OT, since dovecot has nothing to do with SPF, DKIM, DMARC or any of the postfix/sendmail MILTERs. --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: dmarc report faild ?
Maurizio Caloro:
Please i have new following Error, from DMARC Report, if i check my domain
on example mxtoolbox i dont see any problems.
Any from you know this Eror report, what i need to do to fix this issue?
I guess, the reports are about messages you sent to the list:
https://dovecot.org/pipermail/dovecot/2017-August/109097.html
are you *really* sure you signed the messages well?
Why do they contain two Signatures?
It may happen the signature is invalid just after signing.
Assuming your messages where signed correct,
compare the header field you signed ("From:To:Subject:Date:From")
with the version you received back from the listserver.
On the other side, there is a quiet good chance the listserver deleted
an html part you sent.
( X-Content-Filtered-By: Mailman/MimeDel 2.1.15 )
so, send plain text...
next: mailman 2.1.15 is 5 years old. These versions are known to be
not very supportive regarding DMARC
because DMARC just was invented ~2012.
If resources are available @dovecot, the operator may update to a
newer version.
Currently 2.1.24 is the latest release.
In any case, your DMARC policy p=none prevent further damage.
p=none is the the friendly choice for domains sending to lists these days.
Andreas
dmarc report faild ?
Hello Together Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems. Any from you know this Eror report, what i need to do to fix this issue? C:\folder>nslookup 94.237.32.243 Server: dns204.data.ch Address: 211.232.23.124 Name:wursti.dovecot.fi Address: 94.237.32.243 -- I check also dkim and spif but i don't see the mistake, i dont want that me Mailserver become seriussly mail problems. Regards Mauri mrep...@vmfacility.fr caloro.ch:1503564302 1503477902 1503564302 caloro.ch s s none none 100 94.237.32.243 1 none pass fail caloro.ch dovecot.org unknown caloro.ch pass
