Re: dmarc reports - action required?

[Michael Taubert]

Thank you both for clearifying this. Now I can relax and may find 
anything useful to do with these reports.


Please have a nice weekend.

Kind regards,
Michael

p.s. Sorry Paul, I pressed the wrong button. :/

Am 26.11.2021 um 19:44 schrieb Paul Pace:

On 11/26/21 8:57 AM, Michael Taubert wrote:

Hi everyone!

Recently I've received some dmarc reports from various hosts like 
google, yahoo, and so on. Are these reports of any use or just 
information for me? I mean, is there any action required when I got 
reports of failed dkim or spf?


All the addresses in these reports does not belong to my mail server. 
So I think they just use my domain in the header to spam around. 
Well, at least, they trying to.


I feel a bit lost as I don't know what to do about these reports.

Thanks in advance.

Kind regards,
Michael
I would guess these are aggregate reports being sent because the DMARC 
TXT record instructs them to:


$ dig +short txt _dmarc.arachnodroid.de
"v=DMARC1;p=none;pct=100;rua=mailto:postmas...@arachnodroid.de;;

The aggregate reports are sent based on a time period.

From RFC 7489 7.2[1]:

>    Visibility comes in the form of daily (or more frequent) Mail 
Receiver-originated feedback reports that contain aggregate data on 
message streams relevant to the Domain Owner. This information 
includes data about messages that passed DMARC authentication as well 
as those that did not.


Paul

[1] https://datatracker.ietf.org/doc/html/rfc7489#section-7.2

dmarc reports - action required?

[Michael Taubert]

Hi everyone!

Recently I've received some dmarc reports from various hosts like 
google, yahoo, and so on. Are these reports of any use or just 
information for me? I mean, is there any action required when I got 
reports of failed dkim or spf?


All the addresses in these reports does not belong to my mail server. So 
I think they just use my domain in the header to spam around. Well, at 
least, they trying to.


I feel a bit lost as I don't know what to do about these reports.

Thanks in advance.

Kind regards,
Michael

AW: hello! ... and first question

[Michael Taubert]

Hi Dam!

Did you try to add „example—com“ to your virtual Domains table? E.g. 
https://www.opensmtpd.org/faq/example1.html

Best regards,
Michael

Von: Damiano Venturin
Gesendet: Dienstag, 22. Mai 2018 01:16
An: misc@opensmtpd.org
Betreff: hello! ... and first question

Hello, this is Dam

I'm in the process of freeing myself from Gmail and I'm trying to
configure my debian vm as a mailserver using OpenSMTPD.

Back in the days I was used to run my own mailserver with Postfix (then
I don't know what happened to me and I moved to 3rd party services) but
this is my first time with OpenSMTPD so I'm really trying to learn how
to configure it properly.

So far so good I've to say. Chess Griffin's guide has been of great help.

There is one thing that I've noticed: if the local user contains @ in
the name, OpenSTMD can't route an incoming email properly. I'm not sure
if this something expected or a bug or if I'm missing something.

So this is the scenario:

d...@venturin.net sends an email to u...@example.com (123.123.123.123)
which is is mapped on the server as user@example--com.

So this is what you see in my /etc/opensmtd/vuser:

u...@example.com:             user@example--com


As you can see from the log below, the incoming email is accepted, goes
through clamsmtp filtering process (listening on 127.0.0.1:10025)

smtpd[2794]: b22a8aceadaec265 smtp event=connected
address=209.35.192.171 host=mail-pf1-f171.google.com
smtpd[2794]: b22a8aceadaec265 smtp event=message msgid=9c2da050
from= to= size=2847 ndest=1 proto=ESMTP
smtpd[2794]: b22a8aceadaec265 smtp event=closed reason=quit
smtpd[2794]: b22a8ad7d4f8e7b8 mta event=connecting
address=smtp://127.0.0.1:10025 host=localhost
smtpd[2794]: b22a8ad7d4f8e7b8 mta event=connected
smtpd[2794]: b22a8ad89531da2b smtp event=connected address=127.0.0.1
host=localhost
smtpd[2794]: b22a8ad89531da2b smtp event=message msgid=9a2845eb
from= to= size=3043 ndest=1 proto=ESMTP

I think that now OpenSMTPD tries to send back a receipt to the email
server which has sent the email. Am I right?

Accordingly to the configuration, the message is sent again to clamsmtp
which is listening on 127.0.0.1:10027

smtpd[2794]: b22a8ae0d78126ae mta event=connecting
address=smtp://127.0.0.1:10027 host=localhost
smtpd[2794]: b22a8ad7d4f8e7b8 mta event=delivery evpid=9c2da05070285532
from= to= rcpt=<-> source=127.0.0.1
relay=
127.0.0.1 (localhost) delay=11s result=Ok stat=250 2.0.0: 9a2845eb
Message accepted for delivery
smtpd[2794]: b22a8ae0d78126ae mta event=connected

But then something happens: all of the sudden the recipient is no more
u...@example.com but user@example--com (which is the name of the real
local user)

smtpd[2794]: b22a8ae11170b5b4 smtp event=connected address=127.0.0.1
host=localhost
smtpd[2794]: b22a8ae11170b5b4 smtp event=message msgid=f33aeeec
from= to= size=3243 ndest=1 proto=ESMTP
smtpd[2794]: b22a8ae0d78126ae mta event=delivery evpid=9a2845eb454ddf26
from= to=rcpt=
source=127.0.0.1 relay=127.0.0.1 (localhost) delay=5s result=Ok stat=250
2.0.0: f33aeeec Message accepted for delivery
smtpd[2794]: b22a8ad89531da2b smtp event=closed reason=quit
smtpd[2794]: b22a8ad7d4f8e7b8 mta event=closed reason=quit messages=1
smtpd[2794]: smtp-out: Failed to resolve MX for [relay:example--com]:
Domain does not exist

Of course the domain example--com is not found

smtpd[2794]:  mta event=delivery evpid=f33aeeecc889f968
from= to= rcpt=<-> source=-
relay=example--
info delay=5s result=PermFail stat=Domain does not exist
smtpd[2794]: b22a8aeac0c27769 smtp event=connected address=local
host=localhost
smtpd[2794]: b22a8aeac0c27769 smtp event=message msgid=57f4cae9 from=<>
to= size=4459 ndest=1 proto=ESMTP
smtpd[2794]: b22a8aeac0c27769 smtp event=closed reason=quit
smtpd[2794]: b22a8ae11170b5b4 smtp event=message msgid=e121e32c from=<>
to= size=4660 ndest=1 proto=ESMTP
smtpd[2794]: b22a8ae0d78126ae mta event=delivery evpid=57f4cae9a970f282
from=<> to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 (loc
alhost) delay=1s result=Ok stat=250 2.0.0: e121e32c Message accepted for
delivery
smtpd[2794]: b22a8ae11170b5b4 smtp event=closed reason=quit
smtpd[2794]: b22a8ae0d78126ae mta event=closed reason=quit messages=2
smtpd[2794]: b22a8af88282d316 mta event=connecting
address=smtp+tls://66.102.1.27:25 host=wb-in-f27.1e100.net
smtpd[2794]: b22a8af88282d316 mta event=connected
smtpd[2794]: b22a8af88282d316 mta event=starttls
ciphers=version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
smtpd[2794]: smtp-out: Server certificate verification succeeded on
session b22a8af88282d316
smtpd[2794]: b22a8af88282d316 mta event=delivery evpid=e121e32cb085713e
from=<> to= rcpt=<-> 

AW: Greylist-like support

[Michael Taubert]

e.g. https://github.com/ajdiaz/opensmtpd-filter-spam additional filters can be 
found here 
https://github.com/OpenSMTPD/OpenSMTPD-extras/tree/751c7b6b56a13a2381485daf0f97dd7fc0da289e/extras/filters

Best regards,
Michael

Von: Reio Remma
Gesendet: Samstag, 7. April 2018 09:35
An: misc@opensmtpd.org
Betreff: Re: Greylist-like support

On 07.04.2018 3:49, Christopher van de Sande wrote:
> Been managing my personal email on my own for a good 10 years now 
> using Postfix, and recently I've come to learn about OpenSMTPD.  I've 
> installed it on a test domain and am quite pleased with it. I'm 
> thinking about switching over it for my main email.
>
> One thing I've come to learn that is critical to spam management is 
> greylisting. Even the act the "slowing down" a spam message by 60 
> seconds gives DNSBL's time to get updated, so by the time SpamAssassin 
> checks the message, it correctly labels it as spam. The combination of 
> postgrey and spamassassin has been fantastic for me for the last few 
> years.
>
> I'm looking for either a greylist solution or anything that can delay 
> an email for a short time. I know it will work with OpenBSD's spamd, 
> but I was hoping I could find a linux solution.
>
> Thanks,
> Chris

I've been pondering the exact same thing the last few days. I've been 
looking at rspamd, but I'm not keen on switching, since I just migrated 
from an old QMail system and am using amavisd-new/spamassassin now. A 
little disappointed that amavisd-new doesn't have greylisting built in.

Good luck,
Reio

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org