On 17/05/2023 08:18, Matus UHLAR - fantomas via Postfix-users wrote:
On 16.05.23 22:11, Tom Reed via Postfix-users wrote:
For OpenDMARC this setting:
SPFSelfValidate true
this only causes opendmarc to resolve SPF itself instead of using existing
Authentication-Results: header.
Actually (from
> SPF is designed for validating envelope from: and should not be used for
> header From:
>
> Microsoft attempt to create SPF/2 has failed and should not be used
> either.
>
That's OK. thanks for the info.
--
sent from https://dkinbox.com/
___
On 16.05.23 22:11, Tom Reed via Postfix-users wrote:
For OpenDMARC this setting:
SPFSelfValidate true
this only causes opendmarc to resolve SPF itself instead of using existing
Authentication-Results: header.
Can it handle the case when incoming message has rewritten
envelope address by
K.I.S.S.
Because of forwarding, both SPF or DKIM signatures *could* be broken. This is
what DMARC was introduced for.
DMARC checks the results of both SPF and DKIM, and as long as one of those two
passes then the mail is good so DMARC passes.
If both SPF and DKIM fail, then DMARC fails, and
Bill Cole via Postfix-users skrev den 2023-05-16 17:34:
I have no idea what the answer to that is, as I don't use OpenDMARC.
You may want to figure out where, if anywhere, OpenDMARC support is
available.
http://www.trusteddomain.org/opendmarc/
___
On 2023-05-16 at 10:11:39 UTC-0400 (Tue, 16 May 2023 22:11:39 +0800)
Tom Reed via Postfix-users
is rumored to have said:
For OpenDMARC this setting:
SPFSelfValidate true
Can it handle the case when incoming message has rewritten
envelope address by SRS then no SPF found for header From
Scott Kitterman via Postfix-users skrev den 2023-05-16 15:04:
DMARC does have such a policy component. Rejecting mail which fails
DMARC for domains that have a policy of p=reject is common. DMARC
does have a high error rate for some types of email, so I would
recommend a careful evaluation of
João Silva via Postfix-users skrev den 2023-05-16 14:49:
Yes, straight to a Spam folder.
a bit silly if its a maillist, if its spam why not unsubscribe ?
i loose maybe :/
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe
Tom Reed via Postfix-users skrev den 2023-05-16 14:41:
so for both DKIM and DMARC failure you send them to spam folder?
what dmarc policy ?, none, quarantine, reject ?
forget dkim here, its not designed to be a spam scanner
___
Postfix-users
Tom Reed via Postfix-users skrev den 2023-05-16 14:16:
Should we reject failed message on DKIM validation stage, or DMARC
validation stage, or both?
if dkim is based on reject you will ignore dmarc policy, just dont
reject is safe :)
tip, add ipwhitelist in both so you never ever reject
For OpenDMARC this setting:
SPFSelfValidate true
Can it handle the case when incoming message has rewritten
envelope address by SRS then no SPF found for header From address?
If opendmarc can implement SPF checks for header From address ,
That would be much better.
Thanks
> On 2023-05-16 at
Tom Reed via Postfix-users writes:
> Hello list,
>
> Should we reject failed message on DKIM validation stage, or DMARC
> validation stage, or both?
I even DKIM-sign the mail one more time. For forwarding to Gmail.
See https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/setup-policy.lua
Dnia 16.05.2023 o godz. 20:16:21 Tom Reed via Postfix-users pisze:
>
> Should we reject failed message on DKIM validation stage, or DMARC
> validation stage, or both?
There is no rule ststing what you "should" do in these cases. It depends on
what you *want* to do, that is - what exact result
On 2023-05-16 at 08:16:21 UTC-0400 (Tue, 16 May 2023 20:16:21 +0800)
Tom Reed via Postfix-users
is rumored to have said:
Hello list,
Should we reject failed message on DKIM validation stage, or DMARC
validation stage, or both?
Generally, neither.
IF (and ONLY IF) the "From: " header
On May 16, 2023 12:16:21 PM UTC, Tom Reed via Postfix-users
wrote:
>Hello list,
>
>Should we reject failed message on DKIM validation stage, or DMARC
>validation stage, or both?
No and it depends.
DKIM has no policy mechanism associated with it, so there's no basis in any
standardized
Yes, straight to a Spam folder.
On 16/05/2023 13:41, Tom Reed via Postfix-users wrote:
On 16/05/2023 13:16, Tom Reed via Postfix-users wrote:
Hello list,
Should we reject failed message on DKIM validation stage, or DMARC
validation stage, or both?
Just my opinion...
I see lots (and I mean
>
> On 16/05/2023 13:16, Tom Reed via Postfix-users wrote:
>> Hello list,
>>
>> Should we reject failed message on DKIM validation stage, or DMARC
>> validation stage, or both?
>
> Just my opinion...
>
> I see lots (and I mean lots) of DKIM failures due to mails sent to
> mailing lists that
On 16/05/2023 13:16, Tom Reed via Postfix-users wrote:
Hello list,
Should we reject failed message on DKIM validation stage, or DMARC
validation stage, or both?
Just my opinion...
I see lots (and I mean lots) of DKIM failures due to mails sent to
mailing lists that have clueless
18 matches
Mail list logo