Hello Together
Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems.
Any from you know this Eror report, what i need to do to fix this issue?
C:\folder>nslookup 94.237.32.243
Server: dns204.data.ch
Address: 211.232.23.124
Name: wursti.dovecot.fi
Address: 94.237.32.243
--
I check also dkim and spif but i don't see the mistake, i dont want that me Mailserver become seriussly mail problems.
Regards
Mauri
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<email>mreport@vmfacility.fr</email>
<begin>1503477902</begin>
<end>1503564302</end>
<domain>caloro.ch</domain>
<adkim>s</adkim>
<aspf>s</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
<record>
<row>
<source_ip>94.237.32.243</source_ip>
<count>1</count>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf></row>
<identifiers>
<header_from>caloro.ch</header_from>
</identifiers>
<spf>
<domain>dovecot.org</domain>
<result>unknown</result></spf>
<dkim>
<domain>caloro.ch</domain>
<result>pass</result></dkim>
</record>
</feedback>
Maurizio Caloro:
Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems.
Any from you know this Eror report, what i need to do to fix this issue?
I guess, the reports are about messages you sent to the list: https://dovecot.org/pipermail/dovecot/2017-August/109097.html
are you *really* sure you signed the messages well? Why do they contain two Signatures? It may happen the signature is invalid just after signing.
Assuming your messages where signed correct, compare the header field you signed ("From:To:Subject:Date:From") with the version you received back from the listserver.
On the other side, there is a quiet good chance the listserver deleted
an html part you sent.
( X-Content-Filtered-By: Mailman/MimeDel 2.1.15 )
so, send plain text...
next: mailman 2.1.15 is 5 years old. These versions are known to be
not very supportive regarding DMARC
because DMARC just was invented ~2012.
If resources are available @dovecot, the operator may update to a
newer version.
Currently 2.1.24 is the latest release.
In any case, your DMARC policy p=none prevent further damage. p=none is the the friendly choice for domains sending to lists these days.
Andreas
Le 8/24/2017 à 3:47 PM, A. Schulze a écrit :
Maurizio Caloro:
Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems.
Any from you know this Eror report, what i need to do to fix this issue?
I guess, the reports are about messages you sent to the list: https://dovecot.org/pipermail/dovecot/2017-August/109097.html
As I explained to Maurizio (off list), he received an aggregate report.. (Actually from one of my mail servers) in the sample he sent...
It's an aggregate report, so even if everything was succesful, I (or rather opendmarc-reports since I'm using opendmarc) would still send a report !
So receiving a DMARC aggregate report isn't an indication of a problem !
Any SPF error in the report would be normal when received from a mailing list, but I think DMARC passes if either SPF or DKIM pass (you don't need both).
Note this is a bit OT, since dovecot has nothing to do with SPF, DKIM, DMARC or any of the postfix/sendmail MILTERs.
--Ivan
In the same vein,
I am receiving forensic DMARC reports from mx01.nausch.org.
Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report.
It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass...
Here is what I am getting :
This is an authentication failure report for an email message received from IP 163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST).
Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.2 Auth-Failure: dmarc Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr Original-Envelope-Id: 7AA88C00088 Original-Mail-From:mreport@vmfacility.fr Source-IP: 163.172.81.229 (db04.ivansoftware.com) Reported-Domain: vmfacility.fr
Authentication-Results: mx1.nausch.org;
dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW"
Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom=mreport@vmfacility.fr smtp.helo=db04.ivansoftware.com
Received: from db04 (localhost [127.0.0.1])
by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870
fordmarc-reports@nausch.org; Thu, 24 Aug 2017 19:45:02 +0200 (CEST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at db04
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr;
s=mail; t=1503596702;
bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=;
h=To:From:Subject:Date:From;
b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv
0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC
902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5
+RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm
p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu
LePx9Q8z3nALg==
To:dmarc-reports@nausch.org
From:mreport@vmfacility.fr
Subject: Report Domain: nausch.org Submitter: Report-ID: nausch.org-1503596702@
X-Mailer: opendmarc-reports v1.3.2
Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST)
Message-ID:
Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF.
I am also getting forensic reports from this MTA when posting to the list.
So my guess is someone@nausch.org on this mailing list might have a misbehaving DMARC responder/filter.
Note also that this is the only domain/MX I have had so far that responds in that way (that is - one that sends me a failed DMARC forensic report for a message I *KNOW* I sent - validated and through my SPF validated and with headers which are properly DKIM signed).
--Ivan
On 24.08.2017 21:05, Ivan Warren wrote:
In the same vein,
I am receiving forensic DMARC reports from mx01.nausch.org.
It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass...
Here is what I am getting :
Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr
Authentication-Results: mx1.nausch.org; dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW"
Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF.
I am also getting forensic reports from this MTA when posting to the list.
So my guess is someone@nausch.org on this mailing list might have a misbehaving DMARC responder/filter.
Yes, I've seen this, too. I already mailed them, but never got a reaction. Most likely they run an old version of Postfix which has some problems with milters adding headers not seen by later milters...
Juri
And further funny things ...
By pasting "message headers" in the message body I got a truckload of forensic reports !
Looks like there something amiss in the DKIM/DMARC realm !
--Ivan
Le 8/24/2017 à 9:43 PM, Ivan Warren a écrit :
And further funny things ...
By pasting "message headers" in the message body I got a truckload of forensic reports !
Looks like there something amiss in the DKIM/DMARC realm !
--Ivan
Or rather,
There is something rotten in the kingdom of DMARC
(Sorry couldn't resist.. and my apologies to all for hogging the list).
--Ivan
participants (4)
-
A. Schulze
-
Ivan Warren
-
Juri Haberland
-
Maurizio Caloro