Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
Benny Pedersen
me at junc.eu
Wed Feb 9 16:43:47 UTC 2022
On 2022-02-09 17:25, Julien Salort wrote:
> Le 09/02/2022 à 16:55, Benny Pedersen a écrit :
>
>> hope maillist users turn there dkim signers into sign only, not verify
>> aswell, verify must only happen in dmarc
>
> I am a little bit confused.
>
> - why not verify dkim ? It seems fine for your message. I get:
when dkim pass there is no breakage, but dkim fail can lead to in some
setups to make reject, even for maillists :/
that is a design fail on dkim
hence why i say sign only in dkim
> Received-SPF: Pass (mailfrom) identity=mailfrom;
> client-ip=94.237.105.223; helo=talvi.dovecot.org;
> envelope-from=dovecot-bounces at dovecot.org; receiver=<UNKNOWN>
> Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none)
> header.from=junc.eu
> Authentication-Results: vps2.salort.eu;
> dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu
> header.a=rsa-sha256 header.s=default header.b=CC9G/2tV;
> dkim-atps=neutral
perfectly good no problem
> - Is it useful to install something besides OpenDMARC (OpenARC ?), or
> some dedicated OpenDMARC configurations, for the ARC-Seal to be useful
> ?
we are all waiting for spamassassin 4, and maybe ietf stable rfc on
openspf, opendkim, openarc, opendmarc, currently none of it is
production stable
> I suppose SPF works because the Envelope is correctly set to
> dovecot.org address, so I don't understand the problem the OP was
> mentionning.
postfix maillist have no spf helo pass, no spf pass, i think its to
force pass only on dkim in dmarc :=)
i dont control dovecot.org spf, so if it recieved in arc test pass i am
happy, note arc miss spf helo fail/pass
its not production stable
More information about the dovecot
mailing list