DMARC und Mailinglisten

Robert Schetterer rs at sys4.de
Sa Feb 21 09:26:12 CET 2015


Am 21.02.2015 um 09:06 schrieb Robert Schetterer:
> Am 21.02.2015 um 08:43 schrieb Joachim Fahrner:
>> Hallo,
>>
>> bei Mailinglisten wird das DMARC wirklich zum Problem. Habe mich jetzt
>> auf einer Liste angemeldet die nicht DMARC-konform ist und prompt werden
>> da Mails abgewiesen. Kriegt man das irgendwie in den Griff, ohne DMARC
>> komplett zu deaktivieren?
> 
> nur wenn du eine Art whitelisting vorschaltest
> wuerde ich aber nicht tun, oeffentliche Listen sollten sich schlichtweg
> DMARC konform verhalten

das hier koennte helfen

http://manpages.ubuntu.com/manpages/saucy/man5/opendmarc.conf.5.html

  IgnoreHosts (string)
              Specifies the path to a file that contains a list of
hostnames,
              IP  addresses,  and/or  CIDR expressions identifying hosts
whose
              SMTP connections are to  be  ignored  by  the  filter.
If  not
              specified, defaults to "127.0.0.1" only.


  IgnoreMailFrom (string)
              Gives  a  list  of  domain  names whose mail (based on the
From:
              domain) is to be ignored by the  filter.   The  list
should  be
              comma-separated.    Matching   against   this   list   is
 case-
              insensitive.  The default is an empty list, meaning no
mail  is
              ignored.

> 
>>
>> Feb 20 06:28:35 s2 postfix/postscreen[20427]: CONNECT from [8.8.178.116]:46715 to [78.46.184.248]:25
>> Feb 20 06:28:35 s2 postfix/postscreen[20427]: PASS OLD [8.8.178.116]:46715
>> Feb 20 06:28:36 s2 postfix/smtpd[20429]: connect from mx2.freebsd.org[8.8.178.116]
>> Feb 20 06:28:37 s2 postfix/smtpd[20429]: Anonymous TLS connection established from mx2.freebsd.org[8.8.178.116]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>> Feb 20 06:28:39 s2 policyd-spf[20438]: None; identity=helo; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-current at freebsd.org; receiver=jf at fahrner.name 
>> Feb 20 06:28:39 s2 policyd-spf[20438]: Pass; identity=mailfrom; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-current at freebsd.org; receiver=jf at fahrner.name 
>> Feb 20 06:28:39 s2 postfix/smtpd[20429]: 7224534141: client=mx2.freebsd.org[8.8.178.116]
>> Feb 20 06:28:39 s2 postfix/cleanup[20440]: 7224534141: message-id=<464530409.2420401.1424409908005.JavaMail.yahoo at mail.yahoo.com>
>> Feb 20 06:28:39 s2 opendkim[3180]: 7224534141: mx2.freebsd.org [8.8.178.116] not internal
>> Feb 20 06:28:39 s2 opendkim[3180]: 7224534141: not authenticated
>> Feb 20 06:28:40 s2 opendkim[3180]: 7224534141: bad signature data
>> Feb 20 06:28:40 s2 opendmarc[3192]: 7224534141: authres: s2.fahrner.name;#012#011dkim=fail reason="no signature error" (2048-bit key; insecure) header.d=yahoo.com header.i=@yahoo.com header.b=Bk3hfdot;#012#011dkim-adsp=unknown (insecure policy); dkim-atps=neutral
>> Feb 20 06:28:40 s2 opendmarc[3192]: 7224534141: recvspf: Pass (sender SPF authorized) identity=mailfrom; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-current at freebsd.org; receiver=jf at fahrner.name 
>> Feb 20 06:28:40 s2 postfix/pickup[19499]: A037634145: uid=118 from=<opendmarc>
>> Feb 20 06:28:40 s2 postfix/cleanup[20444]: A037634145: message-id=<20150220052840.A037634145 at s2.fahrner.name>
>> Feb 20 06:28:40 s2 opendmarc[3192]: 7224534141: yahoo.com fail
>> Feb 20 06:28:40 s2 opendkim[3180]: A037634145: DKIM-Signature header added (s=mail, d=fahrner.name)
>> Feb 20 06:28:40 s2 postfix/cleanup[20440]: 7224534141: milter-reject: END-OF-MESSAGE from mx2.freebsd.org[8.8.178.116]: 5.7.1 rejected by DMARC policy for yahoo.com; from=<owner-freebsd-current at freebsd.org> to=<jf at fahrner.name> proto=ESMTP helo=<mx2.freebsd.org>
>>
> 
> Best Regards
> MfG Robert Schetterer
> 



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Mehr Informationen über die Mailingliste postfix-users