DMARC und Mailinglisten
Robert Schetterer
rs at sys4.de
Sa Feb 21 09:26:12 CET 2015
Am 21.02.2015 um 09:06 schrieb Robert Schetterer:
> Am 21.02.2015 um 08:43 schrieb Joachim Fahrner:
>> Hallo,
>>
>> bei Mailinglisten wird das DMARC wirklich zum Problem. Habe mich jetzt
>> auf einer Liste angemeldet die nicht DMARC-konform ist und prompt werden
>> da Mails abgewiesen. Kriegt man das irgendwie in den Griff, ohne DMARC
>> komplett zu deaktivieren?
>
> nur wenn du eine Art whitelisting vorschaltest
> wuerde ich aber nicht tun, oeffentliche Listen sollten sich schlichtweg
> DMARC konform verhalten
das hier koennte helfen
http://manpages.ubuntu.com/manpages/saucy/man5/opendmarc.conf.5.html
IgnoreHosts (string)
Specifies the path to a file that contains a list of
hostnames,
IP addresses, and/or CIDR expressions identifying hosts
whose
SMTP connections are to be ignored by the filter.
If not
specified, defaults to "127.0.0.1" only.
IgnoreMailFrom (string)
Gives a list of domain names whose mail (based on the
From:
domain) is to be ignored by the filter. The list
should be
comma-separated. Matching against this list is
case-
insensitive. The default is an empty list, meaning no
mail is
ignored.
>
>>
>> Feb 20 06:28:35 s2 postfix/postscreen[20427]: CONNECT from [8.8.178.116]:46715 to [78.46.184.248]:25
>> Feb 20 06:28:35 s2 postfix/postscreen[20427]: PASS OLD [8.8.178.116]:46715
>> Feb 20 06:28:36 s2 postfix/smtpd[20429]: connect from mx2.freebsd.org[8.8.178.116]
>> Feb 20 06:28:37 s2 postfix/smtpd[20429]: Anonymous TLS connection established from mx2.freebsd.org[8.8.178.116]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>> Feb 20 06:28:39 s2 policyd-spf[20438]: None; identity=helo; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-current at freebsd.org; receiver=jf at fahrner.name
>> Feb 20 06:28:39 s2 policyd-spf[20438]: Pass; identity=mailfrom; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-current at freebsd.org; receiver=jf at fahrner.name
>> Feb 20 06:28:39 s2 postfix/smtpd[20429]: 7224534141: client=mx2.freebsd.org[8.8.178.116]
>> Feb 20 06:28:39 s2 postfix/cleanup[20440]: 7224534141: message-id=<464530409.2420401.1424409908005.JavaMail.yahoo at mail.yahoo.com>
>> Feb 20 06:28:39 s2 opendkim[3180]: 7224534141: mx2.freebsd.org [8.8.178.116] not internal
>> Feb 20 06:28:39 s2 opendkim[3180]: 7224534141: not authenticated
>> Feb 20 06:28:40 s2 opendkim[3180]: 7224534141: bad signature data
>> Feb 20 06:28:40 s2 opendmarc[3192]: 7224534141: authres: s2.fahrner.name;#012#011dkim=fail reason="no signature error" (2048-bit key; insecure) header.d=yahoo.com header.i=@yahoo.com header.b=Bk3hfdot;#012#011dkim-adsp=unknown (insecure policy); dkim-atps=neutral
>> Feb 20 06:28:40 s2 opendmarc[3192]: 7224534141: recvspf: Pass (sender SPF authorized) identity=mailfrom; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-current at freebsd.org; receiver=jf at fahrner.name
>> Feb 20 06:28:40 s2 postfix/pickup[19499]: A037634145: uid=118 from=<opendmarc>
>> Feb 20 06:28:40 s2 postfix/cleanup[20444]: A037634145: message-id=<20150220052840.A037634145 at s2.fahrner.name>
>> Feb 20 06:28:40 s2 opendmarc[3192]: 7224534141: yahoo.com fail
>> Feb 20 06:28:40 s2 opendkim[3180]: A037634145: DKIM-Signature header added (s=mail, d=fahrner.name)
>> Feb 20 06:28:40 s2 postfix/cleanup[20440]: 7224534141: milter-reject: END-OF-MESSAGE from mx2.freebsd.org[8.8.178.116]: 5.7.1 rejected by DMARC policy for yahoo.com; from=<owner-freebsd-current at freebsd.org> to=<jf at fahrner.name> proto=ESMTP helo=<mx2.freebsd.org>
>>
>
> Best Regards
> MfG Robert Schetterer
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Mehr Informationen über die Mailingliste postfix-users