Benny Pedersen
2022-Feb-09 15:55 UTC
Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 2022-02-09 16:16, Benny Pedersen wrote:> On 2022-02-09 14:33, Aki Tuomi wrote: >> We did that replacement for a while, but people complained. We have >> ARC signing there, unfortunately it only works if you trust it. > > ARC-Authentication-Results: i=1; talvi.dovecot.org; > dkim=pass header.d=open-xchange.com header.s=201705 header.b=kWkbHwXq; > dmarc=pass (policy=reject) header.from=open-xchange.com; > spf=pass (talvi.dovecot.org: domain of aki.tuomi at open-xchange.com > designates > 87.191.57.183 as permitted sender) > smtp.mailfrom=aki.tuomi at open-xchange.com > > X-Spam-Status: No, score=-6.4 required=5.0 > tests=AWL,DKIM_INVALID,DKIM_SIGNED, > HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,LOCAL_HASHWL_ALL, > MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, > RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, > T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no > > seems it breaks :/my own in return X-Spam-Status: No, score=-6.2 required=5.0 tests=AWL,DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no so it seems fuglu works hope maillist users turn there dkim signers into sign only, not verify aswell, verify must only happen in dmarc
Julien Salort
2022-Feb-09 16:25 UTC
Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
Le 09/02/2022 ? 16:55, Benny Pedersen a ?crit?:> hope maillist users turn there dkim signers into sign only, not verify > aswell, verify must only happen in dmarcI am a little bit confused. - why not verify dkim ? It seems fine for your message. I get: Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=94.237.105.223; helo=talvi.dovecot.org; envelope-from=dovecot-bounces at dovecot.org; receiver=<UNKNOWN> Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=junc.eu Authentication-Results: vps2.salort.eu; dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu header.a=rsa-sha256 header.s=default header.b=CC9G/2tV; dkim-atps=neutral - Is it useful to install something besides OpenDMARC (OpenARC ?), or some dedicated OpenDMARC configurations, for the ARC-Seal to be useful ? I suppose SPF works because the Envelope is correctly set to dovecot.org address, so I don't understand the problem the OP was mentionning. Cheers, Julien