Julien Salort
2022-Feb-09 16:25 UTC
Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
Le 09/02/2022 ? 16:55, Benny Pedersen a ?crit?:> hope maillist users turn there dkim signers into sign only, not verify > aswell, verify must only happen in dmarcI am a little bit confused. - why not verify dkim ? It seems fine for your message. I get: Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=94.237.105.223; helo=talvi.dovecot.org; envelope-from=dovecot-bounces at dovecot.org; receiver=<UNKNOWN> Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=junc.eu Authentication-Results: vps2.salort.eu; dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu header.a=rsa-sha256 header.s=default header.b=CC9G/2tV; dkim-atps=neutral - Is it useful to install something besides OpenDMARC (OpenARC ?), or some dedicated OpenDMARC configurations, for the ARC-Seal to be useful ? I suppose SPF works because the Envelope is correctly set to dovecot.org address, so I don't understand the problem the OP was mentionning. Cheers, Julien
Benny Pedersen
2022-Feb-09 16:43 UTC
Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 2022-02-09 17:25, Julien Salort wrote:> Le 09/02/2022 ? 16:55, Benny Pedersen a ?crit?: > >> hope maillist users turn there dkim signers into sign only, not verify >> aswell, verify must only happen in dmarc > > I am a little bit confused. > > - why not verify dkim ? It seems fine for your message. I get:when dkim pass there is no breakage, but dkim fail can lead to in some setups to make reject, even for maillists :/ that is a design fail on dkim hence why i say sign only in dkim> Received-SPF: Pass (mailfrom) identity=mailfrom; > client-ip=94.237.105.223; helo=talvi.dovecot.org; > envelope-from=dovecot-bounces at dovecot.org; receiver=<UNKNOWN> > Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) > header.from=junc.eu > Authentication-Results: vps2.salort.eu; > dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu > header.a=rsa-sha256 header.s=default header.b=CC9G/2tV; > dkim-atps=neutralperfectly good no problem> - Is it useful to install something besides OpenDMARC (OpenARC ?), or > some dedicated OpenDMARC configurations, for the ARC-Seal to be useful > ?we are all waiting for spamassassin 4, and maybe ietf stable rfc on openspf, opendkim, openarc, opendmarc, currently none of it is production stable> I suppose SPF works because the Envelope is correctly set to > dovecot.org address, so I don't understand the problem the OP was > mentionning.postfix maillist have no spf helo pass, no spf pass, i think its to force pass only on dkim in dmarc :=) i dont control dovecot.org spf, so if it recieved in arc test pass i am happy, note arc miss spf helo fail/pass its not production stable